majic-ansible-roles Files · roles/php_website/tests/test_parameters

Files @ b1b2928c582b
Branch filter:
Location: majic-ansible-roles/roles/php_website/tests/test_parameters_mandatory.py

b1b2928c582b 6.6 KiB text/x-python Show Annotation Show as Raw Download as Raw
branko
Noticket: Fixed two tests related to application user profile directory in php_website role, and renamed two tests to make more sense.
import re
import time


import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    '.molecule/ansible_inventory').get_hosts('all')


def test_website_group(Group):
    """
    Tests if website group has been created correctly.
    """

    group = Group('web-parameters-mandatory')

    assert group.exists
    assert group.gid == 1003


def test_website_admin_user(User):
    """
    Tests if website administrator user has been created correctly.
    """

    user = User('admin-parameters-mandatory')

    assert user.exists
    assert user.uid == 1003
    assert user.group == 'web-parameters-mandatory'
    assert user.groups == ['web-parameters-mandatory']
    assert user.shell == '/bin/bash'
    assert user.home == '/var/www/parameters-mandatory'


def test_website_admin_home(File, Sudo):
    """
    Tests if permissions on website admin home directory are correct.
    """

    home = File('/var/www/parameters-mandatory')

    assert home.is_directory
    assert home.user == 'admin-parameters-mandatory'
    assert home.group == 'web-parameters-mandatory'
    assert home.mode == 0o750


def test_home_profile_directory(File, Sudo):
    """
    Tests if profile directory has been set-up correctly for the website
    administrator/application user.
    """

    with Sudo():

        directory = File('/var/www/parameters-mandatory/.profile.d')
        assert directory.is_directory
        assert directory.user == 'admin-parameters-mandatory'
        assert directory.group == 'web-parameters-mandatory'
        assert directory.mode == 0o750


def test_website_application_user(Command, Sudo, User):
    """
    Tests if website application user has been created correctly.
    """

    user = User('web-parameters-mandatory')

    assert user.exists
    assert user.uid == 999
    assert user.group == 'web-parameters-mandatory'
    assert user.groups == ['web-parameters-mandatory']
    assert user.shell == '/bin/sh'
    assert user.home == '/var/www/parameters-mandatory'

    with Sudo():
        umask = Command("su -l web-parameters-mandatory -c 'bash -c umask'")
        assert umask.stdout == '0007'


def test_nginx_user(User):
    """
    Tests if web server user has been added to website group.
    """

    user = User('www-data')
    assert 'web-parameters-mandatory' in user.groups


def test_forward_file(File, Sudo):
    """
    Tests if the forward file has correct permissions and content.
    """

    with Sudo():

        config = File('/var/www/parameters-mandatory/.forward')
        assert config.is_file
        assert config.user == 'root'
        assert config.group == 'web-parameters-mandatory'
        assert config.mode == 0o640
        assert config.content == "root"


def test_mail_forwarding(Command, File, Sudo):
    """
    Tests if mail forwarding works as expected.
    """

    send = Command('swaks --suppress-data --to web-parameters-mandatory@localhost')
    assert send.rc == 0
    message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)

    # Sleep for a couple of seconds so the mail can get delivered.
    time.sleep(5)

    with Sudo():
        mail_log = File('/var/log/mail.log')

        # First extract message ID of forwarded mail.
        pattern = "%s: to=<web-parameters-mandatory@localhost>.*status=sent \(forwarded as ([^)]*)\)" % message_id
        message_id = re.search(pattern, mail_log.content).group(1)

        # Now try to determine where the forward ended-up at.
        pattern = "%s: to=<vagrant@php-website>, orig_to=<web-parameters-mandatory@localhost>.*status=sent" % message_id
        assert re.search(pattern, mail_log.content) is not None


def test_php5_fpm_configuration_file(File, Sudo):
    """
    Tests if PHP FPM configuration file has been correctly deployed.
    """

    with Sudo():

        config = File('/etc/php5/fpm/pool.d/parameters-mandatory.conf')
        assert config.is_file
        assert config.user == 'root'
        assert config.group == 'root'
        assert config.mode == 0o640


def test_nginx_tls_files(File, Sudo):
    """
    Tests if TLS private key and certificate have been deployed correctly.
    """

    with Sudo():

        tls_file = File('/etc/ssl/private/parameters-mandatory_https.key')
        assert tls_file.is_file
        assert tls_file.user == 'root'
        assert tls_file.group == 'root'
        assert tls_file.mode == 0o640
        assert tls_file.content == open("tests/data/x509/parameters-mandatory_https.key", "r").read().rstrip()

        tls_file = File('/etc/ssl/certs/parameters-mandatory_https.pem')
        assert tls_file.is_file
        assert tls_file.user == 'root'
        assert tls_file.group == 'root'
        assert tls_file.mode == 0o644
        assert tls_file.content == open("tests/data/x509/parameters-mandatory_https.pem", "r").read().rstrip()


def test_certificate_validity_check_configuration(File):
    """
    Tests if certificate validity check configuration file has been deployed
    correctly.
    """

    config = File('/etc/check_certificate/parameters-mandatory_https.conf')
    assert config.is_file
    assert config.user == 'root'
    assert config.group == 'root'
    assert config.mode == 0o644
    assert config.content == "/etc/ssl/certs/parameters-mandatory_https.pem"


def test_vhost_file(File):
    """
    Tests permissions of vhost configuration file.
    """

    config = File('/etc/nginx/sites-available/parameters-mandatory')

    assert config.is_file
    assert config.user == 'root'
    assert config.group == 'root'
    assert config.mode == 0o640


def test_website_enabled(File):
    """
    Tests if website has been enabled.
    """

    config = File('/etc/nginx/sites-enabled/parameters-mandatory')

    assert config.is_symlink
    assert config.linked_to == '/etc/nginx/sites-available/parameters-mandatory'


def test_https_enforcement(Command):
    """
    Tests if HTTPS is being enforced.
    """

    https_enforcement = Command('curl -I http://parameters-mandatory/')

    assert https_enforcement.rc == 0
    assert 'HTTP/1.1 301 Moved Permanently' in https_enforcement.stdout
    assert 'Location: https://parameters-mandatory/' in https_enforcement.stdout

    https_enforcement = Command('curl -I https://parameters-mandatory/')

    assert https_enforcement.rc == 0
    assert 'Strict-Transport-Security: max-age=31536000; includeSubDomains' in https_enforcement.stdout


def test_index_page(Command):
    """
    Tests if index page is served correctly.
    """

    page = Command('curl https://parameters-mandatory/')

    assert page.rc == 0
    assert page.stdout == "This is the index page for parameters-mandatory."