Test all user-variables.

robertdebock · Jun 19, 2020 · 2f2aa0b · 2f2aa0b
1 parent ff4c6e9
commit 2f2aa0b
Show file tree

Hide file tree

Showing 2 changed files with 316 additions and 0 deletions.
diff --git a/tasks/assert.yml b/tasks/assert.yml
@@ -0,0 +1,313 @@
+---
+- name: test if ssh_port is set correctly
+  assert:
+    that:
+      - openssh_port is defined
+      - openssh_port | int
+      - openssh_port | int > 0
+      - openssh_port | int < 65536
+
+- name: test if openssh_address_family is set correctly
+  assert:
+    that:
+      - openssh_address_family is defined
+      - openssh_address_family in ["any", "inet", "inet6"]
+
+- name: test if openssh_listen_address is set correctly
+  assert:
+    that:
+      - openssh_listen_address is defined
+      - openssh_listen_address | length > 0
+
+- name: test if openssh_host_key is set correctly
+  assert:
+    that:
+      - openssh_host_key is defined
+      - openssh_host_key | length > 0
+
+- name: test if openssh_rekey_limit is set correctly
+  assert:
+    that:
+      - openssh_rekey_limit is defined
+
+- name: test if openssh_syslog_facility is set correctly
+  assert:
+    that:
+      - openssh_syslog_facility is defined
+      - openssh_syslog_facility in ["DAEMON", "USER", "AUTH", "LOCAL0", "LOCAL1", "LOCAL2", "LOCAL3", "LOCAL4", "LOCAL5", "LOCAL6", "LOCAL7"]
+
+- name: test if openssh_loglevel is set correctly
+  assert:
+    that:
+      - openssh_loglevel is defined
+      - openssh_loglevel in ["QUIET", "FATAL", "ERROR", "INFO", "VERBOSE", "DEBUG", "DEBUG1", "DEBUG2", "DEBUG3"]
+
+- name: test if openssh_login_grace_time is set correctly
+  assert:
+    that:
+      - openssh_login_grace_time is defined
+
+- name: test if openssh_permit_root_login is set correctly
+  assert:
+    that:
+      - openssh_permit_root_login is defined
+      - openssh_permit_root_login in ["yes", "no"]
+
+- name: test if openssh_strict_modes is set correctly
+  assert:
+    that:
+      - openssh_strict_modes is defined
+      - openssh_strict_modes in ["yes", "no"]
+
+- name: test if openssh_max_auth_tries is set correctly
+  assert:
+    that:
+      - openssh_max_auth_tries is defined
+      - openssh_max_auth_tries | int
+      - openssh_max_auth_tries | int > 0
+
+- name: test if openssh_max_sessions is set correctly
+  assert:
+    that:
+      - openssh_max_sessions is defined
+      - openssh_max_sessions | int
+      - openssh_max_sessions | int > 0
+
+- name: test if openssh_pub_key_authentication is set correctly
+  assert:
+    that:
+      - openssh_pub_key_authentication is defined
+      - openssh_pub_key_authentication in ["yes", "no"]
+
+- name: test if openssh_authorized_key_file is set correctly
+  assert:
+    that:
+      - openssh_authorized_key_file is defined
+
+- name: test if openssh_authorized_prinicpals_file is set correctly
+  assert:
+    that:
+      - openssh_authorized_prinicpals_file is defined
+
+- name: test if openssh_authorized_keys_command is set correctly
+  assert:
+    that:
+      - openssh_authorized_keys_command is defined
+
+- name: test if openssh_authorized_keys_command_user is set correctly
+  assert:
+    that:
+      - openssh_authorized_keys_command_user is defined
+
+- name: test if openssh_host_based_authentication is set correctly
+  assert:
+    that:
+      - openssh_host_based_authentication is defined
+      - openssh_host_based_authentication in ["yes", "no"]
+
+- name: test if openssh_ignore_user_known_hosts is set correctly
+  assert:
+    that:
+      - openssh_ignore_user_known_hosts is defined
+      - openssh_ignore_user_known_hosts in ["yes", "no"]
+
+- name: test if openssh_ignore_rhosts is set correctly
+  assert:
+    that:
+      - openssh_ignore_rhosts is defined
+      - openssh_ignore_rhosts in ["yes", "no"]
+
+- name: test if openssh_permit_empty_passwords is set correctly
+  assert:
+    that:
+      - openssh_permit_empty_passwords is defined
+      - openssh_permit_empty_passwords in ["yes", "no"]
+
+- name: test if openssh_password_authentication is set correctly
+  assert:
+    that:
+      - openssh_password_authentication is defined
+      - openssh_password_authentication in ["yes", "no"]
