import os

import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*')


def test_installed_packages(host):
    """
    Tests if packages have been installed.
    """

    assert host.package('sudo').is_installed


def test_ansible_user(host):
    """
    Tests if Ansible user and group have been set-up correctly.
    """

    with host.sudo():
        group = host.group('ansible')
        assert group.exists
        assert group.gid < 1000

        user = host.user('ansible')
        assert user.exists
        assert user.group == 'ansible'
        assert user.groups == ['ansible']
        assert user.uid < 1000
        assert user.shell == '/bin/bash'
        assert user.password == '!'


def test_sudo_configuration(host):
    """
    Tests if sudo has been configured to allow Ansible user to run any command
    without password.
    """

    with host.sudo():

        sudo_config = host.file('/etc/sudoers.d/ansible')

        assert sudo_config.is_file
        assert sudo_config.user == 'root'
        assert sudo_config.group == 'root'
        assert sudo_config.mode == 0o640
        assert sudo_config.content_string == 'ansible ALL=(ALL:ALL) NOPASSWD:ALL\n'


def test_authorized_keys(host):
    """
    Tests if Ansible user authorized_keys has been set-up correctly.
    """

    with host.sudo():

        ssh_key = open('tests/data/ansible_key.pub', 'r').read().strip()
        authorized_keys = host.file('/home/ansible/.ssh/authorized_keys')

        assert authorized_keys.is_file
        assert ssh_key in authorized_keys.content_string


def test_root_authorized_keys(host):
    """
    Tests if Ansible key been removed from root's authorized keys.
    """

    with host.sudo():

        ssh_key = open('tests/data/ansible_key.pub', 'r').read().strip()

        assert ssh_key not in host.file('/root/.ssh/authorized_keys').content_string