Files @ 0c2178fd95a5
Branch filter:

Location: majic-ansible-roles/roles/common/tests/test_default.py

branko
MAR-25: Implemented tests for ldap_client role:

- Added Molecule configuration.
- Added test playbook.
- Fixed issue with mode not including leading zero.
- Implemented a couple of simple tests.
import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    '.molecule/ansible_inventory').get_hosts('all')
testinfra_hosts.remove("helper")


def test_pam_umask(File):
    """
    Tests configuration of PAM umask module.
    """

    pam_auth_update_config = File('/usr/share/pam-configs/umask')
    assert pam_auth_update_config.exists
    assert pam_auth_update_config.user == 'root'
    assert pam_auth_update_config.group == 'root'
    assert pam_auth_update_config.mode == 0o644

    assert File('/etc/pam.d/common-session').contains('session[[:blank:]]\+required[[:blank:]]\+pam_umask.so')
    assert File('/etc/pam.d/common-session-noninteractive').contains('session[[:blank:]]\+required[[:blank:]]\+pam_umask.so')


def test_login_umask(File):
    """
    Tests set-up of default UMASK via /etc/login.defs.
    """

    assert File('/etc/login.defs').contains('UMASK[[:blank:]]\+027')


def test_adduser_umask(File):
    """
    Tests UMASK configuration used for creating user home directory.
    """

    assert File('/etc/adduser.conf').contains('DIR_MODE=0750')


def test_bash_prompt(File):
    """
    Tests file permissions on custom bash prompt configuration.
    """

    bash_prompt = File('/etc/profile.d/bash_prompt.sh')

    assert bash_prompt.exists
    assert bash_prompt.user == 'root'
    assert bash_prompt.group == 'root'
    assert bash_prompt.mode == 0o644


def test_home_profile_d(File):
    """
    Tests deployment of special profile file used for enabling profile.d-like
    capability in user's home directory.
    """

    home_profile_d = File('/etc/profile.d/z99-user_profile_d.sh')

    assert home_profile_d.is_file
    assert home_profile_d.user == 'root'
    assert home_profile_d.group == 'root'
    assert home_profile_d.mode == 0o644


def test_home_skeleton_bashrc(File):
    """
    Tests deployment of home directory skeleton bashrc.
    """

    bashrc = File('/etc/skel/.bashrc')

    assert bashrc.is_file
    assert bashrc.user == 'root'
    assert bashrc.group == 'root'
    assert bashrc.mode == 0o644
    assert bashrc.sha256sum == '4f946fb387a413c8d7633787d8e8a7785c256d77f7c6a692822ffdb439c78277'


def test_default_bashrc(File):
    """
    Tests deployment of default bashrc file.
    """

    bashrc = File('/etc/bash.bashrc')

    assert bashrc.is_file
    assert bashrc.user == 'root'
    assert bashrc.group == 'root'
    assert bashrc.mode == 0o644


def test_root_bashrc(File, Sudo):
    """
    Tests overwriting of root's bashrc configuration with default one.
    """

    with Sudo():
        bashrc = File('/root/.bashrc')

        assert bashrc.is_file
        assert bashrc.user == 'root'
        assert bashrc.group == 'root'
        assert bashrc.mode == 0o640
        assert bashrc.sha256sum == '4f946fb387a413c8d7633787d8e8a7785c256d77f7c6a692822ffdb439c78277'


def test_installed_packages(Package):
    """
    Tests installation of required packages.
    """

    assert Package('sudo').is_installed
    assert Package('ssl-cert').is_installed
    assert Package('rcconf').is_installed
    assert Package('ferm').is_installed
    assert Package('apticron').is_installed
    assert Package('virtualenv').is_installed


def test_root_remote_login_disabled(File):
    """
    Tests if SSH server has been configured to prevent remote root logins.
    """

    assert 'PermitRootLogin no' in File('/etc/ssh/sshd_config').content


def test_remote_login_via_password_disabled(File):
    """
    Tests if SSH server has been configured to disable password-based
    authentication.
    """

    assert 'PasswordAuthentication no' in File('/etc/ssh/sshd_config').content


def test_ferm_service_configuration(File):

    ferm_service_config = File('/etc/default/ferm')

    assert ferm_service_config.is_file
    assert ferm_service_config.user == 'root'
    assert ferm_service_config.group == 'root'
    assert ferm_service_config.mode == 0o644
    assert 'FAST=yes' in ferm_service_config.content
    assert 'CACHE=no' in ferm_service_config.content
    assert 'ENABLED="yes"' in ferm_service_config.content


def test_ferm_configuration_directory(File, Sudo):
    """
    Tests creation of ferm configuration directory.
    """

    with Sudo():
        ferm_dir = File('/etc/ferm/conf.d')

        assert ferm_dir.is_directory
        assert ferm_dir.user == 'root'
        assert ferm_dir.group == 'root'
        assert ferm_dir.mode == 0o750


def test_ferm_configuration(File, Sudo):
    """
    Tests deployment of basic ferm configuration files.
    """

    with Sudo():

