nishiki/ansible-role-certbot
1
0
Fork 0
Code Issues Releases 4 Activity Actions

test: replace kitchen to molecule

Browse source
This commit is contained in:
Adrien Waksberg 2021-08-24 18:15:33 +02:00
parent cd68ec7b1d
commit aab9e5cb08
15 changed files with 124 additions and 244 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,2 +1,2 @@
.kitchen/*
*.pyc

27
.kitchen.yml
View file

@ -1,27 +0,0 @@
---
driver:
name: docker_cli
transport:
name: docker_cli
provisioner:
name: ansible_playbook
hosts: localhost
require_ansible_repo: false
require_ansible_omnibus: false
require_chef_for_busser: true
ansible_verbose: false
ansible_inventory: ./test/integration/inventory
platforms:
- name: debian-9
driver_config:
image: "nishiki/debian9:ansible-<%= ENV['ANSIBLE_VERSION'] ? ENV['ANSIBLE_VERSION'] : '2.6' %>"
command: /bin/systemd
volume:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
security_opt: seccomp=unconfined
suites:
- name: certbot

38
.rubocop.yml
View file

@ -1,38 +0,0 @@
---
AllCops:
Exclude:
- db/**/*
- config/**/*
- Vagrantfile
TargetRubyVersion: 2.3
Naming/AccessorMethodName:
Enabled: false
Lint/RescueWithoutErrorClass:
Enabled: false
Metrics/LineLength:
Max: 120
Metrics/CyclomaticComplexity:
Enabled: false
Metrics/PerceivedComplexity:
Enabled: false
Metrics/MethodLength:
Enabled: false
Metrics/BlockLength:
Enabled: false
Metrics/ClassLength:
Enabled: false
Metrics/AbcSize:
Enabled: false
Style/NumericLiteralPrefix:
Enabled: false
Style/FrozenStringLiteralComment:
Enabled: false
Style/CommandLiteral:
Enabled: true
EnforcedStyle: percent_x
Style/Documentation:
Enabled: false

28
.travis.yml
View file

@ -1,28 +1,30 @@
---
sudo: required
language: ruby
dist: bionic
addons:
apt:
packages:
- python3
- python3-pip
- python3-setuptools
env:
- ANSIBLE_VERSION=2.5
- ANSIBLE_VERSION=2.6
- ANSIBLE_VERSION=2.7
- ANSIBLE_VERSION=2.9.25
- ANSIBLE_VERSION=2.10.7
- ANSIBLE_VERSION=3.4.0
- ANSIBLE_VERSION=4.4.0
services:
- docker
before_install:
- bundle install
- sudo pip install --upgrade pip
- sudo pip install yamllint
- sudo pip install ansible-lint
- sudo pip3 install ansible==${ANSIBLE_VERSION}
- sudo pip3 install molecule 'molecule[docker]' docker testinfra ansible-lint yamllint
- git clone https://github.com/ansible/galaxy-lint-rules.git
script:
- kitchen conv certbot-debian-9
- kitchen conv certbot-debian-9 | grep changed=0
- kitchen verify certbot-debian-9
- ansible-lint -r galaxy-lint-rules/rules .
- yamllint .
- ansible --version
- molecule test
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

1
.yamllint
View file

@ -1,3 +1,4 @@
---
extends: default
ignore: |

12
CHANGELOG.md
View file

@ -4,7 +4,19 @@ This project adheres to [Semantic Versioning](http://semver.org/).
Which is based on [Keep A Changelog](http://keepachangelog.com/)
## [Unreleased]
### Added
- test: add check yamllint
- test: add support debian 11
### Changed
- test: replace kitchen to molecule
### Removed
- test: remove support debian 9
## [2.1.1] 2018-11-26
- fix: replace shell module to command

8
Gemfile
View file

@ -1,8 +0,0 @@
source 'https://rubygems.org'
group :development do
gem 'kitchen-ansible'
gem 'kitchen-docker_cli'
gem 'rubocop', '0.50.0'
gem 'test-kitchen'
end

