From c201ba206050d74cddc2429f4836f52f094c7979 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 26 Sep 2022 16:33:28 +0200
Subject: [PATCH] Support __sshd_supports_validate

---
 tasks/install.yml           | 1 +
 tasks/install_config.yml    | 8 ++++++--
 tasks/install_namespace.yml | 4 +++-
 vars/main.yml               | 4 ++++
 4 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/tasks/install.yml b/tasks/install.yml
index 8ef1092..e02fe94 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -103,6 +103,7 @@
       changed_when: false
       when:
         - __sshd_hostkeys_from_config | from_json == []
+        - __sshd_supports_validate
 
     - name: Generate temporary hostkey
       ansible.builtin.command: >
diff --git a/tasks/install_config.yml b/tasks/install_config.yml
index 0067e40..2a4dcea 100644
--- a/tasks/install_config.yml
+++ b/tasks/install_config.yml
@@ -16,7 +16,9 @@
     group: "{{ sshd_config_group }}"
     mode: "{{ sshd_config_mode }}"
     validate: >-
-      {% if sshd_test_hostkey is defined and sshd_test_hostkey.path is defined %}
+      {% if not __sshd_supports_validate %}
+        true %s
+      {% elif sshd_test_hostkey is defined and sshd_test_hostkey.path is defined %}
         {{ sshd_binary }} -t -f %s -h {{ sshd_test_hostkey.path }}/rsa_key
       {% else %}
         {{ sshd_binary }} -t -f %s
@@ -33,7 +35,9 @@
     group: "{{ sshd_config_group }}"
     mode: "{{ sshd_config_mode }}"
     validate: >-
-      {% if sshd_test_hostkey is defined and sshd_test_hostkey.path is defined %}
+      {% if not __sshd_supports_validate %}
+        true %s
+      {% elif sshd_test_hostkey is defined and sshd_test_hostkey.path is defined %}
         {{ sshd_binary }} -t -f %s -h {{ sshd_test_hostkey.path }}/rsa_key
       {% else %}
         {{ sshd_binary }} -t -f %s
diff --git a/tasks/install_namespace.yml b/tasks/install_namespace.yml
index 08ef319..801d050 100644
--- a/tasks/install_namespace.yml
+++ b/tasks/install_namespace.yml
@@ -13,7 +13,9 @@
     create: yes
     marker: "# {mark} sshd system role managed block: namespace {{ sshd_config_namespace }}"
     validate: >-
-      {% if sshd_test_hostkey is defined and sshd_test_hostkey.path is defined %}
+      {% if not __sshd_supports_validate %}
+        true %s
+      {% elif sshd_test_hostkey is defined and sshd_test_hostkey.path is defined %}
         {{ sshd_binary }} -t -f %s -h {{ sshd_test_hostkey.path }}/rsa_key
       {% else %}
         {{ sshd_binary }} -t -f %s
diff --git a/vars/main.yml b/vars/main.yml
index 2f71aa8..6a10954 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -47,3 +47,7 @@ __sshd_drop_in_dir_mode: '0755'
 # This is usually the case when the selection is up to the OpenSSH defaults or
 # drop-in directory is used.
 __sshd_verify_hostkeys_default: []
+
+# This switch can control if the validate step is supported by the target OS.
+# This is useful for very old OpenSSH or for tests that generate invalid configurations
+__sshd_supports_validate: true