Molecule tests for certificates role
Issue-ID: OOM-1762
Change-Id: Ic13d7ec775a52ad95fc0388e8b84ea8ab7367666
Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
diff --git a/ansible/roles/certificates/.yamllint b/ansible/roles/certificates/.yamllint
new file mode 100644
index 0000000..e8e79a5
--- /dev/null
+++ b/ansible/roles/certificates/.yamllint
@@ -0,0 +1,11 @@
+extends: default
+
+rules:
+ braces:
+ max-spaces-inside: 1
+ level: error
+ brackets:
+ max-spaces-inside: 1
+ level: error
+ line-length: disable
+# truthy: disable
diff --git a/ansible/roles/certificates/defaults/main.yml b/ansible/roles/certificates/defaults/main.yml
index 260ba96..ad3422c 100644
--- a/ansible/roles/certificates/defaults/main.yml
+++ b/ansible/roles/certificates/defaults/main.yml
@@ -1,4 +1,4 @@
---
# Generate certs to local current dir where ansible in run (= playbook_dir)
# After ansible run, dir can be deleted but idempotence is lost and certs are re-generated in next run
-certificates_local_dir: certs
+certificates_local_dir: "{{ playbook_dir }}/certs"
diff --git a/ansible/roles/certificates/molecule/default/.gitignore b/ansible/roles/certificates/molecule/default/.gitignore
new file mode 100644
index 0000000..df91287
--- /dev/null
+++ b/ansible/roles/certificates/molecule/default/.gitignore
@@ -0,0 +1 @@
+certs/
diff --git a/ansible/roles/certificates/molecule/default/group_vars/all.yml b/ansible/roles/certificates/molecule/default/group_vars/all.yml
new file mode 100644
index 0000000..6e528ae
--- /dev/null
+++ b/ansible/roles/certificates/molecule/default/group_vars/all.yml
@@ -0,0 +1,7 @@
+---
+certificates:
+ organization_name: MoleculeTesters
+ state_or_province_name: Poland
+ country_name: PL
+ locality_name: Krakow
+app_data_path: /opt/moleculetestapp
diff --git a/ansible/roles/certificates/molecule/default/host_vars/infrastructure-server.yml b/ansible/roles/certificates/molecule/default/host_vars/infrastructure-server.yml
new file mode 100644
index 0000000..67b7ac9
--- /dev/null
+++ b/ansible/roles/certificates/molecule/default/host_vars/infrastructure-server.yml
@@ -0,0 +1,2 @@
+---
+cluster_ip: 1.2.3.4
diff --git a/ansible/roles/certificates/molecule/default/molecule.yml b/ansible/roles/certificates/molecule/default/molecule.yml
new file mode 100644
index 0000000..50c862b
--- /dev/null
+++ b/ansible/roles/certificates/molecule/default/molecule.yml
@@ -0,0 +1,71 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+lint:
+ name: yamllint
+platforms:
+ - name: infrastructure-server
+ image: molecule-${PREBUILD_PLATFORM_DISTRO:-centos}:${PREBUILD_DISTRO_VERSION:-centos7.6}
+ pre_build_image: true
+ privileged: true
+ command: ${MOLECULE_DOCKER_COMMAND:-""}
+ env:
+ container: docker
+ groups:
+ - infrastructure
+
+ - name: kubernetes-node-1
+ image: molecule-${PREBUILD_PLATFORM_DISTRO:-centos}:${PREBUILD_DISTRO_VERSION:-centos7.6}
+ pre_build_image: true
+ privileged: true
+ command: ${MOLECULE_DOCKER_COMMAND:-""}
+ env:
+ container: docker
+ groups:
+ - kubernetes
+provisioner:
+ name: ansible
+ log: true
+ lint:
+ name: ansible-lint
+ env:
+ ANSIBLE_ROLES_PATH: ../../../../test/roles
+ ANSIBLE_LIBRARY: ../../../../library
+ inventory:
+ links:
+ group_vars: ../../../../group_vars/
+scenario:
+ name: default
+ test_sequence:
+ - lint
+ - cleanup
+ - destroy
+ - dependency
+ - syntax
+ - create
+ - prepare
+ - converge
+ # - idempotence
+ # --> Action: 'idempotence'
+ # ERROR: Idempotence test failed because of the following tasks:
+ # * [infrastructure-server -> localhost] => certificates : Generate an OpenSSL CSR.
