import os import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-mandatory') def test_gnupg_private_keys_file_content(host): """ Tests if correct GnuPG private key used for encryption and signing has been deployed. """ with host.sudo(): gnupg_private_keys = host.file('/etc/duply/main/private_keys.asc') # The rstrip() is added because Ansible strips last newline # when using the file lookup plugin. assert gnupg_private_keys.content == open('tests/data/gnupg/parameters-mandatory.asc', 'r').read().rstrip() def test_gnupg_public_keys_file_content(host): """ Tests if no additional public GnuPG keys have been deployed (should be default without optional parameters). """ with host.sudo(): gnupg_public_keys = host.file('/etc/duply/main/public_keys.asc') assert gnupg_public_keys.content == "" def test_backup_ssh_key_file_content(host): """ Tests if correct key has been deployed for SSH client authentication. """ with host.sudo(): ssh_key = host.file('/etc/duply/main/ssh/identity') assert ssh_key.content == open('tests/data/ssh/parameters-mandatory', 'r').read() def test_known_hosts_content(host): """ Tests if known hosts file has been set-up with correct content. """ with host.sudo(): known_hosts = host.file('/etc/duply/main/ssh/known_hosts') assert known_hosts.content == open('tests/data/ssh/parameters-mandatory-known_hosts', 'r').read() def test_duply_configuration_content(host): """ Tests if duply configuration has been set-up correctly. """ with host.sudo(): ansible_facts = host.ansible("setup")["ansible_facts"] duply_configuration = host.file('/etc/duply/main/conf') if ansible_facts['ansible_distribution_release'] == 'jessie': assert "GPG_KEYS_ENC='1A129C54'" in duply_configuration.content assert "GPG_KEY_SIGN='1A129C54'" in duply_configuration.content assert "TARGET='sftp://bak-parameters-mandatory-j64@10.31.127.10:2222//duplicity'" in duply_configuration.content assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-backend pexpect --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \ "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content elif ansible_facts['ansible_distribution_release'] == 'stretch': assert "GPG_KEYS_ENC='59C26F031A129C54'" in duply_configuration.content assert "GPG_KEY_SIGN='59C26F031A129C54'" in duply_configuration.content assert "TARGET='pexpect+sftp://bak-parameters-mandatory-s64@10.31.127.10:2222//duplicity'" in duply_configuration.content assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \ "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content else: raise Exception("Failed to execute content check for: %s" % ansible_facts['ansible_distribution_release']) def test_duply_gnupg_keyring_private_keys(host): """ Tests if private key used for encryption/signing has been correctly imporeted into Duply GnuPG keyring. """ with host.sudo(): ansible_facts = host.ansible("setup")["ansible_facts"] if ansible_facts['ansible_distribution_release'] == 'jessie': gpg_binary = 'gpg2' key_offset = 8 elif ansible_facts['ansible_distribution_release'] == 'stretch': gpg_binary = 'gpg' key_offset = 8 else: raise Exception("Failed to execute check for distribution release: %s" % ansible_facts['ansible_distribution_release']) private_key_listing = host.run('%s --homedir /etc/duply/main/gnupg --list-public-keys' % gpg_binary) assert private_key_listing.rc == 0 assert '59C26F031A129C54'[key_offset:] in private_key_listing.stdout