Files
@ 2381ba93d089
Branch filter:
Location: majic-ansible-roles/roles/common/molecule/default/tests/test_default.py
2381ba93d089
12.6 KiB
text/x-python
MAR-148: Better workaround for https://github.com/ansible/ansible/issues/64560 (override the module_utils/mysql.py instead of the module itself).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 | import os
import testinfra.utils.ansible_runner
import pytest
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*')
def test_pam_umask(host):
"""
Tests configuration of PAM umask module.
"""
pam_auth_update_config = host.file('/usr/share/pam-configs/umask')
assert pam_auth_update_config.exists
assert pam_auth_update_config.user == 'root'
assert pam_auth_update_config.group == 'root'
assert pam_auth_update_config.mode == 0o644
assert host.file('/etc/pam.d/common-session').contains(r'session[[:blank:]]\+required[[:blank:]]\+pam_umask.so')
assert host.file('/etc/pam.d/common-session-noninteractive').contains(r'session[[:blank:]]\+required[[:blank:]]\+pam_umask.so')
def test_login_umask(host):
"""
Tests set-up of default UMASK via /etc/login.defs.
"""
assert host.file('/etc/login.defs').contains(r'UMASK[[:blank:]]\+027')
def test_adduser_umask(host):
"""
Tests UMASK configuration used for creating user home directory.
"""
assert host.file('/etc/adduser.conf').contains('DIR_MODE=0750')
def test_bash_prompt(host):
"""
Tests file permissions on custom bash prompt configuration.
"""
bash_prompt = host.file('/etc/profile.d/bash_prompt.sh')
assert bash_prompt.exists
assert bash_prompt.user == 'root'
assert bash_prompt.group == 'root'
assert bash_prompt.mode == 0o644
def test_home_profile_d(host):
"""
Tests deployment of special profile file used for enabling profile.d-like
capability in user's home directory.
"""
home_profile_d = host.file('/etc/profile.d/z99-user_profile_d.sh')
assert home_profile_d.is_file
assert home_profile_d.user == 'root'
assert home_profile_d.group == 'root'
assert home_profile_d.mode == 0o644
def test_home_skeleton_bashrc(host):
"""
Tests deployment of home directory skeleton bashrc.
"""
bashrc = host.file('/etc/skel/.bashrc')
assert bashrc.is_file
assert bashrc.user == 'root'
assert bashrc.group == 'root'
assert bashrc.mode == 0o644
assert bashrc.sha256sum == '4f946fb387a413c8d7633787d8e8a7785c256d77f7c6a692822ffdb439c78277'
def test_default_bashrc(host):
"""
Tests deployment of default bashrc file.
"""
bashrc = host.file('/etc/bash.bashrc')
assert bashrc.is_file
assert bashrc.user == 'root'
assert bashrc.group == 'root'
assert bashrc.mode == 0o644
def test_root_bashrc(host):
"""
Tests overwriting of root's bashrc configuration with default one.
"""
with host.sudo():
bashrc = host.file('/root/.bashrc')
assert bashrc.is_file
assert bashrc.user == 'root'
assert bashrc.group == 'root'
assert bashrc.mode == 0o640
assert bashrc.sha256sum == '4f946fb387a413c8d7633787d8e8a7785c256d77f7c6a692822ffdb439c78277'
def test_installed_packages(host):
"""
Tests installation of required packages.
"""
assert host.package('sudo').is_installed
assert host.package('ssl-cert').is_installed
assert host.package('rcconf').is_installed
assert host.package('ferm').is_installed
assert host.package('apticron').is_installed
assert host.package('python-setuptools').is_installed
assert host.package('python3-setuptools').is_installed
assert host.package('virtualenv').is_installed
def test_root_remote_login_disabled(host):
"""
Tests if SSH server has been configured to prevent remote root logins.
"""
assert 'PermitRootLogin no' in host.file('/etc/ssh/sshd_config').content
def test_remote_login_via_password_disabled(host):
"""
Tests if SSH server has been configured to disable password-based
authentication.
"""
assert 'PasswordAuthentication no' in host.file('/etc/ssh/sshd_config').content
def test_ferm_service_configuration(host):
ferm_service_config = host.file('/etc/default/ferm')
assert ferm_service_config.is_file
assert ferm_service_config.user == 'root'
assert ferm_service_config.group == 'root'
assert ferm_service_config.mode == 0o644
assert 'FAST=yes' in ferm_service_config.content
assert 'CACHE=no' in ferm_service_config.content
assert 'ENABLED="yes"' in ferm_service_config.content
def test_ferm_configuration_directory(host):
"""
Tests creation of ferm configuration directory.
