From 936cbd393a58e647b6ac9882f0dfb0ae0bf3b3b5 Mon Sep 17 00:00:00 2001
From: Michele Azzolari <michele@azzolari.it>
Date: Fri, 7 Jun 2019 18:03:00 +0200
Subject: [PATCH] CI: add new scenario 'custom-all'

---
 molecule/custom-all/molecule.yml          |  23 +++++
 molecule/custom-all/playbook.yml          |  34 +++++++
 molecule/custom-all/tests/test_default.py | 108 ++++++++++++++++++++++
 runMolecule.sh                            |   4 +-
 4 files changed, 167 insertions(+), 2 deletions(-)
 create mode 100644 molecule/custom-all/molecule.yml
 create mode 100644 molecule/custom-all/playbook.yml
 create mode 100644 molecule/custom-all/tests/test_default.py

diff --git a/molecule/custom-all/molecule.yml b/molecule/custom-all/molecule.yml
new file mode 100644
index 0000000..858e2e8
--- /dev/null
+++ b/molecule/custom-all/molecule.yml
@@ -0,0 +1,23 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+platforms:
+  - name: instance
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  lint:
+    name: ansible-lint
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
diff --git a/molecule/custom-all/playbook.yml b/molecule/custom-all/playbook.yml
new file mode 100644
index 0000000..a6d8cb0
--- /dev/null
+++ b/molecule/custom-all/playbook.yml
@@ -0,0 +1,34 @@
+---
+- name: Converge
+  hosts: all
+  vars:
+    - theo_url: https://theo.example.com
+    - theo_client_token: zdOPNza4jjtceH5F2rU0iOkIJ2xlV4hGUauKT4cNe8HAp+AMnzYEzSc0EIBGM+MJuqL7gLd6bwIP
+    - theo_agent_path: /usr/local/bin/theo
+    - theo_agent_user: theo
+    - theo_agent_cache_dir: /var/cache/theo
+    - theo_agent_config_dir: /var/lib/theo
+    - theo_agent_config_path: /var/lib/theo/theo.yml
+    - theo_agent_verify_signature: true
+    - theo_agent_public_key: |
+        -----BEGIN PUBLIC KEY-----
+        MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwVhHEBTVqEpBOpguARtg
+        //WyDBEoCT2F2OjnHB6fxJ9oopYJZB2Y4jj5cxo1O41r65XmMRT4lqeHWS6Iovde
+        kzlJ0bH91gl7/iNziUMN4ONiIR0SU3PiBGQ0XKq6rUxpsOhe+tFPfBQYhkkAiQeG
+        WC1GYQynYjZ/MTEDIPnd5YjSl0agzm7BMRujEcjWyYqEBuZjtDqP6AICz8nkFo9i
+        CWBONYbCujDl+1sei3WUfeGcUdGiPNwQGU/TW4sfcRWQzayw3XQEl3ERNRMihVsb
+        in2529O4+JMKdKn22mzTmWsraP/ZakVeti0VtpGZEe1YSTW8+SCz7DnTadnuUZAO
+        5JFVTmFcbF7/d/H0atKVVAeTC5nqYNeDrW4jtIQalUZeaHrBkWK7i/yxDYFlC2AW
+        ZEu4IQZtGfNJCaZFuYSiN96yzlnMWRp1nUGaBxoax4K8rBwX8EWxT4EAyN1mtan0
+        ZQITjiZTqDvnhr8iSIvn9hy3942GYi3upOsBeqfb90vzS7BAmoplyWPS0D+UWweB
+        +sjv96Gtb4BFpc96qwptLCnVFFOVlq0bq0u1FN6sZ4RApl2IaSJV9JGsJjeeJowh
+        GCK9sSDVI5XY3wy6UYMo9SZQGIglyRPrnd3R82O277lAyOVC/NNp1vq5WH/Mi1Mu
+        JK85kX7Atut+tgWgwuwT5vcCAwEAAQ==
+        -----END PUBLIC KEY-----
+  pre_tasks:
+    - name: Import common tasks
+      import_tasks: ../resources/playbooks/pre-tasks.yml
+
+
+  roles:
+    - role: ansible-theo-agent
diff --git a/molecule/custom-all/tests/test_default.py b/molecule/custom-all/tests/test_default.py
new file mode 100644
index 0000000..9c4ee85
--- /dev/null
+++ b/molecule/custom-all/tests/test_default.py
@@ -0,0 +1,108 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def test_theo_binary_file(host):
+    f = host.file('/usr/local/bin/theo')
+    assert f.exists
+    assert f.is_file
+    assert f.user == 'root'
+    assert f.group == 'root'
