From 7fb18bd3b8b4de6e5389bc0b881796942ecaeabf Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Mon, 26 Sep 2022 16:34:13 +0200 Subject: [PATCH] tests: Introduce test for all documented options of the OS --- tests/tests_all_options.yml | 105 ++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 tests/tests_all_options.yml diff --git a/tests/tests_all_options.yml b/tests/tests_all_options.yml new file mode 100644 index 0000000..7eff5f5 --- /dev/null +++ b/tests/tests_all_options.yml @@ -0,0 +1,105 @@ +--- +- name: Test we can handle all configuration options documented in manual page + hosts: all + gather_facts: true + vars: + __sshd_test_backup_files: + - /etc/dnf/dnf.conf + - /etc/yum.conf + - /tmp/sshd_config + sshd_c: {} + sshd_skip_test: false + pkg_mgr: "{{ 'dnf' if ansible_facts['distribution_version'] | int > 7 else 'yum' }}" + tasks: + - name: Backup configuration files + ansible.builtin.include_tasks: tasks/backup.yml + + - name: Skip test on EL6 as it has some crippled manpages + ansible.builtin.set_fact: + sshd_skip_test: true + when: + - ansible_facts['os_family'] == "RedHat" + - ansible_facts['distribution_version'] | int <= 6 + + - name: Enable installation of manual pages on Fedora/RHEL + ansible.builtin.lineinfile: + line: tsflags=nodocs + path: "{{ '/etc/dnf/dnf.conf' if ansible_facts['distribution_version'] | int > 7 else '/etc/yum.conf' }}" + state: absent + when: + - ansible_facts['os_family'] == "RedHat" + + - name: Reinstall manual pages for openssh-server on RHEL + ansible.builtin.command: "{{ pkg_mgr|quote }} reinstall -y openssh-server" + when: + - ansible_facts['os_family'] == "RedHat" + + - name: Unminimize image on Debian. It looks like there is no simpler way to get manual pages + ansible.builtin.shell: yes | unminimize + when: + - ansible_facts['distribution'] == "Ubuntu" + + - name: Make sure manual pages and bash are installed + ansible.builtin.package: + name: + - man + - bash + state: present + + - name: Get list of options from manual page + ansible.builtin.shell: >- + man sshd_config |cat + + - name: Get list of options from manual page + ansible.builtin.shell: >- + set -o pipefail && man sshd_config \ + | grep -o '^ [A-Z][A-Za-z0-9]*\(.\| \)' \ + | grep -v "[A-Za-z0-9] $" | grep -v "[^A-Za-z0-9 ]$" \ + | awk '{ print $1 }' \ + | grep -v '^$' | grep -v "^Match$" + args: + executable: /bin/bash + register: sshd_options + changed_when: false + when: not sshd_skip_test + + - name: Print all the possible options + ansible.builtin.debug: + var: ssh_options.stdout_lines + + - name: Construct the configuration list + ansible.builtin.set_fact: + sshd_c: "{{ sshd_c | combine({item: 'yes'}) }}" + loop: + "{{ sshd_options.stdout_lines }}" + when: not sshd_skip_test + + - name: Run role + ansible.builtin.include_role: + name: ansible-sshd + vars: + # The configuration is not valid as we are using bogus values + __sshd_supports_validate: false + # The hostkeys are not valid either so do not validate them + sshd_verify_hostkeys: [] + sshd_config_file: /tmp/sshd_config + sshd: + "{{ sshd_c }}" + when: not sshd_skip_test + + - name: Download the configuration file + ansible.builtin.slurp: + src: /tmp/sshd_config + register: config + when: not sshd_skip_test + + - name: Verify the options are in the file + ansible.builtin.assert: + that: + - "'{{ item }} yes' in config.content | b64decode " + loop: + "{{ sshd_options.stdout_lines }}" + when: not sshd_skip_test + + - name: Restore configuration files + ansible.builtin.include_tasks: tasks/restore.yml