added gitea actions, ansible tests, and some formatting
All checks were successful
test / Linting (push) Successful in 28s
test / Molecule tests (default, ubuntu2004) (push) Successful in 1m38s
test / Molecule tests (default, debian11) (push) Successful in 1m56s
test / Molecule tests (default, debian12) (push) Successful in 2m2s
test / Molecule tests (with_custom_config, debian11) (push) Successful in 1m12s
test / Molecule tests (with_custom_config, debian12) (push) Successful in 1m9s
test / Molecule tests (default, ubuntu2204) (push) Successful in 1m41s
test / Molecule tests (with_custom_config, ubuntu2004) (push) Successful in 1m34s
test / Molecule tests (with_custom_config, ubuntu2204) (push) Successful in 1m33s
All checks were successful
test / Linting (push) Successful in 28s
test / Molecule tests (default, ubuntu2004) (push) Successful in 1m38s
test / Molecule tests (default, debian11) (push) Successful in 1m56s
test / Molecule tests (default, debian12) (push) Successful in 2m2s
test / Molecule tests (with_custom_config, debian11) (push) Successful in 1m12s
test / Molecule tests (with_custom_config, debian12) (push) Successful in 1m9s
test / Molecule tests (default, ubuntu2204) (push) Successful in 1m41s
test / Molecule tests (with_custom_config, ubuntu2004) (push) Successful in 1m34s
test / Molecule tests (with_custom_config, ubuntu2204) (push) Successful in 1m33s
This commit is contained in:
parent
0d809f8c5d
commit
790fc50529
52
.gitea/workflows/test.yml
Normal file
52
.gitea/workflows/test.yml
Normal file
@ -0,0 +1,52 @@
|
||||
---
|
||||
name: test
|
||||
on: [push]
|
||||
|
||||
jobs:
|
||||
lint:
|
||||
name: Linting
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: git.ednz.fr/container-factory/ansible-runner:act-latest
|
||||
credentials:
|
||||
username: ${{ secrets.ACTIONS_USER }}
|
||||
password: ${{ secrets.ACTIONS_TOKEN }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: "Ansible lint"
|
||||
run: ansible-lint --force-color
|
||||
working-directory: ${{ gitea.workspace }}
|
||||
|
||||
- name: "YAML lint"
|
||||
run: yamllint . -f colored -c .yamllint
|
||||
working-directory: ${{ gitea.workspace }}
|
||||
|
||||
molecule-test:
|
||||
name: Molecule tests
|
||||
runs-on: ubuntu-latest
|
||||
needs: lint
|
||||
container:
|
||||
image: git.ednz.fr/container-factory/ansible-runner:act-latest
|
||||
credentials:
|
||||
username: ${{ secrets.ACTIONS_USER }}
|
||||
password: ${{ secrets.ACTIONS_TOKEN }}
|
||||
strategy:
|
||||
matrix:
|
||||
test_os: [debian11, debian12, ubuntu2004, ubuntu2204]
|
||||
scenario: [default, with_custom_config]
|
||||
env:
|
||||
ANSIBLE_HOST_KEY_CHECKING: 'false'
|
||||
ANSIBLE_FORCE_COLOR: 'true'
|
||||
ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: "Molecule test"
|
||||
run: molecule test -s ${{ matrix.scenario }}
|
||||
shell: bash
|
||||
working-directory: ${{ gitea.workspace }}
|
||||
env:
|
||||
MOLECULE_TEST_OS: ${{ matrix.test_os }}
|
@ -1,82 +0,0 @@
|
||||
---
|
||||
stages:
|
||||
- verify
|
||||
- test-default
|
||||
- test-with-custom-config
|
||||
|
||||
image:
|
||||
name: registry.ednz.fr/forge/ansible-runner
|
||||
|
||||
variables:
|
||||
ANSIBLE_HOST_KEY_CHECKING: 'false'
|
||||
ANSIBLE_FORCE_COLOR: 'true'
|
||||
ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3
|
||||
DOCKER_AUTH_CONFIG: $CI_DOCKER_AUTH_CONFIG
|
||||
|
||||
.stage-test-default:
|
||||
stage: test-default
|
||||
|
||||
.stage-test-with-custom-config:
|
||||
stage: test-with-custom-config
