Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated testinfra tests to optionally run against a prod instance #5318

Merged
merged 10 commits into from
Sep 22, 2020
Merged

Updated testinfra tests to optionally run against a prod instance #5318

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
b66c174
Updated testinfra tests to optionally run against a prod instance
zenmonkeykstop Jun 16, 2020
5575abf
script update as per review
zenmonkeykstop Jun 17, 2020
efc6098
added additional tests to prod run, added prod VM vars
zenmonkeykstop Jul 7, 2020
112f9c2
further tweaks to prod testinfra tests
zenmonkeykstop Jul 8, 2020
7983fdc
added option to install test dependencies with securedrop-admin setup
zenmonkeykstop Jul 31, 2020
9ddf8d1
removed dependency installs from testinfra prod script
zenmonkeykstop Jul 31, 2020
10d6fd9
added 'verify' command for securedrop-admin, to run testinfra tests
zenmonkeykstop Jul 31, 2020
489d903
added version of admin requirements file with testinfra dependencies
zenmonkeykstop Sep 17, 2020
736ad9e
pinned ansible and testinfra dependencies to current versions
zenmonkeykstop Sep 17, 2020
9eb2cdb
skipping prod iptables tests, adding paramiko to test deps, updating …
zenmonkeykstop Sep 17, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions admin/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ test: ## Run tox
update-pip-requirements: ## Updates all Python requirements files via pip-compile.
@echo "███ Updating admin pip requirements..."
@bin/dev-shell pip-compile --allow-unsafe --generate-hashes --output-file requirements.txt requirements.in requirements-ansible.in
@bin/dev-shell pip-compile --allow-unsafe --generate-hashes --output-file requirements-testinfra.txt requirements.in requirements-ansible.in requirements-testinfra.in
@bin/dev-shell pip-compile --allow-unsafe --generate-hashes --output-file requirements-dev.txt requirements-dev.in

# Explaination of the below shell command should it ever break.
Expand Down
30 changes: 22 additions & 8 deletions admin/bootstrap.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,18 @@ def envsetup(args, virtualenv_dir=VENV_DIR):
else:
sdlog.info("Virtualenv already exists, not creating")

install_pip_dependencies(args)
if args.t:
install_pip_dependencies(args, pip_install_cmd=[
os.path.join(VENV_DIR, 'bin', 'pip3'),
'install',
'--no-deps',
'-r', os.path.join(DIR, 'requirements-testinfra.txt'),
'--require-hashes',
'-U', '--upgrade-strategy', 'only-if-needed', ],
desc="dependencies with verification support")
else:
install_pip_dependencies(args)

if os.path.exists(os.path.join(DIR, 'setup.py')):
install_pip_self(args)

Expand Down Expand Up @@ -226,33 +237,36 @@ def install_pip_dependencies(args, pip_install_cmd=[
'-r', os.path.join(DIR, 'requirements.txt'),
'--require-hashes',
# Make sure to upgrade packages only if necessary.
'-U', '--upgrade-strategy', 'only-if-needed',
]):
'-U', '--upgrade-strategy', 'only-if-needed', ],
desc="Python dependencies"
):
"""
Install Python dependencies via pip into virtualenv.
"""

sdlog.info("Checking Python dependencies for securedrop-admin")
sdlog.info("Checking {} for securedrop-admin".format(desc))
try:
pip_output = subprocess.check_output(maybe_torify() + pip_install_cmd,
stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as e:
sdlog.debug(e.output)
sdlog.error(("Failed to install pip dependencies. Check network"
" connection and try again."))
sdlog.error(("Failed to install {}. Check network"
" connection and try again.".format(desc)))
raise

sdlog.debug(pip_output)
if "Successfully installed" in str(pip_output):
sdlog.info("Python dependencies for securedrop-admin upgraded")
sdlog.info("{} for securedrop-admin upgraded".format(desc))
else:
sdlog.info("Python dependencies for securedrop-admin are up-to-date")
sdlog.info("{} for securedrop-admin are up-to-date".format(desc))


def parse_argv(argv):
parser = argparse.ArgumentParser()
parser.add_argument('-v', action='store_true', default=False,
help="Increase verbosity on output")
parser.add_argument('-t', action='store_true', default=False,
help="Install additional test dependencies")
parser.set_defaults(func=envsetup)

