WIP: Add testinfra test

freedomofpress · Nov 4, 2024 · 8e108a8 · 8e108a8
1 parent c13410f
commit 8e108a8
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/molecule/testinfra/common/test_system_hardening.py b/molecule/testinfra/common/test_system_hardening.py
@@ -1,4 +1,5 @@
 import re
+import time
 
 import pytest
 import testutils
@@ -176,6 +177,23 @@ def test_iptables_packages(host):
     assert not host.package("ufw").is_installed
 
 
+def test_ufw_removal(host):
+    """Test the securedrop-remove-ufw service"""
+    if host.system_info.codename != "focal":
+        pytest.skip("only applicable/testable on focal")
+
+    with host.sudo():
+        if not host.package("ufw").is_installed:
+            cmd = host.run("apt-get install ufw --yes")
+            assert cmd.rc == 0
+        cmd = host.run("systemctl start securedrop-remove-ufw")
+        assert cmd.rc == 0
+    # Wait for the unit to run
+    time.sleep(5)
+
+    assert not host.package("ufw").is_installed
+
+
 def test_snapd_absent(host):
     assert not host.file("/lib/systemd/system/snapd.service").exists
     assert not host.file("/etc/apparmor.d/usr.lib.snapd.snap-confine.real").exists