|
||||
|
||||
.variables-ubuntu-2004:
|
||||
variables:
|
||||
MOLECULE_TEST_OS: "ubuntu2004"
|
||||
|
||||
.variables-ubuntu-2204:
|
||||
variables:
|
||||
MOLECULE_TEST_OS: "ubuntu2204"
|
||||
|
||||
.variables-debian-11:
|
||||
variables:
|
||||
MOLECULE_TEST_OS: "debian11"
|
||||
|
||||
.script-molecule-test-default:
|
||||
script:
|
||||
- molecule test
|
||||
|
||||
.script-molecule-test-with-custom-config:
|
||||
script:
|
||||
- molecule test -s with_custom_config
|
||||
|
||||
ansible-verify:
|
||||
stage: verify
|
||||
script:
|
||||
- yamllint . -c .yamllint
|
||||
- ansible-lint
|
||||
|
||||
ansible-test-ubuntu-2004-default:
|
||||
extends:
|
||||
- .stage-test-default
|
||||
- .variables-ubuntu-2004
|
||||
- .script-molecule-test-default
|
||||
|
||||
ansible-test-ubuntu-2204-default:
|
||||
extends:
|
||||
- .stage-test-default
|
||||
- .variables-ubuntu-2204
|
||||
- .script-molecule-test-default
|
||||
|
||||
ansible-test-debian-11-default:
|
||||
extends:
|
||||
- .stage-test-default
|
||||
- .variables-debian-11
|
||||
- .script-molecule-test-default
|
||||
|
||||
ansible-test-ubuntu-2004-with-custom-config:
|
||||
extends:
|
||||
- .stage-test-with-custom-config
|
||||
- .variables-ubuntu-2004
|
||||
- .script-molecule-test-with-custom-config
|
||||
|
||||
ansible-test-ubuntu-2204-with-custom-config:
|
||||
extends:
|
||||
- .stage-test-with-custom-config
|
||||
- .variables-ubuntu-2204
|
||||
- .script-molecule-test-with-custom-config
|
||||
|
||||
ansible-test-debian-11-with-custom-config:
|
||||
extends:
|
||||
- .stage-test-with-custom-config
|
||||
- .variables-debian-11
|
||||
- .script-molecule-test-with-custom-config
|
2
LICENSE
2
LICENSE
@ -1,6 +1,6 @@
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2017 Jeff Geerling
|
||||
Copyright (c) 2017 Bertrand Lanson
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
this software and associated documentation files (the "Software"), to deal in
|
||||
|
@ -1,4 +1,4 @@
|
||||
Renew consul certificates
|
||||
renew_consul_certificates
|
||||
=========
|
||||
> This repository is only a mirror. Development and testing is done on a private gitlab server.
|
||||
|
||||
|
@ -20,7 +20,7 @@ provisioner:
|
||||
defaults:
|
||||
remote_tmp: /tmp/.ansible
|
||||
verifier:
|
||||
name: testinfra
|
||||
name: ansible
|
||||
scenario:
|
||||
name: default
|
||||
test_sequence:
|
||||
|
@ -1,22 +0,0 @@
|
||||
"""PyTest Fixtures."""
|
||||
|
||||
import os
|
||||
|
||||
import pytest
|
||||
|
||||
|
||||
def pytest_runtest_setup(item):
|
||||
"""Run tests only when under molecule with testinfra installed."""
|
||||
try:
|
||||
import testinfra
|
||||
except ImportError:
|
||||
pytest.skip("Test requires testinfra", allow_module_level=True)
|
||||
if "MOLECULE_INVENTORY_FILE" in os.environ:
|
||||
pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||
os.environ["MOLECULE_INVENTORY_FILE"],
|
||||
).get_hosts("all")
|
||||
else:
|
||||
pytest.skip(
|
||||
"Test should run only from inside molecule.",
|
||||
allow_module_level=True,
|
||||
)
|
@ -1,50 +0,0 @@
|
||||
"""Role testing files using testinfra."""
|
||||
|
||||
|
||||
def test_hosts_file(host):
|
||||
"""Validate /etc/hosts file."""
|
||||
etc_hosts = host.file("/etc/hosts")
|
||||
assert etc_hosts.exists
|
||||
assert etc_hosts.user == "root"
|
||||
assert etc_hosts.group == "root"
|
||||
|
||||
def test_consul_template_config(host):
|
||||
"""Validate /etc/consul-template.d/consul/ files."""
