import os import re import time import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['all']) def test_website_group(host): """ Tests if website group has been created correctly. """ group ='web-parameters-mandatory') assert group.exists assert group.gid == 1003 def test_website_admin_user(host): """ Tests if website administrator user has been created correctly. """ user = host.user('admin-parameters-mandatory') assert user.exists assert user.uid == 1003 assert == 'web-parameters-mandatory' assert user.groups == ['web-parameters-mandatory'] assert == '/bin/bash' assert user.home == '/var/www/parameters-mandatory' def test_website_admin_home(host): """ Tests if permissions on website admin home directory are correct. """ home = host.file('/var/www/parameters-mandatory') assert home.is_directory assert home.user == 'admin-parameters-mandatory' assert == 'web-parameters-mandatory' assert home.mode == 0o750 def test_home_profile_directory(host): """ Tests if profile directory has been set-up correctly for the website administrator/application user. """ with host.sudo(): directory = host.file('/var/www/parameters-mandatory/.profile.d') assert directory.is_directory assert directory.user == 'admin-parameters-mandatory' assert == 'web-parameters-mandatory' assert directory.mode == 0o750 def test_virtualenv_profile_configuration(host): """ Tests if profile configuration file for auto-activation of virtual environment has been deployed correctly. """ with host.sudo(): config = host.file('/var/www/parameters-mandatory/.profile.d/') assert config.is_file assert config.user == 'root' assert == 'web-parameters-mandatory' assert config.mode == 0o640 def test_environment_profile_configuration(host): """ Tests if profile configuration file for setting-up environment variables has been deployed correctly. """ with host.sudo(): config = host.file('/var/www/parameters-mandatory/.profile.d/') assert config.is_file assert config.user == 'root' assert == 'web-parameters-mandatory' assert config.mode == 0o640 assert config.content == "" def test_profile_configuration(host): """ Tests if profile configuration is behaving correctly (setting appropriate vars via login shell). """ env ="sudo -i -u admin-parameters-mandatory printenv VIRTUAL_ENV MY_ENV_VAR") assert env.stdout == "/var/www/parameters-mandatory/virtualenv" def test_website_application_user(host): """ Tests if website application user has been created correctly. """ user = host.user('web-parameters-mandatory') assert user.exists assert user.uid == 999 assert == 'web-parameters-mandatory' assert user.groups == ['web-parameters-mandatory'] assert == '/bin/sh' assert user.home == '/var/www/parameters-mandatory' with host.sudo(): umask ="su -l web-parameters-mandatory -c 'bash -c umask'") assert umask.stdout == '0007' def test_nginx_user(host): """ Tests if web server user has been added to website group. """ user = host.user('www-data') assert 'web-parameters-mandatory' in user.groups def test_forward_file(host): """ Tests if the forward file has correct permissions and content. """ with host.sudo(): config = host.file('/var/www/parameters-mandatory/.forward') assert config.is_file assert config.user == 'root' assert == 'web-parameters-mandatory' assert config.mode == 0o640 assert config.content == "root" def test_mail_forwarding(host): """ Tests if mail forwarding works as expected. """ hostname ='hostname').stdout send ='swaks --suppress-data --to web-parameters-mandatory@localhost') assert send.rc == 0 message_id ='Ok: queued as (.*)', send.stdout).group(1) # Sleep for a couple of seconds so the mail can get delivered. time.sleep(5) with host.sudo(): mail_log = host.file('/var/log/mail.log') # First extract message ID of forwarded mail. pattern = "%s: to=.*status=sent \(forwarded as ([^)]*)\)" % message_id message_id =, mail_log.content).group(1) # Now try to determine where the forward ended-up at. pattern = "%s: to=, orig_to=.*status=sent" % (message_id, hostname) assert, mail_log.content) is not None def test_python_virtualenv_created(host): """ Tests if Python virtual environment has been created correctly. """ with host.sudo(): virtualenv = host.file("/var/www/parameters-mandatory/virtualenv") assert virtualenv.is_directory assert virtualenv.user == 'admin-parameters-mandatory' assert == 'web-parameters-mandatory' assert virtualenv.mode == 0o2750 virtualenv_activate = host.file("/var/www/parameters-mandatory/virtualenv/bin/activate") assert virtualenv_activate.is_file assert virtualenv_activate.user == 'admin-parameters-mandatory' assert == 'web-parameters-mandatory' assert virtualenv_activate.mode == 0o644 def test_python_virtualenv_project_directory_config(host): """ Tests if project directory configuration within virtualenv is set-up correctly. """ with host.sudo(): project = host.file("/var/www/parameters-mandatory/virtualenv/.project") assert project.is_file assert project.user == 'admin-parameters-mandatory' assert == 'web-parameters-mandatory' assert project.mode == 0o640 def test_python_virtualenv_wrapper_script(host): """ Tests if Python virtualenv wrapper script is functioning correctly. """ with host.sudo(): wrapper = host.file("/var/www/parameters-mandatory/virtualenv/bin/exec") assert wrapper.is_file assert wrapper.user == 'admin-parameters-mandatory' assert == 'web-parameters-mandatory' assert wrapper.mode == 0o750 command ="sudo -u admin-parameters-mandatory /var/www/parameters-mandatory/virtualenv/bin/exec python -c 'import gunicorn'") assert command.rc == 0 def