Test for special character escaping

roles/jira_config/molecule/password_char_escaping/Dockerfile.j2

@@ -0,0 +1,14 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi

roles/jira_config/molecule/password_char_escaping/molecule.yml

@@ -0,0 +1,36 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+platforms:
+  - name: amazon_linux2
+    image: amazonlinux:2
+    groups:
+      - aws_node_local
+    ulimits:
+      - nofile:262144:262144
+  - name: ubuntu_lts
+    image: ubuntu:bionic
+    groups:
+      - aws_node_local
+    ulimits:
+      - nofile:262144:262144
+provisioner:
+  name: ansible
+  options:
+    skip-tags: runtime_pkg
+  lint:
+    name: ansible-lint
+    options:
+      x: ["701"]
+  inventory:
+    links:
+      group_vars: ../../../../group_vars/
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
+    enabled: false

roles/jira_config/molecule/password_char_escaping/playbook.yml

@@ -0,0 +1,33 @@
+---
+- name: Converge
+  hosts: all
+  vars:
+    atl_product_family: "jira"
+    atl_product_edition: "jira-software"
+    atl_product_user: "jira"
+    atl_product_version: "7.13.2"
+
+    # dbconfig.xml variables
+    atl_jdbc_user: 'atljira'
+    atl_jdbc_password: 'passwords_with_ampersands_&_should_be_escaped'
+    atl_jvm_heap: 'PLACEHOLDER'
+    atl_jvm_opts: 'PLACEHOLDER'
+    atl_cluster_node_id: 'FAKEID'
+    atl_db_poolminsize: 1111
+    atl_db_poolmaxsize: 1111
+    atl_db_minidle: 1111
+    atl_db_maxidle: 1111
+    atl_db_maxwaitmillis: 1111
+    atl_db_minevictableidletimemillis: 1111
+    atl_db_timebetweenevictionrunsmillis: 1111
+    atl_db_removeabandoned: 'false'
+    atl_db_removeabandonedtimeout: 1111
+    atl_db_testwhileidle: 'false'
+    atl_db_testonborrow: 'true'
+    atl_db_engine: 'rds_postgres'
+
+  roles:
+    - role: linux_common
+    - role: product_common
+    - role: product_install
+    - role: jira_config

roles/jira_config/molecule/password_char_escaping/tests/test_default.py

@@ -0,0 +1,12 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def test_dbconfig_file_for_escaped_ampersand_chars(host):
+    f = host.file('/var/atlassian/application-data/jira/dbconfig.xml')
+    assert f.exists
+    assert f.contains("<password>passwords_with_ampersands_&amp;_should_be_escaped</password>")