Control locale for securedrop-staging playbook as well

Add configuration test to check locale is set for all plays there and in securedrop-prod.
freedomofpress · Mar 13, 2019 · 75d6965 · 75d6965
1 parent f445d83
commit 75d6965
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 0 deletions.
diff --git a/install_files/ansible-base/securedrop-staging.yml b/install_files/ansible-base/securedrop-staging.yml
@@ -2,6 +2,8 @@
 ---
 - name: Scrape build directory
   hosts: localhost
+  environment:
+    LC_ALL: C
   max_fail_percentage: 0
   any_errors_fatal: yes
   tasks:
@@ -23,6 +25,8 @@
 
 - name: Prepare servers for installation
   hosts: staging
+  environment:
+    LC_ALL: C
   gather_facts: no
   max_fail_percentage: 0
   any_errors_fatal: yes
@@ -32,6 +36,8 @@
 
 - name: Add FPF apt repository and install base packages.
   hosts: staging
+  environment:
+    LC_ALL: C
   max_fail_percentage: 0
   any_errors_fatal: yes
   roles:
@@ -47,6 +53,8 @@
 
 - name: Configure OSSEC.
   hosts: staging
+  environment:
+    LC_ALL: C
   max_fail_percentage: 0
   any_errors_fatal: yes
   roles:
@@ -56,6 +64,8 @@
 
 - name: Configure mailing utilities.
   hosts: mon-staging
+  environment:
+    LC_ALL: C
   max_fail_percentage: 0
   any_errors_fatal: yes
   roles:
@@ -65,6 +75,8 @@
 
 - name: Configure SecureDrop Application Server.
   hosts: app-staging
+  environment:
+    LC_ALL: C
   max_fail_percentage: 0
   any_errors_fatal: yes
   roles:
@@ -77,6 +89,8 @@
   # and default false in production environments, in order to force SSH traffic over Tor.
 - name: Configure host firewalls (with direct access for staging).
   hosts: staging
+  environment:
+    LC_ALL: C
   max_fail_percentage: 0
   any_errors_fatal: yes
   roles:
@@ -85,6 +99,8 @@
 
 - name: Reboot Application and Monitor Servers.
   hosts: staging
+  environment:
+    LC_ALL: C
   max_fail_percentage: 0
   any_errors_fatal: yes
   roles:

diff --git a/...-config/tests/test_max_fail_percentage.py → ...e-config/tests/test_play_configuration.py b/...-config/tests/test_max_fail_percentage.py → ...e-config/tests/test_play_configuration.py
@@ -78,3 +78,19 @@ def test_any_errors_fatal(host, playbook):
             assert 'any_errors_fatal' in play
             # Ansible coerces booleans, so bare assert is sufficient
             assert play['any_errors_fatal']
+
+
+@pytest.mark.parametrize('playbook', ['securedrop-prod.yml', 'securedrop-staging.yml'])
+def test_locale(host, playbook):
+    """
+    The securedrop-prod and securedrop-staging playbooks should
+    control the locale in the host environment by setting LC_ALL=C.
+
+    TODO: evaluate whether to do the same for the rest of the
+    playbooks.
+    """
+    with io.open(os.path.join(ANSIBLE_BASE, playbook), 'r') as f:
+        playbook_yaml = yaml.safe_load(f)
+        for play in playbook_yaml:
+            assert 'environment' in play
+            assert play['environment']['LC_ALL'] == 'C'