Molecule tests for certificates role

Issue-ID: OOM-1762

Change-Id: Ic13d7ec775a52ad95fc0388e8b84ea8ab7367666
Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
diff --git a/ansible/roles/certificates/.yamllint b/ansible/roles/certificates/.yamllint
new file mode 100644
index 0000000..e8e79a5
--- /dev/null
+++ b/ansible/roles/certificates/.yamllint
@@ -0,0 +1,11 @@
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  line-length: disable
+#  truthy: disable
diff --git a/ansible/roles/certificates/defaults/main.yml b/ansible/roles/certificates/defaults/main.yml
index 260ba96..ad3422c 100644
--- a/ansible/roles/certificates/defaults/main.yml
+++ b/ansible/roles/certificates/defaults/main.yml
@@ -1,4 +1,4 @@
 ---
 # Generate certs to local current dir where ansible in run (= playbook_dir)
 # After ansible run, dir can be deleted but idempotence is lost and certs are re-generated in next run
-certificates_local_dir: certs
+certificates_local_dir: "{{ playbook_dir }}/certs"
diff --git a/ansible/roles/certificates/molecule/default/.gitignore b/ansible/roles/certificates/molecule/default/.gitignore
new file mode 100644
index 0000000..df91287
--- /dev/null
+++ b/ansible/roles/certificates/molecule/default/.gitignore
@@ -0,0 +1 @@
+certs/
diff --git a/ansible/roles/certificates/molecule/default/group_vars/all.yml b/ansible/roles/certificates/molecule/default/group_vars/all.yml
new file mode 100644
index 0000000..6e528ae
--- /dev/null
+++ b/ansible/roles/certificates/molecule/default/group_vars/all.yml
@@ -0,0 +1,7 @@
+---
+certificates:
+  organization_name: MoleculeTesters
+  state_or_province_name: Poland
+  country_name: PL
+  locality_name: Krakow
+app_data_path: /opt/moleculetestapp
diff --git a/ansible/roles/certificates/molecule/default/host_vars/infrastructure-server.yml b/ansible/roles/certificates/molecule/default/host_vars/infrastructure-server.yml
new file mode 100644
index 0000000..67b7ac9
--- /dev/null
+++ b/ansible/roles/certificates/molecule/default/host_vars/infrastructure-server.yml
@@ -0,0 +1,2 @@
+---
+cluster_ip: 1.2.3.4
diff --git a/ansible/roles/certificates/molecule/default/molecule.yml b/ansible/roles/certificates/molecule/default/molecule.yml
new file mode 100644
index 0000000..50c862b
--- /dev/null
+++ b/ansible/roles/certificates/molecule/default/molecule.yml
@@ -0,0 +1,71 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+platforms:
+  - name: infrastructure-server
+    image: molecule-${PREBUILD_PLATFORM_DISTRO:-centos}:${PREBUILD_DISTRO_VERSION:-centos7.6}
+    pre_build_image: true
+    privileged: true
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    env:
+      container: docker
+    groups:
+      - infrastructure
+
+  - name: kubernetes-node-1
+    image: molecule-${PREBUILD_PLATFORM_DISTRO:-centos}:${PREBUILD_DISTRO_VERSION:-centos7.6}
+    pre_build_image: true
+    privileged: true
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    env:
+      container: docker
+    groups:
+      - kubernetes
+provisioner:
+  name: ansible
+  log: true
+  lint:
+    name: ansible-lint
+  env:
+    ANSIBLE_ROLES_PATH: ../../../../test/roles
+    ANSIBLE_LIBRARY: ../../../../library
+  inventory:
+    links:
+      group_vars: ../../../../group_vars/
+scenario:
+  name: default
+  test_sequence:
+    - lint
+    - cleanup
+    - destroy
+    - dependency
+    - syntax
+    - create
+    - prepare
+    - converge
+    # - idempotence
+    #  --> Action: 'idempotence'
+    #  ERROR: Idempotence test failed because of the following tasks:
+    #  * [infrastructure-server -> localhost] => certificates : Generate an OpenSSL CSR.
