class TestOctalPermissionsRuleWithFile(unittest.TestCase):
collection = RulesCollection()
VALID_MODES = [
0o777, 0o775, 0o770, 0o755, 0o750, 0o711, 0o710, 0o700, 0o666, 0o664,
0o660, 0o644, 0o640, 0o600, 0o555, 0o551, 0o550, 0o511, 0o510, 0o500,
0o444, 0o440, 0o400
]
INVALID_MODES = [
777,
775,
770,
755,
750,
711,
710,
700,
666,
664,
660,
644,
640,
622,
620,
600,
555,
551,
550, # 511 == 0o777, 510 == 0o776, 500 == 0o764
444,
440,
400
]
def setUp(self):
self.rule = OctalPermissionsRule()
self.collection.register(self.rule)
self.runner = RunFromText(self.collection)
def test_success(self):
results = self.runner.run_playbook(SUCCESS_TASKS)
self.assertEqual(0, len(results))
def test_fail(self):
results = self.runner.run_playbook(FAIL_TASKS)
self.assertEqual(4, len(results))
def test_valid_modes(self):
for mode in self.VALID_MODES:
self.assertFalse(self.rule.is_invalid_permission(mode),
msg="0o%o should be a valid mode" % mode)
def test_invalid_modes(self):
for mode in self.INVALID_MODES:
self.assertTrue(self.rule.is_invalid_permission(mode),
msg="%d should be an invalid mode" % mode)
class TestEnvVarsInCommand(unittest.TestCase):
collection = RulesCollection()
collection.register(EnvVarsInCommandRule())
def setUp(self):
self.runner = RunFromText(self.collection)
def test_success(self):
results = self.runner.run_playbook(SUCCESS_PLAY_TASKS)
self.assertEqual(0, len(results))
def test_fail(self):
results = self.runner.run_playbook(FAIL_PLAY_TASKS)
self.assertEqual(2, len(results))
class TestShellWithoutPipeFail(unittest.TestCase):
collection = RulesCollection()
collection.register(ShellWithoutPipefail())
def setUp(self) -> None:
self.runner = RunFromText(self.collection)
def test_fail(self) -> None:
results = self.runner.run_playbook(FAIL_TASKS)
self.assertEqual(3, len(results))
def test_success(self) -> None:
results = self.runner.run_playbook(SUCCESS_TASKS)
self.assertEqual(0, len(results))
def test_pre_tasks(default_text_runner: RunFromText, playbook: str,
length: int) -> None:
# When
results = default_text_runner.run_playbook(playbook)
# Then
assert len(results) == length
def test_rule_command_instead_of_shell(
default_text_runner: RunFromText, text: str, expected: int
) -> None:
"""Validate that rule works as intended."""
results = default_text_runner.run_playbook(text)
for result in results:
assert result.rule.id == UseCommandInsteadOfShellRule.id, result
assert len(results) == expected
class TestSudoRule(unittest.TestCase):
collection = RulesCollection()
collection.register(SudoRule())
def setUp(self):
self.runner = RunFromText(self.collection)
def test_run_role_fail(self):
results = self.runner.run_role_tasks_main(ROLE_2_ERRORS)
self.assertEqual(2, len(results))
def test_run_role_pass(self):
results = self.runner.run_role_tasks_main(ROLE_0_ERRORS)
self.assertEqual(0, len(results))
def test_play_root_and_task_fail(self):
results = self.runner.run_playbook(PLAY_4_ERRORS)
self.assertEqual(4, len(results))
def test_play_task_fail(self):
results = self.runner.run_playbook(PLAY_1_ERROR)
self.assertEqual(1, len(results))
class TestComparisonToEmptyStringRule(unittest.TestCase):
collection = RulesCollection()
collection.register(ComparisonToEmptyStringRule())
def setUp(self):
self.runner = RunFromText(self.collection)
def test_success(self):
results = self.runner.run_role_tasks_main(SUCCESS_TASKS)
self.assertEqual(0, len(results))
def test_fail(self):
results = self.runner.run_playbook(FAIL_TASKS)
self.assertEqual(2, len(results))
def test_failed_when(rule_runner: RunFromText) -> None:
"""Instead of ignore_errors, this task uses failed_when."""
results = rule_runner.run_playbook(FAILED_WHEN)
assert len(results) == 0
def test_ignore_errors_register(rule_runner: RunFromText) -> None:
"""The task uses ignore_errors: but output is registered and managed."""
results = rule_runner.run_playbook(IGNORE_ERRORS_REGISTER)
assert len(results) == 0
def test_rule_empty_string_compare_pass(rule_runner: RunFromText) -> None:
"""Test rule matches."""
