ssh/tests/tests_global_drop_in.yml at 045c6079c7aef1956d534add6493bde260d2be3d · HVSharma12/ssh · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
---
- name: Test forced creation of the configuration snippet in drop in directory
  hosts: all
  gather_facts: true
  vars:
    __ssh_test_backup_files:
      - /etc/ssh/ssh_config.d/99-last.conf
      - /etc/ssh/ssh_config

  tasks:
    - name: Skip if the system does not support drop in directory
      meta: end_host
      when:
        - ansible_facts['os_family'] != 'Suse' and
          ansible_facts['distribution'] != 'Fedora' and
          not (ansible_facts['distribution'] in ['RedHat','CentOS'] and
               ansible_facts['distribution_version'] | int >= 8)

    - name: Backup configuration files
      include_tasks: tasks/backup.yml

    - name: Run role
      include_role:
        name: linux-system-roles.ssh
      vars:
        ssh_drop_in_name: 99-last
        ssh:
          GSSAPIAuthentication: false
          Host:
            Condition: example
            Hostname: example.com
            User: somebody

    - name: Verify the configuration file was created with right content
      vars:
        ssh_test_config_file: /etc/ssh/ssh_config.d/99-last.conf
      block:
        - name: Download the included configuration file
          slurp:
            src: "{{ ssh_test_config_file }}"
          register: config

        - name: Stat the configuration file too
          stat:
            path: "{{ ssh_test_config_file }}"
          register:
            config_mode

        - name: Verify the options are in the file
          assert:
            that:
              - "'\nGSSAPIAuthentication no' in config.content | b64decode"
              - "'Host example' in config.content | b64decode"
              - "'Hostname example.com' in config.content | b64decode"
              - "'User somebody' in config.content | b64decode"
              # common defaults should be skipped (ssh_skip_defaults=auto)
              - "'Include' not in config.content | b64decode"
              - "'SendEnv' not in config.content | b64decode"

        - name: Check if main configuration file exists
          stat:
            path: "/etc/ssh/ssh_config"
          register: global_config_stat

        - name: Download the main configuration file too
          slurp:
            src: "/etc/ssh/ssh_config"
          register: global_config
          when: global_config_stat.stat.exists

        - name: Verify the options are NOT in the global configuration file
          assert:
            that:
              - "'\nGSSAPIAuthentication no' not in content"
              - "'Host example' not in content"
              - "'User somebody' not in content"
          vars:
            content: "{{ global_config.content | b64decode }}"
          when: global_config_stat.stat.exists

        - name: Verify the file has default sensible permissions
          assert:
            that:
              - config_mode.stat.exists
              - config_mode.stat.gr_name == 'root'
              - config_mode.stat.pw_name == 'root'
              - config_mode.stat.mode == '0644'

    - name: Restore configuration files
      include_tasks: tasks/restore.yml