libretic/ansible-sshd
6
0
Fork 0
mirror of https://github.com/willshersystems/ansible-sshd synced 2024-11-22 19:10:18 +01:00
Code Issues Projects Releases Packages Wiki Activity

tests: Add negative test and context tests using regex

Browse source
This commit is contained in:
Jakub Jelen 2021-05-21 18:45:14 +02:00 committed by Jakub Jelen
parent 3e9d408015
commit 3cad473005
1 changed files with 21 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
tests/tests_namespace_append.yml
View file

@ -44,30 +44,49 @@
src: /etc/ssh/sshd_config src: /etc/ssh/sshd_config
register: config register: config
- name: List effective configuration using sshd -T - name: List effective configuration using sshd -T (matching)
command: sshd -T -Cuser=root,host=localhost,addr=127.0.0.1, command: sshd -T -Cuser=root,host=localhost,addr=127.0.0.1
register: runtime register: runtime
- name: List effective configuration using sshd -T (non-matching)
command: sshd -T -Cuser=nobody,host=example.com,addr=127.0.0.2
register: nonmatching
- name: Check content of configuration file - name: Check content of configuration file
assert: assert:
that: that:
- "'AcceptEnv EDITOR' in config.content | b64decode" - "'AcceptEnv EDITOR' in config.content | b64decode"
- "config.content | b64decode | regex_search('Match all\\s*AcceptEnv EDITOR')"
- "'PasswordAuthentication yes' in config.content | b64decode" - "'PasswordAuthentication yes' in config.content | b64decode"
- "'Match user root' in config.content | b64decode" - "'Match user root' in config.content | b64decode"
- "'AllowAgentForwarding no' in config.content | b64decode" - "'AllowAgentForwarding no' in config.content | b64decode"
- "config.content | b64decode | regex_search('Match user root\\s*AllowAgentForwarding no')"
- "'AcceptEnv LS_COLORS' in config.content | b64decode" - "'AcceptEnv LS_COLORS' in config.content | b64decode"
- "config.content | b64decode | regex_search('Match all\\s*AcceptEnv LS_COLORS')"
- "'PasswordAuthentication no' in config.content | b64decode" - "'PasswordAuthentication no' in config.content | b64decode"
- "'Match Address 127.0.0.1' in config.content | b64decode" - "'Match Address 127.0.0.1' in config.content | b64decode"
- "'AllowTcpForwarding no' in config.content | b64decode" - "'AllowTcpForwarding no' in config.content | b64decode"
- "config.content | b64decode | regex_search('Match Address 127.0.0.1\\s*AllowTcpForwarding no')"
- name: Check the configuration values are effective - name: Check the configuration values are effective
# note, the options are in lower-case here # note, the options are in lower-case here
assert: assert:
that: that:
- "'acceptenv EDITOR' in runtime.stdout" - "'acceptenv EDITOR' in runtime.stdout"
- "'allowagentforwarding no' in runtime.stdout"
- "'acceptenv LS_COLORS' in runtime.stdout" - "'acceptenv LS_COLORS' in runtime.stdout"
- "'allowtcpforwarding no' in runtime.stdout"
- "'passwordauthentication yes' in runtime.stdout" - "'passwordauthentication yes' in runtime.stdout"
- name: Check the configuration values are not effective for non-matching connection
# note, the options are in lower-case here
assert:
that:
- "'acceptenv EDITOR' in nonmatching.stdout"
- "'allowAgentforwarding no' not in nonmatching.stdout"
- "'acceptenv LS_COLORS' in nonmatching.stdout"
- "'allowtcpforwarding no' not in nonmatching.stdout"
- "'passwordauthentication yes' in nonmatching.stdout"
tags: tests::verify tags: tests::verify
- name: "Restore configuration files" - name: "Restore configuration files"