        ferm_configuration = File('/etc/ferm/ferm.conf')
        assert ferm_configuration.is_file
        assert ferm_configuration.user == 'root'
        assert ferm_configuration.group == 'root'
        assert ferm_configuration.mode == 0o640
        assert "@include '/etc/ferm/conf.d/';" in ferm_configuration.content

        ferm_base = File('/etc/ferm/conf.d/00-base.conf')
        assert ferm_base.is_file
        assert ferm_base.user == 'root'
        assert ferm_base.group == 'root'
        assert ferm_base.mode == 0o640


def test_ferm_service(Service):
    """
    Tests if ferm is started and enabled to start automatically on boot.
    """

    ferm = Service('ferm')

    assert ferm.is_running
    assert ferm.is_enabled


def test_check_certificate_script(File):

    check_certificate = File('/usr/local/bin/check_certificate.sh')

    assert check_certificate.is_file
    assert check_certificate.user == 'root'
    assert check_certificate.group == 'root'
    assert check_certificate.mode == 0o755


def test_check_certificate_directory(File):

    check_certificate_dir = File('/etc/check_certificate')

    assert check_certificate_dir.is_directory
    assert check_certificate_dir.user == 'root'
    assert check_certificate_dir.group == 'root'
    assert check_certificate_dir.mode == 0o755


def test_check_certificate_crontab(File):
    """
    Tests deployment of cron job for checking certificates.
    """

    check_certificate_crontab = File('/etc/cron.d/check_certificate')

    assert check_certificate_crontab.is_file
    assert check_certificate_crontab.user == 'root'
    assert check_certificate_crontab.group == 'root'
    assert check_certificate_crontab.mode == 0o644
    assert "0 0 * * * nobody /usr/local/bin/check_certificate.sh expiration" in check_certificate_crontab.content


def test_pipreqcheck_virtualenv(File, Sudo):
    """
    Tests creation of Python virtual environment used for performing pip
    requirements upgrade checks.
    """

    with Sudo():
        virtualenv_activate = File('/var/lib/pipreqcheck/virtualenv/bin/activate')

        assert virtualenv_activate.is_file
        assert virtualenv_activate.user == 'pipreqcheck'
        assert virtualenv_activate.group == 'pipreqcheck'
        assert virtualenv_activate.mode == 0o644


def test_pipreqcheck_directories(File, Sudo):
    """
    Tests creation of directories used for storing configuration used by script
    that performs pip requirements upgrade checks.
    """

    with Sudo():
        pipreqcheck_config_directory = File('/etc/pip_check_requirements_upgrades')
        assert pipreqcheck_config_directory.is_directory
        assert pipreqcheck_config_directory.user == 'root'
        assert pipreqcheck_config_directory.group == 'pipreqcheck'
        assert pipreqcheck_config_directory.mode == 0o750

        pipreqcheck_config_directory_pipreqcheck = File('/etc/pip_check_requirements_upgrades/pipreqcheck')
        assert pipreqcheck_config_directory_pipreqcheck.is_directory
        assert pipreqcheck_config_directory_pipreqcheck.user == 'root'
        assert pipreqcheck_config_directory_pipreqcheck.group == 'pipreqcheck'
        assert pipreqcheck_config_directory_pipreqcheck.mode == 0o750


def test_pipreqcheck_requirements(File, Sudo):
    """
    Tests deployment of requirements input and text file used for virtual
    environment utilised by script that perform pip requirements upgrade checks.
    """

    with Sudo():
        requirements_in = File('/etc/pip_check_requirements_upgrades/pipreqcheck/requirements.in')
        assert requirements_in.is_file
        assert requirements_in.user == 'root'
        assert requirements_in.group == 'pipreqcheck'
        assert requirements_in.mode == 0o640

        requirements_txt = File('/etc/pip_check_requirements_upgrades/pipreqcheck/requirements.txt')
        requirements_txt.is_file
        assert requirements_txt.user == 'root'
        assert requirements_txt.group == 'pipreqcheck'
        assert requirements_txt.mode == 0o640


def test_pipreqcheck_packages(PipPackage, Sudo):
    """
    Tests if Python virtual environment used for running the pip requirements
    upgrade checks has correct version of pip installed.
    """

    with Sudo():
        packages = PipPackage.get_packages(pip_path='/var/lib/pipreqcheck/virtualenv/bin/pip')

        assert packages['pip']['version'].rsplit('.', 1)[0] == '9.0'
        assert 'pip-tools' in packages


def test_pipreqcheck_script(File):
    """
    Tests script used for performing pip requirements upgrade checks.
    """

    pipreqcheck_script = File('/usr/local/bin/pip_check_requirements_upgrades.sh')

    assert pipreqcheck_script.is_file
    assert pipreqcheck_script.user == 'root'
    assert pipreqcheck_script.group == 'root'
    assert pipreqcheck_script.mode == 0o755


def test_pipreqcheck_crontab(File):
    """
    Tests if crontab entry is set-up correctly for running the pip requirements
    upgrade checks.
    """

    crontab = File('/etc/cron.d/check_pip_requirements')

    assert crontab.is_file
    assert crontab.user == 'root'
    assert crontab.group == 'root'
    assert crontab.mode == 0o644
    assert "MAILTO=root" in crontab.content