subparsers = parser.add_subparsers()
Expand Down
2 changes: 1 addition & 1 deletion admin/requirements-ansible.in
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
ansible>2.9.7<2.10
ansible==2.9.7
cryptography>=2.7
netaddr
4 changes: 4 additions & 0 deletions admin/requirements-testinfra.in
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
pytest==3.2.0
testinfra==3.2.0
pytest-xdist==1.18.2
paramiko==2.6.0
194 changes: 194 additions & 0 deletions admin/requirements-testinfra.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,194 @@
#
# This file is autogenerated by pip-compile
# To update, run:
#
# pip-compile --allow-unsafe --generate-hashes --output-file=requirements-testinfra.txt requirements-ansible.in requirements-testinfra.in requirements.in
#
ansible==2.9.7 \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noting for posterity that the versions of cffi, cryptography, jinja and others are different from the ones locked in develop-requirements.txt and admin/requirements.txt. Given that the changes here work, and that this is exclusively used for testing, we can always update the other requirements files at a later date.

--hash=sha256:7222ce925536a25b2912364e13b03a3e21dbf2f96799ebff304f48509324de7b
apipkg==1.5 \
--hash=sha256:37228cda29411948b422fae072f57e31d3396d2ee1c9783775980ee9c9990af6 \
--hash=sha256:58587dd4dc3daefad0487f6d9ae32b4542b185e1c36db6993290e7c41ca2b47c \
# via execnet
bcrypt==3.2.0 \
--hash=sha256:5b93c1726e50a93a033c36e5ca7fdcd29a5c7395af50a6892f5d9e7c6cfbfb29 \
--hash=sha256:63d4e3ff96188e5898779b6057878fecf3f11cfe6ec3b313ea09955d587ec7a7 \
--hash=sha256:81fec756feff5b6818ea7ab031205e1d323d8943d237303baca2c5f9c7846f34 \
--hash=sha256:a67fb841b35c28a59cebed05fbd3e80eea26e6d75851f0574a9273c80f3e9b55 \
--hash=sha256:c95d4cbebffafcdd28bd28bb4e25b31c50f6da605c81ffd9ad8a3d1b2ab7b1b6 \
--hash=sha256:cd1ea2ff3038509ea95f687256c46b79f5fc382ad0aa3664d200047546d511d1 \
--hash=sha256:cdcdcb3972027f83fe24a48b1e90ea4b584d35f1cc279d76de6fc4b13376239d \
# via paramiko
cffi==1.14.3 \
--hash=sha256:005f2bfe11b6745d726dbb07ace4d53f057de66e336ff92d61b8c7e9c8f4777d \
--hash=sha256:09e96138280241bd355cd585148dec04dbbedb4f46128f340d696eaafc82dd7b \
--hash=sha256:0b1ad452cc824665ddc682400b62c9e4f5b64736a2ba99110712fdee5f2505c4 \
--hash=sha256:0ef488305fdce2580c8b2708f22d7785ae222d9825d3094ab073e22e93dfe51f \
--hash=sha256:15f351bed09897fbda218e4db5a3d5c06328862f6198d4fb385f3e14e19decb3 \
--hash=sha256:22399ff4870fb4c7ef19fff6eeb20a8bbf15571913c181c78cb361024d574579 \
--hash=sha256:23e5d2040367322824605bc29ae8ee9175200b92cb5483ac7d466927a9b3d537 \
--hash=sha256:2791f68edc5749024b4722500e86303a10d342527e1e3bcac47f35fbd25b764e \
--hash=sha256:2f9674623ca39c9ebe38afa3da402e9326c245f0f5ceff0623dccdac15023e05 \
--hash=sha256:3363e77a6176afb8823b6e06db78c46dbc4c7813b00a41300a4873b6ba63b171 \
--hash=sha256:33c6cdc071ba5cd6d96769c8969a0531be2d08c2628a0143a10a7dcffa9719ca \
--hash=sha256:3b8eaf915ddc0709779889c472e553f0d3e8b7bdf62dab764c8921b09bf94522 \
--hash=sha256:3cb3e1b9ec43256c4e0f8d2837267a70b0e1ca8c4f456685508ae6106b1f504c \
--hash=sha256:3eeeb0405fd145e714f7633a5173318bd88d8bbfc3dd0a5751f8c4f70ae629bc \
--hash=sha256:44f60519595eaca110f248e5017363d751b12782a6f2bd6a7041cba275215f5d \
--hash=sha256:4d7c26bfc1ea9f92084a1d75e11999e97b62d63128bcc90c3624d07813c52808 \
--hash=sha256:529c4ed2e10437c205f38f3691a68be66c39197d01062618c55f74294a4a4828 \
