Files @ 064760bdc9d5
Branch filter:

Location: majic-ansible-roles/roles/common/tests/

MAR-26: Implemented tests and fixes ldap_server role:

- Use static network configuration in order to make it easier to test
connectivity from dedicated client.
- Added client machine for testing firewall.
- Added missing LDAP client configuration on instance used for testing of
mandatory options.
- Fixed name of server for backup testing purposes.
- Expanded a bit the cipher configuration for LDAP server for testing optional
- Fixed wrongly populated Debian selections setting for LDAP organisation.
- Use templates for deploying LDAP TLS keys and certificates in order to avoid
Ansible munching the TAB characters.
- Implemented tests covering fully functionality of the role.
import socket

import paramiko

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

def test_apt_proxy(File):
    Tests if proxy configuration for apt is missing.

    assert not File('/etc/apt/apt.conf.d/00proxy').exists

def test_bash_prompt_content(File):
    Tests if bash prompt configuration file has not colouring and ID information
    contained within.

    bash_prompt = File('/etc/profile.d/')

    assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\[\\033[0m\\]\\u@\\h:\\w\\$ \\[\\033[0m\\]'" in bash_prompt.content
    assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\u@\\h:\\w\\$ '" in bash_prompt.content

def test_ssh_login_mechanisms():
    Tests available SSH login mechanisms (should be just public key).

    sock = socket.socket()
    sock.connect(('', 22))

    transport = paramiko.transport.Transport(sock)

    except paramiko.transport.BadAuthenticationType, err:
        assert err.allowed_types == ['publickey']

def test_mariadb_mysql_config_symlink(File, Sudo):
    Tests if symbolic link has been set-up for mariadb_config binary to be
    accessible as mysql_config as well. (should not be present with just
    mandatory options set).

    mysql_config = File('/usr/bin/mysql_config')

    assert not mysql_config.exists

def test_emacs_electric_indent_mode(File):
    Tests if Emacs electric indent mode has been disabled via custom
    configuration file. With just mandatory options set, the file should not be

    emacs_config = File('/etc/emacs/site-start.d/01disable-electric-indent-mode')

    assert not emacs_config.exists

def test_ferm_base_rules(Command, File, Sudo):
    Test if base ferm configuration has been deployed correctly (content-wise).

    with Sudo():
        ferm_base = File('/etc/ferm/conf.d/00-base.conf')

        assert "mod hashlimit hashlimit 3/second hashlimit-burst 9" in ferm_base.content

        iptables = Command('iptables-save')

        assert iptables.rc == 0
        assert "-A flood -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
            "--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
        assert "-A flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
            "--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout

        ip6tables = Command('ip6tables-save')
        assert ip6tables.rc == 0
        assert "-A flood -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
            "--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
        assert "-A flood -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
            "--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in ip6tables.stdout

def test_pipreqcheck_virtualenv_user(Group, User):
    Tests if user/group for running the pip requirements upgrade checks have
    been created correctly.

    group = Group('pipreqcheck')
    assert group.exists
    assert group.gid == 1001

    user = User('pipreqcheck')
    assert user.exists
    assert user.home == '/var/lib/pipreqcheck'
    assert user.uid == 1001
    assert == 'pipreqcheck'
    assert user.groups == ['pipreqcheck']

def test_backup_configuration_absent(File, Sudo):
    Tests if backup configuration is absent. This should be the case when only
    mandatory parameters are provided.

    with Sudo():
        assert not File('/etc/duply/main/patterns/common').exists