Address review comments (to be squashed)

defaults/main.yml

@@ -74,8 +74,6 @@ __sshd_defaults: {}
 __sshd_os_supported: no
 __sshd_sysconfig_supports_crypto_policy: false
 __sshd_sysconfig_supports_use_strong_rng: false
-# The hostkeys not supported in FIPS mode, if applicable
-__sshd_hostkeys_nofips: []
 
 __sshd_runtime_directory: false
 __sshd_runtime_directory_mode: "0755"

tasks/install.yml

@@ -28,7 +28,7 @@
   register: __sshd_kernel_fips_mode
   failed_when: false
   when:
-    - __sshd_hostkeys_nofips != []
+    - __sshd_hostkeys_nofips | d([])
 
 - name: Check the userspace FIPS mode
   slurp:
@@ -36,14 +36,14 @@
   register: __sshd_userspace_fips_mode
   failed_when: false
   when:
-    - __sshd_hostkeys_nofips != []
+    - __sshd_hostkeys_nofips | d([])
 
 - name: Make sure hostkeys are available and have expected permissions
   vars: &share_vars
     __sshd_fips_mode: >-
-      __sshd_hostkeys_nofips != [] and \
-      (__sshd_kernel_fips_mode.content | b64decode == "1" | bool or \
-       __sshd_kernel_fips_mode.content | b64decode != "0" | bool)
+      - __sshd_hostkeys_nofips | d([])
+      - __sshd_kernel_fips_mode.content | b64decode == "1" | bool or \
+        __sshd_userspace_fips_mode.content | b64decode != "0" | bool
     # This mimics the macro body_option() in sshd_config.j2
     # The explicit to_json filter is needed for Python 2 compatibility
     __sshd_hostkeys_from_config: >-

tests/requirements.yml

@@ -0,0 +1,3 @@
+---
+collections:
+  - name: ansible.posix

vars/main.yml

@@ -7,3 +7,5 @@ __sshd_hostkey_group: "root"
 __sshd_hostkey_mode: "0600"
 # The OpenSSH 5.3 in RHEL6 does not support "Match all" so we need a workaround
 __sshd_compat_match_all: Match all
+# The hostkeys not supported in FIPS mode, if applicable
+__sshd_hostkeys_nofips: []