Add vhost config file tests

Author: jvperrin

configs/vhost-app.conf

@@ -11,7 +11,7 @@
 #               (use - to default to ocf account name)
 # aliases - comma-separated aliases list, must be FQDNs
 # [flags] - (optional) comma-separated list of flags
-#           only [nossl] is supported currently
+#           No flags are supported currently
 #
 
 # added 2019-01-24 fydai in-person

configs/vhost-mail.conf

@@ -7,7 +7,7 @@ ggroup dev-vhost.ocf.berkeley.edu
 ggroup dev-dev-vhost.ocf.berkeley.edu
 
 # added 2020-04-28 jaw rt#8975
-seaguls seaguls.berkeley.edu 
+seaguls seaguls.berkeley.edu
 
 # added 2020-04-28 jaw rt#9040
 thetatau thetatau.berkeley.edu
@@ -263,7 +263,7 @@ neurotech neurotech.berkeley.edu
 # added 2018-09-20 dkessler (staff hours)
 epoch epoch.berkeley.edu
 # changed 2019-10-13 php (in person)
-epoch pdab.berkeley.edu 
+epoch pdab.berkeley.edu
 
 # added 2018-09-12 mdcha (staff hours)
 mmhi mmhi.berkeley.edu

tests/conftest.py

@@ -5,3 +5,11 @@
 def etc(fs):
     """Use pyfakefs in every test case"""
     fs.add_real_directory('configs', target_path='/etc/ocf', read_only=True)
+
+    # This is here for vhost configs, but should be removed once they are read
+    # from this repo via ocflib instead of read from NFS or the staff web
+    # userdir. The statement above this will handle loading from the local
+    # files instead of /etc/ocf once that's the case.
+    fs.add_real_directory(
+        'configs', target_path='/home/s/st/staff/vhost', read_only=True,
+    )

tests/vhost_test.py

@@ -0,0 +1,71 @@
+from ocflib.vhost.application import get_app_vhosts
+from ocflib.vhost.mail import get_mail_vhosts
+from ocflib.vhost.mail import vhosts_for_user
+from ocflib.vhost.web import get_vhosts
+from ocflib.vhost.web import has_vhost
+
+
+def test_app_vhosts():
+    app_vhosts = get_app_vhosts()
+
+    # Make sure we're actually getting some app vhosts back
+    assert(any(app_vhosts))
+
+    # Check that dev-app.o.b.e exists as an app vhost (this is used for testing
+    # by OCF staff, so it's likely to stick around). It should also be owned by
+    # the ggroup user.
+    assert('dev-app.ocf.berkeley.edu' in app_vhosts)
+    assert(app_vhosts['dev-app.ocf.berkeley.edu']['username'] == 'ggroup')
+
+    # Ensure that there's no nossl flags present, we only support SSL vhosts
+    # as of rt#5347
+    nossl_flags = [
+        vhost['flags']
+        for vhost in app_vhosts.values() if 'nossl' in vhost['flags']
+    ]
+    assert(not any(nossl_flags))
+
+
+def test_mail_vhosts():
+    mail_vhosts = get_mail_vhosts()
+
+    # Make sure we're actually getting some app vhosts back
+    assert(any(mail_vhosts))
+
+    # Check that the ggroup user has some mail vhosts (these are used for
+    # testing by OCF staff so they're likely to stick around)
+    assert(any(vhosts_for_user('ggroup')))
+
+    # Check that dev-vhost.o.b.e exists as an mail vhost (this is used for
+    # testing by OCF staff, so it's likely to stick around)
+    assert(
+        'dev-vhost.ocf.berkeley.edu' in {vhost.domain for vhost in mail_vhosts}
+    )
+
+
+def test_web_vhosts():
+    web_vhosts = get_vhosts()
+
+    # Make sure we're actually getting some vhosts back
+    assert(any(web_vhosts))
+
+    # Ensure the 'staff' and 'ggroup' users have some vhosts. These are likely
+    # to always stick around as they are owned by the OCF and there are
+    # multiple of them present for each user
+    assert(has_vhost('staff'))
+    assert(has_vhost('ggroup'))
+
+    # Check that dev-vhost.o.b.e exists as a web vhost (this is used for
+    # testing by OCF staff, so it's likely to stick around). It should also
+    # have a dev-host-alias.o.b.e alias present
+    assert('dev-vhost.ocf.berkeley.edu' in web_vhosts)
+    aliases = web_vhosts['dev-vhost.ocf.berkeley.edu']['aliases']
+    assert('dev-vhost-alias.ocf.berkeley.edu' in aliases)
+
+    flags = [vhost['flags'] for vhost in web_vhosts.values() if vhost['flags']]
+    # Ensure that there's no nossl flags present, we only support SSL vhosts
+    # as of rt#5347.
+    assert(not any([flag_list for flag_list in flags if 'nossl' in flag_list]))
+    # hsts flags are still allowed (but may become the default sometime and be
+    # removed)
+    assert(any([flag_list for flag_list in flags if 'hsts' in flag_list]))