Files
@ 36ce706cb123
Branch filter:
Location: majic-ansible-roles/roles/backup_client/molecule/default/tests/test_parameters_optional.py
36ce706cb123
3.5 KiB
text/x-python
MAR-239: Dropped support for Debian 11 Bullseye from the backup_client role:
- Switch to using Paramiko instead of pexpect backend (therefore
avoiding using the external SSH client binary).
- Switch to using Paramiko instead of pexpect backend (therefore
avoiding using the external SSH client binary).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 | import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')
def test_gnupg_private_keys_file_content(host):
"""
Tests if correct GnuPG private key used for encryption and signing has been
deployed.
"""
with host.sudo():
gnupg_private_keys = host.file('/etc/duply/main/private_keys.asc')
assert gnupg_private_keys.content_string == open('tests/data/gnupg/parameters-optional.asc', 'r').read().strip()
def test_gnupg_public_keys_file_content(host):
"""
Tests if correct additional public GnuPG keys have been deployed.
"""
with host.sudo():
gnupg_public_keys = host.file('/etc/duply/main/public_keys.asc')
assert open('tests/data/gnupg/additional_encryption_key_1.asc', 'r').read().strip() in gnupg_public_keys.content_string
assert open('tests/data/gnupg/additional_encryption_key_2.asc', 'r').read().strip() in gnupg_public_keys.content_string
assert open('tests/data/gnupg/additional_encryption_key_3.asc', 'r').read().strip() in gnupg_public_keys.content_string
def test_backup_ssh_key_file_content(host):
"""
Tests if correct key has been deployed for SSH client authentication.
"""
with host.sudo():
ssh_key = host.file('/etc/duply/main/ssh/identity')
assert ssh_key.content_string == open('tests/data/ssh/parameters-optional', 'r').read().strip()
def test_known_hosts_content(host):
"""
Tests if known hosts file has been set-up with correct content.
"""
with host.sudo():
known_hosts = host.file('/etc/duply/main/ssh/known_hosts')
assert known_hosts.content_string == open('tests/data/ssh/parameters-optional-known_hosts', 'r').read()
def test_duply_configuration_content(host):
"""
Tests if duply configuration has been set-up correctly.
"""
hostname = host.run('hostname').stdout.strip()
with host.sudo():
duply_configuration = host.file('/etc/duply/main/conf')
assert "GPG_KEYS_ENC='C4B2AE9F7A4F400A,3093C91BC3A9444B,86816FD928063B3F,8A14CD6C71223B72'" in duply_configuration.content_string
assert "GPG_KEY_SIGN='C4B2AE9F7A4F400A'" in duply_configuration.content_string
assert "TARGET='paramiko+sftp://backupuser@192.168.56.10:3333//duplicity/%s'" % hostname in duply_configuration.content_string
assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-options='-oUserKnownHostsFile=/dev/null " \
"-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content_string
def test_duply_gnupg_keyring_private_keys(host):
"""
Tests if private key used for encryption/signing has been correctly
imporeted into Duply GnuPG keyring.
"""
with host.sudo():
private_key_listing = host.run('gpg --homedir /etc/duply/main/gnupg --list-public-keys')
assert private_key_listing.rc == 0
assert 'C4B2AE9F7A4F400A' in private_key_listing.stdout
def test_duply_gnupg_keyring_public_keys(host):
"""
Tests if additional public keys used for encryption have been correctly
imporeted into Duply GnuPG keyring.
"""
with host.sudo():
public_key_listing = host.run('gpg --homedir /etc/duply/main/gnupg --list-public-keys')
keys = ['3093C91BC3A9444B', '86816FD928063B3F', '8A14CD6C71223B72']
assert public_key_listing.rc == 0
for key in keys:
assert key in public_key_listing.stdout
|