+    #  * [infrastructure-server -> localhost] => certificates : Generate root CA certificate
+    #  * [infrastructure-server] => certificates : Upload certificates to infrastructure server
+    #  * [infrastructure-server] => certificates : Copy root certificate
+    #  * [infrastructure-server] => certificates : Extract root certificate
+    #  * [infrastructure-server] => docker : Setup docker dns settings
+    #  * [kubernetes-node-1] => certificates : Copy root certificate
+    #  * [kubernetes-node-1] => certificates : Extract root certificate
+    #  * [kubernetes-node-1] => certificates : Extract root certificate
+    - side_effect
+    - verify
+    - cleanup
+    - destroy
+verifier:
+  name: testinfra
+  options:
+    verbose: true
+  lint:
+    name: flake8
diff --git a/ansible/roles/certificates/molecule/default/playbook.yml b/ansible/roles/certificates/molecule/default/playbook.yml
new file mode 100644
index 0000000..5dcd42e
--- /dev/null
+++ b/ansible/roles/certificates/molecule/default/playbook.yml
@@ -0,0 +1,17 @@
+---
+- name: Infra
+  hosts: infrastructure
+  roles:
+    - certificates
+    - docker  # docker role needed here just because of docker restart handler
+
+- name: Kube
+  hosts: kubernetes
+  roles:
+    - docker  # docker role needed here just because of docker restart handler
+  tasks:
+    - include_role:
+        name: certificates
+        tasks_from: upload_root_ca.yml
+      vars:
+        certificates_local_dir: certs
diff --git a/ansible/roles/certificates/molecule/default/prepare.yml b/ansible/roles/certificates/molecule/default/prepare.yml
new file mode 100644
index 0000000..8df759c
--- /dev/null
+++ b/ansible/roles/certificates/molecule/default/prepare.yml
@@ -0,0 +1,5 @@
+---
+- name: Prepare infra
+  hosts: all
+  roles:
+    - prepare-docker
diff --git a/ansible/roles/certificates/molecule/default/tests/test_default.py b/ansible/roles/certificates/molecule/default/tests/test_default.py
new file mode 100644
index 0000000..d4314e5
--- /dev/null
+++ b/ansible/roles/certificates/molecule/default/tests/test_default.py
@@ -0,0 +1,20 @@
+import os
+import pytest
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+@pytest.mark.parametrize('cert_file', [
+    'rootCA.crt'
+])
+def test_cert_file_installed(host, cert_file):
+    os = host.system_info.distribution
+    if os == "centos":
+        f = host.file('/etc/pki/ca-trust/source/anchors/' + cert_file)
+
+    assert f.exists
+    assert f.user == 'root'
+    assert f.group == 'root'
diff --git a/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py b/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py
new file mode 100644
index 0000000..56b1293
--- /dev/null
+++ b/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py
@@ -0,0 +1,33 @@
+import os
+import pytest
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('infrastructure')
+
+
+@pytest.fixture
+def group_vars(host):
+    all_file = "file=group_vars/all.yml name=all"
+    return host.ansible("include_vars", all_file)["ansible_facts"]["all"]
+
+
+@pytest.mark.parametrize('cert_file', [
+    'nexus_server.crt',
+    'nexus_server.csr',
+    'nexus_server.key',
+    'rootCA.crt',
+    'rootCA.csr',
+    'rootCA.key'
+])
+def test_generated_cert_files_copied_to_infra(host, cert_file, group_vars):
+    f = host.file(group_vars["app_data_path"] + '/certs/' + cert_file)
+    assert f.exists
+    assert f.user == 'root'
+    assert f.group == 'root'
+
+    # Verify cert files content locally is as in node
+    with open("certs/" + cert_file) as local_cert_file:
+        local_content = local_cert_file.read().strip()
+    assert local_content == f.content_string
diff --git a/ansible/roles/nexus/tasks/configure.yml b/ansible/roles/nexus/tasks/configure.yml
index 7e6c20e..1a885db 100644
--- a/ansible/roles/nexus/tasks/configure.yml
+++ b/ansible/roles/nexus/tasks/configure.yml
@@ -20,7 +20,7 @@
         body:
           name: configure
           type: groovy
-          content: "{{ lookup('file', 'files/configure.groovy') }}"
+          content: "{{ lookup('file', '{{ role_path }}/files/configure.groovy') }}"
         status_code: [204]
     - name: "execute configuration script"
       uri: