add verify-task to check if mysql is running and enabled

Signed-off-by: Sebastian Gumprich <[email protected]>
dev-sec · Dec 6, 2022 · 22b12a7 · 22b12a7
1 parent b0454fa
commit 22b12a7
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 1 deletion.
diff --git a/molecule/mysql_hardening/verify.yml b/molecule/mysql_hardening/verify.yml
@@ -34,6 +34,9 @@
         update_cache: true
       when: ansible_distribution == 'Debian'
 
+    - name: include tests for the service
+      include_tasks: verify_tasks/service.yml
+
     - name: download cinc-auditor
       get_url:
         url: https://omnitruck.cinc.sh/install.sh

diff --git a/molecule/mysql_hardening/verify_tasks/service.yml b/molecule/mysql_hardening/verify_tasks/service.yml
@@ -0,0 +1,19 @@
+---
+- name: Load variables from role to use the "mysql_daemon" variable
+  ansible.builtin.include_role:
+    name: devsec.hardening.mysql_hardening
+    apply:
+      tags:
+        - never
+
+- name: Populate service facts
+  ansible.builtin.service_facts:
+
+- debug:
+    var: ansible_facts.services
+
+- name: Check if MySQL is running and enabled
+  assert:
+    that:
+      - "ansible_facts.services[mysql_daemon + '.service'].state == 'running'"
+      - "ansible_facts.services[mysql_daemon + '.service'].status == 'enabled'"
diff --git a/roles/mysql_hardening/vars/Debian.yml b/roles/mysql_hardening/vars/Debian.yml
@@ -1,5 +1,5 @@
 ---
-mysql_daemon: mysql
+mysql_daemon: mariadb
 
 mysql_hardening_mysql_conf_file: '/etc/mysql/my.cnf'
 mysql_hardening_mysql_confd_dir: '/etc/mysql/conf.d'