94
Gemfile.lock
View file

@ -1,94 +0,0 @@
GEM
remote: https://rubygems.org/
specs:
ast (2.4.0)
builder (3.2.3)
erubis (2.7.0)
ffi (1.9.23)
gssapi (1.2.0)
ffi (>= 1.0.1)
gyoku (1.3.1)
builder (>= 2.1.2)
httpclient (2.8.3)
kitchen-ansible (0.47.5)
net-ssh (>= 3)
test-kitchen (~> 1.4)
kitchen-docker_cli (0.18.0)
test-kitchen (>= 1.3)
little-plugger (1.1.4)
logging (2.2.2)
little-plugger (~> 1.1)
multi_json (~> 1.10)
mixlib-install (3.6.0)
mixlib-shellout
mixlib-versioning
thor
mixlib-shellout (2.3.2)
mixlib-versioning (1.2.2)
multi_json (1.13.1)
net-scp (1.2.1)
net-ssh (>= 2.6.5)
net-ssh (4.2.0)
net-ssh-gateway (1.3.0)
net-ssh (>= 2.6.5)
nori (2.6.0)
parallel (1.12.1)
parser (2.5.0.2)
ast (~> 2.4.0)
powerpack (0.1.1)
rainbow (2.2.2)
rake
rake (12.3.1)
rubocop (0.50.0)
parallel (~> 1.10)
parser (>= 2.3.3.1, < 3.0)
powerpack (~> 0.1)
rainbow (>= 2.2.2, < 3.0)
ruby-progressbar (~> 1.7)
unicode-display_width (~> 1.0, >= 1.0.1)
ruby-progressbar (1.9.0)
rubyntlm (0.6.2)
rubyzip (1.2.1)
safe_yaml (1.0.4)
test-kitchen (1.18.0)
mixlib-install (~> 3.6)
mixlib-shellout (>= 1.2, < 3.0)
net-scp (~> 1.1)
net-ssh (>= 2.9, < 5.0)
net-ssh-gateway (~> 1.2)
safe_yaml (~> 1.0)
thor (~> 0.19, < 0.19.2)
winrm (~> 2.0)
winrm-elevated (~> 1.0)
winrm-fs (~> 1.0.2)
thor (0.19.1)
unicode-display_width (1.3.0)
winrm (2.2.3)
builder (>= 2.1.2)
erubis (~> 2.7)
gssapi (~> 1.2)
gyoku (~> 1.0)
httpclient (~> 2.2, >= 2.2.0.2)
logging (>= 1.6.1, < 3.0)
nori (~> 2.0)
rubyntlm (~> 0.6.0, >= 0.6.1)
winrm-elevated (1.1.0)
winrm (~> 2.0)
winrm-fs (~> 1.0)
winrm-fs (1.0.2)
erubis (~> 2.7)
logging (>= 1.6.1, < 3.0)
rubyzip (~> 1.1)
winrm (~> 2.0)
PLATFORMS
ruby
DEPENDENCIES
kitchen-ansible
kitchen-docker_cli
rubocop (= 0.50.0)
test-kitchen
BUNDLED WITH
1.16.0

