Files @ 8a6ebeaabb26
Branch filter:

Location: majic-ansible-roles/roles/ldap_server/tests/test_default.py

branko
MAR-125: Eliminated a couple of warnings:

- Use the file module when cleaning-up the /etc/duply/main/gnupg directory.
- Mark the bind_password in m_ldap_entry and m_ldap_permissions as no_log
parameters.
import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    '.molecule/ansible_inventory').get_hosts('all')
testinfra_hosts.remove("client")


def test_installed_packages(Package):
    """
    Tests if all the necessary packages have been installed.
    """

    assert Package('slapd').is_installed
    assert Package('python-ldap').is_installed


def test_ldap_user_group(User):
    """
    Tests if LDAP server user is part of group that allows it to traverse TLS
    private keys directory.
    """

    assert "ssl-cert" in User('openldap').groups


def test_ldap_server_service_sockets_and_ports(Socket):
    """
    Tests if LDAP server has been configured to listen on correct sockets.
    """

    assert Socket('tcp://389').is_listening
    assert Socket('tcp://636').is_listening
    assert Socket('unix:///var/run/slapd/ldapi').is_listening


def test_ldap_server_service(Service):
    """
    Tests if the LDAP service is enabled and running.
    """

    service = Service('slapd')

    assert service.is_enabled
    assert service.is_running


def test_syslog_configuration(File, Sudo):
    """
    Tests if syslog configuration file has been deployed, and log file was
    created correctly (and is being logged to).
    """

    config = File('/etc/rsyslog.d/slapd.conf')
    assert config.is_file
    assert config.user == 'root'
    assert config.group == 'root'
    assert config.mode == 0o644

    with Sudo():
        log = File('/var/log/slapd.log')
        assert log.is_file
        assert 'slapd' in log.content


def test_log_rotation_configuration(File, Command, Sudo):
    """
    Tests if log rotation configuration file has been deployed correctly and has
    valid syntax.
    """

    config = File('/etc/logrotate.d/slapd')

    assert config.is_file
    assert config.user == 'root'
    assert config.group == 'root'
    assert config.mode == 0o644

    with Sudo():

        assert Command('logrotate /etc/logrotate.d/slapd').rc == 0


def test_misc_schema_presence(Command, Sudo):
    """
    Tests if the misc LDAP schema has been imported.
    """

    with Sudo():

        misc_schema = Command('ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -b cn=config dn')
        assert misc_schema.rc == 0
        assert 'dn: cn={4}misc,cn=schema,cn=config' in misc_schema.stdout


def test_memberof_module(Command, Sudo):
    """
    Tests if the memberof overlay has been enabled for the main database.
    """

    with Sudo():
        memberof = Command('ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -b cn=config dn')

        assert memberof.rc == 0
        assert 'dn: olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config' in memberof.stdout


def test_basic_directory_structure(Command, Sudo):
    """
    Tests if the base LDAP directory structure has been set-up correctly.
    """

    with Sudo():

        ous = ["people", "groups", "services"]

        for ou in ous:

            entry = Command('ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -s base -b ou=%s,dc=local' % ou)

            assert entry.rc == 0
            assert entry.stdout == """dn: ou=%(ou)s,dc=local
objectClass: organizationalUnit
ou: %(ou)s""" % {'ou': ou}


def test_mail_service_entries(Command, Sudo):
    """
    Tests if the mail service entries have been set-up correctly.
    """

    with Sudo():

        entry = Command('ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -s base -b ou=mail,ou=services,dc=local')
        assert entry.rc == 0
        assert entry.stdout == """dn: ou=mail,ou=services,dc=local
objectClass: organizationalUnit
ou: mail"""

        entry = Command('ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -s base -b ou=domains,ou=mail,ou=services,dc=local')
        assert entry.rc == 0
        assert entry.stdout == """dn: ou=domains,ou=mail,ou=services,dc=local
objectClass: organizationalUnit
ou: domains"""

        entry = Command('ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -s base -b ou=aliases,ou=mail,ou=services,dc=local')
        assert entry.rc == 0
        assert entry.stdout == """dn: ou=aliases,ou=mail,ou=services,dc=local
objectClass: organizationalUnit
ou: aliases"""


def test_firewall_configuration_file(File, Sudo):
    """
    Tests if firewall configuration file has been deployed correctly.
    """

    with Sudo():

        config = File('/etc/ferm/conf.d/10-ldap.conf')

        assert config.is_file
        assert config.user == 'root'
        assert config.group == 'root'
        assert config.mode == 0o640


def test_admin_password(Command):
    """
    Tests if administrator password has been set correctly.
    """

    login = Command("ldapwhoami -H ldapi:/// -x -w adminpassword -D cn=admin,dc=local")

    assert login.rc == 0
    assert login.stdout == "dn:cn=admin,dc=local"


def test_temporary_admin_password_file_not_present(File, Sudo):
    """
    Tests if the file that temporarily contains the LDAP adminstrator password
    has been removed.
    """

    with Sudo():
        assert not File('/root/.ldap_admin_password').exists