Files
@ 17cf34f73ca6
Branch filter:
Location: majic-ansible-roles/roles/backup_client/tests/test_parameters_mandatory.py
17cf34f73ca6
4.0 KiB
text/x-python
MAR-28: Implemented additional tests for mail_server role:
- Deploy a number of tools on clients in order to test SMTP, IMAP, and Sieve
services.
- Added one more user to LDAP directory for testing group restrictions.
- Deploy CA certificate on all testing machines for TLS validation purposes.
- Use different custom-configured cipher for mail server ciphers.
- Fixed invalid postmaster address for parameters-optional host.
- Deploy configuration files for use with Imap-CLI on client test machines.
- Updated testing of SMTP server to include checks for users that do not belong
to mail group.
- Extended some SMTP-related tests to cover both test servers.
- Some small fixes in SMTP-related tests for expected output from commands.
- Implemented tests covering Dovecot (IMAP + Sieve) functionality.
- Implemented tests for running/enabled services.
- Implemented tests for ClamAV.
- Implemented tests for firewall and connectivity.
- Implemented tests for Postfix TLS configuration.
- TODO: Tests for Sieve TLS configuration have not been written yet due to
limitation of available tools.
- Deploy a number of tools on clients in order to test SMTP, IMAP, and Sieve
services.
- Added one more user to LDAP directory for testing group restrictions.
- Deploy CA certificate on all testing machines for TLS validation purposes.
- Use different custom-configured cipher for mail server ciphers.
- Fixed invalid postmaster address for parameters-optional host.
- Deploy configuration files for use with Imap-CLI on client test machines.
- Updated testing of SMTP server to include checks for users that do not belong
to mail group.
- Extended some SMTP-related tests to cover both test servers.
- Some small fixes in SMTP-related tests for expected output from commands.
- Implemented tests covering Dovecot (IMAP + Sieve) functionality.
- Implemented tests for running/enabled services.
- Implemented tests for ClamAV.
- Implemented tests for firewall and connectivity.
- Implemented tests for Postfix TLS configuration.
- TODO: Tests for Sieve TLS configuration have not been written yet due to
limitation of available tools.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 | import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
'.molecule/ansible_inventory').get_hosts('parameters-mandatory')
def test_gnupg_private_keys_file_content(File, Sudo):
"""
Tests if correct GnuPG private key used for encryption and signing has been
deployed.
"""
with Sudo():
gnupg_private_keys = File('/etc/duply/main/private_keys.asc')
assert gnupg_private_keys.content == open('tests/data/gnupg/parameters-mandatory.asc', 'r').read().strip()
def test_gnupg_public_keys_file_content(File, Sudo):
"""
Tests if no additional public GnuPG keys have been deployed (should be
default without optional parameters).
"""
with Sudo():
gnupg_public_keys = File('/etc/duply/main/public_keys.asc')
assert gnupg_public_keys.content == ""
def test_backup_ssh_key_file_content(File, Sudo):
"""
Tests if correct key has been deployed for SSH client authentication.
"""
with Sudo():
ssh_key = File('/etc/duply/main/ssh/identity')
assert ssh_key.content == open('tests/data/ssh/parameters-mandatory', 'r').read().strip()
def test_known_hosts_content(File, Sudo):
"""
Tests if known hosts file has been set-up with correct content.
"""
with Sudo():
known_hosts = File('/etc/duply/main/ssh/known_hosts')
assert known_hosts.content == open('tests/data/ssh/parameters-mandatory-known_hosts', 'r').read().rstrip()
def test_duply_configuration_content(Ansible, File, Sudo):
"""
Tests if duply configuration has been set-up correctly.
"""
with Sudo():
ansible_facts = Ansible("setup")["ansible_facts"]
duply_configuration = File('/etc/duply/main/conf')
if ansible_facts['ansible_distribution_release'] == 'jessie':
assert "GPG_KEYS_ENC='1A129C54'" in duply_configuration.content
assert "GPG_KEY_SIGN='1A129C54'" in duply_configuration.content
assert "TARGET='sftp://bak-parameters-mandatory@10.31.127.10:2222//duplicity'" in duply_configuration.content
assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-backend pexpect --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \
"-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content
elif ansible_facts['ansible_distribution_release'] == 'stretch':
assert "GPG_KEYS_ENC='59C26F031A129C54'" in duply_configuration.content
assert "GPG_KEY_SIGN='59C26F031A129C54'" in duply_configuration.content
assert "TARGET='pexpect+sftp://bak-parameters-mandatory@10.31.127.10:2222//duplicity'" in duply_configuration.content
assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \
"-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content
else:
raise Exception("Failed to execute content check for: %s" % ansible_facts['ansible_distribution_release'])
def test_duply_gnupg_keyring_private_keys(Ansible, Command, Sudo):
"""
Tests if private key used for encryption/signing has been correctly
imporeted into Duply GnuPG keyring.
"""
with Sudo():
ansible_facts = Ansible("setup")["ansible_facts"]
if ansible_facts['ansible_distribution_release'] == 'jessie':
gpg_binary = 'gpg2'
key_offset = 8
elif ansible_facts['ansible_distribution_release'] == 'stretch':
gpg_binary = 'gpg'
key_offset = 8
else:
raise Exception("Failed to execute check for distribution release: %s" % ansible_facts['ansible_distribution_release'])
private_key_listing = Command('%s --homedir /etc/duply/main/gnupg --list-public-keys' % gpg_binary)
assert private_key_listing.rc == 0
assert '59C26F031A129C54'[key_offset:] in private_key_listing.stdout
|