majic-ansible-roles Changeset

Changeset - c43415e60f2f

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Branko Majic (branko) - 8 years ago 2017-08-21 13:04:42
branko@majic.rs

MAR-123: Updated ldap_server test_user_supplied_entries to be robust to ordering changes.

1 file changed with 4 insertions and 4 deletions:

roles/ldap_server/tests/test_optional.py

0 comments (0 inline, 0 general)

roles/ldap_server/tests/test_optional.py

➞

Show inline comments

 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('parameters-optional')
 def test_base_entry(Command, Sudo):
     """
     Tests if the base entry has been created correctly.
     """
     with Sudo():
         base_dn = Command("ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -b dc=local -s base")
         assert base_dn.rc == 0
         assert "dc: local" in base_dn.stdout.split("\n")
         assert "o: Example" in base_dn.stdout.split("\n")
 def test_log_level(Command, Sudo):
     """
     Tests if the logging level has been set correctly.
     """
     with Sudo():
         log_level = Command('ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -b cn=config -s base olcLogLevel')
         assert log_level.rc == 0
         assert 'olcLogLevel: 0' in log_level.stdout
 def test_ldap_tls_private_key_file(File, Sudo):
     """
     Tests if the TLS private key has been deployed correctly.
     """
     with Sudo():
         key = File('/etc/ssl/private/parameters-optional_ldap.key')
         assert key.is_file
         assert key.user == 'root'
         assert key.group == 'openldap'
         assert key.mode == 0o640
         assert key.content == open('tests/data/x509/parameters-optional.key.pem').read().rstrip()
 def test_ldap_tls_certificate_file(File, Sudo):
     """
     Tests if the TLS certificate has been deployed correctly.
     """
     with Sudo():
         cert = File('/etc/ssl/certs/parameters-optional_ldap.pem')
         assert cert.is_file
         assert cert.user == 'root'
         assert cert.group == 'root'
         assert cert.mode == 0o644
         assert cert.content == open('tests/data/x509/parameters-optional.cert.pem').read().rstrip()
 def test_certificate_validity_check_configuration(File):
     """
     Tests if certificate validity check configuration file has been deployed
     correctly.
     """
     config = File('/etc/check_certificate/parameters-optional_ldap.conf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     assert config.content == "/etc/ssl/certs/parameters-optional_ldap.pem"
 def test_tls_configuration(Command):
     """
     Tests if the TLS has been configured correctly and works.
     """
     ldap_starttls = Command('ldapwhoami -Z -x -H ldap://parameters-optional/')
     assert ldap_starttls.rc == 0
     assert ldap_starttls.stdout == 'anonymous'
     ldap_tls = Command('ldapwhoami -x -H ldaps://parameters-optional/')
     assert ldap_tls.rc == 0
     assert ldap_tls.stdout == 'anonymous'
     old_tls_versions_disabled = Command("echo 'Q' | openssl s_client -no_tls1_2 -connect parameters-optional:636")
     assert old_tls_versions_disabled.rc == 0
     assert "CONNECTED" in old_tls_versions_disabled.stdout
     cipher = Command("echo 'Q' | openssl s_client -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:636")
     assert cipher.rc == 0
     assert "ECDHE-RSA-AES128-SHA256" in cipher.stdout
     cipher = Command("echo 'Q' | openssl s_client -tls1_1 -cipher ECDHE-RSA-AES128-SHA -connect parameters-optional:636")
     assert cipher.rc == 0
     assert "ECDHE-RSA-AES128-SHA" in cipher.stdout
 def test_ssf_configuration(Command, Sudo):
     """
     Tests if the SSF olcSecurity configuration has been set-up correctly.
     """
     with Sudo():
         ssf = Command('ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -b cn=config olcSecurity')
         assert ssf.rc == 0
         assert "olcSecurity: ssf=0" in ssf.stdout
 def test_permissions(Command, Sudo):
     """
     Tests if LDAP directory permissions have been set-up correctly.
     """
     with Sudo():
         permissions = Command("ldapsearch -o ldif-wrap=no -H ldapi:/// -Q -LLL -Y EXTERNAL -b 'olcDatabase={1}mdb,cn=config' -s base olcAccess olcAccess")
         expected_permissions = "olcAccess: {0}to * " \
                                "by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage " \
                                "by self write by * read by dn=\"cn=admin,dc=local\" write " \
                                "by * none"
         assert permissions.rc == 0
         assert expected_permissions in permissions.stdout
 def test_services_login_entries(Command, Sudo):
     """
     Tests if the service/consumer login entries have been set correctly.
     """
     with Sudo():
         entries = Command("ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -s one -b ou=services,dc=local '(objectClass=simpleSecurityObject)'")
         assert entries.rc == 0
         assert entries.stdout == """dn: cn=consumer1,ou=services,dc=local
 objectClass: applicationProcess
 objectClass: simpleSecurityObject
 userPassword:: Y29uc3VtZXIxcGFzc3dvcmQ=
 cn: consumer1
 dn: cn=consumer2,ou=services,dc=local
 objectClass: applicationProcess
 objectClass: simpleSecurityObject
 userPassword:: Y29uc3VtZXIycGFzc3dvcmQ=
 cn: consumer2"""
 def test_group_entries(Command, Sudo):
     """
     Tests that no group entries have been created out-of-the-box.
     """
     with Sudo():
         entries = Command("ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -s one -b ou=groups,dc=local '(objectClass=groupOfUniqueNames)'")
         assert entries.rc == 0
         assert entries.stdout == """dn: cn=group1,ou=groups,dc=local
 objectClass: groupOfUniqueNames
 uniqueMember: cn=NONE
 cn: group1
 dn: cn=group2,ou=groups,dc=local
 objectClass: groupOfUniqueNames
 uniqueMember: cn=NONE
 cn: group2"""
 def test_user_supplied_entries(Command, Sudo):
     """
     Tests if user-supplied entries are created correctly.
     """
     with Sudo():
         john_doe = Command("ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -s base -b uid=john,dc=local")
         assert john_doe.rc == 0
         assert john_doe.stdout == """dn: uid=john,dc=local
+        assert sorted(john_doe.stdout.split("\n")) == sorted("""dn: uid=john,dc=local
 objectClass: inetOrgPerson
 objectClass: simpleSecurityObject
 userPassword:: am9obnBhc3N3b3Jk
 cn: John Doe
 sn: Doe
 uid: john"""
+uid: john""".split("\n"))
         jane_doe = Command("ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -s base -b uid=jane,dc=local")
         assert jane_doe.rc == 0
         assert jane_doe.stdout == """dn: uid=jane,dc=local
+        assert sorted(jane_doe.stdout.split("\n")) == sorted("""dn: uid=jane,dc=local
 objectClass: inetOrgPerson
 objectClass: simpleSecurityObject
 userPassword:: amFuZXBhc3N3b3Jk
 cn: Jane Doe
 sn: Doe
 uid: jane"""
+uid: jane""".split("\n"))

0 comments (0 inline, 0 general)