mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-11-23 03:20:19 +01:00
tests: Add negative test and context tests using regex
This commit is contained in:
parent
3e9d408015
commit
3cad473005
1 changed files with 21 additions and 2 deletions
|
@ -44,30 +44,49 @@
|
||||||
src: /etc/ssh/sshd_config
|
src: /etc/ssh/sshd_config
|
||||||
register: config
|
register: config
|
||||||
|
|
||||||
- name: List effective configuration using sshd -T
|
- name: List effective configuration using sshd -T (matching)
|
||||||
command: sshd -T -Cuser=root,host=localhost,addr=127.0.0.1,
|
command: sshd -T -Cuser=root,host=localhost,addr=127.0.0.1
|
||||||
register: runtime
|
register: runtime
|
||||||
|
|
||||||
|
- name: List effective configuration using sshd -T (non-matching)
|
||||||
|
command: sshd -T -Cuser=nobody,host=example.com,addr=127.0.0.2
|
||||||
|
register: nonmatching
|
||||||
|
|
||||||
- name: Check content of configuration file
|
- name: Check content of configuration file
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- "'AcceptEnv EDITOR' in config.content | b64decode"
|
- "'AcceptEnv EDITOR' in config.content | b64decode"
|
||||||
|
- "config.content | b64decode | regex_search('Match all\\s*AcceptEnv EDITOR')"
|
||||||
- "'PasswordAuthentication yes' in config.content | b64decode"
|
- "'PasswordAuthentication yes' in config.content | b64decode"
|
||||||
- "'Match user root' in config.content | b64decode"
|
- "'Match user root' in config.content | b64decode"
|
||||||
- "'AllowAgentForwarding no' in config.content | b64decode"
|
- "'AllowAgentForwarding no' in config.content | b64decode"
|
||||||
|
- "config.content | b64decode | regex_search('Match user root\\s*AllowAgentForwarding no')"
|
||||||
- "'AcceptEnv LS_COLORS' in config.content | b64decode"
|
- "'AcceptEnv LS_COLORS' in config.content | b64decode"
|
||||||
|
- "config.content | b64decode | regex_search('Match all\\s*AcceptEnv LS_COLORS')"
|
||||||
- "'PasswordAuthentication no' in config.content | b64decode"
|
- "'PasswordAuthentication no' in config.content | b64decode"
|
||||||
- "'Match Address 127.0.0.1' in config.content | b64decode"
|
- "'Match Address 127.0.0.1' in config.content | b64decode"
|
||||||
- "'AllowTcpForwarding no' in config.content | b64decode"
|
- "'AllowTcpForwarding no' in config.content | b64decode"
|
||||||
|
- "config.content | b64decode | regex_search('Match Address 127.0.0.1\\s*AllowTcpForwarding no')"
|
||||||
|
|
||||||
- name: Check the configuration values are effective
|
- name: Check the configuration values are effective
|
||||||
# note, the options are in lower-case here
|
# note, the options are in lower-case here
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- "'acceptenv EDITOR' in runtime.stdout"
|
- "'acceptenv EDITOR' in runtime.stdout"
|
||||||
|
- "'allowagentforwarding no' in runtime.stdout"
|
||||||
- "'acceptenv LS_COLORS' in runtime.stdout"
|
- "'acceptenv LS_COLORS' in runtime.stdout"
|
||||||
|
- "'allowtcpforwarding no' in runtime.stdout"
|
||||||
- "'passwordauthentication yes' in runtime.stdout"
|
- "'passwordauthentication yes' in runtime.stdout"
|
||||||
|
|
||||||
|
- name: Check the configuration values are not effective for non-matching connection
|
||||||
|
# note, the options are in lower-case here
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- "'acceptenv EDITOR' in nonmatching.stdout"
|
||||||
|
- "'allowAgentforwarding no' not in nonmatching.stdout"
|
||||||
|
- "'acceptenv LS_COLORS' in nonmatching.stdout"
|
||||||
|
- "'allowtcpforwarding no' not in nonmatching.stdout"
|
||||||
|
- "'passwordauthentication yes' in nonmatching.stdout"
|
||||||
tags: tests::verify
|
tags: tests::verify
|
||||||
|
|
||||||
- name: "Restore configuration files"
|
- name: "Restore configuration files"
|
||||||
|
|
Loading…
Reference in a new issue