results = rule_runner.run_playbook(SUCCESS_PLAY)
assert len(results) == 0, results
def test_systemd_environment(rule_runner: RunFromText) -> None:
"""Showing the environment is not supported by the systemd module."""
results = rule_runner.run_playbook(SYSTEMD_ENVIRONMENT)
assert len(results) == 0
def test_invalid_var_name_playbook(rule_runner: RunFromText) -> None:
"""Test rule matches."""
results = rule_runner.run_playbook(FAIL_PLAY)
assert len(results) == 2
for result in results:
assert result.rule.id == VariableNamingRule.id
def test_fqcn_builtin_pass(rule_runner: RunFromText) -> None:
"""Test rule does not match."""
results = rule_runner.run_playbook(SUCCESS_PLAY)
assert len(results) == 0, results
def test_password_with_lock(rule_runner: RunFromText) -> None:
"""The task sets a password but also lock the user."""
results = rule_runner.run_playbook(PASSWORD_WITH_LOCK)
assert len(results) == 1
def test_no_log_no(rule_runner: RunFromText) -> None:
"""The task sets no_log to no."""
results = rule_runner.run_playbook(NO_LOG_NO)
assert len(results) == 1
def test_no_log_false(rule_runner: RunFromText) -> None:
"""The task sets no_log to false."""
results = rule_runner.run_playbook(NO_LOG_FALSE)
assert len(results) == 1
def test_no_log_unused(rule_runner: RunFromText) -> None:
"""The task does not use no_log but also no loop."""
results = rule_runner.run_playbook(NO_LOG_UNUSED)
assert len(results) == 0
def test_playbook(
default_text_runner: RunFromText, playbook_src: str, results_num: int
) -> None:
results = default_text_runner.run_playbook(playbook_src)
assert len(results) == results_num
def test_null_tasks(default_text_runner: RunFromText) -> None:
"""Assure we do not fail when encountering null tasks."""
results = default_text_runner.run_playbook(PB_WITH_NULL_TASKS)
assert not results
def test_ignore_errors_true(rule_runner: RunFromText) -> None:
"""The task uses ignore_errors."""
results = rule_runner.run_playbook(IGNORE_ERRORS_TRUE)
assert len(results) == 1
def test_ignore_errors_false(rule_runner: RunFromText) -> None:
"""The task uses ignore_errors: false, oddly enough."""
results = rule_runner.run_playbook(IGNORE_ERRORS_FALSE)
assert len(results) == 0
def test_no_log_yes(rule_runner: RunFromText) -> None:
"""The task sets no_log to yes."""
results = rule_runner.run_playbook(NO_LOG_YES)
assert len(results) == 0
def test_fqcn_builtin_fail(rule_runner: RunFromText) -> None:
"""Test rule matches."""
results = rule_runner.run_playbook(FAIL_PLAY)
assert len(results) == 1
for result in results:
assert result.message == FQCNBuiltinsRule.shortdesc
def test_no_log_true(rule_runner: RunFromText) -> None:
"""The task sets no_log to true."""
results = rule_runner.run_playbook(NO_LOG_TRUE)
assert len(results) == 0
def test_systemd_status(rule_runner: RunFromText) -> None:
"""Set-default is not supported by the systemd module."""
results = rule_runner.run_playbook(SYSTEMCTL_STATUS)
assert len(results) == 0
def test_password_lock_false(rule_runner: RunFromText) -> None:
"""The task does not actually lock the user."""
results = rule_runner.run_playbook(PASSWORD_LOCK_FALSE)
assert len(results) == 0
def test_systemd_runlevel(rule_runner: RunFromText) -> None:
"""Set-default is not supported by the systemd module."""
results = rule_runner.run_playbook(SYSTEMD_RUNLEVEL)
assert len(results) == 0
def test_ignore_errors_check_mode(rule_runner: RunFromText) -> None:
"""The task uses ignore_errors: "{{ ansible_check_mode }}"."""
results = rule_runner.run_playbook(IGNORE_ERRORS_CHECK_MODE)
print(results)
assert len(results) == 0
def test_password_lock_yes(rule_runner: RunFromText) -> None:
"""The task only locks the user."""
results = rule_runner.run_playbook(PASSWORD_LOCK_YES)
assert len(results) == 0
def test_rule_empty_string_compare_fail(rule_runner: RunFromText) -> None:
"""Test rule matches."""
results = rule_runner.run_playbook(FAIL_PLAY)
assert len(results) == 2
for result in results:
assert result.message == ComparisonToEmptyStringRule.shortdesc