"""
with host.sudo():
ferm_dir = host.file('/etc/ferm/conf.d')
assert ferm_dir.is_directory
assert ferm_dir.user == 'root'
assert ferm_dir.group == 'root'
assert ferm_dir.mode == 0o750
def test_ferm_configuration(host):
"""
Tests deployment of basic ferm configuration files.
"""
with host.sudo():
ferm_configuration = host.file('/etc/ferm/ferm.conf')
assert ferm_configuration.is_file
assert ferm_configuration.user == 'root'
assert ferm_configuration.group == 'root'
assert ferm_configuration.mode == 0o640
assert "@include '/etc/ferm/conf.d/';" in ferm_configuration.content
ferm_base = host.file('/etc/ferm/conf.d/00-base.conf')
assert ferm_base.is_file
assert ferm_base.user == 'root'
assert ferm_base.group == 'root'
assert ferm_base.mode == 0o640
def test_ferm_service(host):
"""
Tests if ferm is started and enabled to start automatically on boot.
"""
ferm = host.service('ferm')
assert ferm.is_running
assert ferm.is_enabled
def test_check_certificate_script(host):
check_certificate = host.file('/usr/local/bin/check_certificate.sh')
assert check_certificate.is_file
assert check_certificate.user == 'root'
assert check_certificate.group == 'root'
assert check_certificate.mode == 0o755
def test_check_certificate_directory(host):
check_certificate_dir = host.file('/etc/check_certificate')
assert check_certificate_dir.is_directory
assert check_certificate_dir.user == 'root'
assert check_certificate_dir.group == 'root'
assert check_certificate_dir.mode == 0o755
def test_check_certificate_crontab(host):
"""
Tests deployment of cron job for checking certificates.
"""
check_certificate_crontab = host.file('/etc/cron.d/check_certificate')
assert check_certificate_crontab.is_file
assert check_certificate_crontab.user == 'root'
assert check_certificate_crontab.group == 'root'
assert check_certificate_crontab.mode == 0o644
assert "0 0 * * * nobody /usr/local/bin/check_certificate.sh -q expiration" in check_certificate_crontab.content
@pytest.mark.parametrize('virtualenv_activate_path', [
'/var/lib/pipreqcheck/virtualenv/bin/activate',
'/var/lib/pipreqcheck/virtualenv-py3/bin/activate',
])
def test_pipreqcheck_virtualenv(host, virtualenv_activate_path):
"""
Tests creation of Python virtual environment used for performing pip
requirements upgrade checks.
"""
with host.sudo():
virtualenv_activate = host.file(virtualenv_activate_path)
assert virtualenv_activate.is_file
assert virtualenv_activate.user == 'pipreqcheck'
assert virtualenv_activate.group == 'pipreqcheck'
assert virtualenv_activate.mode == 0o644
@pytest.mark.parametrize('config_dir', [
'/etc/pip_check_requirements_upgrades',
'/etc/pip_check_requirements_upgrades-py3',
])
def test_pipreqcheck_directories(host, config_dir):
"""
Tests creation of directories used for storing configuration used by script
that performs pip requirements upgrade checks.
"""
with host.sudo():
pipreqcheck_config_directory = host.file(config_dir)
assert pipreqcheck_config_directory.is_directory
assert pipreqcheck_config_directory.user == 'root'
assert pipreqcheck_config_directory.group == 'pipreqcheck'
assert pipreqcheck_config_directory.mode == 0o750
pipreqcheck_config_directory_pipreqcheck = host.file(os.path.join(config_dir, 'pipreqcheck'))
assert pipreqcheck_config_directory_pipreqcheck.is_directory
assert pipreqcheck_config_directory_pipreqcheck.user == 'root'
assert pipreqcheck_config_directory_pipreqcheck.group == 'pipreqcheck'
assert pipreqcheck_config_directory_pipreqcheck.mode == 0o750
@pytest.mark.parametrize('requirements_in_path, requirements_txt_path', [
('/etc/pip_check_requirements_upgrades/pipreqcheck/requirements.in',
'/etc/pip_check_requirements_upgrades/pipreqcheck/requirements.txt'),
('/etc/pip_check_requirements_upgrades-py3/pipreqcheck/requirements.in',
'/etc/pip_check_requirements_upgrades-py3/pipreqcheck/requirements.txt'),
])
def test_pipreqcheck_requirements(host, requirements_in_path, requirements_txt_path):
"""
Tests deployment of requirements input and text file used for virtual
environment utilised by script that perform pip requirements upgrade checks.