|
||||
etc_consul_template_d_consul_config_hcl = host.file("/etc/consul-template.d/consul/consul_config.hcl")
|
||||
assert etc_consul_template_d_consul_config_hcl.exists
|
||||
assert etc_consul_template_d_consul_config_hcl.user == "consul"
|
||||
assert etc_consul_template_d_consul_config_hcl.group == "consul"
|
||||
assert etc_consul_template_d_consul_config_hcl.mode == 0o600
|
||||
|
||||
def test_template_files(host):
|
||||
"""Validate /etc/consul-template.d/consul/templates/ files."""
|
||||
consul_ca_pem_tpl = host.file("/etc/consul-template.d/consul/templates/consul_ca.pem.tpl")
|
||||
consul_cert_pem_tpl = host.file("/etc/consul-template.d/consul/templates/consul_cert.pem.tpl")
|
||||
consul_key_pem_tpl = host.file("/etc/consul-template.d/consul/templates/consul_key.pem.tpl")
|
||||
for file in consul_cert_pem_tpl, consul_key_pem_tpl:
|
||||
assert file.exists
|
||||
assert file.user == "consul"
|
||||
assert file.group == "consul"
|
||||
assert file.mode == 0o600
|
||||
assert consul_ca_pem_tpl.content_string == '{{ with secret "pki/issue/your-issuer" "common_name=consul01.example.com" "ttl=90d" "alt_names=localhost" "ip_sans=127.0.0.1" }}\n{{ .Data.issuing_ca }}\n{{ end }}\n'
|
||||
assert consul_cert_pem_tpl.content_string == '{{ with secret "pki/issue/your-issuer" "common_name=consul01.example.com" "ttl=90d" "alt_names=localhost" "ip_sans=127.0.0.1" }}\n{{ .Data.certificate }}\n{{ .Data.issuing_ca }}\n{{ end }}\n'
|
||||
assert consul_key_pem_tpl.content_string == '{{ with secret "pki/issue/your-issuer" "common_name=consul01.example.com" "ttl=90d" "alt_names=localhost" "ip_sans=127.0.0.1" }}\n{{ .Data.private_key }}\n{{ end }}\n'
|
||||
|
||||
def test_consul_certs_service_file(host):
|
||||
"""Validate consul-certs service file."""
|
||||
etc_systemd_system_consul_certs_service = host.file("/etc/systemd/system/consul-certs.service")
|
||||
assert etc_systemd_system_consul_certs_service.exists
|
||||
assert etc_systemd_system_consul_certs_service.user == "root"
|
||||
assert etc_systemd_system_consul_certs_service.group == "root"
|
||||
assert etc_systemd_system_consul_certs_service.mode == 0o644
|
||||
assert etc_systemd_system_consul_certs_service.content_string != ""
|
||||
|
||||
def test_consul_certs_service(host):
|
||||
"""Validate consul-certs service."""
