Files
@ 0c2178fd95a5
Branch filter:
Location: majic-ansible-roles/roles/common/tests/test_default.py
0c2178fd95a5
9.6 KiB
text/x-python
MAR-25: Implemented tests for ldap_client role:
- Added Molecule configuration.
- Added test playbook.
- Fixed issue with mode not including leading zero.
- Implemented a couple of simple tests.
- Added Molecule configuration.
- Added test playbook.
- Fixed issue with mode not including leading zero.
- Implemented a couple of simple tests.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 | import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
'.molecule/ansible_inventory').get_hosts('all')
testinfra_hosts.remove("helper")
def test_pam_umask(File):
"""
Tests configuration of PAM umask module.
"""
pam_auth_update_config = File('/usr/share/pam-configs/umask')
assert pam_auth_update_config.exists
assert pam_auth_update_config.user == 'root'
assert pam_auth_update_config.group == 'root'
assert pam_auth_update_config.mode == 0o644
assert File('/etc/pam.d/common-session').contains('session[[:blank:]]\+required[[:blank:]]\+pam_umask.so')
assert File('/etc/pam.d/common-session-noninteractive').contains('session[[:blank:]]\+required[[:blank:]]\+pam_umask.so')
def test_login_umask(File):
"""
Tests set-up of default UMASK via /etc/login.defs.
"""
assert File('/etc/login.defs').contains('UMASK[[:blank:]]\+027')
def test_adduser_umask(File):
"""
Tests UMASK configuration used for creating user home directory.
"""
assert File('/etc/adduser.conf').contains('DIR_MODE=0750')
def test_bash_prompt(File):
"""
Tests file permissions on custom bash prompt configuration.
"""
bash_prompt = File('/etc/profile.d/bash_prompt.sh')
assert bash_prompt.exists
assert bash_prompt.user == 'root'
assert bash_prompt.group == 'root'
assert bash_prompt.mode == 0o644
def test_home_profile_d(File):
"""
Tests deployment of special profile file used for enabling profile.d-like
capability in user's home directory.
"""
home_profile_d = File('/etc/profile.d/z99-user_profile_d.sh')
assert home_profile_d.is_file
assert home_profile_d.user == 'root'
assert home_profile_d.group == 'root'
assert home_profile_d.mode == 0o644
def test_home_skeleton_bashrc(File):
"""
Tests deployment of home directory skeleton bashrc.
"""
bashrc = File('/etc/skel/.bashrc')
assert bashrc.is_file
assert bashrc.user == 'root'
assert bashrc.group == 'root'
assert bashrc.mode == 0o644
assert bashrc.sha256sum == '4f946fb387a413c8d7633787d8e8a7785c256d77f7c6a692822ffdb439c78277'
def test_default_bashrc(File):
"""
Tests deployment of default bashrc file.
"""
bashrc = File('/etc/bash.bashrc')
assert bashrc.is_file
assert bashrc.user == 'root'
assert bashrc.group == 'root'
assert bashrc.mode == 0o644
def test_root_bashrc(File, Sudo):
"""
Tests overwriting of root's bashrc configuration with default one.
"""
with Sudo():
bashrc = File('/root/.bashrc')
assert bashrc.is_file
assert bashrc.user == 'root'
assert bashrc.group == 'root'
assert bashrc.mode == 0o640
assert bashrc.sha256sum == '4f946fb387a413c8d7633787d8e8a7785c256d77f7c6a692822ffdb439c78277'
def test_installed_packages(Package):
"""
Tests installation of required packages.
"""
assert Package('sudo').is_installed
assert Package('ssl-cert').is_installed
assert Package('rcconf').is_installed
assert Package('ferm').is_installed
assert Package('apticron').is_installed
assert Package('virtualenv').is_installed
def test_root_remote_login_disabled(File):
"""
Tests if SSH server has been configured to prevent remote root logins.
"""
assert 'PermitRootLogin no' in File('/etc/ssh/sshd_config').content
def test_remote_login_via_password_disabled(File):
"""
Tests if SSH server has been configured to disable password-based
authentication.
"""
assert 'PasswordAuthentication no' in File('/etc/ssh/sshd_config').content
def test_ferm_service_configuration(File):
ferm_service_config = File('/etc/default/ferm')
assert ferm_service_config.is_file
assert ferm_service_config.user == 'root'
assert ferm_service_config.group == 'root'
assert ferm_service_config.mode == 0o644
assert 'FAST=yes' in ferm_service_config.content
assert 'CACHE=no' in ferm_service_config.content
assert 'ENABLED="yes"' in ferm_service_config.content
def test_ferm_configuration_directory(File, Sudo):
"""
Tests creation of ferm configuration directory.
"""
with Sudo():
ferm_dir = File('/etc/ferm/conf.d')
assert ferm_dir.is_directory
assert ferm_dir.user == 'root'
assert ferm_dir.group == 'root'
assert ferm_dir.mode == 0o750
def test_ferm_configuration(File, Sudo):
"""
Tests deployment of basic ferm configuration files.
