ansible-roles/renew_vault_certificates
ansible-roles/renew_vault_certificates
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

remove old python tests
All checks were successful
test / Linting (push) Successful in 10s
Details
test / Molecule tests (default, debian11) (push) Successful in 1m6s
Details
test / Molecule tests (default, debian12) (push) Successful in 1m7s
Details
test / Molecule tests (default, ubuntu2004) (push) Successful in 1m16s
Details
test / Molecule tests (with_custom_config, debian11) (push) Successful in 1m4s
Details
test / Molecule tests (default, ubuntu2204) (push) Successful in 1m13s
Details
test / Molecule tests (with_custom_config, debian12) (push) Successful in 1m25s
Details
test / Molecule tests (with_custom_config, ubuntu2204) (push) Successful in 1m13s
Details
test / Molecule tests (with_custom_config, ubuntu2004) (push) Successful in 1m25s
Details

Browse Source
This commit is contained in:
Bertrand Lanson 2023-07-07 18:14:56 +02:00
parent 6762041ac8
commit 7fda2ec85c
4 changed files with 0 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
molecule/default/tests/conftest.py
View File

@ -1,22 +0,0 @@
"""PyTest Fixtures."""
from __future__ import absolute_import
import os
import pytest
def pytest_runtest_setup(item):
"""Run tests only when under molecule with testinfra installed."""
try:
import testinfra
except ImportError:
pytest.skip("Test requires testinfra", allow_module_level=True)
if "MOLECULE_INVENTORY_FILE" in os.environ:
pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ["MOLECULE_INVENTORY_FILE"]
).get_hosts("all")
else:
pytest.skip(
"Test should run only from inside molecule.", allow_module_level=True
)

48
molecule/default/tests/test_default.py
View File

@ -1,48 +0,0 @@
"""Role testing files using testinfra."""
def test_hosts_file(host):
"""Validate /etc/hosts file."""
etc_hosts = host.file("/etc/hosts")
assert etc_hosts.exists
assert etc_hosts.user == "root"
assert etc_hosts.group == "root"
def test_consul_template_config(host):
"""Validate /etc/consul-template.d/vault/ files."""
etc_consul_template_d_vault_config_hcl = host.file("/etc/consul-template.d/vault/vault_config.hcl")
assert etc_consul_template_d_vault_config_hcl.exists
assert etc_consul_template_d_vault_config_hcl.user == "vault"
assert etc_consul_template_d_vault_config_hcl.group == "vault"
assert etc_consul_template_d_vault_config_hcl.mode == 0o600
def test_template_files(host):
"""Validate /etc/consul-template.d/vault/templates/ files."""
vault_cert_pem_tpl = host.file("/etc/consul-template.d/vault/templates/vault_cert.pem.tpl")
vault_key_pem_tpl = host.file("/etc/consul-template.d/vault/templates/vault_key.pem.tpl")
for file in vault_cert_pem_tpl, vault_key_pem_tpl:
assert file.exists
assert file.user == "vault"
assert file.group == "vault"
assert file.mode == 0o600
assert vault_cert_pem_tpl.content_string == '{{ with secret "pki/issue/your-issuer" "common_name=vault01.example.com" "ttl=90d" "alt_names=localhost" "ip_sans=127.0.0.1,192.168.1.1" }}\n{{ .Data.certificate }}\n{{ .Data.issuing_ca }}\n{{ end }}\n'
assert vault_key_pem_tpl.content_string == '{{ with secret "pki/issue/your-issuer" "common_name=vault01.example.com" "ttl=90d" "alt_names=localhost" "ip_sans=127.0.0.1,192.168.1.1" }}\n{{ .Data.private_key }}\n{{ end }}\n'
def test_vault_certs_service_file(host):
"""Validate vault-certs service file."""
etc_systemd_system_vault_certs_service = host.file("/etc/systemd/system/vault-certs.service")
assert etc_systemd_system_vault_certs_service.exists
assert etc_systemd_system_vault_certs_service.user == "root"
assert etc_systemd_system_vault_certs_service.group == "root"
assert etc_systemd_system_vault_certs_service.mode == 0o644
assert etc_systemd_system_vault_certs_service.content_string != ""
def test_vault_certs_service(host):
"""Validate vault-certs service."""
vault_certs_service = host.service("vault-certs.service")
assert vault_certs_service.is_enabled
assert not vault_certs_service.is_running
assert vault_certs_service.systemd_properties["Restart"] == "on-failure"
assert vault_certs_service.systemd_properties["User"] == "vault"
assert vault_certs_service.systemd_properties["Group"] == "vault"
assert vault_certs_service.systemd_properties["FragmentPath"] == "/etc/systemd/system/vault-certs.service"

