majic-ansible-roles Changeset

Changeset - eb03c3b4f367

Parent rev.

Child rev.

[Not reviewed]

4 5 4

Branko Majic (branko) - 4 years ago 2020-07-26 17:12:37
branko@majic.rs

MAR-162: Deduplicate TLS private key/certificate tests for LDAP server role:

- Rename the key/certificate files to match the Ansible inventory
name.
- Move the tests into test_default.py.
- Change the key/certificate extensions to be more descriptie.

9 files changed with 42 insertions and 76 deletions:

roles/ldap_server/molecule/default/group_vars/parameters-mandatory.yml

roles/ldap_server/molecule/default/group_vars/parameters-optional.yml

roles/ldap_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.local_ldap.cert.pem

rename

roles/ldap_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.local_ldap.key.pem

rename

roles/ldap_server/molecule/default/tests/data/x509/parameters-optional-stretch64_ldap.cert.pem

rename

roles/ldap_server/molecule/default/tests/data/x509/parameters-optional-stretch64_ldap.key.pem

rename

roles/ldap_server/molecule/default/tests/test_default.py

roles/ldap_server/molecule/default/tests/test_mandatory.py

roles/ldap_server/molecule/default/tests/test_optional.py

0 comments (0 inline, 0 general)

roles/ldap_server/molecule/default/group_vars/parameters-mandatory.yml

➞

Show inline comments

@@ @@ -2,8 +2,8 @@ @@
 ldap_admin_password: adminpassword
 ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-mandatory-stretch64.local_ldap.pem') }}"
 ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-mandatory-stretch64.local_ldap.key') }}"
 ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/{{ inventory_hostname }}_ldap.cert.pem') }}"
 ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/{{ inventory_hostname }}_ldap.key.pem') }}"
 # ldap_client
 ldap_client_config:

roles/ldap_server/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

 ---
 ldap_admin_password: adminpassword
 ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/{{ inventory_hostname }}_ldap.cert.pem') }}"
 ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/{{ inventory_hostname }}_ldap.key.pem') }}"
 ldap_entries:
   - dn: uid=john,dc=local
     attributes:
@@ @@ -50,8 +54,6 @@ ldap_server_groups: @@
 ldap_server_domain: "local"
 ldap_server_organization: "Example"
 ldap_server_log_level: 0
 ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional.cert.pem') }}"
 ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional.key.pem') }}"
 ldap_server_ssf: 0
 ldap_tls_ciphers: "NONE:+VERS-TLS1.1:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:\
 +SIGN-RSA-SHA512:+DHE-RSA:+ECDHE-RSA:+SHA1:+SHA256:+SHA384:+AEAD:+AES-128-GCM:+AES-128-CBC:+AES-256-GCM:+AES-256-CBC:+CURVE-ALL"

roles/ldap_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.local_ldap.cert.pem

➞

Show inline comments

file renamed from roles/ldap_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.local_ldap.pem to roles/ldap_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.local_ldap.cert.pem

roles/ldap_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.local_ldap.key.pem

➞

Show inline comments

file renamed from roles/ldap_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.local_ldap.key to roles/ldap_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.local_ldap.key.pem

roles/ldap_server/molecule/default/tests/data/x509/parameters-optional-stretch64_ldap.cert.pem

➞

Show inline comments

file renamed from roles/ldap_server/molecule/default/tests/data/x509/parameters-optional.cert.pem to roles/ldap_server/molecule/default/tests/data/x509/parameters-optional-stretch64_ldap.cert.pem

roles/ldap_server/molecule/default/tests/data/x509/parameters-optional-stretch64_ldap.key.pem

