Files @ 44d578f5e1f3
Branch filter:

Location: majic-ansible-roles/roles/backup_server/tests/test_default.py

44d578f5e1f3 5.5 KiB text/x-python Show Annotation Show as Raw Download as Raw
branko
MAR-28: Minor fixes for mail_server tests:

- Take into account different extension for ClamAV database (cvd or cld) that
could happen in cases where the test VM has been running for a long time.
- Before checking Dovecot directory permissions, make sure to send out at least
two mails so the directory structure will get created.
- Fixed incorrect directory path for testing Dovecot directory permissions.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
import socket

import paramiko

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    '.molecule/ansible_inventory').get_hosts('all')


def test_installed_software(Package):
    """
    Tests if the required packages have been installed.
    """

    assert Package('duplicity').is_installed
    assert Package('duply').is_installed


def test_backup_directory(File, Sudo):
    """
    Tests if the backup directory has been set-up correctly.
    """

    with Sudo():

        backup_directory = File('/srv/backups')

        assert backup_directory.is_directory
        assert backup_directory.user == 'root'
        assert backup_directory.group == 'root'
        assert backup_directory.mode == 0o751


def test_regular_ssh_server_configuration(File, Sudo):
    """
    Tests if the default SSH server has been configured correctly (to prevent
    access to it via backup users).
    """

    with Sudo():

        assert "DenyGroups backup" in File('/etc/ssh/sshd_config').content


def test_backup_ssh_server_configuration_directory(File, Sudo):
    """
    Tests if the backup SSH server configuration directory has been created
    correctly.
    """

    with Sudo():

        backup_ssh_server_directory = File('/etc/ssh-backup')

        assert backup_ssh_server_directory.is_directory
        assert backup_ssh_server_directory.user == 'root'
        assert backup_ssh_server_directory.group == 'root'
        assert backup_ssh_server_directory.mode == 0o700


def test_backup_ssh_server_service_configuration(File):
    """
    Tests if the backup SSH server service configuration file has been set-up
    correctly.
    """

    config_file = File('/etc/default/ssh-backup')

    assert config_file.is_file
    assert config_file.user == 'root'
    assert config_file.group == 'root'
    assert config_file.mode == 0o644
    assert 'SSHD_OPTS="-f /etc/ssh-backup/sshd_config"' in config_file.content


def test_backup_ssh_server_configuration(File, Sudo):
    """
    Tests if the backup SSH server configuration file has been set-up correctly.
    """

    with Sudo():

        config_file = File('/etc/ssh-backup/sshd_config')

        assert config_file.is_file
        assert config_file.user == 'root'
        assert config_file.group == 'root'
        assert config_file.mode == 0o600
        assert "AllowGroups backup" in config_file.content
        assert "ChrootDirectory %h" in config_file.content
        assert "ForceCommand internal-sftp" in config_file.content
        assert "Subsystem sftp internal-sftp" in config_file.content
        assert "PasswordAuthentication no" in config_file.content
        assert "PubkeyAuthentication yes" in config_file.content
        assert "PermitRootLogin no" in config_file.content
        assert "HostKey /etc/ssh-backup/ssh_host_rsa_key" in config_file.content
        assert "HostKey /etc/ssh-backup/ssh_host_dsa_key" in config_file.content
        assert "HostKey /etc/ssh-backup/ssh_host_ecdsa_key" in config_file.content
        assert "HostKey /etc/ssh-backup/ssh_host_ed25519_key" in config_file.content


def test_backup_ssh_server_keys(File, Sudo):
    """
    Tests if the backup SSH server private keys have been deployed correctly.
    """

    with Sudo():

        dsa = File('/etc/ssh-backup/ssh_host_dsa_key')
        assert dsa.is_file
        assert dsa.user == 'root'
        assert dsa.group == 'root'
        assert dsa.mode == 0o600
        assert dsa.content == open('tests/data/ssh/server_dsa', 'r').read()

        rsa = File('/etc/ssh-backup/ssh_host_rsa_key')
        assert rsa.is_file
        assert rsa.user == 'root'
        assert rsa.group == 'root'
        assert rsa.mode == 0o600
        assert rsa.content == open('tests/data/ssh/server_rsa', 'r').read()

        ed25519 = File('/etc/ssh-backup/ssh_host_ed25519_key')
        assert ed25519.is_file
        assert ed25519.user == 'root'
        assert ed25519.group == 'root'
        assert ed25519.mode == 0o600
        assert ed25519.content == open('tests/data/ssh/server_ed25519', 'r').read()

        ecdsa = File('/etc/ssh-backup/ssh_host_ecdsa_key')
        assert ecdsa.is_file
        assert ecdsa.user == 'root'
        assert ecdsa.group == 'root'
        assert ecdsa.mode == 0o600
        assert ecdsa.content == open('tests/data/ssh/server_ecdsa', 'r').read()


def test_backup_ssh_server_systemd_service(File):
    """
    Tests if the backup SSH server systemd service file has been deployed
    correctly.
    """

    service_file = File('/etc/systemd/system/ssh-backup.service')

    assert service_file.is_file
    assert service_file.user == 'root'
    assert service_file.group == 'root'
    assert service_file.mode == 0o644
    assert "EnvironmentFile=-/etc/default/ssh-backup" in service_file.content


def test_backup_ssh_server_service(Service, Socket, Sudo):
    """
    Tests if the backup SSH server service is running and listening on correct
    port.
    """

    with Sudo():

        service = Service('ssh-backup')
        assert service.is_running
        assert service.is_enabled
        assert Socket('tcp://0.0.0.0:2222').is_listening


def test_backup_ssh_server_login_mechanisms():
    """
    Tests available SSH login mechanisms (should be just public key).
    """

    sock = socket.socket()
    sock.connect(('10.31.127.11', 2222))

    transport = paramiko.transport.Transport(sock)
    transport.connect()

    try:
        transport.auth_none('')
    except paramiko.transport.BadAuthenticationType, err:
        assert err.allowed_types == ['publickey']
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.