|
||||
consul_certs_service = host.service("consul-certs.service")
|
||||
assert consul_certs_service.is_enabled
|
||||
assert not consul_certs_service.is_running
|
||||
assert consul_certs_service.systemd_properties["Restart"] == "on-failure"
|
||||
assert consul_certs_service.systemd_properties["User"] == "consul"
|
||||
assert consul_certs_service.systemd_properties["Group"] == "consul"
|
||||
assert consul_certs_service.systemd_properties["FragmentPath"] == "/etc/systemd/system/consul-certs.service"
|
154
molecule/default/verify.yml
Normal file
154
molecule/default/verify.yml
Normal file
@ -0,0 +1,154 @@
|
||||
---
|
||||
- name: Verify
|
||||
hosts: all
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: "Test: file /etc/hosts"
|
||||
block:
|
||||
- name: "Stat file /etc/hosts"
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/hosts"
|
||||
register: stat_etc_hosts
|
||||
|
||||
- name: "Verify file /etc/hosts"
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- stat_etc_hosts.stat.exists
|
||||
- stat_etc_hosts.stat.isreg
|
||||
- stat_etc_hosts.stat.pw_name == 'root'
|
||||
- stat_etc_hosts.stat.gr_name == 'root'
|
||||
|
||||
- name: "Test: directory /etc/consul-template.d/consul"
|
||||
block:
|
||||
- name: "Stat directory /etc/consul-template.d/consul"
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/consul-template.d/consul"
|
||||
register: stat_etc_consul_template_d_nomad
|
||||
|
||||
- name: "Stat file /etc/consul-template.d/consul/consul_config.hcl"
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/consul-template.d/consul/consul_config.hcl"
|
||||
register: stat_etc_consul_template_d_nomad_nomad_config_hcl
|
||||
|
||||
- name: "Slurp file /etc/consul-template.d/consul/consul_config.hcl"
|
||||
ansible.builtin.slurp:
|
||||
src: "/etc/consul-template.d/consul/consul_config.hcl"
|
||||
register: slurp_etc_consul_template_d_consul_consul_config_hcl
|
||||
|
||||
- name: "Verify directory /etc/consul-template.d/consul"
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- stat_etc_consul_template_d_nomad.stat.exists
|
||||
- stat_etc_consul_template_d_nomad.stat.isdir
|
||||
- stat_etc_consul_template_d_nomad.stat.pw_name == 'consul'
|
||||
- stat_etc_consul_template_d_nomad.stat.gr_name == 'consul'
|
||||
- stat_etc_consul_template_d_nomad.stat.mode == '0755'
|
||||
- stat_etc_consul_template_d_nomad_nomad_config_hcl.stat.exists
|
||||
- stat_etc_consul_template_d_nomad_nomad_config_hcl.stat.isreg
|
||||
- stat_etc_consul_template_d_nomad_nomad_config_hcl.stat.pw_name == 'consul'
|
||||
- stat_etc_consul_template_d_nomad_nomad_config_hcl.stat.gr_name == 'consul'
|
||||
- stat_etc_consul_template_d_nomad_nomad_config_hcl.stat.mode == '0600'
|
||||
- slurp_etc_consul_template_d_consul_consul_config_hcl.content != ''
|
||||
|
||||
- name: "Test: directory /etc/consul-template.d/consul/templates"
|
||||
block:
|
||||
- name: "Stat directory /etc/consul-template.d/consul/templates"
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/consul-template.d/consul/templates"
|
||||
register: stat_etc_consul_template_d_consul_templates
|
||||
|
||||
- name: "Find in directory /etc/consul-template.d/consul/templates"
|
||||
ansible.builtin.find:
|
||||
paths: "/etc/consul-template.d/consul/templates"
|
||||
file_type: file
|
||||
register: find_etc_consul_template_d_consul_templates
|
||||
|
||||
- name: "Stat in directory /etc/consul-template.d/consul/templates"
|
||||
ansible.builtin.stat:
|
||||
path: "{{ item.path }}"
|
||||
loop: "{{ find_etc_consul_template_d_consul_templates.files }}"
|
||||
register: stat_etc_consul_template_d_consul_templates
|
||||
|
||||
- name: "Slurp in directory /etc/consul-template.d/consul/templates"
|
||||
ansible.builtin.slurp:
|
||||
src: "{{ item.path }}"
|
||||
loop: "{{ find_etc_consul_template_d_consul_templates.files }}"
|
||||
register: slurp_etc_consul_template_d_nomad_templates
|
||||
|
||||
- name: "Verify file /etc/consul-template.d/consul/templates/consul_ca.pem.tpl"
