Merge pull request #87 from pillarsdotnet/add-missing-options

Add missing sshd options, improve CI tests
This commit is contained in:
Matt Willsher 2018-08-17 17:53:08 +01:00 committed by GitHub
commit 9575d16dd4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 80 additions and 12 deletions

View file

@ -15,11 +15,17 @@ install:
- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
script:
# Check the roles syntax
- "ansible-playbook -i tests/inventory tests/test.yml --syntax-check"
# Check the ansible version.
- >
ansible --version
| grep -q '^ansible 2'
&& (echo 'Ansible 2.0+ test: pass' && exit 0)
|| (echo 'Ansible 2.0+ test: fail' && exit 1)
# Check the roles syntax.
- "ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/test.yml --syntax-check"
# Run the role
- "ansible-playbook -i tests/inventory tests/test.yml --connection=local --sudo"
- "ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/test.yml --connection=local --sudo -v"
# Run the role/playbook again, checking to make sure it's idempotent.
- >

View file

@ -5,29 +5,29 @@
{{ match_block(sshd_match) -}}
{% endif %}
{% if sshd_match_1 is defined %}
{{ match_block(sshd_match) -}}
{{ match_block(sshd_match_1) -}}
{% endif %}
{% if sshd_match_2 is defined %}
{{ match_block(sshd_match) -}}
{{ match_block(sshd_match_2) -}}
{% endif %}
{% if sshd_match_3 is defined %}
{{ match_block(sshd_match) -}}
{{ match_block(sshd_match_3) -}}
{% endif %}
{% if sshd_match_4 is defined %}
{{ match_block(sshd_match) -}}
{{ match_block(sshd_match_4) -}}
{% endif %}
{% if sshd_match_5 is defined %}
{{ match_block(sshd_match) -}}
{{ match_block(sshd_match_5) -}}
{% endif %}
{% if sshd_match_6 is defined %}
{{ match_block(sshd_match) -}}
{{ match_block(sshd_match_6) -}}
{% endif %}
{% if sshd_match_7 is defined %}
{{ match_block(sshd_match) -}}
{{ match_block(sshd_match_7) -}}
{% endif %}
{% if sshd_match_8 is defined %}
{{ match_block(sshd_match) -}}
{{ match_block(sshd_match_8) -}}
{% endif %}
{% if sshd_match_9 is defined %}
{{ match_block(sshd_match) -}}
{{ match_block(sshd_match_9) -}}
{% endif %}

View file

@ -6,12 +6,15 @@ HostKey
AcceptEnv
AllowAgentForwarding
AllowGroups
AllowStreamLocalForwarding
AllowTcpForwarding
AllowUsers
AuthenticationMethods
AuthorizedKeysCommand
AuthorizedKeysCommandUser
AuthorizedKeysFile
AuthorizedPrincipalsCommand
AuthorizedPrincipalsCommandUser
AuthorizedPrincipalsFile
Banner
ChallengeResponseAuthentication
@ -23,7 +26,11 @@ Compression
DebianBanner
DenyGroups
DenyUsers
DisableForwarding
ExposeAuthInfo
FingerprintHash
ForceCommand
GatewayPorts
GSSAPIAuthentication
GSSAPICleanupCredentials
GSSAPIKeyExchange
@ -34,6 +41,8 @@ HPNBufferSize
HPNDisabled
HostCertificate
HostKeyAgent
HostKeyAlgorithms
HostbasedAcceptedKeyTypes
HostbasedAuthentication
HostbasedUsesNameFromPacketOnly
IPQoS
@ -60,15 +69,19 @@ PermitRootLogin
PermitTTY
PermitTunnel
PermitUserEnvironment
PermitUserRC
PidFile
PrintLastLog
PrintMotd
PubkeyAcceptedKeyTypes
PubkeyAuthentication
RSAAuthentication
RekeyLimit
RevokedKeys
RDomain
RhostsRSAAuthentication
ServerKeyBits
StreamLocalBindMask
StreamLocalBindUnlink
StrictModes
Subsystem

View file

@ -1,33 +1,51 @@
AcceptEnv
AllowAgentForwarding
AllowGroups
AllowStreamLocalForwarding
AllowTcpForwarding
AllowUsers
AuthenticationMethods
AuthorizedKeysCommand
AuthorizedKeysCommandUser
AuthorizedKeysFile
AuthorizedPrincipalsCommand
AuthorizedPrincipalsCommandUser
AuthorizedPrincipalsFile
Banner
ChrootDirectory
ClientAliveCountMax
ClientAliveInterval
DenyGroups
DenyUsers
ForceCommand
GatewayPorts
GSSAPIAuthentication
HostbasedAcceptedKeyTypes
HostbasedAuthentication
HostbasedUsesNameFromPacketOnly
IPQoS
KbdInteractiveAuthentication
KerberosAuthentication
LogLevel
MaxAuthTries
MaxSessions
PasswordAuthentication
PermitEmptyPasswords
PermitOpen
PermitRootLogin
PermitTTY
PermitTunnel
PermitUserRC
PubkeyAcceptedKeyTypes
PubkeyAuthentication
RDomain
RekeyLimit
RevokedKeys
RhostsRSAAuthentication
RSAAuthentication
StreamLocalBindMask
StreamLocalBindUnlink
TrustedUserCAKeys
X11DisplayOffset
X11Forwarding
X11UseLocalHost

