Files @ 2381ba93d089
Branch filter:

Location: majic-ansible-roles/roles/common/molecule/default/tests/test_default.py

branko
MAR-148: Better workaround for https://github.com/ansible/ansible/issues/64560 (override the module_utils/mysql.py instead of the module itself).
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
import os

import testinfra.utils.ansible_runner

import pytest


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*')


def test_pam_umask(host):
    """
    Tests configuration of PAM umask module.
    """

    pam_auth_update_config = host.file('/usr/share/pam-configs/umask')
    assert pam_auth_update_config.exists
    assert pam_auth_update_config.user == 'root'
    assert pam_auth_update_config.group == 'root'
    assert pam_auth_update_config.mode == 0o644

    assert host.file('/etc/pam.d/common-session').contains(r'session[[:blank:]]\+required[[:blank:]]\+pam_umask.so')
    assert host.file('/etc/pam.d/common-session-noninteractive').contains(r'session[[:blank:]]\+required[[:blank:]]\+pam_umask.so')


def test_login_umask(host):
    """
    Tests set-up of default UMASK via /etc/login.defs.
    """

    assert host.file('/etc/login.defs').contains(r'UMASK[[:blank:]]\+027')


def test_adduser_umask(host):
    """
    Tests UMASK configuration used for creating user home directory.
    """

    assert host.file('/etc/adduser.conf').contains('DIR_MODE=0750')


def test_bash_prompt(host):
    """
    Tests file permissions on custom bash prompt configuration.
    """

    bash_prompt = host.file('/etc/profile.d/bash_prompt.sh')

    assert bash_prompt.exists
    assert bash_prompt.user == 'root'
    assert bash_prompt.group == 'root'
    assert bash_prompt.mode == 0o644


def test_home_profile_d(host):
    """
    Tests deployment of special profile file used for enabling profile.d-like
    capability in user's home directory.
    """

    home_profile_d = host.file('/etc/profile.d/z99-user_profile_d.sh')

    assert home_profile_d.is_file
    assert home_profile_d.user == 'root'
    assert home_profile_d.group == 'root'
    assert home_profile_d.mode == 0o644


def test_home_skeleton_bashrc(host):
    """
    Tests deployment of home directory skeleton bashrc.
    """

    bashrc = host.file('/etc/skel/.bashrc')

    assert bashrc.is_file
    assert bashrc.user == 'root'
    assert bashrc.group == 'root'
    assert bashrc.mode == 0o644
    assert bashrc.sha256sum == '4f946fb387a413c8d7633787d8e8a7785c256d77f7c6a692822ffdb439c78277'


def test_default_bashrc(host):
    """
    Tests deployment of default bashrc file.
    """

    bashrc = host.file('/etc/bash.bashrc')

    assert bashrc.is_file
    assert bashrc.user == 'root'
    assert bashrc.group == 'root'
    assert bashrc.mode == 0o644


def test_root_bashrc(host):
    """
    Tests overwriting of root's bashrc configuration with default one.
    """

    with host.sudo():
        bashrc = host.file('/root/.bashrc')

        assert bashrc.is_file
        assert bashrc.user == 'root'
        assert bashrc.group == 'root'
        assert bashrc.mode == 0o640
        assert bashrc.sha256sum == '4f946fb387a413c8d7633787d8e8a7785c256d77f7c6a692822ffdb439c78277'


def test_installed_packages(host):
    """
    Tests installation of required packages.
    """

    assert host.package('sudo').is_installed
    assert host.package('ssl-cert').is_installed
    assert host.package('rcconf').is_installed
    assert host.package('ferm').is_installed
    assert host.package('apticron').is_installed
    assert host.package('python-setuptools').is_installed
    assert host.package('python3-setuptools').is_installed
    assert host.package('virtualenv').is_installed


def test_root_remote_login_disabled(host):
    """
    Tests if SSH server has been configured to prevent remote root logins.
    """

    assert 'PermitRootLogin no' in host.file('/etc/ssh/sshd_config').content


def test_remote_login_via_password_disabled(host):
    """
    Tests if SSH server has been configured to disable password-based
    authentication.
    """

    assert 'PasswordAuthentication no' in host.file('/etc/ssh/sshd_config').content


def test_ferm_service_configuration(host):

    ferm_service_config = host.file('/etc/default/ferm')

    assert ferm_service_config.is_file
    assert ferm_service_config.user == 'root'
    assert ferm_service_config.group == 'root'
    assert ferm_service_config.mode == 0o644
    assert 'FAST=yes' in ferm_service_config.content
    assert 'CACHE=no' in ferm_service_config.content
    assert 'ENABLED="yes"' in ferm_service_config.content