|
||||
vars:
|
||||
consul_ca_file: |
|
||||
{% raw %}{{ with secret "pki/issue/your-issuer" "common_name=consul01.example.com" "ttl=90d" "alt_names=localhost" "ip_sans=127.0.0.1" }}
|
||||
{{ .Data.issuing_ca }}
|
||||
{{ end }}{% endraw %}
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- item.item.isreg
|
||||
- item.item.pw_name == 'consul'
|
||||
- item.item.gr_name == 'consul'
|
||||
- item.item.mode == '0600'
|
||||
- "(item.content|b64decode) == consul_ca_file"
|
||||
loop: "{{ slurp_etc_consul_template_d_nomad_templates.results }}"
|
||||
when: (item.item.path | basename) == 'consul_ca.pem.tpl'
|
||||
|
||||
- name: "Verify file /etc/consul-template.d/consul/templates/consul_cert.pem.tpl"
|
||||
vars:
|
||||
consul_cert_file: |
|
||||
{% raw %}{{ with secret "pki/issue/your-issuer" "common_name=consul01.example.com" "ttl=90d" "alt_names=localhost" "ip_sans=127.0.0.1" }}
|
||||
{{ .Data.certificate }}
|
||||
{{ .Data.issuing_ca }}
|
||||
{{ end }}{% endraw %}
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- item.item.isreg
|
||||
- item.item.pw_name == 'consul'
|
||||
- item.item.gr_name == 'consul'
|
||||
- item.item.mode == '0600'
|
||||
- "(item.content|b64decode) == consul_cert_file"
|
||||
loop: "{{ slurp_etc_consul_template_d_nomad_templates.results }}"
|
||||
when: (item.item.path | basename) == 'consul_cert.pem.tpl'
|
||||
|
||||
- name: "Verify file /etc/consul-template.d/consul/templates/consul_key.pem.tpl"
|
||||
vars:
|
||||
consul_key_file: |
|
||||
{% raw %}{{ with secret "pki/issue/your-issuer" "common_name=consul01.example.com" "ttl=90d" "alt_names=localhost" "ip_sans=127.0.0.1" }}
|
||||
{{ .Data.private_key }}
|
||||
{{ end }}{% endraw %}
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- item.item.isreg
|
||||
- item.item.pw_name == 'consul'
|
||||
- item.item.gr_name == 'consul'
|
||||
- item.item.mode == '0600'
|
||||
- "(item.content|b64decode) == consul_key_file"
|
||||
loop: "{{ slurp_etc_consul_template_d_nomad_templates.results }}"
|
||||
when: (item.item.path | basename) == 'consul_key.pem.tpl'
|
||||
|
||||
- name: "Test: service consul-certs"
|
||||
block:
|
||||
- name: "Get service consul-certs"
|
||||
ansible.builtin.service_facts:
|
||||
|
||||
- name: "Stat file /etc/systemd/system/consul-certs.service"
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/systemd/system/consul-certs.service"
|
||||
register: stat_etc_systemd_system_consul_certs_service
|
||||
|
||||
- name: "Slurp file /etc/systemd/system/consul-certs.service"
|
||||
ansible.builtin.slurp:
|
||||
src: "/etc/systemd/system/consul-certs.service"
|
||||
register: slurp_etc_systemd_system_consul_certs_service
|
||||
|
||||
- name: "Verify service nomad"
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- stat_etc_systemd_system_consul_certs_service.stat.exists
|
||||
- stat_etc_systemd_system_consul_certs_service.stat.isreg
|
||||
- stat_etc_systemd_system_consul_certs_service.stat.pw_name == 'root'
|
||||
- stat_etc_systemd_system_consul_certs_service.stat.gr_name == 'root'
|
||||
- stat_etc_systemd_system_consul_certs_service.stat.mode == '0644'
|
||||
- slurp_etc_systemd_system_consul_certs_service.content != ''
|
||||
- ansible_facts.services['consul-certs.service'] is defined
|
||||
- ansible_facts.services['consul-certs.service']['source'] == 'systemd'
|
||||
- ansible_facts.services['consul-certs.service']['state'] == 'stopped'
|
||||
- ansible_facts.services['consul-certs.service']['status'] == 'enabled'
|
@ -20,7 +20,7 @@ provisioner:
|
||||
defaults:
|
||||
remote_tmp: /tmp/.ansible
|
||||
verifier:
|
||||
name: testinfra
|
||||
name: ansible
|
||||
scenario:
|
||||
name: with_custom_config
|
||||
test_sequence:
|
||||
|
@ -1,22 +0,0 @@
|
||||
"""PyTest Fixtures."""
|
||||
from __future__ import absolute_import
|
||||
|
||||
import os
|
||||
|
||||
import pytest
|
||||
|
||||
|
||||
def pytest_runtest_setup(item):
|
||||
"""Run tests only when under molecule with testinfra installed."""