18
README.md
View file

@ -1,4 +1,5 @@
# Ansible role: Certbot
[![Version](https://img.shields.io/badge/latest_version-2.1.1-green.svg)](https://git.yaegashi.fr/nishiki/ansible-role-certbot/releases)
[![Build Status](https://travis-ci.org/nishiki/ansible-role-certbot.svg?branch=master)](https://travis-ci.org/nishiki/ansible-role-certbot)
[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://git.yaegashi.fr/nishiki/ansible-role-certbot/src/branch/master/LICENSE)
@ -7,8 +8,10 @@ Generate certificate SSL with certbot.
## Requirements
* Ansible >= 2.5
* Debian Stretch
* Ansible >= 2.9
* Debian
* Buster
* Bullseye
## Role variables
@ -27,13 +30,14 @@ Generate certificate SSL with certbot.
```
## Development
### Tests with docker
### Test with molecule and docker
* install [docker](https://docs.docker.com/engine/installation/)
* install ruby
* install bundler `gem install bundler`
* install dependencies `bundle install`
* run the tests `kitchen test`
* install `python3` and `python3-pip`
* install molecule and dependencies `pip3 install molecule molecule-docker docker ansible-lint pytest-testinfra yamllint`
* run `molecule test`
## License

6
meta/main.yml
View file

@ -5,11 +5,13 @@ galaxy_info:
company: Adrien Waksberg
description: Generate certificate SSL with certbot
license: Apache2
min_ansible_version: 2.5
min_ansible_version: 2.9
platforms:
- name: Debian
versions:
- stretch
- buster
- bullseye
galaxy_tags:
- certbot
- letsencrypt

13
test/integration/certbot/default.yml → molecule/default/converge.yml
View file

@ -1,10 +1,15 @@
---
- hosts: certbot
connection: local
- name: Converge
hosts: all
roles:
- ansible-role-certbot
vars:
certbot_role: slave
certbot_domains:
- name: test.local
command: 'echo OK > /tmp/test.txt'
roles:
- ansible-role-certbot
pre_tasks:
- name: update apt cache
ansible.builtin.apt:
update_cache: true

26
molecule/default/molecule.yml Normal file
View file

@ -0,0 +1,26 @@
---
driver:
name: docker
platforms:
- name: debian10
image: nishiki/debian10:molecule
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
command: /bin/systemd
capabilities:
- SYS_ADMIN
- name: debian11
image: nishiki/debian11:molecule
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
command: /bin/systemd
capabilities:
- SYS_ADMIN
lint: |
set -e
yamllint .
ansible-lint .
verifier:
name: testinfra

44
molecule/default/tests/test_default.py Normal file
View file

@ -0,0 +1,44 @@
import testinfra.utils.ansible_runner
def test_packages(host):
package = host.package('certbot')
assert package.is_installed
def test_acme_directory(host):
path = host.file('/var/www/acme')
assert path.exists
assert path.is_directory
assert path.user == 'root'
assert path.group == 'root'
assert path.mode == 0o755
def test_old_cron_file(host):
path = host.file('/etc/cron.d/certbot')
assert not path.exists
def test_cron_file(host):
path = host.file('/var/spool/cron/crontabs/root')
assert path.exists
assert path.is_file
assert path.user == 'root'
assert path.group == 'crontab'
assert path.mode == 0o600
assert path.contains('--renew-hook /usr/local/bin/certbot-renew')
def test_config_file(host):
path = host.file('/etc/letsencrypt/renew.cfg')
assert path.exists
assert path.is_file
assert path.user == 'root'
assert path.group == 'root'
assert path.mode == 0o644
assert path.contains('test.local = echo OK > /tmp/test.txt')
def test_renew(host):
cmd = host.run('RENEWED_DOMAINS=test.local /usr/local/bin/certbot-renew')
assert cmd.succeeded
path = host.file('/tmp/test.txt')
assert path.exists
assert path.is_file
assert path.contains('OK')

47
test/integration/certbot/serverspec/certbot_spec.rb
View file

@ -1,47 +0,0 @@
require 'serverspec'
set :backend, :exec
describe package('certbot') do
it { should be_installed }
end
describe file('/var/www/acme') do
it { should exist }
it { should be_directory }
it { should be_mode 755 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe file('/etc/cron.d/certbot') do
it { should_not exist }
end
describe file('/var/spool/cron/crontabs/root') do
it { should exist }
it { should be_file }
it { should be_mode 600 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'crontab' }
it { should contain '--renew-hook /usr/local/bin/certbot-renew' }
end
describe file('/etc/letsencrypt/renew.cfg') do
it { should exist }
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should contain 'test.local = echo OK > /tmp/test.txt' }
end
describe command('RENEWED_DOMAINS=test.local /usr/local/bin/certbot-renew') do
its(:exit_status) { should eq 0 }
end
describe file('/tmp/test.txt') do
it { should exist }
it { should be_file }
it { should contain 'OK' }
end

2
test/integration/inventory
View file

@ -1,2 +0,0 @@
[certbot]
localhost