22
molecule/with_custom_config/tests/conftest.py
View File

@ -1,22 +0,0 @@
"""PyTest Fixtures."""
from __future__ import absolute_import
import os
import pytest
def pytest_runtest_setup(item):
"""Run tests only when under molecule with testinfra installed."""
try:
import testinfra
except ImportError:
pytest.skip("Test requires testinfra", allow_module_level=True)
if "MOLECULE_INVENTORY_FILE" in os.environ:
pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ["MOLECULE_INVENTORY_FILE"]
).get_hosts("all")
else:
pytest.skip(
"Test should run only from inside molecule.", allow_module_level=True
)

48
molecule/with_custom_config/tests/test_default.py
View File

@ -1,48 +0,0 @@
"""Role testing files using testinfra."""
def test_hosts_file(host):
"""Validate /etc/hosts file."""
etc_hosts = host.file("/etc/hosts")
assert etc_hosts.exists
assert etc_hosts.user == "root"
assert etc_hosts.group == "root"
def test_consul_template_config(host):
"""Validate /etc/consul-template.d/vault/ files."""
etc_consul_template_d_vault_config_hcl = host.file("/etc/consul-template.d/vault/vault_config.hcl")
assert etc_consul_template_d_vault_config_hcl.exists
assert etc_consul_template_d_vault_config_hcl.user == "vault"
assert etc_consul_template_d_vault_config_hcl.group == "vault"
assert etc_consul_template_d_vault_config_hcl.mode == 0o600
def test_template_files(host):
"""Validate /etc/consul-template.d/vault/templates/ files."""
vault_cert_pem_tpl = host.file("/etc/consul-template.d/vault/templates/vault_cert.pem.tpl")
vault_key_pem_tpl = host.file("/etc/consul-template.d/vault/templates/vault_key.pem.tpl")
for file in vault_cert_pem_tpl, vault_key_pem_tpl:
assert file.exists
assert file.user == "vault"
assert file.group == "vault"
assert file.mode == 0o600
assert vault_cert_pem_tpl.content_string == '{{ with secret "pki/issue/vault-issuer" "common_name=vault01.example.com" "ttl=90d" "alt_names=localhost,vault.service.consul,active.vault.service.consul,standby.vault.service.consul" "ip_sans=127.0.0.1,192.168.1.1" }}\n{{ .Data.certificate }}\n{{ .Data.issuing_ca }}\n{{ end }}\n'
assert vault_key_pem_tpl.content_string == '{{ with secret "pki/issue/vault-issuer" "common_name=vault01.example.com" "ttl=90d" "alt_names=localhost,vault.service.consul,active.vault.service.consul,standby.vault.service.consul" "ip_sans=127.0.0.1,192.168.1.1" }}\n{{ .Data.private_key }}\n{{ end }}\n'
def test_vault_certs_service_file(host):
"""Validate vault-certs service file."""
etc_systemd_system_vault_certs_service = host.file("/etc/systemd/system/vault-certs.service")
assert etc_systemd_system_vault_certs_service.exists
assert etc_systemd_system_vault_certs_service.user == "root"
assert etc_systemd_system_vault_certs_service.group == "root"
assert etc_systemd_system_vault_certs_service.mode == 0o644
assert etc_systemd_system_vault_certs_service.content_string != ""
def test_vault_certs_service(host):
"""Validate vault-certs service."""
vault_certs_service = host.service("vault-certs.service")
assert vault_certs_service.is_enabled
assert not vault_certs_service.is_running
assert vault_certs_service.systemd_properties["Restart"] == "on-failure"
assert vault_certs_service.systemd_properties["User"] == "vault"
assert vault_certs_service.systemd_properties["Group"] == "vault"
assert vault_certs_service.systemd_properties["FragmentPath"] == "/etc/systemd/system/vault-certs.service"