|
||||
try:
|
||||
import testinfra
|
||||
except ImportError:
|
||||
pytest.skip("Test requires testinfra", allow_module_level=True)
|
||||
if "MOLECULE_INVENTORY_FILE" in os.environ:
|
||||
pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||
os.environ["MOLECULE_INVENTORY_FILE"]
|
||||
).get_hosts("all")
|
||||
else:
|
||||
pytest.skip(
|
||||
"Test should run only from inside molecule.", allow_module_level=True
|
||||
)
|
@ -1,50 +0,0 @@
|
||||
"""Role testing files using testinfra."""
|
||||
|
||||
|
||||
def test_hosts_file(host):
|
||||
"""Validate /etc/hosts file."""
|
||||
etc_hosts = host.file("/etc/hosts")
|
||||
assert etc_hosts.exists
|
||||
assert etc_hosts.user == "root"
|
||||
assert etc_hosts.group == "root"
|
||||
|
||||
def test_consul_template_config(host):
|
||||
"""Validate /etc/consul-template.d/consul/ files."""
|
||||
etc_consul_template_d_consul_config_hcl = host.file("/etc/consul-template.d/consul/consul_config.hcl")
|
||||
assert etc_consul_template_d_consul_config_hcl.exists
|
||||
assert etc_consul_template_d_consul_config_hcl.user == "consul"
|
||||
assert etc_consul_template_d_consul_config_hcl.group == "consul"
|
||||
assert etc_consul_template_d_consul_config_hcl.mode == 0o600
|
||||
|
||||
def test_template_files(host):
|
||||
"""Validate /etc/consul-template.d/consul/templates/ files."""
|
||||
consul_ca_pem_tpl = host.file("/etc/consul-template.d/consul/templates/consul_ca.pem.tpl")
|
||||
consul_cert_pem_tpl = host.file("/etc/consul-template.d/consul/templates/consul_cert.pem.tpl")
|
||||
consul_key_pem_tpl = host.file("/etc/consul-template.d/consul/templates/consul_key.pem.tpl")
|
||||
for file in consul_cert_pem_tpl, consul_key_pem_tpl:
|
||||
assert file.exists
|
||||
assert file.user == "consul"
|
||||
assert file.group == "consul"
|
||||
assert file.mode == 0o600
|
||||
assert consul_ca_pem_tpl.content_string == '{{ with secret "pki/issue/your-issuer" "common_name=consul01.example.com" "ttl=90d" "alt_names=localhost,server.dc1.consul,consul.service.consul" "ip_sans=127.0.0.1" }}\n{{ .Data.issuing_ca }}\n{{ end }}\n'
|
||||
assert consul_cert_pem_tpl.content_string == '{{ with secret "pki/issue/your-issuer" "common_name=consul01.example.com" "ttl=90d" "alt_names=localhost,server.dc1.consul,consul.service.consul" "ip_sans=127.0.0.1" }}\n{{ .Data.certificate }}\n{{ .Data.issuing_ca }}\n{{ end }}\n'
|
||||
assert consul_key_pem_tpl.content_string == '{{ with secret "pki/issue/your-issuer" "common_name=consul01.example.com" "ttl=90d" "alt_names=localhost,server.dc1.consul,consul.service.consul" "ip_sans=127.0.0.1" }}\n{{ .Data.private_key }}\n{{ end }}\n'
|
||||
|
||||
def test_consul_certs_service_file(host):
|
||||
"""Validate consul-certs service file."""
|
||||
etc_systemd_system_consul_certs_service = host.file("/etc/systemd/system/consul-certs.service")
|
||||
assert etc_systemd_system_consul_certs_service.exists
|
||||
assert etc_systemd_system_consul_certs_service.user == "root"
|
||||
assert etc_systemd_system_consul_certs_service.group == "root"
|
||||
assert etc_systemd_system_consul_certs_service.mode == 0o644
|
||||
assert etc_systemd_system_consul_certs_service.content_string != ""
|
||||
|
||||
def test_consul_certs_service(host):
|
||||
"""Validate consul-certs service."""