test_virtualenv_packages(host): """ Tests if correct packages are installed in virtualenv. """ packages ="sudo -u admin-parameters-mandatory /var/www/parameters-mandatory/virtualenv/bin/pip freeze") assert sorted(packages.stdout.lower().split("\n")) == sorted("""argparse==1.2.1 futures==3.1.1 gunicorn==19.7.1 wsgiref==0.1.2""".lower().split("\n")) def test_wsgi_requirements_upgrade_checks(host): """ Tests if Python requirements files for upgrade checks are set-up correctly. """ with host.sudo(): directory = host.file('/etc/pip_check_requirements_upgrades/parameters-mandatory') assert not directory.exists def test_systemd_socket_configuration_file(host): """ Tests if systemd socket configuration file has been set-up correctly. """ config = host.file("/etc/systemd/system/parameters-mandatory.socket") assert config.is_file assert config.user == 'root' assert == 'root' assert config.mode == 0o644 assert "Socket for website parameters-mandatory" in config.content assert "ListenStream=/run/wsgi/parameters-mandatory.sock" in config.content def test_systemd_socket(host): """ Tests if systemd socket has correct permissions and is available. """ with host.sudo(): socket_file = host.file("/run/wsgi/parameters-mandatory.sock") assert socket_file.is_socket assert socket_file.user == 'www-data' assert == 'www-data' assert socket_file.mode == 0o660 socket = host.socket("unix:///run/wsgi/parameters-mandatory.sock") assert socket.is_listening def test_systemd_service_configuration_file(host): """ Tests if systemd service configuration file has been set-up correctly. """ config = host.file("/etc/systemd/system/parameters-mandatory.service") assert config.is_file assert config.user == 'root' assert == 'root' assert config.mode == 0o644 assert "parameters-mandatory" in config.content def test_systemd_service(host): """ Tests if the systemd service is enabled at boot and running. """ service = host.service('parameters-mandatory') assert service.is_enabled assert service.is_running def test_static_file_directory(host): """ Tests if directory for serving static files has been created correctly. """ with host.sudo(): directory = host.file('/var/www/parameters-mandatory/htdocs') assert directory.is_directory assert directory.user == 'admin-parameters-mandatory' assert == 'web-parameters-mandatory' assert directory.mode == 0o2750 def test_nginx_tls_files(host): """ Tests if TLS private key and certificate have been deployed correctly. """ with host.sudo(): tls_file = host.file('/etc/ssl/private/parameters-mandatory_https.key') assert tls_file.is_file assert tls_file.user == 'root' assert == 'root' assert tls_file.mode == 0o640 assert tls_file.content == open("tests/data/x509/parameters-mandatory_https.key", "r").read().rstrip() tls_file = host.file('/etc/ssl/certs/parameters-mandatory_https.pem') assert tls_file.is_file assert tls_file.user == 'root' assert == 'root' assert tls_file.mode == 0o644 assert tls_file.content == open("tests/data/x509/parameters-mandatory_https.pem", "r").read().rstrip() def test_certificate_validity_check_configuration(host): """ Tests if certificate validity check configuration file has been deployed correctly. """ config = host.file('/etc/check_certificate/parameters-mandatory_https.conf') assert config.is_file assert config.user == 'root' assert == 'root' assert config.mode == 0o644 assert config.content == "/etc/ssl/certs/parameters-mandatory_https.pem" def test_vhost_file(host): """ Tests permissions of vhost configuration file. """ config = host.file('/etc/nginx/sites-available/parameters-mandatory') assert config.is_file assert config.user == 'root' assert == 'root' assert config.mode == 0o640 def test_website_enabled(host): """ Tests if website has been enabled. """ config = host.file('/etc/nginx/sites-enabled/parameters-mandatory') assert config.is_symlink assert config.linked_to == '/etc/nginx/sites-available/parameters-mandatory' def test_https_enforcement(host): """ Tests if HTTPS is being enforced. """ https_enforcement ='curl -I http://parameters-mandatory/') assert https_enforcement.rc == 0 assert 'HTTP/1.1 301 Moved Permanently' in https_enforcement.stdout assert 'Location: https://parameters-mandatory/' in https_enforcement.stdout https_enforcement ='curl -I https://parameters-mandatory/') assert https_enforcement.rc == 0 assert 'Strict-Transport-Security: max-age=31536000; includeSubDomains' in https_enforcement.stdout def test_index_page(host): """ Tests if index page is served correctly. This covers: - Basic WSGI application operation. - Handling of environment variables. - Handling of proxy headers. """ page ='curl -H "Accept-Encoding: plain" https://parameters-mandatory/') assert page.rc == 0 assert "This is the WSGI application at parameters-mandatory." in page.stdout assert "Requested URL was: https://parameters-mandatory/" in page.stdout assert "MY_ENV_VAR: None" in page.stdout assert "Accept-Encoding: plain" in page.stdout def test_static_file_serving(host): """ Tests serving of static files. """ page ='curl https://parameters-mandatory/static/static_file.txt') assert page.rc == 0 assert "This is the WSGI application at parameters-mandatory." in page.stdout assert "Requested URL was: https://parameters-mandatory/static/static_file.txt" in page.stdout page ='curl https://parameters-mandatory/media/media_file.txt') assert page.rc == 0 assert "This is the WSGI application at parameters-mandatory." in page.stdout assert "Requested URL was: https://parameters-mandatory/media/media_file.txt" in page.stdout