Files @ 17cf34f73ca6
Branch filter:

Location: majic-ansible-roles/roles/backup_client/tests/test_parameters_mandatory.py

17cf34f73ca6 4.0 KiB text/x-python Show Annotation Show as Raw Download as Raw
branko
MAR-28: Implemented additional tests for mail_server role:

- Deploy a number of tools on clients in order to test SMTP, IMAP, and Sieve
services.
- Added one more user to LDAP directory for testing group restrictions.
- Deploy CA certificate on all testing machines for TLS validation purposes.
- Use different custom-configured cipher for mail server ciphers.
- Fixed invalid postmaster address for parameters-optional host.
- Deploy configuration files for use with Imap-CLI on client test machines.
- Updated testing of SMTP server to include checks for users that do not belong
to mail group.
- Extended some SMTP-related tests to cover both test servers.
- Some small fixes in SMTP-related tests for expected output from commands.
- Implemented tests covering Dovecot (IMAP + Sieve) functionality.
- Implemented tests for running/enabled services.
- Implemented tests for ClamAV.
- Implemented tests for firewall and connectivity.
- Implemented tests for Postfix TLS configuration.
- TODO: Tests for Sieve TLS configuration have not been written yet due to
limitation of available tools.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    '.molecule/ansible_inventory').get_hosts('parameters-mandatory')


def test_gnupg_private_keys_file_content(File, Sudo):
    """
    Tests if correct GnuPG private key used for encryption and signing has been
    deployed.
    """

    with Sudo():
        gnupg_private_keys = File('/etc/duply/main/private_keys.asc')

        assert gnupg_private_keys.content == open('tests/data/gnupg/parameters-mandatory.asc', 'r').read().strip()


def test_gnupg_public_keys_file_content(File, Sudo):
    """
    Tests if no additional public GnuPG keys have been deployed (should be
    default without optional parameters).
    """

    with Sudo():
        gnupg_public_keys = File('/etc/duply/main/public_keys.asc')

        assert gnupg_public_keys.content == ""


def test_backup_ssh_key_file_content(File, Sudo):
    """
    Tests if correct key has been deployed for SSH client authentication.
    """

    with Sudo():

        ssh_key = File('/etc/duply/main/ssh/identity')

        assert ssh_key.content == open('tests/data/ssh/parameters-mandatory', 'r').read().strip()


def test_known_hosts_content(File, Sudo):
    """
    Tests if known hosts file has been set-up with correct content.
    """

    with Sudo():

        known_hosts = File('/etc/duply/main/ssh/known_hosts')

        assert known_hosts.content == open('tests/data/ssh/parameters-mandatory-known_hosts', 'r').read().rstrip()


def test_duply_configuration_content(Ansible, File, Sudo):
    """
    Tests if duply configuration has been set-up correctly.
    """

    with Sudo():

        ansible_facts = Ansible("setup")["ansible_facts"]

        duply_configuration = File('/etc/duply/main/conf')

        if ansible_facts['ansible_distribution_release'] == 'jessie':
            assert "GPG_KEYS_ENC='1A129C54'" in duply_configuration.content
            assert "GPG_KEY_SIGN='1A129C54'" in duply_configuration.content
            assert "TARGET='sftp://bak-parameters-mandatory@10.31.127.10:2222//duplicity'" in duply_configuration.content
            assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-backend pexpect --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \
                "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content

        elif ansible_facts['ansible_distribution_release'] == 'stretch':
            assert "GPG_KEYS_ENC='59C26F031A129C54'" in duply_configuration.content
            assert "GPG_KEY_SIGN='59C26F031A129C54'" in duply_configuration.content
            assert "TARGET='pexpect+sftp://bak-parameters-mandatory@10.31.127.10:2222//duplicity'" in duply_configuration.content
            assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \
                "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content
        else:
            raise Exception("Failed to execute content check for: %s" % ansible_facts['ansible_distribution_release'])


def test_duply_gnupg_keyring_private_keys(Ansible, Command, Sudo):
    """
    Tests if private key used for encryption/signing has been correctly
    imporeted into Duply GnuPG keyring.
    """

    with Sudo():
        ansible_facts = Ansible("setup")["ansible_facts"]

        if ansible_facts['ansible_distribution_release'] == 'jessie':
            gpg_binary = 'gpg2'
            key_offset = 8
        elif ansible_facts['ansible_distribution_release'] == 'stretch':
            gpg_binary = 'gpg'
            key_offset = 8
        else:
            raise Exception("Failed to execute check for distribution release: %s" % ansible_facts['ansible_distribution_release'])

        private_key_listing = Command('%s --homedir /etc/duply/main/gnupg --list-public-keys' % gpg_binary)

        assert private_key_listing.rc == 0
        assert '59C26F031A129C54'[key_offset:] in private_key_listing.stdout
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.