View file

@ -33,36 +33,54 @@
{% if match_list is iterable %}
{% for match in match_list %}
Match {{ match["Condition"] }}
{{ render_option("AcceptEnv",match["AcceptEnv"],true) -}}
{{ render_option("AllowAgentForwarding",match["AllowAgentForwarding"],true) -}}
{{ render_option("AllowGroups",match["AllowGroups"],true) -}}
{{ render_option("AllowStreamLocalForwarding",match["AllowStreamLocalForwarding"],true) -}}
{{ render_option("AllowTcpForwarding",match["AllowTcpForwarding"],true) -}}
{{ render_option("AllowUsers",match["AllowUsers"],true) -}}
{{ render_option("AuthenticationMethods",match["AuthenticationMethods"],true) -}}
{{ render_option("AuthorizedKeysCommand",match["AuthorizedKeysCommand"],true) -}}
{{ render_option("AuthorizedKeysCommandUser",match["AuthorizedKeysCommandUser"],true) -}}
{{ render_option("AuthorizedKeysFile",match["AuthorizedKeysFile"],true) -}}
{{ render_option("AuthorizedPrincipalsCommand",match["AuthorizedPrincipalsCommand"],true) -}}
{{ render_option("AuthorizedPrincipalsCommandUser",match["AuthorizedPrincipalsCommandUser"],true) -}}
{{ render_option("AuthorizedPrincipalsFile",match["AuthorizedPrincipalsFile"],true) -}}
{{ render_option("Banner",match["Banner"],true) -}}
{{ render_option("ChrootDirectory",match["ChrootDirectory"],true) -}}
{{ render_option("ClientAliveCountMax",match["ClientAliveCountMax"],true) -}}
{{ render_option("ClientAliveInterval",match["ClientAliveInterval"],true) -}}
{{ render_option("DenyGroups",match["DenyGroups"],true) -}}
{{ render_option("DenyUsers",match["DenyUsers"],true) -}}
{{ render_option("ForceCommand",match["ForceCommand"],true) -}}
{{ render_option("GatewayPorts",match["GatewayPorts"],true) -}}
{{ render_option("GSSAPIAuthentication",match["GSSAPIAuthentication"],true) -}}
{{ render_option("HostbasedAcceptedKeyTypes",match["HostbasedAcceptedKeyTypes"],true) -}}
{{ render_option("HostbasedAuthentication",match["HostbasedAuthentication"],true) -}}
{{ render_option("HostbasedUsesNameFromPacketOnly",match["HostbasedUsesNameFromPacketOnly"],true) -}}
{{ render_option("IPQoS",match["IPQoS"],true) -}}
{{ render_option("KbdInteractiveAuthentication",match["KbdInteractiveAuthentication"],true) -}}
{{ render_option("KerberosAuthentication",match["KerberosAuthentication"],true) -}}
{{ render_option("LogLevel",match["LogLevel"],true) -}}
{{ render_option("MaxAuthTries",match["MaxAuthTries"],true) -}}
{{ render_option("MaxSessions",match["MaxSessions"],true) -}}
{{ render_option("PasswordAuthentication",match["PasswordAuthentication"],true) -}}
{{ render_option("PermitEmptyPasswords",match["PermitEmptyPasswords"],true) -}}
{{ render_option("PermitOpen",match["PermitOpen"],true) -}}
{{ render_option("PermitRootLogin",match["PermitRootLogin"],true) -}}
{{ render_option("PermitTTY",match["PermitTTY"],true) -}}
{{ render_option("PermitTunnel",match["PermitTunnel"],true) -}}
{{ render_option("PermitUserRC",match["PermitUserRC"],true) -}}
{{ render_option("PubkeyAcceptedKeyTypes",match["PubkeyAcceptedKeyTypes"],true) -}}
{{ render_option("PubkeyAuthentication",match["PubkeyAuthentication"],true) -}}
{{ render_option("RDomain",match["RDomain"],true) -}}
{{ render_option("RekeyLimit",match["RekeyLimit"],true) -}}
{{ render_option("RevokedKeys",match["RevokedKeys"],true) -}}
{{ render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}}
{{ render_option("RSAAuthentication",match["RSAAuthentication"],true) -}}
{{ render_option("StreamLocalBindMask",match["StreamLocalBindMask"],true) -}}
{{ render_option("StreamLocalBindUnlink",match["StreamLocalBindUnlink"],true) -}}
{{ render_option("TrustedUserCAKeys",match["TrustedUserCAKeys"],true) -}}
