import_vault_root_ca/molecule/with_custom_ca/verify.yml

---
- name: Verify
  hosts: all
  gather_facts: false
  tasks:
    - name: "Test: file /etc/hosts"
      block:
        - name: "Stat file /etc/hosts"
          ansible.builtin.stat:
            path: "/etc/hosts"
          register: stat_etc_hosts

        - name: "Verify file /etc/hosts"
          ansible.builtin.assert:
            that:
              - stat_etc_hosts.stat.exists
              - stat_etc_hosts.stat.isreg
              - stat_etc_hosts.stat.pw_name == 'root'
              - stat_etc_hosts.stat.gr_name == 'root'

    - name: "Test: directory /usr/local/share/ca-certificates"
      block:
        - name: "Stat directory /usr/local/share/ca-certificates"
          ansible.builtin.stat:
            path: "/usr/local/share/ca-certificates"
          register: usr_local_share_ca_certificates

        - name: "Find files in directory /usr/local/share/ca-certificates"
          ansible.builtin.find:
            paths: "/usr/local/share/ca-certificates"
            file_type: file
          register: usr_local_share_ca_certificates_ls

        - name: "Verify directory /usr/local/share/ca-certificates"
          ansible.builtin.assert:
            that:
              - usr_local_share_ca_certificates.stat.exists
              - usr_local_share_ca_certificates.stat.isdir
              - usr_local_share_ca_certificates.stat.pw_name == 'root'
              - usr_local_share_ca_certificates.stat.gr_name == 'root'
              - usr_local_share_ca_certificates.stat.mode == '0755'
              - (usr_local_share_ca_certificates_ls.files|length) == 1
              - (usr_local_share_ca_certificates_ls.files[0].path|basename) == 'isrg_root.crt'

    - name: "Test: certificate isrg_root.crt"
      block:
        - name: "Stat file /usr/local/share/ca-certificates/isrg_root.crt"
          ansible.builtin.stat:
            path: "/usr/local/share/ca-certificates/isrg_root.crt"
          register: isrg_root_file

        - name: "Get certificate info"
          community.crypto.x509_certificate_info:
            path: "/usr/local/share/ca-certificates/isrg_root.crt"
          register: isrg_root_pem

        - name: "Verify certificate is readable"
          ansible.builtin.assert:
            that:
              - isrg_root_file.stat.exists
              - isrg_root_file.stat.isreg
              - isrg_root_file.stat.pw_name == 'root'
              - isrg_root_file.stat.gr_name == 'root'
              - isrg_root_file.stat.mode == '0644'
              - not isrg_root_pem.failed
              - not isrg_root_pem.expired
              - isrg_root_pem.issuer == isrg_root_pem.subject
started doing tests in ansible since testinfra is being deprecated 2023-05-23 20:20:19 +00:00			`---`
ansible tests work now 2023-05-25 07:30:55 +00:00			`- name: Verify`
			`hosts: all`
			`gather_facts: false`
			`tasks:`
added default test for container health 2023-05-26 20:19:56 +00:00			`- name: "Test: file /etc/hosts"`
			`block:`
			`- name: "Stat file /etc/hosts"`
			`ansible.builtin.stat:`
			`path: "/etc/hosts"`
			`register: stat_etc_hosts`

			`- name: "Verify file /etc/hosts"`
			`ansible.builtin.assert:`
			`that:`
			`- stat_etc_hosts.stat.exists`
			`- stat_etc_hosts.stat.isreg`
			`- stat_etc_hosts.stat.pw_name == 'root'`
			`- stat_etc_hosts.stat.gr_name == 'root'`

ansible tests work now 2023-05-25 07:30:55 +00:00			`- name: "Test: directory /usr/local/share/ca-certificates"`
			`block:`
			`- name: "Stat directory /usr/local/share/ca-certificates"`
			`ansible.builtin.stat:`
			`path: "/usr/local/share/ca-certificates"`
			`register: usr_local_share_ca_certificates`

			`- name: "Find files in directory /usr/local/share/ca-certificates"`
			`ansible.builtin.find:`
			`paths: "/usr/local/share/ca-certificates"`
			`file_type: file`
			`register: usr_local_share_ca_certificates_ls`

			`- name: "Verify directory /usr/local/share/ca-certificates"`
			`ansible.builtin.assert:`
			`that:`
			`- usr_local_share_ca_certificates.stat.exists`
			`- usr_local_share_ca_certificates.stat.isdir`
			`- usr_local_share_ca_certificates.stat.pw_name == 'root'`
			`- usr_local_share_ca_certificates.stat.gr_name == 'root'`
			`- usr_local_share_ca_certificates.stat.mode == '0755'`
			`- (usr_local_share_ca_certificates_ls.files\|length) == 1`
			`- (usr_local_share_ca_certificates_ls.files[0].path\|basename) == 'isrg_root.crt'`

			`- name: "Test: certificate isrg_root.crt"`
			`block:`
			`- name: "Stat file /usr/local/share/ca-certificates/isrg_root.crt"`
			`ansible.builtin.stat:`
			`path: "/usr/local/share/ca-certificates/isrg_root.crt"`
			`register: isrg_root_file`

			`- name: "Get certificate info"`
			`community.crypto.x509_certificate_info:`
			`path: "/usr/local/share/ca-certificates/isrg_root.crt"`
			`register: isrg_root_pem`

			`- name: "Verify certificate is readable"`
			`ansible.builtin.assert:`
			`that:`
			`- isrg_root_file.stat.exists`
			`- isrg_root_file.stat.isreg`
			`- isrg_root_file.stat.pw_name == 'root'`
			`- isrg_root_file.stat.gr_name == 'root'`
			`- isrg_root_file.stat.mode == '0644'`
			`- not isrg_root_pem.failed`
			`- not isrg_root_pem.expired`
			`- isrg_root_pem.issuer == isrg_root_pem.subject`