Files @ 8d272d91d3d2
Branch filter:

Location: majic-ansible-roles/roles/database/molecule/default/tests/test_default.py

8d272d91d3d2 2.2 KiB text/x-python Show Annotation Show as Raw Download as Raw
branko
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:

- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
import os

import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*')


def test_database_created(host):
    """
    Tests if database has been created.
    """

    with host.sudo():
        show_databases = host.run("mysql -BNe \"show databases like 'testdb'\"")

        assert show_databases.rc == 0
        assert show_databases.stdout == "testdb\n"


def test_database_user_login(host):
    """
    Tests database user login.
    """

    login = host.run("mysql -utestdb -ptestdbpassword -BNe 'show databases'")

    assert login.rc == 0


def test_database_user_permissions(host):
    """
    Tests if database user has been granted correct permissions on the database.
    """

    ansible_facts = host.ansible("setup")["ansible_facts"]
    ansible_distribution_release = ansible_facts['ansible_distribution_release']

    # Small difference in usage of backtick (`) instead of single
    # quote (') when displaying grants for user.
    if ansible_distribution_release == "stretch":
        expected_usage = "GRANT USAGE ON *.* TO 'testdb'@'localhost' IDENTIFIED BY PASSWORD '*676852B7FAE972722AD20D6E74781D6B1A100544'"
        expected_privileges = "GRANT ALL PRIVILEGES ON `testdb`.* TO 'testdb'@'localhost'"
    elif ansible_distribution_release == "buster":
        expected_usage = "GRANT USAGE ON *.* TO `testdb`@`localhost` IDENTIFIED BY PASSWORD '*676852B7FAE972722AD20D6E74781D6B1A100544'"
        expected_privileges = "GRANT ALL PRIVILEGES ON `testdb`.* TO `testdb`@`localhost`"
    else:
        raise Exception("Tried running test on unsupported distribution: %s" % ansible_distribution_release)

    visible_databases = host.run("mysql -utestdb -ptestdbpassword -BNe 'show databases'")

    assert visible_databases.rc == 0
    assert visible_databases.stdout == "information_schema\ntestdb\n"

    with host.sudo():
        permissions_command = host.run("mysql -BNe 'show grants for testdb@localhost'")
        permissions = permissions_command.stdout.rstrip().split("\n")
        assert len(permissions) == 2
        assert expected_usage in permissions
        assert expected_privileges in permissions
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.