def test_ferm_configuration_directory(host):
    """
    Tests creation of ferm configuration directory.
    """

    with host.sudo():
        ferm_dir = host.file('/etc/ferm/conf.d')

        assert ferm_dir.is_directory
        assert ferm_dir.user == 'root'
        assert ferm_dir.group == 'root'
        assert ferm_dir.mode == 0o750


def test_ferm_configuration(host):
    """
    Tests deployment of basic ferm configuration files.
    """

    with host.sudo():

        ferm_configuration = host.file('/etc/ferm/ferm.conf')
        assert ferm_configuration.is_file
        assert ferm_configuration.user == 'root'
        assert ferm_configuration.group == 'root'
        assert ferm_configuration.mode == 0o640
        assert "@include '/etc/ferm/conf.d/';" in ferm_configuration.content

        ferm_base = host.file('/etc/ferm/conf.d/00-base.conf')
        assert ferm_base.is_file
        assert ferm_base.user == 'root'
        assert ferm_base.group == 'root'
        assert ferm_base.mode == 0o640


def test_ferm_service(host):
    """
    Tests if ferm is started and enabled to start automatically on boot.
    """

    ferm = host.service('ferm')

    assert ferm.is_running
    assert ferm.is_enabled


def test_check_certificate_script(host):

    check_certificate = host.file('/usr/local/bin/check_certificate.sh')

    assert check_certificate.is_file
    assert check_certificate.user == 'root'
    assert check_certificate.group == 'root'
    assert check_certificate.mode == 0o755


def test_check_certificate_directory(host):

    check_certificate_dir = host.file('/etc/check_certificate')

    assert check_certificate_dir.is_directory
    assert check_certificate_dir.user == 'root'
    assert check_certificate_dir.group == 'root'
    assert check_certificate_dir.mode == 0o755


def test_check_certificate_crontab(host):
    """
    Tests deployment of cron job for checking certificates.
    """

    check_certificate_crontab = host.file('/etc/cron.d/check_certificate')

    assert check_certificate_crontab.is_file
    assert check_certificate_crontab.user == 'root'
    assert check_certificate_crontab.group == 'root'
    assert check_certificate_crontab.mode == 0o644
    assert "0 0 * * * nobody /usr/local/bin/check_certificate.sh -q expiration" in check_certificate_crontab.content


@pytest.mark.parametrize('virtualenv_activate_path', [
    '/var/lib/pipreqcheck/virtualenv/bin/activate',
    '/var/lib/pipreqcheck/virtualenv-py3/bin/activate',
])
def test_pipreqcheck_virtualenv(host, virtualenv_activate_path):
    """
    Tests creation of Python virtual environment used for performing pip
    requirements upgrade checks.
    """

    with host.sudo():
        virtualenv_activate = host.file(virtualenv_activate_path)

        assert virtualenv_activate.is_file
        assert virtualenv_activate.user == 'pipreqcheck'
        assert virtualenv_activate.group == 'pipreqcheck'
        assert virtualenv_activate.mode == 0o644


@pytest.mark.parametrize('config_dir', [
    '/etc/pip_check_requirements_upgrades',
    '/etc/pip_check_requirements_upgrades-py3',
])
def test_pipreqcheck_directories(host, config_dir):
    """
    Tests creation of directories used for storing configuration used by script
    that performs pip requirements upgrade checks.
    """

    with host.sudo():
        pipreqcheck_config_directory = host.file(config_dir)
        assert pipreqcheck_config_directory.is_directory
        assert pipreqcheck_config_directory.user == 'root'
        assert pipreqcheck_config_directory.group == 'pipreqcheck'
        assert pipreqcheck_config_directory.mode == 0o750

        pipreqcheck_config_directory_pipreqcheck = host.file(os.path.join(config_dir, 'pipreqcheck'))
        assert pipreqcheck_config_directory_pipreqcheck.is_directory
        assert pipreqcheck_config_directory_pipreqcheck.user == 'root'
        assert pipreqcheck_config_directory_pipreqcheck.group == 'pipreqcheck'
        assert pipreqcheck_config_directory_pipreqcheck.mode == 0o750