+    print("{} vs {}".format(f.mode, oct(f.mode)))
+    assert oct(f.mode) == '0o755'
+
+
+def test_theo_cache_dir(host):
+    f = host.file('/var/cache/theo')
+    assert f.exists
+    assert f.is_directory
+    assert f.user == 'theo'
+    assert f.group == 'root'
+
+
+def test_theo_config_file(host):
+    f = host.file('/var/lib/theo/theo.yml')
+    assert f.exists
+    assert f.is_file
+    assert f.user == 'root'
+    assert f.group == 'root'
+    conf = f.content
+    '''
+    url: https://theo.example.com
+    token: \
+        zdOPNza4jjtceH5F2rU0iOkIJ2xlV4hGUauKT4cNe8HAp+AMnzYEzSc0EIBGM+MJuqL7gLd6bwIP
+    cachedir: /var/cache/theo
+    verify: True
+    public_key: /var/lib/theo/public.pem
+    '''
+    expected = [
+        b'url: https://theo.example.com',
+        b'token: zdOPNza4jjtceH5F2rU0iOkIJ2xlV4hGUauKT4cNe8HAp'
+        b'+AMnzYEzSc0EIBGM+MJuqL7gLd6bwIP',
+        b'cachedir: /var/cache/theo',
+        b'verify: True',
+        b'public_key: /var/lib/theo/public.pem'
+    ]
+    for line in expected:
+        assert line in conf
+
+
+def test_theo_public_key_file(host):
+    f = host.file('/var/lib/theo/public.pem')
+    assert f.exists
+    assert f.is_file
+    assert f.user == 'root'
+    assert f.group == 'root'
+
+
+def test_sshd_config(host):
+    distro = os.getenv('MOLECULE_DISTRO', 'centos7')
+    if distro == 'debian8':
+        expected = get_sshd_config_pre_v69()
+    elif distro == 'ubuntu1404':
+        expected = get_sshd_config_pre_v69()
+    else:
+        expected = get_sshd_config_v69()
+    f = host.file('/etc/ssh/sshd_config')
+    config = f.content
+    configlines = []
+    for line in config.splitlines():
+        if not line.startswith(b'#'):
+            configlines.append(line)
+    '''
+        I don't want to use something like:
+            assert set(expected).issubset(configlines)
+        Because there's no detail of the missing line(s)
+    '''
+    errors = []
+    for line in expected:
+        if line not in configlines:
+            errors.append(line)
+
+    if len(errors):
+        print('Failed test_sshd_config, missing line(s)')
+        for error in errors:
+            print(error)
+        assert False
+
+
+def get_sshd_config_pre_v69():
+    return [
+        b'AuthorizedKeysCommandUser theo',
+        b'AuthorizedKeysCommand /usr/local/bin/theo '
+        b'-config-file /var/lib/theo/theo.yml %u',
+        b'AuthorizedKeysFile /var/cache/theo/%u'
+    ]
+
+
+def get_sshd_config_v69():
+    return [
+        b'AuthorizedKeysCommandUser theo',
+        b'AuthorizedKeysCommand /usr/local/bin/theo '
+        b'-config-file /var/lib/theo/theo.yml -fingerprint %f %u',
+        b'AuthorizedKeysFile /var/cache/theo/%u'
+    ]
diff --git a/runMolecule.sh b/runMolecule.sh
index 1f421f2..749f9f6 100755
--- a/runMolecule.sh
+++ b/runMolecule.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
-SCENARIOS="default signature custom-bin-file custom-config-file custom-config-dir"
+SCENARIOS="default signature custom-bin-file custom-config-file custom-config-dir custom-all"
 
-MUST_FAIL="centos6:custom-config-file centos6:custom-config-dir"
+MUST_FAIL="centos6:custom-config-file centos6:custom-config-dir centos6:custom-all"
 
 function has_right_to_fail {
     for i in ${MUST_FAIL}; do