import os import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*') def test_installed_packages(host): """ Tests if packages have been installed. """ assert host.package('sudo').is_installed def test_ansible_user(host): """ Tests if Ansible user and group have been set-up correctly. """ with host.sudo(): group = host.group('ansible') assert group.exists assert group.gid < 1000 user = host.user('ansible') assert user.exists assert user.group == 'ansible' assert user.groups == ['ansible'] assert user.uid < 1000 assert user.shell == '/bin/bash' assert user.password == '!' def test_sudo_configuration(host): """ Tests if sudo has been configured to allow Ansible user to run any command without password. """ with host.sudo(): sudo_config = host.file('/etc/sudoers.d/ansible') assert sudo_config.is_file assert sudo_config.user == 'root' assert sudo_config.group == 'root' assert sudo_config.mode == 0o640 assert sudo_config.content_string == 'ansible ALL=(ALL:ALL) NOPASSWD:ALL\n' def test_authorized_keys(host): """ Tests if Ansible user authorized_keys has been set-up correctly. """ with host.sudo(): ssh_key = open('tests/data/ansible_key.pub', 'r').read().strip() authorized_keys = host.file('/home/ansible/.ssh/authorized_keys') assert authorized_keys.is_file assert ssh_key in authorized_keys.content_string def test_root_authorized_keys(host): """ Tests if Ansible key been removed from root's authorized keys. """ with host.sudo(): ssh_key = open('tests/data/ansible_key.pub', 'r').read().strip() assert ssh_key not in host.file('/root/.ssh/authorized_keys').content_string