Merge pull request #801 from dev-sec/guard_molecule

Don't run tests if the environment is not correct

Author: schurzi

CONTRIBUTING.md

@@ -93,6 +93,21 @@ We generally include test for coding guidelines:
 
 Remember: Code is generally read much more often than written.
 
+### Local testing of roles in this collection
+
+We are using Molecule to test our roles.
+If you want to execute the tests on your machine you need Docker and Molecule.
+You will also need to set the `MOLECULE_DISTRO` environment variable to execute the tests.
+To find valid values for the variable you can take a look at our GitHub Action workflows in `.github/workflows/`.
+
+Example for executing tests locally:
+
+```bash
+pip install -r requirements.txt
+export MOLECULE_DISTRO="debian12"
+molecule test -s os_hardening
+```
+
 ### Use Markdown
 
 Wherever possible, please refrain from any other formats and stick to simple markdown.

molecule/mysql_hardening/molecule.yml

@@ -33,6 +33,7 @@ scenario:
     - prepare
   check_sequence:
     - dependency
+    - verify ../shared/prerequisites.yml
     - destroy
     - create
     - prepare
@@ -48,6 +49,7 @@ scenario:
     - destroy
   test_sequence:
     - dependency
+    - verify ../shared/prerequisites.yml
     - destroy
     - syntax
     - create

molecule/nginx_hardening/molecule.yml

@@ -32,6 +32,7 @@ scenario:
     - prepare
   check_sequence:
     - dependency
+    - verify ../shared/prerequisites.yml
     - destroy
     - create
     - prepare
@@ -47,6 +48,7 @@ scenario:
     - destroy
   test_sequence:
     - dependency
+    - verify ../shared/prerequisites.yml
     - destroy
     - syntax
     - create

molecule/os_hardening/molecule.yml

@@ -28,6 +28,7 @@ scenario:
     - prepare
   check_sequence:
     - dependency
+    - verify ../shared/prerequisites.yml
     - destroy
     - create
     - prepare
@@ -43,6 +44,7 @@ scenario:
     - destroy
   test_sequence:
     - dependency
+    - verify ../shared/prerequisites.yml
     - destroy
     - syntax
     - create

molecule/os_hardening_vm/molecule.yml

@@ -37,6 +37,7 @@ scenario:
     - prepare
   check_sequence:
     - dependency
+    - verify ../shared/prerequisites.yml
     - destroy
     - create
     - prepare
@@ -52,6 +53,7 @@ scenario:
     - destroy
   test_sequence:
     - dependency
+    - verify ../shared/prerequisites.yml
     - destroy
     - syntax
     - create

molecule/shared/prerequisites.yml

@@ -0,0 +1,9 @@
+---
+- name: Verify prerequisites
+  hosts: localhost
+  tasks:
+    - name: Make sure environment variable for MOLECULE_DISTRO is set
+      ansible.builtin.assert:
+        that:
+          - "lookup('env','MOLECULE_DISTRO')"
+        fail_msg: "You need to set MOLECULE_DISTRO to a supported image name. See CONTRIBUTING.md"

molecule/ssh_hardening/molecule.yml

@@ -34,6 +34,7 @@ scenario:
     - prepare
   check_sequence:
     - dependency
+    - verify ../shared/prerequisites.yml
     - destroy
     - create
     - prepare
@@ -49,6 +50,7 @@ scenario:
     - destroy
   test_sequence:
     - dependency
+    - verify ../shared/prerequisites.yml
     - destroy
     - syntax
     - create

molecule/ssh_hardening_bsd/molecule.yml

@@ -33,6 +33,7 @@ scenario:
     - prepare
   check_sequence:
     - dependency
+    - verify ../shared/prerequisites.yml
     - destroy
     - create
     - prepare
@@ -48,6 +49,7 @@ scenario:
     - destroy
   test_sequence:
     - dependency
+    - verify ../shared/prerequisites.yml
     - destroy
     - syntax
     - create

molecule/ssh_hardening_custom_tests/molecule.yml

@@ -28,6 +28,7 @@ scenario:
     - prepare
   check_sequence:
     - dependency
+    - verify ../shared/prerequisites.yml
     - destroy
     - create
     - prepare
@@ -43,6 +44,7 @@ scenario:
     - destroy
   test_sequence:
     - dependency
+    - verify ../shared/prerequisites.yml
     - destroy
     - syntax
     - create