From 9a4c7c944000b54c92a46fbacb77620599bac67a Mon Sep 17 00:00:00 2001
From: uumas <gitcommit@uumas.fi>
Date: Wed, 19 Jul 2023 10:11:49 +0300
Subject: [PATCH] container: add molecule tests

---
 roles/container/molecule/default/converge.yml | 18 ++++
 roles/container/molecule/default/molecule.yml | 15 ++++
 roles/container/molecule/default/verify.yml   | 83 +++++++++++++++++++
 3 files changed, 116 insertions(+)
 create mode 100644 roles/container/molecule/default/converge.yml
 create mode 100644 roles/container/molecule/default/molecule.yml
 create mode 100644 roles/container/molecule/default/verify.yml

diff --git a/roles/container/molecule/default/converge.yml b/roles/container/molecule/default/converge.yml
new file mode 100644
index 0000000..dc67fda
--- /dev/null
+++ b/roles/container/molecule/default/converge.yml
@@ -0,0 +1,18 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: Nginx container
+      import_role:
+        name: container
+      vars:
+        docker_service: nginx
+        docker_image: nginx
+        docker_image_http_port: 80
+        admin_email: test@example.com
+        ports:
+          nginx:
+            http: 28001
+        docker_vhost_domains:
+          nginx:
+            - localhost
diff --git a/roles/container/molecule/default/molecule.yml b/roles/container/molecule/default/molecule.yml
new file mode 100644
index 0000000..2de74e4
--- /dev/null
+++ b/roles/container/molecule/default/molecule.yml
@@ -0,0 +1,15 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: podman
+platforms:
+  - name: bullseye
+    image: git.uumas.fi/uumas/molecule-testbed:bullseye-docker
+    command: /lib/systemd/systemd
+    pre_build_image: true
+    privileged: true
+provisioner:
+  name: ansible
+verifier:
+  name: ansible
diff --git a/roles/container/molecule/default/verify.yml b/roles/container/molecule/default/verify.yml
new file mode 100644
index 0000000..e0e9da5
--- /dev/null
+++ b/roles/container/molecule/default/verify.yml
@@ -0,0 +1,83 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Ensure https://localhost returns 200
+      ansible.builtin.uri:
+        url: https://localhost
+        validate_certs: false
+        return_content: true
+      register: get_localhost
+
+    - name: Assert caddy responded on https://localhost
+      ansible.builtin.assert:
+        that: "(get_localhost.server | split(', '))[0] == 'Caddy'"
+    - name: Assert nginx responded on https://localhost
+      ansible.builtin.assert:
+        that: "(get_localhost.server | split(', '))[1].startswith('nginx')"
+
+    - name: Get /opt/nginx directory info
+      ansible.builtin.stat:
+        path: /opt/nginx
+      register: opt_nginx_stat
+    - name: Assert /opt/nginx doesn't exist
+      ansible.builtin.assert:
+        that: not opt_nginx_stat.stat.exists
+        msg: /opt/nginx should not have been created but it was
+
+    - name: Get host passwd nginx user
+      ansible.builtin.getent:
+        database: passwd
+        key: nginx
+        fail_key: false
+    - name: Assert nginx user does not exist
+      ansible.builtin.assert:
+        that: getent_passwd.nginx == None
+        msg: "nginx user should not exist but it does ({{ getent_passwd }})"
+
+    - name: Get nginx container info
+      community.docker.docker_container_info:
+        name: nginx
+      register: container_out
+
+    - name: Assert container port 80 forwarded to host 28001
+      ansible.builtin.assert:
+        that:
+          - "container_out.container.HostConfig.PortBindings['80/tcp'] is defined"
+          - "container_out.container.HostConfig.PortBindings['80/tcp'][0].HostPort == '28001'"
+        msg: "Container port 80 not correctly forwarded to host port. Port bindings output was {{ container_out.container.HostConfig.PortBindings }}"
+
+    - name: Assert container user not set
+      ansible.builtin.assert:
+        that: container_out.container.Config.User == ""
+
+    - name: Get container image info
+      community.docker.docker_image_info:
+        name: "{{ container_out.container.Image }}"
+      register: container_image_out
+    - name: Assert nginx image not built locally
+      assert:
+        that: container_image_out.images[0].RepoTags[0] == 'nginx:latest'
+        msg: "Nginx image tag incorrect. It should have been nginx:latest but it was {{ container_image_out.images[0].RepoTags }}"
+
+    - name: Get docker host info
+      community.docker.docker_host_info:
+        volumes: true
+      register: docker_host_out
+    - name: Assert all containers are running
+      ansible.builtin.assert:
+        that: docker_host_out.host_info.Containers == docker_host_out.host_info.ContainersRunning
+        msg: There should have been {{ docker_host_out.host_info.Containers }} containers running but there were {{ docker_host_out.host_info.Containers }}
+    - name: Assert no extra containers were created
+      ansible.builtin.assert:
+        that: docker_host_out.host_info.Containers == 1
+        msg: There should have been 1 container created but there were {{ docker_host_out.host_info.Containers }}
+    - name: Assert no extra images were pulled
+      ansible.builtin.assert:
+        that: docker_host_out.host_info.Images == 1
+        msg: There should have been 1 image present but there were {{ docker_host_out.host_info.Images }}
+    - name: Assert no volumes were created
+      ansible.builtin.assert:
+        that: docker_host_out.volumes | length == 0
+        msg: There should have been no volumes present but there were {{ docker_host_out.volumes | length }}