linux-system-roles-ssh/tests/tests_global_config.yml at 04b654247783c8946194e61f2e67abe03c3cd7de · richm/linux-system-roles-ssh · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
---
- name: Test we can write global config with default configuration
  hosts: all
  vars:
    __ssh_test_backup_files:
      - /etc/ssh/ssh_config.d/00-ansible.conf
      - /etc/ssh/ssh_config

  tasks:
    - name: Backup configuration files
      include_tasks: tasks/backup.yml

    - name: Run role
      include_tasks: tasks/run_role_with_clear_facts.yml
      vars:
        # noqa var-naming
        ssh:
          Compression: true
          GSSAPIAuthentication: false
          # wokeignore:rule=master
          ControlMaster: auto
          ControlPath: ~/.ssh/.cm%C
          Match:
            - Condition: "all"
              GSSAPIAuthentication: true
          Host:
            Condition: example
            Hostname: example.com
            User: somebody
        ssh_ForwardX11: false
        ssh_Match:
          Condition: "exec true"
          User: nobody
        ssh_Host:
          - Condition: local
            Hostname: local.example.com

    - name: Verify the configuration file was created with right content
      block:
        - name: Download the global configuration file
          slurp:
            src: "{{ main_ssh_config }}"
          register: config

        - name: Verify the options are in the file
          assert:
            that:
              - "'Compression yes' in config.content | b64decode"
              - "'GSSAPIAuthentication no' in config.content | b64decode"
              # wokeignore:rule=master
              - "'ControlMaster auto' in config.content | b64decode"
              - "'ControlPath ~/.ssh/.cm%C' in config.content | b64decode"
              - "'Match all' in config.content | b64decode"
              - "'GSSAPIAuthentication yes' in config.content | b64decode"
              - "'Host example' in config.content | b64decode"
              - "'Hostname example.com' in config.content | b64decode"
              - "'User somebody' in config.content | b64decode"
              - "'ForwardX11 no' in config.content | b64decode"
              - "'Match exec true' in config.content | b64decode"
              - "'User nobody' in config.content | b64decode"
              - "'Host local' in config.content | b64decode"
              - "'Hostname local.example.com' in config.content | b64decode"

        - name: Verify the defaults are not in the drop-in file
          assert:
            that:
              - "'Include' not in config.content | b64decode"
              - "'SendEnv' not in config.content | b64decode"
          when:
            - main_ssh_config != "/etc/ssh/ssh_config"

        - name: Check header for ansible_managed, fingerprint
          include_tasks: tasks/check_header.yml
          vars:
            __file_content: "{{ config }}"
            __fingerprint: "system_role:ssh"

    - name: Restore configuration files
      include_tasks: tasks/restore.yml