"""
with host.sudo():
requirements_in = host.file(requirements_in_path)
assert requirements_in.is_file
assert requirements_in.user == 'root'
assert requirements_in.group == 'pipreqcheck'
assert requirements_in.mode == 0o640
requirements_txt = host.file(requirements_txt_path)
requirements_txt.is_file
assert requirements_txt.user == 'root'
assert requirements_txt.group == 'pipreqcheck'
assert requirements_txt.mode == 0o640
@pytest.mark.parametrize("pip_path, expected_packages", [
('/var/lib/pipreqcheck/virtualenv/bin/pip', [
"Click==7.0",
"pip==19.2.3",
"pip-tools==4.0.0",
"setuptools==41.2.0",
"six==1.12.0",
"wheel==0.33.6",
]),
('/var/lib/pipreqcheck/virtualenv-py3/bin/pip', [
"Click==7.0",
"pip==19.1.1",
"pip-tools==3.9.0",
"setuptools==41.2.0",
"six==1.12.0",
"wheel==0.33.6",
]),
])
def test_pipreqcheck_virtualenv_packages(host, pip_path, expected_packages):
"""
Tests if correct packages are installed in virtualenv used for pip
requirements checks..
"""
packages = host.run("sudo -u %s %s freeze --all" % ('pipreqcheck', pip_path))
# Normalise package names and order.
expected_packages = sorted([unicode(p.lower()) for p in expected_packages])
actual_packages = sorted(packages.stdout.lower().strip().split("\n"))
# This is a dummy distro-provided package ignored by the pip-tools.
if "pkg-resources==0.0.0" in actual_packages:
actual_packages.remove("pkg-resources==0.0.0")
assert actual_packages == expected_packages
def test_pipreqcheck_script(host):
"""
Tests script used for performing pip requirements upgrade checks.
"""
pipreqcheck_script = host.file('/usr/local/bin/pip_check_requirements_upgrades.sh')
assert pipreqcheck_script.is_file
assert pipreqcheck_script.user == 'root'
assert pipreqcheck_script.group == 'root'
assert pipreqcheck_script.mode == 0o755
@pytest.mark.parametrize('crontab_path, virtualenv_path', [
('/etc/cron.d/check_pip_requirements', '/var/lib/pipreqcheck/virtualenv'),
('/etc/cron.d/check_pip_requirements-py3', '/var/lib/pipreqcheck/virtualenv-py3'),
])
def test_pipreqcheck_crontab(host, crontab_path, virtualenv_path):
"""
Tests if crontab entry is set-up correctly for running the pip requirements
upgrade checks.
"""
crontab = host.file(crontab_path)
assert crontab.is_file
assert crontab.user == 'root'
assert crontab.group == 'root'
assert crontab.mode == 0o644
assert "MAILTO=root" in crontab.content
assert virtualenv_path in crontab.content.split(" ")
@pytest.mark.parametrize('python_path, expected_major_version', [
('/var/lib/pipreqcheck/virtualenv/bin/python', '2'),
('/var/lib/pipreqcheck/virtualenv-py3/bin/python', '3'),
])
def test_pipreqcheck_virtualenv_python_version(host, python_path, expected_major_version):
"""
Tests if Python virtual environment for pipreqcheck has been
set-up correctly.
"""
with host.sudo('pipreqcheck'):
major_version = host.run("%s -c %s", python_path, "import sys; print(sys.version_info.major)")
assert major_version.rc == 0
assert major_version.stdout.strip() == expected_major_version
@pytest.mark.parametrize('wrong_python_path', [
'/var/lib/pipreqcheck/virtualenv/bin/python3',
'/var/lib/pipreqcheck/virtualenv-py3/bin/python2',
])
def test_pipreqcheck_virtualenv_wrong_python_version_not_present(host, wrong_python_path):
"""
Tests if wrong version of Python 2 is absent or not.
"""
with host.sudo():
wrong_python_path_file = host.file(wrong_python_path)
assert not wrong_python_path_file.exists
|