--hash=sha256:6642f15ad963b5092d65aed022d033c77763515fdc07095208f15d3563003869 \
--hash=sha256:85ba797e1de5b48aa5a8427b6ba62cf69607c18c5d4eb747604b7302f1ec382d \
--hash=sha256:8f0f1e499e4000c4c347a124fa6a27d37608ced4fe9f7d45070563b7c4c370c9 \
--hash=sha256:a624fae282e81ad2e4871bdb767e2c914d0539708c0f078b5b355258293c98b0 \
--hash=sha256:b0358e6fefc74a16f745afa366acc89f979040e0cbc4eec55ab26ad1f6a9bfbc \
--hash=sha256:bbd2f4dfee1079f76943767fce837ade3087b578aeb9f69aec7857d5bf25db15 \
--hash=sha256:bf39a9e19ce7298f1bd6a9758fa99707e9e5b1ebe5e90f2c3913a47bc548747c \
--hash=sha256:c11579638288e53fc94ad60022ff1b67865363e730ee41ad5e6f0a17188b327a \
--hash=sha256:c150eaa3dadbb2b5339675b88d4573c1be3cb6f2c33a6c83387e10cc0bf05bd3 \
--hash=sha256:c53af463f4a40de78c58b8b2710ade243c81cbca641e34debf3396a9640d6ec1 \
--hash=sha256:cb763ceceae04803adcc4e2d80d611ef201c73da32d8f2722e9d0ab0c7f10768 \
--hash=sha256:cc75f58cdaf043fe6a7a6c04b3b5a0e694c6a9e24050967747251fb80d7bce0d \
--hash=sha256:d80998ed59176e8cba74028762fbd9b9153b9afc71ea118e63bbf5d4d0f9552b \
--hash=sha256:de31b5164d44ef4943db155b3e8e17929707cac1e5bd2f363e67a56e3af4af6e \
--hash=sha256:e66399cf0fc07de4dce4f588fc25bfe84a6d1285cc544e67987d22663393926d \
--hash=sha256:f0620511387790860b249b9241c2f13c3a80e21a73e0b861a2df24e9d6f56730 \
--hash=sha256:f4eae045e6ab2bb54ca279733fe4eb85f1effda392666308250714e01907f394 \
--hash=sha256:f92cdecb618e5fa4658aeb97d5eb3d2f47aa94ac6477c6daf0f306c5a3b9e6b1 \
--hash=sha256:f92f789e4f9241cd262ad7a555ca2c648a98178a953af117ef7fad46aa1d5591 \
# via bcrypt, cryptography, pynacl
cryptography==3.1 \
--hash=sha256:10c9775a3f31610cf6b694d1fe598f2183441de81cedcf1814451ae53d71b13a \
--hash=sha256:180c9f855a8ea280e72a5d61cf05681b230c2dce804c48e9b2983f491ecc44ed \
--hash=sha256:247df238bc05c7d2e934a761243bfdc67db03f339948b1e2e80c75d41fc7cc36 \
--hash=sha256:26409a473cc6278e4c90f782cd5968ebad04d3911ed1c402fc86908c17633e08 \
--hash=sha256:2a27615c965173c4c88f2961cf18115c08fedfb8bdc121347f26e8458dc6d237 \
--hash=sha256:2e26223ac636ca216e855748e7d435a1bf846809ed12ed898179587d0cf74618 \
--hash=sha256:321761d55fb7cb256b771ee4ed78e69486a7336be9143b90c52be59d7657f50f \
--hash=sha256:4005b38cd86fc51c955db40b0f0e52ff65340874495af72efabb1bb8ca881695 \
--hash=sha256:4b9e96543d0784acebb70991ebc2dbd99aa287f6217546bb993df22dd361d41c \
--hash=sha256:548b0818e88792318dc137d8b1ec82a0ab0af96c7f0603a00bb94f896fbf5e10 \
--hash=sha256:725875681afe50b41aee7fdd629cedbc4720bab350142b12c55c0a4d17c7416c \
--hash=sha256:7a63e97355f3cd77c94bd98c59cb85fe0efd76ea7ef904c9b0316b5bbfde6ed1 \
--hash=sha256:94191501e4b4009642be21dde2a78bd3c2701a81ee57d3d3d02f1d99f8b64a9e \
--hash=sha256:969ae512a250f869c1738ca63be843488ff5cc031987d302c1f59c7dbe1b225f \
--hash=sha256:9f734423eb9c2ea85000aa2476e0d7a58e021bc34f0a373ac52a5454cd52f791 \
--hash=sha256:b45ab1c6ece7c471f01c56f5d19818ca797c34541f0b2351635a5c9fe09ac2e0 \
--hash=sha256:cc6096c86ec0de26e2263c228fb25ee01c3ff1346d3cfc219d67d49f303585af \
--hash=sha256:dc3f437ca6353979aace181f1b790f0fc79e446235b14306241633ab7d61b8f8 \
--hash=sha256:e7563eb7bc5c7e75a213281715155248cceba88b11cb4b22957ad45b85903761 \
--hash=sha256:e7dad66a9e5684a40f270bd4aee1906878193ae50a4831922e454a2a457f1716 \
--hash=sha256:eb80a288e3cfc08f679f95da72d2ef90cb74f6d8a8ba69d2f215c5e110b2ca32 \
--hash=sha256:fa7fbcc40e2210aca26c7ac8a39467eae444d90a2c346cbcffd9133a166bcc67
