forked from linux-system-roles/ssh
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtests_global_config_mode.yml
More file actions
56 lines (49 loc) · 1.72 KB
/
tests_global_config_mode.yml
File metadata and controls
56 lines (49 loc) · 1.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
---
- name: Test we can write global config with given permissions
hosts: all
vars:
__ssh_test_backup_files:
- /etc/ssh/ssh_config.d/00-ansible.conf
- /etc/ssh/ssh_config
# SUSE Minimal VM images do not have the daemon user
__ssh_test_owner: >-
{{ 'nobody' if ansible_facts['os_family'] == 'Suse'
else 'daemon' }}
tasks:
- name: Backup configuration files
include_tasks: tasks/backup.yml
- name: Run role
include_tasks: tasks/run_role_with_clear_facts.yml
vars:
ssh:
Compression: true
GSSAPIAuthentication: false
# bad example
ssh_config_owner: "{{ __ssh_test_owner }}"
ssh_config_group: "{{ __ssh_test_owner }}"
ssh_config_mode: 600
- name: Verify the configuration file was created with right content
block:
- name: Download the global configuration file
slurp:
src: "{{ main_ssh_config }}"
register: config
- name: Stat the configuration file too
stat:
path: "{{ main_ssh_config }}"
register:
config_mode
- name: Verify the options are in the file
assert:
that:
- "'Compression yes' in config.content | b64decode"
- "'GSSAPIAuthentication no' in config.content | b64decode"
- name: Verify the file has expected permissions
assert:
that:
- config_mode.stat.exists
- config_mode.stat.gr_name == __ssh_test_owner
- config_mode.stat.pw_name == __ssh_test_owner
- config_mode.stat.mode == '0600'
- name: Restore configuration files
include_tasks: tasks/restore.yml