+ # * [infrastructure-server -> localhost] => certificates : Generate root CA certificate
+ # * [infrastructure-server] => certificates : Upload certificates to infrastructure server
+ # * [infrastructure-server] => certificates : Copy root certificate
+ # * [infrastructure-server] => certificates : Extract root certificate
+ # * [infrastructure-server] => docker : Setup docker dns settings
+ # * [kubernetes-node-1] => certificates : Copy root certificate
+ # * [kubernetes-node-1] => certificates : Extract root certificate
+ # * [kubernetes-node-1] => certificates : Extract root certificate
+ - side_effect
+ - verify
+ - cleanup
+ - destroy
+verifier:
+ name: testinfra
+ options:
+ verbose: true
+ lint:
+ name: flake8
diff --git a/ansible/roles/certificates/molecule/default/playbook.yml b/ansible/roles/certificates/molecule/default/playbook.yml
new file mode 100644
index 0000000..5dcd42e
--- /dev/null
+++ b/ansible/roles/certificates/molecule/default/playbook.yml
@@ -0,0 +1,17 @@
+---
+- name: Infra
+ hosts: infrastructure
+ roles:
+ - certificates
+ - docker # docker role needed here just because of docker restart handler
+
+- name: Kube
+ hosts: kubernetes
+ roles:
+ - docker # docker role needed here just because of docker restart handler
+ tasks:
+ - include_role:
+ name: certificates
+ tasks_from: upload_root_ca.yml
+ vars:
+ certificates_local_dir: certs
diff --git a/ansible/roles/certificates/molecule/default/prepare.yml b/ansible/roles/certificates/molecule/default/prepare.yml
new file mode 100644
index 0000000..8df759c
--- /dev/null
+++ b/ansible/roles/certificates/molecule/default/prepare.yml
@@ -0,0 +1,5 @@
+---
+- name: Prepare infra
+ hosts: all
+ roles:
+ - prepare-docker
diff --git a/ansible/roles/certificates/molecule/default/tests/test_default.py b/ansible/roles/certificates/molecule/default/tests/test_default.py
new file mode 100644
index 0000000..d4314e5
--- /dev/null
+++ b/ansible/roles/certificates/molecule/default/tests/test_default.py
@@ -0,0 +1,20 @@
+import os
+import pytest
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+@pytest.mark.parametrize('cert_file', [
+ 'rootCA.crt'
+])
+def test_cert_file_installed(host, cert_file):
+ os = host.system_info.distribution
+ if os == "centos":
+ f = host.file('/etc/pki/ca-trust/source/anchors/' + cert_file)
+
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
diff --git a/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py b/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py
new file mode 100644
index 0000000..56b1293
--- /dev/null
+++ b/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py
@@ -0,0 +1,33 @@
+import os
+import pytest
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('infrastructure')
+
+
+@pytest.fixture
+def group_vars(host):
+ all_file = "file=group_vars/all.yml name=all"
+ return host.ansible("include_vars", all_file)["ansible_facts"]["all"]
+
+
+@pytest.mark.parametrize('cert_file', [
+ 'nexus_server.crt',
+ 'nexus_server.csr',
+ 'nexus_server.key',
+ 'rootCA.crt',
+ 'rootCA.csr',
+ 'rootCA.key'
+])
+def test_generated_cert_files_copied_to_infra(host, cert_file, group_vars):
+ f = host.file(group_vars["app_data_path"] + '/certs/' + cert_file)
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+
+ # Verify cert files content locally is as in node
+ with open("certs/" + cert_file) as local_cert_file:
+ local_content = local_cert_file.read().strip()
+ assert local_content == f.content_string
diff --git a/ansible/roles/nexus/tasks/configure.yml b/ansible/roles/nexus/tasks/configure.yml
index 7e6c20e..1a885db 100644
--- a/ansible/roles/nexus/tasks/configure.yml
+++ b/ansible/roles/nexus/tasks/configure.yml
@@ -20,7 +20,7 @@
body:
name: configure
type: groovy
- content: "{{ lookup('file', 'files/configure.groovy') }}"
+ content: "{{ lookup('file', '{{ role_path }}/files/configure.groovy') }}"
status_code: [204]
- name: "execute configuration script"
uri: