From 8e108a8a74c3a0378d610a747bbe432906251052 Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@debian.org>
Date: Mon, 4 Nov 2024 11:58:36 -0500
Subject: [PATCH] WIP: Add testinfra test

---
 .../testinfra/common/test_system_hardening.py  | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/molecule/testinfra/common/test_system_hardening.py b/molecule/testinfra/common/test_system_hardening.py
index 559194582e..5ac3234450 100644
--- a/molecule/testinfra/common/test_system_hardening.py
+++ b/molecule/testinfra/common/test_system_hardening.py
@@ -1,4 +1,5 @@
 import re
+import time
 
 import pytest
 import testutils
@@ -176,6 +177,23 @@ def test_iptables_packages(host):
     assert not host.package("ufw").is_installed
 
 
+def test_ufw_removal(host):
+    """Test the securedrop-remove-ufw service"""
+    if host.system_info.codename != "focal":
+        pytest.skip("only applicable/testable on focal")
+
+    with host.sudo():
+        if not host.package("ufw").is_installed:
+            cmd = host.run("apt-get install ufw --yes")
+            assert cmd.rc == 0
+        cmd = host.run("systemctl start securedrop-remove-ufw")
+        assert cmd.rc == 0
+    # Wait for the unit to run
+    time.sleep(5)
+
+    assert not host.package("ufw").is_installed
+
+
 def test_snapd_absent(host):
     assert not host.file("/lib/systemd/system/snapd.service").exists
     assert not host.file("/etc/apparmor.d/usr.lib.snapd.snap-confine.real").exists