execnet==1.7.1 \
--hash=sha256:cacb9df31c9680ec5f95553976c4da484d407e85e41c83cb812aa014f0eddc50 \
--hash=sha256:d4efd397930c46415f62f8a31388d6be4f27a91d7550eb79bc64a756e0056547 \
# via pytest-xdist
jinja2==2.11.2 \
--hash=sha256:89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0 \
--hash=sha256:f0a4641d3cf955324a89c04f3d94663aa4d638abe8f733ecd3582848e1c37035 \
# via ansible
markupsafe==1.1.1 \
--hash=sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473 \
--hash=sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161 \
--hash=sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235 \
--hash=sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5 \
--hash=sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42 \
--hash=sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff \
--hash=sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b \
--hash=sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1 \
--hash=sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e \
--hash=sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183 \
--hash=sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66 \
--hash=sha256:596510de112c685489095da617b5bcbbac7dd6384aeebeda4df6025d0256a81b \
--hash=sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1 \
--hash=sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15 \
--hash=sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1 \
--hash=sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e \
--hash=sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b \
--hash=sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905 \
--hash=sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735 \
--hash=sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d \
--hash=sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e \
--hash=sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d \
--hash=sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c \
--hash=sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21 \
--hash=sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2 \
--hash=sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5 \
--hash=sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b \
--hash=sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6 \
--hash=sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f \
--hash=sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f \
--hash=sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2 \
--hash=sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7 \
--hash=sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be
netaddr==0.8.0 \
--hash=sha256:9666d0232c32d2656e5e5f8d735f58fd6c7457ce52fc21c98d45f2af78f990ac \
--hash=sha256:d6cc57c7a07b1d9d2e917aa8b36ae8ce61c35ba3fcd1b83ca31c5a0ee2b5a243
paramiko==2.6.0 \
--hash=sha256:99f0179bdc176281d21961a003ffdb2ec369daac1a1007241f53374e376576cf \
--hash=sha256:f4b2edfa0d226b70bd4ca31ea7e389325990283da23465d572ed1f70a7583041
prompt_toolkit==2.0.9 \
--hash=sha256:11adf3389a996a6d45cc277580d0d53e8a5afd281d0c9ec71b28e6f121463780 \
--hash=sha256:2519ad1d8038fd5fc8e770362237ad0364d16a7650fb5724af6997ed5515e3c1 \
--hash=sha256:977c6583ae813a37dc1c2e1b715892461fcbdaa57f6fc62f33a528c4886c8f55
py==1.9.0 \
--hash=sha256:366389d1db726cd2fcfc79732e75410e5fe4d31db13692115529d34069a043c2 \
--hash=sha256:9ca6883ce56b4e8da7e79ac18787889fa5206c79dcc67fb065376cd2fe03f342 \
