test: verify that os defaults will be overriden

Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
hifis-net · May 15, 2023 · cc46c87 · cc46c87
1 parent 350a912
commit cc46c87
Showing 1 changed file with 38 additions and 0 deletions.
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
@@ -1,6 +1,15 @@
 ---
 - name: "Verify unattended upgrades installation"
   hosts: "all"
+  vars:
+    ubuntu_defaults:
+      - 'Unattended-Upgrade::Allowed-Origins:: "${distro_id}:${distro_codename}";'
+      - 'Unattended-Upgrade::Allowed-Origins:: "${distro_id}:${distro_codename}-security";'
+      - 'Unattended-Upgrade::Allowed-Origins:: "${distro_id}ESMApps:${distro_codename}-apps-security";'
+      - 'Unattended-Upgrade::Allowed-Origins:: "${distro_id}ESM:${distro_codename}-infra-security";'
+    debian_defaults:
+      - 'Unattended-Upgrade::Origins-Pattern:: "origin=Debian,codename=${distro_codename},label=Debian";'
+
   tasks:
     - name: "Get apt-config variables"
       ansible.builtin.command: "apt-config dump"
@@ -12,6 +21,7 @@
         that: "item in aptconfig.stdout"
       with_items:
         - 'APT::Periodic::Unattended-Upgrade "1"'
+        - 'Unattended-Upgrade::Origins-Pattern "";'
         - 'Unattended-Upgrade::AutoFixInterruptedDpkg "false"'
         - 'Unattended-Upgrade::MinimalSteps "true"'
         - 'Unattended-Upgrade::InstallOnShutdown "true"'
@@ -24,6 +34,34 @@
         - 'Unattended-Upgrade::OnlyOnACPower "true";'
         - 'Unattended-Upgrade::Sender "jane@example.org"'
 
+    - name: "Ubuntu specific verification"
+      when: "ansible_distribution == 'Ubuntu'"
+      block:
+      - name: "Check for registered variables on Ubuntu"
+        ansible.builtin.assert:
+          that: "item in aptconfig.stdout"
+        with_items:
+          - 'Unattended-Upgrade::Origins-Pattern:: "origin=Ubuntu,archive=${distro_codename}-security,label=Ubuntu";'
+
+      - name: "Check absence of Ubuntu defaults"
+        ansible.builtin.assert:
+          that: "item not in aptconfig.stdout"
+        with_items: "{{ ubuntu_defaults }}"
+
+    - name: "Debian specific verification"
+      when: "ansible_distribution == 'Debian'"
+      block:
+        - name: "Check for registered variables on Debian"
+          ansible.builtin.assert:
+            that: "item in aptconfig.stdout"
+          with_items:
+            - 'Unattended-Upgrade::Origins-Pattern:: "origin=Debian,codename=${distro_codename},label=Debian-Security";'
+
+        - name: "Check absence of Debian defaults"
+          ansible.builtin.assert:
+            that: "item not in aptconfig.stdout"
+          with_items: "{{ debian_defaults }}"
+
     - name: "Dry run unattended-upgrades"
       ansible.builtin.command: "/usr/bin/unattended-upgrades --dry-run"
       register: "dry_run"