import testinfra.utils.ansible_runner

def test_packages(host):
  package = host.package('strongswan')
  assert package.is_installed

def test_config_file(host):
  config = host.file('/etc/ipsec.conf')
  assert config.exists
  assert config.is_file
  assert config.user == 'root'
  assert config.group == 'root'
  assert config.mode == 0o644
  assert config.contains('aggressive=no')
  assert config.contains('ikelifetime=10800s')
  assert config.contains('conn test-ipsec')
  assert config.contains('right=192.168.0.2')

def test_secret_file(host):
  config = host.file('/etc/ipsec.secrets')
  assert config.exists
  assert config.is_file
  assert config.user == 'root'
  assert config.group == 'root'
  assert config.mode == 0o600
  assert config.contains(' 192.168.0.2 : PSK "secret"')

def test_service(host):
  service = host.service('ipsec')
  assert service.is_running
  assert service.is_enabled

def test_socket(host):
  socket = host.socket('udp://0.0.0.0:500')
  assert socket.is_listening

def test_ipsec(host):
  cmd = host.run('ipsec status test-ipsec')
  assert cmd.succeeded
  assert 'no match' not in cmd.stdout