# via pytest
pycparser==2.20 \
--hash=sha256:2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0 \
--hash=sha256:7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705 \
# via cffi
pynacl==1.4.0 \
--hash=sha256:06cbb4d9b2c4bd3c8dc0d267416aaed79906e7b33f114ddbf0911969794b1cc4 \
--hash=sha256:11335f09060af52c97137d4ac54285bcb7df0cef29014a1a4efe64ac065434c4 \
--hash=sha256:2fe0fc5a2480361dcaf4e6e7cea00e078fcda07ba45f811b167e3f99e8cff574 \
--hash=sha256:30f9b96db44e09b3304f9ea95079b1b7316b2b4f3744fe3aaecccd95d547063d \
--hash=sha256:4e10569f8cbed81cb7526ae137049759d2a8d57726d52c1a000a3ce366779634 \
--hash=sha256:511d269ee845037b95c9781aa702f90ccc36036f95d0f31373a6a79bd8242e25 \
--hash=sha256:537a7ccbea22905a0ab36ea58577b39d1fa9b1884869d173b5cf111f006f689f \
--hash=sha256:54e9a2c849c742006516ad56a88f5c74bf2ce92c9f67435187c3c5953b346505 \
--hash=sha256:757250ddb3bff1eecd7e41e65f7f833a8405fede0194319f87899690624f2122 \
--hash=sha256:7757ae33dae81c300487591c68790dfb5145c7d03324000433d9a2c141f82af7 \
--hash=sha256:7c6092102219f59ff29788860ccb021e80fffd953920c4a8653889c029b2d420 \
--hash=sha256:8122ba5f2a2169ca5da936b2e5a511740ffb73979381b4229d9188f6dcb22f1f \
--hash=sha256:9c4a7ea4fb81536c1b1f5cc44d54a296f96ae78c1ebd2311bd0b60be45a48d96 \
--hash=sha256:c914f78da4953b33d4685e3cdc7ce63401247a21425c16a39760e282075ac4a6 \
--hash=sha256:cd401ccbc2a249a47a3a1724c2918fcd04be1f7b54eb2a5a71ff915db0ac51c6 \
--hash=sha256:d452a6746f0a7e11121e64625109bc4468fc3100452817001dbe018bb8b08514 \
--hash=sha256:ea6841bc3a76fa4942ce00f3bda7d436fda21e2d91602b9e21b7ca9ecab8f3ff \
--hash=sha256:f8851ab9041756003119368c1e6cd0b9c631f46d686b3904b18c0139f4419f80 \
# via paramiko
pytest-xdist==1.18.2 \
--hash=sha256:10468377901b80255cf192c4603a94ffe8b1f071f5c912868da5f5cb91170dae
pytest==3.2.0 \
--hash=sha256:0225cf10b9e173f84729d5f4648211458a222c6e53a77a85e104bc5f31c244ee \
--hash=sha256:d994b4f28c6d449a467ad3d336544945a0dcf350e3b7b301219547ef5aa8125e
pyyaml==5.3.1 \
--hash=sha256:06a0d7ba600ce0b2d2fe2e78453a470b5a6e000a985dd4a4e54e436cc36b0e97 \
--hash=sha256:240097ff019d7c70a4922b6869d8a86407758333f02203e0fc6ff79c5dcede76 \
--hash=sha256:4f4b913ca1a7319b33cfb1369e91e50354d6f07a135f3b901aca02aa95940bd2 \
--hash=sha256:69f00dca373f240f842b2931fb2c7e14ddbacd1397d57157a9b005a6a9942648 \
--hash=sha256:73f099454b799e05e5ab51423c7bcf361c58d3206fa7b0d555426b1f4d9a3eaf \
--hash=sha256:74809a57b329d6cc0fdccee6318f44b9b8649961fa73144a98735b0aaf029f1f \
--hash=sha256:7739fc0fa8205b3ee8808aea45e968bc90082c10aef6ea95e855e10abf4a37b2 \
--hash=sha256:95f71d2af0ff4227885f7a6605c37fd53d3a106fcab511b8860ecca9fcf400ee \
--hash=sha256:b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d \
--hash=sha256:cc8955cfbfc7a115fa81d85284ee61147059a753344bc51098f3ccd69b0d7e0c \
--hash=sha256:d13155f591e6fcc1ec3b30685d50bf0711574e2c0dfffd7644babf8b5102ca1a
six==1.15.0 \
--hash=sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259 \
--hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced
testinfra==3.2.0 \
--hash=sha256:16201d64659ec0c2d25f65d6ce1f5367668b7b4eb102450efd4f8983a399d7d0 \
--hash=sha256:5cebf61fee13c2e83b5e177431e751e243fc779293377c5e0c3b43910bb7e870
wcwidth==0.2.5 \
--hash=sha256:beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784 \
--hash=sha256:c4d647b99872929fdb7bdcaa4fbe7f01413ed3d98077df798530e5b04f116c83 \
# via prompt-toolkit