|
||||
consul_certs_service = host.service("consul-certs.service")
|
||||
assert consul_certs_service.is_enabled
|
||||
assert not consul_certs_service.is_running
|
||||
assert consul_certs_service.systemd_properties["Restart"] == "on-failure"
|
||||
assert consul_certs_service.systemd_properties["User"] == "consul"
|
||||
assert consul_certs_service.systemd_properties["Group"] == "consul"
|
||||
assert consul_certs_service.systemd_properties["FragmentPath"] == "/etc/systemd/system/consul-certs.service"
|
154
molecule/with_custom_config/verify.yml
Normal file
154
molecule/with_custom_config/verify.yml
Normal file
@ -0,0 +1,154 @@
|
||||
---
|
||||
- name: Verify
|
||||
hosts: all
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: "Test: file /etc/hosts"
|
||||
block:
|
||||
- name: "Stat file /etc/hosts"
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/hosts"
|
||||
register: stat_etc_hosts
|
||||
|
||||
- name: "Verify file /etc/hosts"
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- stat_etc_hosts.stat.exists
|
||||
- stat_etc_hosts.stat.isreg
|
||||
- stat_etc_hosts.stat.pw_name == 'root'
|
||||
- stat_etc_hosts.stat.gr_name == 'root'
|
||||
|
||||
- name: "Test: directory /etc/consul-template.d/consul"
|
||||
block:
|
||||
- name: "Stat directory /etc/consul-template.d/consul"
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/consul-template.d/consul"
|
||||
register: stat_etc_consul_template_d_nomad
|
||||
|
||||
- name: "Stat file /etc/consul-template.d/consul/consul_config.hcl"
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/consul-template.d/consul/consul_config.hcl"
|
||||
register: stat_etc_consul_template_d_nomad_nomad_config_hcl
|
||||
|
||||
- name: "Slurp file /etc/consul-template.d/consul/consul_config.hcl"
|
||||
ansible.builtin.slurp:
|
||||
src: "/etc/consul-template.d/consul/consul_config.hcl"
|
||||
register: slurp_etc_consul_template_d_consul_consul_config_hcl
|
||||
|
||||
- name: "Verify directory /etc/consul-template.d/consul"
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- stat_etc_consul_template_d_nomad.stat.exists
|
||||
- stat_etc_consul_template_d_nomad.stat.isdir
|
||||
- stat_etc_consul_template_d_nomad.stat.pw_name == 'consul'
|
||||
- stat_etc_consul_template_d_nomad.stat.gr_name == 'consul'
|
||||
- stat_etc_consul_template_d_nomad.stat.mode == '0755'
|
||||
- stat_etc_consul_template_d_nomad_nomad_config_hcl.stat.exists
|
||||
- stat_etc_consul_template_d_nomad_nomad_config_hcl.stat.isreg
|
||||
- stat_etc_consul_template_d_nomad_nomad_config_hcl.stat.pw_name == 'consul'
|
||||
- stat_etc_consul_template_d_nomad_nomad_config_hcl.stat.gr_name == 'consul'
|
||||
- stat_etc_consul_template_d_nomad_nomad_config_hcl.stat.mode == '0600'
|
||||
- slurp_etc_consul_template_d_consul_consul_config_hcl.content != ''
|
||||
|
||||
- name: "Test: directory /etc/consul-template.d/consul/templates"
|
||||
block:
|
||||
- name: "Stat directory /etc/consul-template.d/consul/templates"
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/consul-template.d/consul/templates"
|
||||
register: stat_etc_consul_template_d_consul_templates
|
||||
|
||||
- name: "Find in directory /etc/consul-template.d/consul/templates"
|
||||
ansible.builtin.find:
|
||||
paths: "/etc/consul-template.d/consul/templates"
|
||||
file_type: file
|
||||
register: find_etc_consul_template_d_consul_templates
|
||||
|
||||
- name: "Stat in directory /etc/consul-template.d/consul/templates"
|
||||
ansible.builtin.stat:
|
||||
path: "{{ item.path }}"
|
||||
loop: "{{ find_etc_consul_template_d_consul_templates.files }}"
|
||||
register: stat_etc_consul_template_d_consul_templates
|
||||
|
||||
- name: "Slurp in directory /etc/consul-template.d/consul/templates"
|
||||
ansible.builtin.slurp:
|
||||
src: "{{ item.path }}"
|
||||
loop: "{{ find_etc_consul_template_d_consul_templates.files }}"