"""
with Sudo():
ferm_configuration = File('/etc/ferm/ferm.conf')
assert ferm_configuration.is_file
assert ferm_configuration.user == 'root'
assert ferm_configuration.group == 'root'
assert ferm_configuration.mode == 0o640
assert "@include '/etc/ferm/conf.d/';" in ferm_configuration.content
ferm_base = File('/etc/ferm/conf.d/00-base.conf')
assert ferm_base.is_file
assert ferm_base.user == 'root'
assert ferm_base.group == 'root'
assert ferm_base.mode == 0o640
def test_ferm_service(Service):
"""
Tests if ferm is started and enabled to start automatically on boot.
"""
ferm = Service('ferm')
assert ferm.is_running
assert ferm.is_enabled
def test_check_certificate_script(File):
check_certificate = File('/usr/local/bin/check_certificate.sh')
assert check_certificate.is_file
assert check_certificate.user == 'root'
assert check_certificate.group == 'root'
assert check_certificate.mode == 0o755
def test_check_certificate_directory(File):
check_certificate_dir = File('/etc/check_certificate')
assert check_certificate_dir.is_directory
assert check_certificate_dir.user == 'root'
assert check_certificate_dir.group == 'root'
assert check_certificate_dir.mode == 0o755
def test_check_certificate_crontab(File):
"""
Tests deployment of cron job for checking certificates.
"""
check_certificate_crontab = File('/etc/cron.d/check_certificate')
assert check_certificate_crontab.is_file
assert check_certificate_crontab.user == 'root'
assert check_certificate_crontab.group == 'root'
assert check_certificate_crontab.mode == 0o644
assert "0 0 * * * nobody /usr/local/bin/check_certificate.sh expiration" in check_certificate_crontab.content
def test_pipreqcheck_virtualenv(File, Sudo):
"""
Tests creation of Python virtual environment used for performing pip
requirements upgrade checks.
"""
with Sudo():
virtualenv_activate = File('/var/lib/pipreqcheck/virtualenv/bin/activate')
assert virtualenv_activate.is_file
assert virtualenv_activate.user == 'pipreqcheck'
assert virtualenv_activate.group == 'pipreqcheck'
assert virtualenv_activate.mode == 0o644
def test_pipreqcheck_directories(File, Sudo):
"""
Tests creation of directories used for storing configuration used by script
that performs pip requirements upgrade checks.
"""
with Sudo():
pipreqcheck_config_directory = File('/etc/pip_check_requirements_upgrades')
assert pipreqcheck_config_directory.is_directory
assert pipreqcheck_config_directory.user == 'root'
assert pipreqcheck_config_directory.group == 'pipreqcheck'
assert pipreqcheck_config_directory.mode == 0o750
pipreqcheck_config_directory_pipreqcheck = File('/etc/pip_check_requirements_upgrades/pipreqcheck')
assert pipreqcheck_config_directory_pipreqcheck.is_directory
assert pipreqcheck_config_directory_pipreqcheck.user == 'root'
assert pipreqcheck_config_directory_pipreqcheck.group == 'pipreqcheck'
assert pipreqcheck_config_directory_pipreqcheck.mode == 0o750
def test_pipreqcheck_requirements(File, Sudo):
"""
Tests deployment of requirements input and text file used for virtual
environment utilised by script that perform pip requirements upgrade checks.
"""
with Sudo():
requirements_in = File('/etc/pip_check_requirements_upgrades/pipreqcheck/requirements.in')
assert requirements_in.is_file
assert requirements_in.user == 'root'
assert requirements_in.group == 'pipreqcheck'
assert requirements_in.mode == 0o640
requirements_txt = File('/etc/pip_check_requirements_upgrades/pipreqcheck/requirements.txt')
requirements_txt.is_file
assert requirements_txt.user == 'root'
assert requirements_txt.group == 'pipreqcheck'
assert requirements_txt.mode == 0o640
def test_pipreqcheck_packages(PipPackage, Sudo):
"""
Tests if Python virtual environment used for running the pip requirements
upgrade checks has correct version of pip installed.
"""
with Sudo():
packages = PipPackage.get_packages(pip_path='/var/lib/pipreqcheck/virtualenv/bin/pip')
assert packages['pip']['version'].rsplit('.', 1)[0] == '9.0'
assert 'pip-tools' in packages
def test_pipreqcheck_script(File):
"""
Tests script used for performing pip requirements upgrade checks.
"""
pipreqcheck_script = File('/usr/local/bin/pip_check_requirements_upgrades.sh')
assert pipreqcheck_script.is_file
assert pipreqcheck_script.user == 'root'
assert pipreqcheck_script.group == 'root'
assert pipreqcheck_script.mode == 0o755
def test_pipreqcheck_crontab(File):
"""
Tests if crontab entry is set-up correctly for running the pip requirements
upgrade checks.
"""
crontab = File('/etc/cron.d/check_pip_requirements')
assert crontab.is_file
assert crontab.user == 'root'
assert crontab.group == 'root'
assert crontab.mode == 0o644
assert "MAILTO=root" in crontab.content
|