Files @ 8a6ebeaabb26
Branch filter:

Location: majic-ansible-roles/roles/backup_client/tests/test_parameters_optional.py

branko
MAR-125: Eliminated a couple of warnings:

- Use the file module when cleaning-up the /etc/duply/main/gnupg directory.
- Mark the bind_password in m_ldap_entry and m_ldap_permissions as no_log
parameters.
import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    '.molecule/ansible_inventory').get_hosts('parameters-optional')


def test_gnupg_private_keys_file_content(File, Sudo):
    """
    Tests if correct GnuPG private key used for encryption and signing has been
    deployed.
    """

    with Sudo():
        gnupg_private_keys = File('/etc/duply/main/private_keys.asc')

        assert gnupg_private_keys.content == open('tests/data/gnupg/parameters-optional.asc', 'r').read().strip()


def test_gnupg_public_keys_file_content(File, Sudo):
    """
    Tests if correct additional public GnuPG keys have been deployed.
    """

    with Sudo():
        gnupg_public_keys = File('/etc/duply/main/public_keys.asc')

        assert open('tests/data/gnupg/additional_encryption_key_1.asc', 'r').read().strip() in gnupg_public_keys.content
        assert open('tests/data/gnupg/additional_encryption_key_2.asc', 'r').read().strip() in gnupg_public_keys.content
        assert open('tests/data/gnupg/additional_encryption_key_3.asc', 'r').read().strip() in gnupg_public_keys.content


def test_backup_ssh_key_file_content(File, Sudo):
    """
    Tests if correct key has been deployed for SSH client authentication.
    """

    with Sudo():

        ssh_key = File('/etc/duply/main/ssh/identity')

        assert ssh_key.content == open('tests/data/ssh/parameters-optional', 'r').read().strip()


def test_known_hosts_content(File, Sudo):
    """
    Tests if known hosts file has been set-up with correct content.
    """

    with Sudo():

        known_hosts = File('/etc/duply/main/ssh/known_hosts')

        assert known_hosts.content == open('tests/data/ssh/parameters-optional-known_hosts', 'r').read().rstrip()


def test_duply_configuration_content(Ansible, File, Sudo):
    """
    Tests if duply configuration has been set-up correctly.
    """

    with Sudo():

        ansible_facts = Ansible("setup")["ansible_facts"]

        duply_configuration = File('/etc/duply/main/conf')

        if ansible_facts['ansible_distribution_release'] == 'jessie':
            assert "TARGET='sftp://backupuser@10.31.127.10:3333//home/backupuser'" in duply_configuration.content
            assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-backend pexpect --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \
                "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content
            assert "GPG_KEYS_ENC='7A4F400A,C3A9444B,28063B3F,71223B72'" in duply_configuration.content
            assert "GPG_KEY_SIGN='7A4F400A'" in duply_configuration.content
        elif ansible_facts['ansible_distribution_release'] == 'stretch':
            assert "GPG_KEYS_ENC='C4B2AE9F7A4F400A,3093C91BC3A9444B,86816FD928063B3F,8A14CD6C71223B72'" in duply_configuration.content
            assert "GPG_KEY_SIGN='C4B2AE9F7A4F400A'" in duply_configuration.content
            assert "TARGET='pexpect+sftp://backupuser@10.31.127.10:3333//home/backupuser'" in duply_configuration.content
            assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \
                "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content
        else:
            raise Exception("Failed to execute check for distribution release: %s" % ansible_facts['ansible_distribution_release'])


def test_duply_gnupg_keyring_private_keys(Ansible, Command, Sudo):
    """
    Tests if private key used for encryption/signing has been correctly
    imporeted into Duply GnuPG keyring.
    """

    with Sudo():
        ansible_facts = Ansible("setup")["ansible_facts"]

        if ansible_facts['ansible_distribution_release'] == 'jessie':
            gpg_binary = 'gpg2'
            key_offset = 8
        elif ansible_facts['ansible_distribution_release'] == 'stretch':
            gpg_binary = 'gpg'
            key_offset = 8
        else:
            raise Exception("Failed to execute check for distribution release: %s" % ansible_facts['ansible_distribution_release'])

        private_key_listing = Command('%s --homedir /etc/duply/main/gnupg --list-public-keys' % gpg_binary)

        assert private_key_listing.rc == 0
        assert 'C4B2AE9F7A4F400A'[key_offset:] in private_key_listing.stdout


def test_duply_gnupg_keyring_public_keys(Ansible, Command, Sudo):
    """
    Tests if additional public keys used for encryption have been correctly
    imporeted into Duply GnuPG keyring.
    """

    with Sudo():
        ansible_facts = Ansible("setup")["ansible_facts"]

        if ansible_facts['ansible_distribution_release'] == 'jessie':
            gpg_binary = 'gpg2'
            key_offset = 8
        elif ansible_facts['ansible_distribution_release'] == 'stretch':
            gpg_binary = 'gpg'
            key_offset = 8
        else:
            raise Exception("Failed to execute check for distribution release: %s" % ansible_facts['ansible_distribution_release'])

        public_key_listing = Command('%s --homedir /etc/duply/main/gnupg --list-public-keys' % gpg_binary)

        keys = ['3093C91BC3A9444B', '86816FD928063B3F', '8A14CD6C71223B72']

        assert public_key_listing.rc == 0

        for key in keys:
            assert key[key_offset:] in public_key_listing.stdout