|
||||
register: slurp_etc_consul_template_d_nomad_templates
|
||||
|
||||
- name: "Verify file /etc/consul-template.d/consul/templates/consul_ca.pem.tpl"
|
||||
vars:
|
||||
consul_ca_file: |
|
||||
{% raw %}{{ with secret "pki/issue/your-issuer" "common_name=consul01.example.com" "ttl=90d" "alt_names=localhost,server.dc1.consul,consul.service.consul" "ip_sans=127.0.0.1" }}
|
||||
{{ .Data.issuing_ca }}
|
||||
{{ end }}{% endraw %}
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- item.item.isreg
|
||||
- item.item.pw_name == 'consul'
|
||||
- item.item.gr_name == 'consul'
|
||||
- item.item.mode == '0600'
|
||||
- "(item.content|b64decode) == consul_ca_file"
|
||||
loop: "{{ slurp_etc_consul_template_d_nomad_templates.results }}"
|
||||
when: (item.item.path | basename) == 'consul_ca.pem.tpl'
|
||||
|
||||
- name: "Verify file /etc/consul-template.d/consul/templates/consul_cert.pem.tpl"
|
||||
vars:
|
||||
consul_cert_file: |
|
||||
{% raw %}{{ with secret "pki/issue/your-issuer" "common_name=consul01.example.com" "ttl=90d" "alt_names=localhost,server.dc1.consul,consul.service.consul" "ip_sans=127.0.0.1" }}
|
||||
{{ .Data.certificate }}
|
||||
{{ .Data.issuing_ca }}
|
||||
{{ end }}{% endraw %}
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- item.item.isreg
|
||||
- item.item.pw_name == 'consul'
|
||||
- item.item.gr_name == 'consul'
|
||||
- item.item.mode == '0600'
|
||||
- "(item.content|b64decode) == consul_cert_file"
|
||||
loop: "{{ slurp_etc_consul_template_d_nomad_templates.results }}"
|
||||
when: (item.item.path | basename) == 'consul_cert.pem.tpl'
|
||||
|
||||
- name: "Verify file /etc/consul-template.d/consul/templates/consul_key.pem.tpl"
|
||||
vars:
|
||||
consul_key_file: |
|
||||
{% raw %}{{ with secret "pki/issue/your-issuer" "common_name=consul01.example.com" "ttl=90d" "alt_names=localhost,server.dc1.consul,consul.service.consul" "ip_sans=127.0.0.1" }}
|
||||
{{ .Data.private_key }}
|
||||
{{ end }}{% endraw %}
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- item.item.isreg
|
||||
- item.item.pw_name == 'consul'
|
||||
- item.item.gr_name == 'consul'
|
||||
- item.item.mode == '0600'
|
||||
- "(item.content|b64decode) == consul_key_file"
|
||||
loop: "{{ slurp_etc_consul_template_d_nomad_templates.results }}"
|
||||
when: (item.item.path | basename) == 'consul_key.pem.tpl'
|
||||
|
||||
- name: "Test: service consul-certs"
|
||||
block:
|
||||
- name: "Get service consul-certs"
|
||||
ansible.builtin.service_facts:
|
||||
|
||||
- name: "Stat file /etc/systemd/system/consul-certs.service"
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/systemd/system/consul-certs.service"
|
||||
register: stat_etc_systemd_system_consul_certs_service
|
||||
|
||||
- name: "Slurp file /etc/systemd/system/consul-certs.service"
|
||||
ansible.builtin.slurp:
|
||||
src: "/etc/systemd/system/consul-certs.service"
|
||||
register: slurp_etc_systemd_system_consul_certs_service
|
||||
|
||||
- name: "Verify service nomad"
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- stat_etc_systemd_system_consul_certs_service.stat.exists
|
||||
- stat_etc_systemd_system_consul_certs_service.stat.isreg
|
||||
- stat_etc_systemd_system_consul_certs_service.stat.pw_name == 'root'
|
||||
- stat_etc_systemd_system_consul_certs_service.stat.gr_name == 'root'
|
||||
- stat_etc_systemd_system_consul_certs_service.stat.mode == '0644'
|
||||
- slurp_etc_systemd_system_consul_certs_service.content != ''
|
||||
- ansible_facts.services['consul-certs.service'] is defined
|
||||
- ansible_facts.services['consul-certs.service']['source'] == 'systemd'
|
||||
- ansible_facts.services['consul-certs.service']['state'] == 'stopped'
|
||||
- ansible_facts.services['consul-certs.service']['status'] == 'enabled'
|
Loading…
Reference in New Issue
Block a user