From b204440ddc39b9f7ebc36f01468e825c143cba73 Mon Sep 17 00:00:00 2001
From: Major Hayden <major@mhtx.net>
Date: Tue, 1 Dec 2015 08:19:19 -0600
Subject: [PATCH] Updating tests for openstack-ansible-security

This patch adds a framework for testing the role with check mode as well as a
fully functional test that secures a system.  The two new tests will be
enabled by default when the check mode improvements are merged and some common
playbook failures are removed.

Closes-bug: 1521229

Change-Id: Iaffb982c4c9776bcc4b219e257d83591d58d0cee
---
 run_tests.sh | 38 ++++++++++++++++++++++++++++++++------
 tox.ini      | 30 +++++++++++++++++++++++++++++-
 2 files changed, 61 insertions(+), 7 deletions(-)

diff --git a/run_tests.sh b/run_tests.sh
index 2d736749..cf7c10a5 100755
--- a/run_tests.sh
+++ b/run_tests.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash -e -v -x
+#!/usr/bin/env bash
 # Copyright 2015, Rackspace US, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,10 +13,36 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-ROLE_NAME=$(basename $(pwd))
+set -euov
 
-pushd tests
-  ansible-playbook -i inventory --syntax-check --list-tasks test.yml -e rolename=${ROLE_NAME}
-popd
+FUNCTIONAL_TEST=${FUNCTIONAL_TEST:-false}
+CHECK_MODE_TEST=${CHECK_MODE_TEST:-true}
 
-ansible-lint */*yml
+# prep the host
+if [ "$(which apt-get)" ]; then
+  apt-get install -y build-essential python2.7 python-dev git-core
+fi
+
+# get pip, if necessary
+if [ ! "$(which pip)" ]; then
+  curl --silent --show-error --retry 5 \
+    https://bootstrap.pypa.io/get-pip.py | sudo python2.7
+fi
+
+# install tox
+pip install tox
+
+# run through each tox env and execute the test
+for tox_env in $(awk -F= '/envlist/ {print $2}' tox.ini | sed 's/,/ /g'); do
+  if [ "${tox_env}" == "ansible-functional" ]; then
+    if ${FUNCTIONAL_TEST}; then
+      tox -e ${tox_env}
+    fi
+  elif [ "${tox_env}" == "ansible-check" ]; then
+    if ${CHECK_MODE_TEST}; then
+      tox -e ${tox_env}
+    fi
+  else
+    tox -e ${tox_env}
+  fi
+done
diff --git a/tox.ini b/tox.ini
index e3894f76..a87f5719 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,7 +1,7 @@
 [tox]
 minversion = 1.6
 skipsdist = True
-envlist = docs,pep8,bashate
+envlist = docs,pep8,bashate,ansible-syntax,ansible-lint,ansible-functional,ansible-check
 
 [testenv]
 usedevelop = True
@@ -57,3 +57,31 @@ commands =
         --exclude-dir '*.egg-info' \
         --exclude 'tox.ini' \
         {toxinidir} | xargs bashate --verbose --ignore=E003"
+
+[testenv:ansible-syntax]
+changedir = tests
+commands =
+    ansible-playbook -i inventory \
+                     --syntax-check \
+                     --list-tasks \
+                     -e "rolename={toxinidir}" \
+                     test.yml
+
+[testenv:ansible-lint]
+changedir = tests
+commands = ansible-lint test.yml
+
+[testenv:ansible-functional]
+changedir = tests
+commands =
+    ansible-playbook -i inventory \
+                     -e "rolename={toxinidir}" \
+                     test.yml
+
+[testenv:ansible-check]
+changedir = tests
+commands =
+    ansible-playbook -i inventory \
+                     --check \
+                     -e "rolename={toxinidir}" \
+                     test.yml