majic-ansible-roles Changeset

Changeset - ca784c26d35c

Parent rev.

Child rev.

[Not reviewed]

2 4 1

Branko Majic (branko) - 4 years ago 2020-08-26 16:55:16
branko@majic.rs

MAR-150: Use Gimmecert for X.509 test fixtures in the common role:

- Drop the statically-generated X.509 certificates used for testing.
- Introduce fixture playbook in preparation phase that sets-up the
necessary certificates.
- Update the tests to use the fixture.
- Dynamically calculate the OpenSSL hash for CA certificate instead of
having the hard-coded value.
- Add the fixture artefacts to .gitignore files.

7 files changed with 43 insertions and 58 deletions:

.gitignore

roles/common/molecule/default/fixtures.yml

roles/common/molecule/default/group_vars/parameters-optional.yml

roles/common/molecule/default/prepare.yml

roles/common/molecule/default/tests/data/x509/ca1.cert.pem

roles/common/molecule/default/tests/data/x509/ca2.cert.pem

roles/common/molecule/default/tests/test_parameters_optional.py

0 comments (0 inline, 0 general)

.gitignore

➞

Show inline comments

@@ @@ -19,11 +19,15 @@ testsite/backup_keyring/ @@
 # Ignore Molecule artefacts.
 .molecule
 .vagrant
 .cache
 .yamllint
 # Ignore test fixtures.
 **/tests/data/.gimmecert
 **/tests/data/x509
 # Ignore test report artefacts
 test_report*
 # Ignore test site CLI artefacts.
 testsite/mutt/*files
@@ \ No newline at end of file @@

roles/common/molecule/default/fixtures.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Remove existing X.509 material
       file:
         path: "tests/data/.gimmecert"
         state: absent
     - name: Initialise the CA hierarchy
       command: "gimmecert init --ca-hierarchy-depth 2"
       args:
         creates: "tests/data/.gimmecert"
         chdir: "tests/data/"
     - name: Link to the generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link

roles/common/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

@@ @@ -31,14 +31,14 @@ os_groups: @@
 common_packages:
   - units
   - gnutls-bin
   - libmariadbclient-dev-compat
   - emacs24-nox
 ca_certificates:
   cacert1: "{{ lookup('file', 'tests/data/x509/ca1.cert.pem') }}"
   cacert2: "{{ lookup('file', 'tests/data/x509/ca2.cert.pem') }}"
   cacert1: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}"
   cacert2: "{{ lookup('file', 'tests/data/x509/ca/level2.cert.pem') }}"
 extra_backup_patterns:
   - /home/user1
   - /home/user2
 incoming_connection_limit: 5/second
 incoming_connection_limit_burst: 5
 pipreqcheck_uid: 2500

roles/common/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Fixtures
   import_playbook: fixtures.yml
 - name: Prepare
   hosts: all
   gather_facts: false
   tasks:
     - name: Install python for Ansible

roles/common/molecule/default/tests/data/x509/ca1.cert.pem

➞

Show inline comments

deleted file

roles/common/molecule/default/tests/data/x509/ca2.cert.pem

➞

Show inline comments

deleted file

roles/common/molecule/default/tests/test_parameters_optional.py

➞

Show inline comments

@@ @@ -179,17 +179,20 @@ def test_ca_certificates(host): @@
     assert ca1_cert.mode == 0o644
     ca1_cert_symlink = host.file('/etc/ssl/certs/cacert1.pem')
     assert ca1_cert_symlink.is_symlink
     assert ca1_cert_symlink.linked_to == '/usr/local/share/ca-certificates/cacert1.crt'
     ca1_cert_hash_1 = host.file('/etc/ssl/certs/3ce70b58.0')
     ca1_cert_hash = host.run('openssl x509 -hash -noout -in %s', '/usr/local/share/ca-certificates/cacert1.crt').stdout.strip()
     ca1_cert_hash_file = '/etc/ssl/certs/%s.0' % ca1_cert_hash
     ca1_cert_hash_1 = host.file(ca1_cert_hash_file)
     assert ca1_cert_hash_1.is_symlink
     assert ca1_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert1.crt'
-    ca1_cert_hash_1 = host.file('/etc/ssl/certs/49f72a44.0')
+    ca1_cert_hash_1 = host.file(ca1_cert_hash_file)
     assert ca1_cert_hash_1.is_symlink
     assert ca1_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert1.crt'
     ca2_cert = host.file('/usr/local/share/ca-certificates/cacert2.crt')
     assert ca2_cert.is_file
     assert ca2_cert.user == 'root'
@@ @@ -197,17 +200,20 @@ def test_ca_certificates(host): @@
     assert ca2_cert.mode == 0o644
     ca2_cert_symlink = host.file('/etc/ssl/certs/cacert2.pem')
     assert ca2_cert_symlink.is_symlink
     assert ca2_cert_symlink.linked_to == '/usr/local/share/ca-certificates/cacert2.crt'
     ca2_cert_hash_1 = host.file('/etc/ssl/certs/a52eec00.0')
     ca2_cert_hash = host.run('openssl x509 -hash -noout -in %s', '/usr/local/share/ca-certificates/cacert2.crt').stdout.strip()
     ca2_cert_hash_file = '/etc/ssl/certs/%s.0' % ca2_cert_hash
     ca2_cert_hash_1 = host.file(ca2_cert_hash_file)
     assert ca2_cert_hash_1.is_symlink
     assert ca2_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert2.crt'
-    ca2_cert_hash_1 = host.file('/etc/ssl/certs/a0d2e9e4.0')
+    ca2_cert_hash_1 = host.file(ca2_cert_hash_file)
     assert ca2_cert_hash_1.is_symlink
     assert ca2_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert2.crt'
 def test_ferm_base_rules(host):
     """

0 comments (0 inline, 0 general)