Files
@ 0c2178fd95a5
Branch filter:
Location: majic-ansible-roles/roles/common/tests/test_parameters_mandatory.py
0c2178fd95a5
3.9 KiB
text/x-python
MAR-25: Implemented tests for ldap_client role:
- Added Molecule configuration.
- Added test playbook.
- Fixed issue with mode not including leading zero.
- Implemented a couple of simple tests.
- Added Molecule configuration.
- Added test playbook.
- Fixed issue with mode not including leading zero.
- Implemented a couple of simple tests.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 | import socket
import paramiko
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
'.molecule/ansible_inventory').get_hosts('parameters-mandatory')
def test_apt_proxy(File):
"""
Tests if proxy configuration for apt is missing.
"""
assert not File('/etc/apt/apt.conf.d/00proxy').exists
def test_bash_prompt_content(File):
"""
Tests if bash prompt configuration file has not colouring and ID information
contained within.
"""
bash_prompt = File('/etc/profile.d/bash_prompt.sh')
assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\[\\033[0m\\]\\u@\\h:\\w\\$ \\[\\033[0m\\]'" in bash_prompt.content
assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\u@\\h:\\w\\$ '" in bash_prompt.content
def test_ssh_login_mechanisms():
"""
Tests available SSH login mechanisms (should be just public key).
"""
sock = socket.socket()
sock.connect(('10.31.127.3', 22))
transport = paramiko.transport.Transport(sock)
transport.connect()
try:
transport.auth_none('')
except paramiko.transport.BadAuthenticationType, err:
assert err.allowed_types == ['publickey']
def test_mariadb_mysql_config_symlink(File, Sudo):
"""
Tests if symbolic link has been set-up for mariadb_config binary to be
accessible as mysql_config as well. (should not be present with just
mandatory options set).
"""
mysql_config = File('/usr/bin/mysql_config')
assert not mysql_config.exists
def test_emacs_electric_indent_mode(File):
"""
Tests if Emacs electric indent mode has been disabled via custom
configuration file. With just mandatory options set, the file should not be
present.
"""
emacs_config = File('/etc/emacs/site-start.d/01disable-electric-indent-mode')
assert not emacs_config.exists
def test_ferm_base_rules(Command, File, Sudo):
"""
Test if base ferm configuration has been deployed correctly (content-wise).
"""
with Sudo():
ferm_base = File('/etc/ferm/conf.d/00-base.conf')
assert "mod hashlimit hashlimit 3/second hashlimit-burst 9" in ferm_base.content
iptables = Command('iptables-save')
assert iptables.rc == 0
assert "-A flood -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
"--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
assert "-A flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
"--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
ip6tables = Command('ip6tables-save')
assert ip6tables.rc == 0
assert "-A flood -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
"--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
assert "-A flood -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
"--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in ip6tables.stdout
def test_pipreqcheck_virtualenv_user(Group, User):
"""
Tests if user/group for running the pip requirements upgrade checks have
been created correctly.
"""
group = Group('pipreqcheck')
assert group.exists
assert group.gid == 1001
user = User('pipreqcheck')
assert user.exists
assert user.home == '/var/lib/pipreqcheck'
assert user.uid == 1001
assert user.group == 'pipreqcheck'
assert user.groups == ['pipreqcheck']
def test_backup_configuration_absent(File, Sudo):
"""
Tests if backup configuration is absent. This should be the case when only
mandatory parameters are provided.
"""
with Sudo():
assert not File('/etc/duply/main/patterns/common').exists
|