forked from osism/ansible-collection-services
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathopenldap.py
91 lines (75 loc) · 2.85 KB
/
openldap.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
from .util.util import get_ansible, get_variable
testinfra_runner, testinfra_hosts = get_ansible()
def test_dirs(host):
config_dir = get_variable(host, "openldap_configuration_directory")
directories = [
config_dir,
f"{config_dir}/umc/gateway",
f"{config_dir}/umc/web",
f"{config_dir}/umc/server",
get_variable(host, "openldap_secrets_directory"),
get_variable(host, "openldap_docker_compose_directory"),
]
for d in directories:
f = host.file(d)
assert f.exists
assert f.is_directory
assert f.mode == 0o750
assert f.user == get_variable(host, "operator_user")
assert f.group == get_variable(host, "operator_group")
def test_env_and_ucr_files(host):
config_dir = get_variable(host, "openldap_configuration_directory")
files = [
f"{config_dir}/openldap.env",
f"{config_dir}/udm-rest.env",
f"{config_dir}/umc-web.env",
f"{config_dir}/umc-gateway.env",
f"{config_dir}/umc-server.env",
f"{config_dir}/umc/server/ucr",
f"{config_dir}/umc/gateway/ucr",
f"{config_dir}/umc/web/ucr",
]
for f in files:
f = host.file(f)
assert f.exists
assert not f.is_directory
assert f.mode == 0o640
assert f.user == get_variable(host, "operator_user")
assert f.group == get_variable(host, "operator_group")
assert "openldap_domain_name" or "openldap_ldap_port" in f.content_string
def test_secret_files(host):
sec_dir = get_variable(host, "openldap_secrets_directory")
files = [
f"{sec_dir}/CAcert.pem",
f"{sec_dir}/cert.pem",
f"{sec_dir}/private.key",
f"{sec_dir}/dh_2048.pem",
]
for f in files:
f = host.file(f)
assert f.exists
assert not f.is_directory
assert f.mode == 0o644
assert f.user == get_variable(host, "operator_user")
assert f.group == get_variable(host, "operator_group")
assert (
"-----BEGIN CERTIFICATE-----"
or "-----BEGIN RSA PRIVATE KEY-----"
or "-----BEGIN DH PARAMETERS-----" in f.content_string
)
def test_dockercompose(host):
f = host.file(
f"{get_variable(host, 'openldap_docker_compose_directory')}/docker-compose.yml"
)
assert f.exists
assert not f.is_directory
assert f.mode == 0o640
assert f.user == get_variable(host, "operator_user")
assert f.group == get_variable(host, "operator_group")
openldap_container_name = get_variable(host, "openldap_container_name")
with host.sudo(get_variable(host, "operator_user")):
assert f'container_name: "{openldap_container_name}' in f.content_string
def test_openldap_service(host):
service = host.service(get_variable(host, "openldap_service_name"))
assert service.is_running
assert service.is_enabled