diff --git a/roles/backup_client/tests/test_parameters_mandatory.py b/roles/backup_client/tests/test_parameters_mandatory.py new file mode 100644 index 0000000000000000000000000000000000000000..b15c0e2b2edcd2a3bc8b6adeec91931b84833b79 --- /dev/null +++ b/roles/backup_client/tests/test_parameters_mandatory.py @@ -0,0 +1,105 @@ +import testinfra.utils.ansible_runner + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + '.molecule/ansible_inventory').get_hosts('parameters-mandatory') + + +def test_gnupg_private_keys_file_content(File, Sudo): + """ + Tests if correct GnuPG private key used for encryption and signing has been + deployed. + """ + + with Sudo(): + gnupg_private_keys = File('/etc/duply/main/private_keys.asc') + + assert gnupg_private_keys.content == open('tests/data/gnupg/parameters-mandatory.asc', 'r').read().strip() + + +def test_gnupg_public_keys_file_content(File, Sudo): + """ + Tests if no additional public GnuPG keys have been deployed (should be + default without optional parameters). + """ + + with Sudo(): + gnupg_public_keys = File('/etc/duply/main/public_keys.asc') + + assert gnupg_public_keys.content == "" + + +def test_backup_ssh_key_file_content(File, Sudo): + """ + Tests if correct key has been deployed for SSH client authentication. + """ + + with Sudo(): + + ssh_key = File('/etc/duply/main/ssh/identity') + + assert ssh_key.content == open('tests/data/ssh/parameters-mandatory', 'r').read().strip() + + +def test_known_hosts_content(File, Sudo): + """ + Tests if known hosts file has been set-up with correct content. + """ + + with Sudo(): + + known_hosts = File('/etc/duply/main/ssh/known_hosts') + + assert known_hosts.content == open('tests/data/ssh/parameters-mandatory-known_hosts', 'r').read().rstrip() + + +def test_duply_configuration_content(Ansible, File, Sudo): + """ + Tests if duply configuration has been set-up correctly. + """ + + with Sudo(): + + ansible_facts = Ansible("setup")["ansible_facts"] + + duply_configuration = File('/etc/duply/main/conf') + + if ansible_facts['ansible_distribution_release'] == 'jessie': + assert "GPG_KEYS_ENC='1A129C54'" in duply_configuration.content + assert "GPG_KEY_SIGN='1A129C54'" in duply_configuration.content + assert "TARGET='sftp://bak-parameters-mandatory@10.31.127.10:2222//duplicity'" in duply_configuration.content + assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-backend pexpect --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \ + "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content + + elif ansible_facts['ansible_distribution_release'] == 'stretch': + assert "GPG_KEYS_ENC='59C26F031A129C54'" in duply_configuration.content + assert "GPG_KEY_SIGN='59C26F031A129C54'" in duply_configuration.content + assert "TARGET='pexpect+sftp://bak-parameters-mandatory@10.31.127.10:2222//duplicity'" in duply_configuration.content + assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \ + "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content + else: + raise Exception("Failed to execute content check for: %s" % ansible_facts['ansible_distribution_release']) + + +def test_duply_gnupg_keyring_private_keys(Ansible, Command, Sudo): + """ + Tests if private key used for encryption/signing has been correctly + imporeted into Duply GnuPG keyring. + """ + + with Sudo(): + ansible_facts = Ansible("setup")["ansible_facts"] + + if ansible_facts['ansible_distribution_release'] == 'jessie': + gpg_binary = 'gpg2' + key_offset = 8 + elif ansible_facts['ansible_distribution_release'] == 'stretch': + gpg_binary = 'gpg' + key_offset = 8 + else: + raise Exception("Failed to execute check for distribution release: %s" % ansible_facts['ansible_distribution_release']) + + private_key_listing = Command('%s --homedir /etc/duply/main/gnupg --list-public-keys' % gpg_binary) + + assert private_key_listing.rc == 0 + assert '59C26F031A129C54'[key_offset:] in private_key_listing.stdout