Changeset - baaf0db1e0ae
Parent rev.
Child rev.
[Not reviewed]
0 1 0
Branko Majic (branko) - 4 years ago 2020-08-26 16:55:22
branko@majic.rs
MAR-150: Refactor the test for deployed CA certificates in common role:

- Use parametrisation to reduce code duplication.
1 file changed with 22 insertions and 38 deletions:
roles/common/molecule/default/tests/test_parameters_optional.py
22
38
0 comments (0 inline, 0 general)
roles/common/molecule/default/tests/test_parameters_optional.py
Show inline comments
 
@@ -6,6 +6,8 @@ import paramiko
 

			




	
	
	
		
 
import testinfra.utils.ansible_runner

			




	
	
	
		
 

			




	
	
	
		
 
import pytest

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

			




	
	
	
		
 
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')

			




	
	
		
 
@@ -167,52 +169,34 @@ def test_authorized_keys_login(host):

			




	
	
	
		
 
    client.connect(remote_ip, username="user3", allow_agent=False, look_for_keys=False, key_filename='tests/data/ssh/clientkey3')

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_ca_certificates(host):

			




	
	
	
		
 
@pytest.mark.parametrize('ca_certificate_basename', [

			




	
	
	
		
 
    'cacert1',

			




	
	
	
		
 
    'cacert2',

			




	
	
	
		
 
])

			




	
	
	
		
 
def test_ca_certificates(host, ca_certificate_basename):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Tests if CA certificates have been correctly deployed to the system.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    ca1_cert = host.file('/usr/local/share/ca-certificates/cacert1.crt')

			




	
	
	
		
 
    assert ca1_cert.is_file

			




	
	
	
		
 
    assert ca1_cert.user == 'root'

			




	
	
	
		
 
    assert ca1_cert.group == 'root'

			




	
	
	
		
 
    assert ca1_cert.mode == 0o644

			




	
	
	
		
 

			




	
	
	
		
 
    ca1_cert_symlink = host.file('/etc/ssl/certs/cacert1.pem')

			




	
	
	
		
 
    assert ca1_cert_symlink.is_symlink

			




	
	
	
		
 
    assert ca1_cert_symlink.linked_to == '/usr/local/share/ca-certificates/cacert1.crt'

			




	
	
	
		
 

			




	
	
	
		
 
    ca1_cert_hash = host.run('openssl x509 -hash -noout -in %s', '/usr/local/share/ca-certificates/cacert1.crt').stdout.strip()

			




	
	
	
		
 
    ca1_cert_hash_file = '/etc/ssl/certs/%s.0' % ca1_cert_hash

			




	
	
	
		
 

			




	
	
	
		
 
    ca1_cert_hash_1 = host.file(ca1_cert_hash_file)

			




	
	
	
		
 
    assert ca1_cert_hash_1.is_symlink

			




	
	
	
		
 
    assert ca1_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert1.crt'

			




	
	
	
		
 

			




	
	
	
		
 
    ca1_cert_hash_1 = host.file(ca1_cert_hash_file)

			




	
	
	
		
 
    assert ca1_cert_hash_1.is_symlink

			




	
	
	
		
 
    assert ca1_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert1.crt'

			




	
	
	
		
 

			




	
	
	
		
 
    ca2_cert = host.file('/usr/local/share/ca-certificates/cacert2.crt')

			




	
	
	
		
 
    assert ca2_cert.is_file

			




	
	
	
		
 
    assert ca2_cert.user == 'root'

			




	
	
	
		
 
    assert ca2_cert.group == 'root'

			




	
	
	
		
 
    assert ca2_cert.mode == 0o644

			




	
	
	
		
 
    ca_certificate_path = '/usr/local/share/ca-certificates/%s.crt' % ca_certificate_basename

			




	
	
	
		
 
    ca_certificate_symlink_path = '/etc/ssl/certs/%s.pem' % ca_certificate_basename

			




	
	
	
		
 
    ca_certificate_hash = host.run('openssl x509 -hash -noout -in %s', ca_certificate_path).stdout.strip()

			




	
	
	
		
 
    ca_certificate_hash_symlink_path = '/etc/ssl/certs/%s.0' % ca_certificate_hash

			




	
	
	
		
 

			




	
	
	
		
 
    ca2_cert_symlink = host.file('/etc/ssl/certs/cacert2.pem')

			




	
	
	
		
 
    assert ca2_cert_symlink.is_symlink

			




	
	
	
		
 
    assert ca2_cert_symlink.linked_to == '/usr/local/share/ca-certificates/cacert2.crt'

			




	
	
	
		
 
    ca_certificate = host.file(ca_certificate_path)

			




	
	
	
		
 
    ca_certificate_symlink = host.file(ca_certificate_symlink_path)

			




	
	
	
		
 
    ca_certificate_hash_symlink = host.file(ca_certificate_hash_symlink_path)

			




	
	
	
		
 

			




	
	
	
		
 
    ca2_cert_hash = host.run('openssl x509 -hash -noout -in %s', '/usr/local/share/ca-certificates/cacert2.crt').stdout.strip()

			




	
	
	
		
 
    ca2_cert_hash_file = '/etc/ssl/certs/%s.0' % ca2_cert_hash

			




	
	
	
		
 
    assert ca_certificate.is_file

			




	
	
	
		
 
    assert ca_certificate.user == 'root'

			




	
	
	
		
 
    assert ca_certificate.group == 'root'

			




	
	
	
		
 
    assert ca_certificate.mode == 0o644

			




	
	
	
		
 

			




	
	
	
		
 
    ca2_cert_hash_1 = host.file(ca2_cert_hash_file)

			




	
	
	
		
 
    assert ca2_cert_hash_1.is_symlink

			




	
	
	
		
 
    assert ca2_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert2.crt'

			




	
	
	
		
 
    assert ca_certificate_symlink.is_symlink

			




	
	
	
		
 
    assert ca_certificate_symlink.linked_to == ca_certificate_path

			




	
	
	
		
 

			




	
	
	
		
 
    ca2_cert_hash_1 = host.file(ca2_cert_hash_file)

			




	
	
	
		
 
    assert ca2_cert_hash_1.is_symlink

			




	
	
	
		
 
    assert ca2_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert2.crt'

			




	
	
	
		
 
    assert ca_certificate_hash_symlink.is_symlink

			




	
	
	
		
 
    assert ca_certificate_hash_symlink.linked_to == ca_certificate_path

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_ferm_base_rules(host):

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.