|
@@ -6,6 +6,8 @@ import paramiko
|
|
|
|
|
|
import testinfra.utils.ansible_runner
|
|
|
|
|
|
import pytest
|
|
|
|
|
|
|
|
|
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
|
|
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')
|
|
@@ -167,52 +169,34 @@ def test_authorized_keys_login(host):
|
|
|
client.connect(remote_ip, username="user3", allow_agent=False, look_for_keys=False, key_filename='tests/data/ssh/clientkey3')
|
|
|
|
|
|
|
|
|
def test_ca_certificates(host):
|
|
|
@pytest.mark.parametrize('ca_certificate_basename', [
|
|
|
'cacert1',
|
|
|
'cacert2',
|
|
|
])
|
|
|
def test_ca_certificates(host, ca_certificate_basename):
|
|
|
"""
|
|
|
Tests if CA certificates have been correctly deployed to the system.
|
|
|
"""
|
|
|
|
|
|
ca1_cert = host.file('/usr/local/share/ca-certificates/cacert1.crt')
|
|
|
assert ca1_cert.is_file
|
|
|
assert ca1_cert.user == 'root'
|
|
|
assert ca1_cert.group == 'root'
|
|
|
assert ca1_cert.mode == 0o644
|
|
|
|
|
|
ca1_cert_symlink = host.file('/etc/ssl/certs/cacert1.pem')
|
|
|
assert ca1_cert_symlink.is_symlink
|
|
|
assert ca1_cert_symlink.linked_to == '/usr/local/share/ca-certificates/cacert1.crt'
|
|
|
|
|
|
ca1_cert_hash = host.run('openssl x509 -hash -noout -in %s', '/usr/local/share/ca-certificates/cacert1.crt').stdout.strip()
|
|
|
ca1_cert_hash_file = '/etc/ssl/certs/%s.0' % ca1_cert_hash
|
|
|
|
|
|
ca1_cert_hash_1 = host.file(ca1_cert_hash_file)
|
|
|
assert ca1_cert_hash_1.is_symlink
|
|
|
assert ca1_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert1.crt'
|
|
|
|
|
|
ca1_cert_hash_1 = host.file(ca1_cert_hash_file)
|
|
|
assert ca1_cert_hash_1.is_symlink
|
|
|
assert ca1_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert1.crt'
|
|
|
|
|
|
ca2_cert = host.file('/usr/local/share/ca-certificates/cacert2.crt')
|
|
|
assert ca2_cert.is_file
|
|
|
assert ca2_cert.user == 'root'
|
|
|
assert ca2_cert.group == 'root'
|
|
|
assert ca2_cert.mode == 0o644
|
|
|
ca_certificate_path = '/usr/local/share/ca-certificates/%s.crt' % ca_certificate_basename
|
|
|
ca_certificate_symlink_path = '/etc/ssl/certs/%s.pem' % ca_certificate_basename
|
|
|
ca_certificate_hash = host.run('openssl x509 -hash -noout -in %s', ca_certificate_path).stdout.strip()
|
|
|
ca_certificate_hash_symlink_path = '/etc/ssl/certs/%s.0' % ca_certificate_hash
|
|
|
|
|
|
ca2_cert_symlink = host.file('/etc/ssl/certs/cacert2.pem')
|
|
|
assert ca2_cert_symlink.is_symlink
|
|
|
assert ca2_cert_symlink.linked_to == '/usr/local/share/ca-certificates/cacert2.crt'
|
|
|
ca_certificate = host.file(ca_certificate_path)
|
|
|
ca_certificate_symlink = host.file(ca_certificate_symlink_path)
|
|
|
ca_certificate_hash_symlink = host.file(ca_certificate_hash_symlink_path)
|
|
|
|
|
|
ca2_cert_hash = host.run('openssl x509 -hash -noout -in %s', '/usr/local/share/ca-certificates/cacert2.crt').stdout.strip()
|
|
|
ca2_cert_hash_file = '/etc/ssl/certs/%s.0' % ca2_cert_hash
|
|
|
assert ca_certificate.is_file
|
|
|
assert ca_certificate.user == 'root'
|
|
|
assert ca_certificate.group == 'root'
|
|
|
assert ca_certificate.mode == 0o644
|
|
|
|
|
|
ca2_cert_hash_1 = host.file(ca2_cert_hash_file)
|
|
|
assert ca2_cert_hash_1.is_symlink
|
|
|
assert ca2_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert2.crt'
|
|
|
assert ca_certificate_symlink.is_symlink
|
|
|
assert ca_certificate_symlink.linked_to == ca_certificate_path
|
|
|
|
|
|
ca2_cert_hash_1 = host.file(ca2_cert_hash_file)
|
|
|
assert ca2_cert_hash_1.is_symlink
|
|
|
assert ca2_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert2.crt'
|
|
|
assert ca_certificate_hash_symlink.is_symlink
|
|
|
assert ca_certificate_hash_symlink.linked_to == ca_certificate_path
|
|
|
|
|
|
|
|
|
def test_ferm_base_rules(host):
|