# The following packages are considered to be unsafe in a requirements file:
setuptools==50.3.0 \
--hash=sha256:39060a59d91cf5cf403fa3bacbb52df4205a8c3585e0b9ba4b30e0e19d4c4b18 \
--hash=sha256:c77b3920663a435c9450d9d971c48f5a7478fca8881b2cd2564e59f970f03536
13 changes: 13 additions & 0 deletions admin/securedrop_admin/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -753,6 +753,15 @@ def install_securedrop(args):
cwd=args.ansible_path)


def verify_install(args):
"""Run configuration tests against SecureDrop servers"""

sdlog.info("Running configuration tests: ")
testinfra_cmd = ["./devops/scripts/run_prod_testinfra"]
return subprocess.check_call(testinfra_cmd,
cwd=os.getcwd())


def backup_securedrop(args):
"""Perform backup of the SecureDrop Application Server.
Creates a tarball of submissions and server config, and fetches
Expand Down Expand Up @@ -1050,6 +1059,10 @@ class ArgParseFormatterCombo(argparse.ArgumentDefaultsHelpFormatter,
help=reset_admin_access.__doc__)
parse_reset_ssh.set_defaults(func=reset_admin_access)

parse_verify = subparsers.add_parser('verify',
help=verify_install.__doc__)
parse_verify.set_defaults(func=verify_install)

args = parser.parse_args(argv)
if getattr(args, 'func', None) is None:
print('Please specify an operation.\n')
Expand Down
28 changes: 28 additions & 0 deletions devops/scripts/run_prod_testinfra
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#!/bin/bash
#
# Script to run testinfra tests against a production SecureDrop instance.
# Must be run on an Admin Workstation after './securedrop-admin tailsconfig'
# has completed successfully.
#

set -e
set -o pipefail

# Are we in Tails?
if [ -f "/home/amnesia/Persistent/.securedrop/securedrop_init.py" ]
then
echo "Tails workstation detected, continuing..."
else
echo "This script should be run on a SecureDrop Admin Workstation!"
exit 1
fi

cd ~/Persistent/securedrop
source admin/.venv3/bin/activate

cd molecule/testinfra
CI_SD_ENV=${TEST_ENV:-prod} SECUREDROP_TESTINFRA_TARGET_HOST=${TEST_ENV:-prod} py.test -v -n 2 --disable-warnings -m "not skip_in_prod"

deactivate
echo "--------"
echo "Testinfra run complete - restore your workstation virtualenv by removing ~/Persistent/securedrop/admin/.venv3 and running 'cd ~/Persistent/securedrop && ./securedrop-admin setup'"
2 changes: 1 addition & 1 deletion molecule/libvirt-staging-xenial/molecule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ verifier:
name: testinfra
lint:
name: flake8
directory: ../testinfra/staging/
directory: ../testinfra
options:
n: auto
v: 2
Expand Down
2 changes: 1 addition & 1 deletion molecule/qubes-staging/molecule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ verifier:
name: testinfra
lint:
name: flake8
directory: ../testinfra/staging/
directory: ../testinfra
options:
n: auto
v: 2
5 changes: 4 additions & 1 deletion ...estinfra/staging/app-code/test_haveged.py → molecule/testinfra/app-code/test_haveged.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
testinfra_hosts = ["app-staging"]
import pytest

sdvars = pytest.securedrop_test_vars
testinfra_hosts = [sdvars.app_hostname]


def test_haveged_config(host):
Expand Down
Loading