diff --git a/tests/tests_match.yml b/tests/tests_match.yml index eb6c1d7..3e704f4 100644 --- a/tests/tests_match.yml +++ b/tests/tests_match.yml @@ -51,7 +51,8 @@ register: root_effective - name: Print current configuration file - command: "cat {{ main_sshd_config }}" + slurp: + src: "{{ main_sshd_config }}" register: config - name: Check the options are effective @@ -70,8 +71,8 @@ - name: Check the options are in configuration file assert: that: - - "'Match User xusers' in config.stdout" - - "'Match User bot' in config.stdout" - - "'Match User sftponly' in config.stdout" - - "'Match User root' in config.stdout" + - "'Match User xusers' in config.content | b64decode" + - "'Match User bot' in config.content | b64decode" + - "'Match User sftponly' in config.content | b64decode" + - "'Match User root' in config.content | b64decode" tags: tests::verify diff --git a/tests/tests_match_iterate.yml b/tests/tests_match_iterate.yml index 12efcf2..5ed3e69 100644 --- a/tests/tests_match_iterate.yml +++ b/tests/tests_match_iterate.yml @@ -49,7 +49,8 @@ register: root_effective - name: Print current configuration file - command: "cat {{ main_sshd_config }}" + slurp: + src: "{{ main_sshd_config }}" register: config - name: Check the options are effective @@ -68,8 +69,8 @@ - name: Check the options are in configuration file assert: that: - - "'Match User xusers' in config.stdout" - - "'Match User bot' in config.stdout" - - "'Match User sftponly' in config.stdout" - - "'Match User root' in config.stdout" + - "'Match User xusers' in config.content | b64decode" + - "'Match User bot' in config.content | b64decode" + - "'Match User sftponly' in config.content | b64decode" + - "'Match User root' in config.content | b64decode" tags: tests::verify diff --git a/tests/tests_set_common.yml b/tests/tests_set_common.yml index 1410f10..845bf76 100644 --- a/tests/tests_set_common.yml +++ b/tests/tests_set_common.yml @@ -21,7 +21,8 @@ register: runtime - name: Print current configuration file - command: cat /etc/ssh/sshd_config + slurp: + src: /etc/ssh/sshd_config register: config - name: Check the options are effective @@ -36,8 +37,8 @@ - name: Check the options are in configuration file assert: that: - - "'AcceptEnv LANG' in config.stdout" - - "'Banner /etc/issue' in config.stdout" - - "'Ciphers aes256-gcm@openssh.com' in config.stdout" - - "'Subsystem sftp internal-sftp' in config.stdout" + - "'AcceptEnv LANG' in config.content | b64decode" + - "'Banner /etc/issue' in config.content | b64decode" + - "'Ciphers aes256-gcm@openssh.com' in config.content | b64decode" + - "'Subsystem sftp internal-sftp' in config.content | b64decode" tags: tests::verify diff --git a/tests/tests_sysconfig.yml b/tests/tests_sysconfig.yml index 38007c2..872958d 100644 --- a/tests/tests_sysconfig.yml +++ b/tests/tests_sysconfig.yml @@ -14,15 +14,16 @@ - meta: flush_handlers - name: Print current configuration file - command: cat /etc/sysconfig/sshd + slurp: + src: /etc/sysconfig/sshd register: config - name: Check the crypto policies is overridden in RHEL 8 assert: that: - - "'CRYPTO_POLICY=' in config.stdout_lines" + - "'CRYPTO_POLICY=' in config.content | b64decode" # these are string variants in default configuration file - - "'# CRYPTO_POLICY=' not in config.stdout_lines" + - "'# CRYPTO_POLICY=' not in config.content | b64decode" when: - ansible_facts['os_family'] == "RedHat" - ansible_facts['distribution_major_version'] == "8" @@ -30,10 +31,10 @@ - name: Check the RNG options are in configuration file assert: that: - - "'SSH_USE_STRONG_RNG=32' in config.stdout_lines" + - "'SSH_USE_STRONG_RNG=32' in config.content | b64decode" # these are string variants in default configuration file - - "'SSH_USE_STRONG_RNG=0' not in config.stdout_lines" - - "'# SSH_USE_STRONG_RNG=1' not in config.stdout_lines" + - "'SSH_USE_STRONG_RNG=0' not in config.content | b64decode" + - "'# SSH_USE_STRONG_RNG=1' not in config.content | b64decode" when: - ansible_facts['os_family'] == "RedHat" - ansible_facts['distribution'] != 'Fedora'