@pytest.mark.parametrize('requirements_in_path, requirements_txt_path', [
    ('/etc/pip_check_requirements_upgrades/pipreqcheck/requirements.in',
     '/etc/pip_check_requirements_upgrades/pipreqcheck/requirements.txt'),
    ('/etc/pip_check_requirements_upgrades-py3/pipreqcheck/requirements.in',
     '/etc/pip_check_requirements_upgrades-py3/pipreqcheck/requirements.txt'),
])
def test_pipreqcheck_requirements(host, requirements_in_path, requirements_txt_path):
    """
    Tests deployment of requirements input and text file used for virtual
    environment utilised by script that perform pip requirements upgrade checks.
    """

    with host.sudo():
        requirements_in = host.file(requirements_in_path)
        assert requirements_in.is_file
        assert requirements_in.user == 'root'
        assert requirements_in.group == 'pipreqcheck'
        assert requirements_in.mode == 0o640

        requirements_txt = host.file(requirements_txt_path)
        requirements_txt.is_file
        assert requirements_txt.user == 'root'
        assert requirements_txt.group == 'pipreqcheck'
        assert requirements_txt.mode == 0o640


@pytest.mark.parametrize("pip_path, expected_packages",  [
    ('/var/lib/pipreqcheck/virtualenv/bin/pip', [
        "Click==7.0",
        "pip==19.2.3",
        "pip-tools==4.0.0",
        "setuptools==41.2.0",
        "six==1.12.0",
        "wheel==0.33.6",
    ]),
    ('/var/lib/pipreqcheck/virtualenv-py3/bin/pip', [
        "Click==7.0",
        "pip==19.1.1",
        "pip-tools==3.9.0",
        "setuptools==41.2.0",
        "six==1.12.0",
        "wheel==0.33.6",
    ]),
])
def test_pipreqcheck_virtualenv_packages(host, pip_path, expected_packages):
    """
    Tests if correct packages are installed in virtualenv used for pip
    requirements checks..
    """

    packages = host.run("sudo -u %s %s freeze --all" % ('pipreqcheck', pip_path))

    # Normalise package names and order.
    expected_packages = sorted([unicode(p.lower()) for p in expected_packages])
    actual_packages = sorted(packages.stdout.lower().strip().split("\n"))

    # This is a dummy distro-provided package ignored by the pip-tools.
    if "pkg-resources==0.0.0" in actual_packages:
        actual_packages.remove("pkg-resources==0.0.0")

    assert actual_packages == expected_packages


def test_pipreqcheck_script(host):
    """
    Tests script used for performing pip requirements upgrade checks.
    """

    pipreqcheck_script = host.file('/usr/local/bin/pip_check_requirements_upgrades.sh')

    assert pipreqcheck_script.is_file
    assert pipreqcheck_script.user == 'root'
    assert pipreqcheck_script.group == 'root'
    assert pipreqcheck_script.mode == 0o755


@pytest.mark.parametrize('crontab_path, virtualenv_path', [
    ('/etc/cron.d/check_pip_requirements', '/var/lib/pipreqcheck/virtualenv'),
    ('/etc/cron.d/check_pip_requirements-py3', '/var/lib/pipreqcheck/virtualenv-py3'),
])
def test_pipreqcheck_crontab(host, crontab_path, virtualenv_path):
    """
    Tests if crontab entry is set-up correctly for running the pip requirements
    upgrade checks.
    """

    crontab = host.file(crontab_path)

    assert crontab.is_file
    assert crontab.user == 'root'
    assert crontab.group == 'root'
    assert crontab.mode == 0o644
    assert "MAILTO=root" in crontab.content
    assert virtualenv_path in crontab.content.split(" ")


@pytest.mark.parametrize('python_path, expected_major_version', [
    ('/var/lib/pipreqcheck/virtualenv/bin/python', '2'),
    ('/var/lib/pipreqcheck/virtualenv-py3/bin/python', '3'),
])
def test_pipreqcheck_virtualenv_python_version(host, python_path, expected_major_version):
    """
    Tests if Python virtual environment for pipreqcheck has been
    set-up correctly.
    """

    with host.sudo('pipreqcheck'):
        major_version = host.run("%s -c %s", python_path, "import sys; print(sys.version_info.major)")

    assert major_version.rc == 0
    assert major_version.stdout.strip() == expected_major_version


@pytest.mark.parametrize('wrong_python_path', [
    '/var/lib/pipreqcheck/virtualenv/bin/python3',
    '/var/lib/pipreqcheck/virtualenv-py3/bin/python2',
])
def test_pipreqcheck_virtualenv_wrong_python_version_not_present(host, wrong_python_path):
    """
    Tests if wrong version of Python 2 is absent or not.
    """

    with host.sudo():
        wrong_python_path_file = host.file(wrong_python_path)

        assert not wrong_python_path_file.exists