From 6ed5341f32db8c28f65e8470dc266d06a23add5d Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Thu, 8 Oct 2020 18:10:05 +0200 Subject: [PATCH] Test match blocks generators --- .travis.yml | 12 ++++++ tests/test_match.yml | 73 ++++++++++++++++++++++++++++++++++++ tests/test_match_iterate.yml | 71 +++++++++++++++++++++++++++++++++++ 3 files changed, 156 insertions(+) create mode 100644 tests/test_match.yml create mode 100644 tests/test_match_iterate.yml diff --git a/.travis.yml b/.travis.yml index 43ebef9..317e2f2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -47,3 +47,15 @@ script: ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/test_alternative_file.yml --connection=local --become -v && (echo 'Alternative configuration file test: pass' && exit 0) || (echo 'Alternative configuration file test: fail' && exit 1) + + # Test 6: Test match blocks generators + - > + ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/test_match.yml --connection=local --become -v + && (echo 'Match blocks test: pass' && exit 0) + || (echo 'Match blocks test: fail' && exit 1) + + # Test 7: Test match blocks generators with iteration + - > + ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/test_match_iterate.yml --connection=local --become -v + && (echo 'Match blocks with iteration test: pass' && exit 0) + || (echo 'Match blocks with iteration test: fail' && exit 1) diff --git a/tests/test_match.yml b/tests/test_match.yml new file mode 100644 index 0000000..1e5e5ab --- /dev/null +++ b/tests/test_match.yml @@ -0,0 +1,73 @@ +--- +- hosts: all + become: true + tasks: + - name: Configure sshd + include_role: + name: ansible-sshd + vars: + sshd: + Match: + - Condition: "User xusers" + X11Forwarding: yes + Banner: /tmp/xusers-banner + sshd_match: + - Condition: "User bot" + AllowTcpForwarding: no + Banner: /tmp/bot-banner + sshd_match_1: + - Condition: "User sftponly" + ForceCommand: "internal-sftp" + ChrootDirectory: "/var/uploads/" + sshd_match_2: + - Condition: "User root" + PasswordAuthentication: no + PermitTunnel: yes + + + - name: Verify the options are correctly set + block: + - meta: flush_handlers + + - name: List effective configuration using sshd -T for xusers + command: sshd -T -C user=xusers + register: xusers_effective + + - name: List effective configuration using sshd -T for bot + command: sshd -T -C user=bot + register: bot_effective + + - name: List effective configuration using sshd -T for sftponly + command: sshd -T -C user=sftponly + register: sftponly_effective + + - name: List effective configuration using sshd -T for root + command: sshd -T -C user=root + register: root_effective + + - name: Print current configuration file + command: cat /etc/ssh/sshd_config + register: config + + - name: Check the options are effective + # note, the options are in lower-case here + assert: + that: + - "'x11forwarding yes' in xusers_effective.stdout" + - "'banner /tmp/xusers-banner' in xusers_effective.stdout" + - "'allowtcpforwarding no' in bot_effective.stdout" + - "'banner /tmp/bot-banner' in bot_effective.stdout" + - "'forcecommand internal-sftp' in sftponly_effective.stdout" + - "'chrootdirectory /var/uploads/' in sftponly_effective.stdout" + - "'passwordauthentication no' in root_effective.stdout" + - "'permittunnel yes' in root_effective.stdout" + + - name: Check the options are in configuration file + assert: + that: + - "'Match User xusers' in config.stdout" + - "'Match User bot' in config.stdout" + - "'Match User sftponly' in config.stdout" + - "'Match User root' in config.stdout" + tags: tests::verify + diff --git a/tests/test_match_iterate.yml b/tests/test_match_iterate.yml new file mode 100644 index 0000000..a1cedb7 --- /dev/null +++ b/tests/test_match_iterate.yml @@ -0,0 +1,71 @@ +--- +- hosts: all + become: true + tasks: + - name: Configure sshd + include_role: + name: ansible-sshd + vars: + sshd: + Match: + - Condition: "User xusers" + X11Forwarding: yes + Banner: /tmp/xusers-banner + - Condition: "User bot" + AllowTcpForwarding: no + Banner: /tmp/bot-banner + sshd_match: + - Condition: "User sftponly" + ForceCommand: "internal-sftp" + ChrootDirectory: "/var/uploads/" + - Condition: "User root" + PasswordAuthentication: no + PermitTunnel: yes + + + - name: Verify the options are correctly set + block: + - meta: flush_handlers + + - name: List effective configuration using sshd -T for xusers + command: sshd -T -C user=xusers + register: xusers_effective + + - name: List effective configuration using sshd -T for bot + command: sshd -T -C user=bot + register: bot_effective + + - name: List effective configuration using sshd -T for sftponly + command: sshd -T -C user=sftponly + register: sftponly_effective + + - name: List effective configuration using sshd -T for root + command: sshd -T -C user=root + register: root_effective + + - name: Print current configuration file + command: cat /etc/ssh/sshd_config + register: config + + - name: Check the options are effective + # note, the options are in lower-case here + assert: + that: + - "'x11forwarding yes' in xusers_effective.stdout" + - "'banner /tmp/xusers-banner' in xusers_effective.stdout" + - "'allowtcpforwarding no' in bot_effective.stdout" + - "'banner /tmp/bot-banner' in bot_effective.stdout" + - "'forcecommand internal-sftp' in sftponly_effective.stdout" + - "'chrootdirectory /var/uploads/' in sftponly_effective.stdout" + - "'passwordauthentication no' in root_effective.stdout" + - "'permittunnel yes' in root_effective.stdout" + + - name: Check the options are in configuration file + assert: + that: + - "'Match User xusers' in config.stdout" + - "'Match User bot' in config.stdout" + - "'Match User sftponly' in config.stdout" + - "'Match User root' in config.stdout" + tags: tests::verify +