➞

Show inline comments

file renamed from roles/ldap_server/molecule/default/tests/data/x509/parameters-optional.key.pem to roles/ldap_server/molecule/default/tests/data/x509/parameters-optional-stretch64_ldap.key.pem

roles/ldap_server/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -194,3 +194,39 @@ def test_temporary_admin_password_file_not_present(host): @@
     with host.sudo():
         assert not host.file('/root/.ldap_admin_password').exists
 def test_ldap_tls_private_key_file(host):
     """
     Tests if the TLS private key has been deployed correctly.
     """
     with host.sudo():
         inventory_hostname = host.ansible.get_variables()['inventory_hostname']
         key = host.file('/etc/ssl/private/%s_ldap.key' % inventory_hostname)
         assert key.is_file
         assert key.user == 'root'
         assert key.group == 'openldap'
         assert key.mode == 0o640
         assert key.content_string == open('tests/data/x509/%s_ldap.key.pem' % inventory_hostname).read()
 def test_ldap_tls_certificate_file(host):
     """
     Tests if the TLS certificate has been deployed correctly.
     """
     with host.sudo():
         inventory_hostname = host.ansible.get_variables()['inventory_hostname']
         cert = host.file('/etc/ssl/certs/%s_ldap.pem' % inventory_hostname)
         assert cert.is_file
         assert cert.user == 'root'
         assert cert.group == 'root'
         assert cert.mode == 0o644
         assert cert.content_string == open('tests/data/x509/%s_ldap.cert.pem' % inventory_hostname).read()

roles/ldap_server/molecule/default/tests/test_mandatory.py

➞

Show inline comments

@@ @@ -34,42 +34,6 @@ def test_log_level(host): @@
         assert 'olcLogLevel: 256' in log_level.stdout
 def test_ldap_tls_private_key_file(host):
     """
     Tests if the TLS private key has been deployed correctly.
     """
     with host.sudo():
         inventory_hostname = host.ansible.get_variables()['inventory_hostname']
         key = host.file('/etc/ssl/private/%s_ldap.key' % inventory_hostname)
         assert key.is_file
         assert key.user == 'root'
         assert key.group == 'openldap'
         assert key.mode == 0o640
         assert key.content_string == open('tests/data/x509/%s_ldap.key' % inventory_hostname).read()
 def test_ldap_tls_certificate_file(host):
     """
     Tests if the TLS certificate has been deployed correctly.
     """
     with host.sudo():
         inventory_hostname = host.ansible.get_variables()['inventory_hostname']
         cert = host.file('/etc/ssl/certs/%s_ldap.pem' % inventory_hostname)
         assert cert.is_file
         assert cert.user == 'root'
         assert cert.group == 'root'
         assert cert.mode == 0o644
         assert cert.content_string == open('tests/data/x509/%s_ldap.pem' % inventory_hostname).read()
 def test_certificate_validity_check_configuration(host):
     """
     Tests if certificate validity check configuration file has been deployed

roles/ldap_server/molecule/default/tests/test_optional.py

➞

Show inline comments

@@ @@ -36,42 +36,6 @@ def test_log_level(host): @@
         assert 'olcLogLevel: 0' in log_level.stdout
 def test_ldap_tls_private_key_file(host):
     """
     Tests if the TLS private key has been deployed correctly.
     """
     with host.sudo():
         inventory_hostname = host.ansible.get_variables()['inventory_hostname']
         key = host.file('/etc/ssl/private/%s_ldap.key' % inventory_hostname)
         assert key.is_file
         assert key.user == 'root'
         assert key.group == 'openldap'
         assert key.mode == 0o640
         assert key.content_string == open('tests/data/x509/parameters-optional.key.pem').read()
 def test_ldap_tls_certificate_file(host):
     """
     Tests if the TLS certificate has been deployed correctly.
     """
     with host.sudo():
         inventory_hostname = host.ansible.get_variables()['inventory_hostname']
         cert = host.file('/etc/ssl/certs/%s_ldap.pem' % inventory_hostname)
         assert cert.is_file
         assert cert.user == 'root'
         assert cert.group == 'root'
         assert cert.mode == 0o644
         assert cert.content_string == open('tests/data/x509/parameters-optional.cert.pem').read()
 def test_certificate_validity_check_configuration(host):
     """
     Tests if certificate validity check configuration file has been deployed

0 comments (0 inline, 0 general)