{{ render_option("X11DisplayOffset",match["X11DisplayOffset"],true) -}}
{{ render_option("X11Forwarding",match["X11Forwarding"],true) -}}
{{ render_option("X11UseLocalHost",match["X11UseLocalHost"],true) -}}
@ -77,12 +95,15 @@ Match {{ match["Condition"] }}
{{ body_option("AcceptEnv",sshd_AcceptEnv) -}}
{{ body_option("AllowAgentForwarding",sshd_AllowAgentForwarding) -}}
{{ body_option("AllowGroups",sshd_AllowGroups) -}}
{{ body_option("AllowStreamLocalForwarding",sshd_AllowStreamLocalForwarding) -}}
{{ body_option("AllowTcpForwarding",sshd_AllowTcpForwarding) -}}
{{ body_option("AllowUsers",sshd_AllowUsers) -}}
{{ body_option("AuthenticationMethods",sshd_AuthenticationMethods) -}}
{{ body_option("AuthorizedKeysCommand",sshd_AuthorizedKeysCommand) -}}
{{ body_option("AuthorizedKeysCommandUser",sshd_AuthorizedKeysCommandUser) -}}
{{ body_option("AuthorizedKeysFile",sshd_AuthorizedKeysFile) -}}
{{ body_option("AuthorizedPrincipalsCommand",sshd_AuthorizedPrincipalsCommand) -}}
{{ body_option("AuthorizedPrincipalsCommandUser",sshd_AuthorizedPrincipalsCommandUser) -}}
{{ body_option("AuthorizedPrincipalsFile",sshd_AuthorizedPrincipalsFile) -}}
{{ body_option("Banner",sshd_Banner) -}}
{{ body_option("ChallengeResponseAuthentication",sshd_ChallengeResponseAuthentication) -}}
@ -94,7 +115,11 @@ Match {{ match["Condition"] }}
{{ body_option("DebianBanner",sshd_DebianBanner) -}}
{{ body_option("DenyGroups",sshd_DenyGroups) -}}
{{ body_option("DenyUsers",sshd_DenyUsers) -}}
{{ body_option("DisableForwarding",sshd_DisableForwarding) -}}
{{ body_option("ExposeAuthInfo",sshd_ExposeAuthInfo) -}}
{{ body_option("FingerprintHash",sshd_FingerprintHash) -}}
{{ body_option("ForceCommand",sshd_ForceCommand) -}}
{{ body_option("GatewayPorts",sshd_GatewayPorts) -}}
{{ body_option("GSSAPIAuthentication",sshd_GSSAPIAuthentication) -}}
{{ body_option("GSSAPICleanupCredentials",sshd_GSSAPICleanupCredentials) -}}
{{ body_option("GSSAPIKeyExchange",sshd_GSSAPIKeyExchange) -}}
@ -105,6 +130,8 @@ Match {{ match["Condition"] }}
{{ body_option("HPNDisabled",sshd_HPNDisabled) -}}
{{ body_option("HostCertificate",sshd_HostCertificate) -}}
{{ body_option("HostKeyAgent",sshd_HostKeyAgent) -}}
{{ body_option("HostKeyAlgorithms",sshd_HostKeyAlgorithms) -}}
{{ body_option("HostbasedAcceptedKeyTypes",sshd_HostbasedAcceptedKeyTypes) -}}
{{ body_option("HostbasedAuthentication",sshd_HostbasedAuthentication) -}}
{{ body_option("HostbasedUsesNameFromPacketOnly",sshd_HostbasedUsesNameFromPacketOnly) -}}
{{ body_option("IPQoS",sshd_IPQoS) -}}
@ -131,15 +158,19 @@ Match {{ match["Condition"] }}
{{ body_option("PermitTTY",sshd_PermitTTY) -}}
{{ body_option("PermitTunnel",sshd_PermitTunnel) -}}
{{ body_option("PermitUserEnvironment",sshd_PermitUserEnvironment) -}}
{{ body_option("PermitUserRC",sshd_PermitUserRC) -}}
{{ body_option("PidFile",sshd_PidFile) -}}
{{ body_option("PrintLastLog",sshd_PrintLastLog) -}}
{{ body_option("PrintMotd",sshd_PrintMotd) -}}
{{ body_option("PubkeyAcceptedKeyTypes",sshd_PubkeyAcceptedKeyTypes) -}}
{{ body_option("PubkeyAuthentication",sshd_PubkeyAuthentication) -}}
{{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}}
{{ body_option("RekeyLimit",sshd_RekeyLimit) -}}
{{ body_option("RevokedKeys",sshd_RevokedKeys) -}}
{{ body_option("RDomain",sshd_RDomain) -}}
{{ body_option("RhostsRSAAuthentication",sshd_RhostsRSAAuthentication) -}}
{{ body_option("ServerKeyBits",sshd_ServerKeyBits) -}}
{{ body_option("StreamLocalBindMask",sshd_StreamLocalBindMask) -}}
{{ body_option("StreamLocalBindUnlink",sshd_StreamLocalBindUnlink) -}}
{{ body_option("StrictModes",sshd_StrictModes) -}}
{{ body_option("Subsystem",sshd_Subsystem) -}}