+
+- name: test if openssh_challenge_response_authentication is set correctly
+  assert:
+    that:
+      - openssh_challenge_response_authentication is defined
+      - openssh_challenge_response_authentication in ["yes", "no"]
+
+- name: test if openssh_gssapi_authentication is set correctly
+  assert:
+    that:
+      - openssh_gssapi_authentication is defined
+      - openssh_gssapi_authentication in ["yes", "no"]
+
+- name: test if openssh_gssapi_cleanup_credentials is set correctly
+  assert:
+    that:
+      - openssh_gssapi_cleanup_credentials is defined
+      - openssh_gssapi_cleanup_credentials in ["yes", "no"]
+
+- name: test if openssh_gssapi_strict_acceptor_check is set correctly
+  assert:
+    that:
+      - openssh_gssapi_strict_acceptor_check is defined
+      - openssh_gssapi_strict_acceptor_check in ["yes", "no"]
+
+- name: test if openssh_gssapi_key_exchange is set correctly
+  assert:
+    that:
+      - openssh_gssapi_key_exchange is defined
+      - openssh_gssapi_key_exchange in ["yes", "no"]
+
+- name: test if openssh_gssaip_enable_k5_users is set correctly
+  assert:
+    that:
+      - openssh_gssaip_enable_k5_users is defined
+      - openssh_gssaip_enable_k5_users in ["yes", "no"]
+
+- name: test if openssh_use_pam is set correctly
+  assert:
+    that:
+      - openssh_use_pam is defined
+      - openssh_use_pam in ["yes", "no"]
+
+- name: test if openssh_allow_agent_forwarding is set correctly
+  assert:
+    that:
+      - openssh_allow_agent_forwarding is defined
+      - openssh_allow_agent_forwarding in ["yes", "no"]
+
+- name: test if openssh_allow_tcp_forwarding is set correctly
+  assert:
+    that:
+      - openssh_allow_tcp_forwarding is defined
+      - openssh_allow_tcp_forwarding in ["yes", "no"]
+
+- name: test if openssh_gateway_ports is set correctly
+  assert:
+    that:
+      - openssh_gateway_ports is defined
+      - openssh_gateway_ports in ["yes", "no"]
+
+- name: test if openssh_x11_forwarding is set correctly
+  assert:
+    that:
+      - openssh_x11_forwarding is defined
+      - openssh_x11_forwarding in ["yes", "no"]
+
+- name: test if openssh_x11_display_offset is set correctly
+  assert:
+    that:
+      - openssh_x11_display_offset is defined
+      - openssh_x11_display_offset | int
+      - openssh_x11_display_offset | int > 1
+
+- name: test if openssh_x11_use_localhost is set correctly
+  assert:
+    that:
+      - openssh_x11_use_localhost is defined
+      - openssh_x11_use_localhost in ["yes", "no"]
+
+- name: test if openssh_permit_tty is set correctly
+  assert:
+    that:
+      - openssh_permit_tty is defined
+      - openssh_permit_tty in ["yes", "no"]
+
+- name: test if openssh_print_motd is set correctly
+  assert:
+    that:
+      - openssh_print_motd is defined
+      - openssh_print_motd in ["yes", "no"]
+
+- name: test if openssh_print_last_log is set correctly
+  assert:
+    that:
+      - openssh_print_last_log is defined
+      - openssh_print_last_log in ["yes", "no"]
+
+- name: test if openssh_tcp_keep_alive is set correctly
+  assert:
+    that:
+      - openssh_tcp_keep_alive is defined
+      - openssh_tcp_keep_alive in ["yes", "no"]
+
+- name: test if openssh_permit_user_environment is set correctly
+  assert:
+    that:
+      - openssh_permit_user_environment is defined
+      - openssh_permit_user_environment in ["yes", "no"]
+
+- name: test if openssh_compression is set correctly
+  assert:
+    that:
+      - openssh_compression is defined
+      - openssh_compression in ["yes", "no", "delayed"]
+
+- name: test if openssh_client_alive_interval is set correctly
+  assert:
+    that:
+      - openssh_client_alive_interval is defined
+      - openssh_client_alive_interval | int
+      - openssh_client_alive_interval | int >= 0
+
+- name: test if openssh_client_alive_count_max is set correctly
+  assert:
+    that:
+      - openssh_client_alive_count_max is defined
+      - openssh_client_alive_count_max | int
+      - openssh_client_alive_count_max | int >= 0
+
+- name: test if openssh_show_patch_level is set correctly
+  assert:
+    that:
+      - openssh_show_patch_level is defined
+      - openssh_show_patch_level in ["yes", "no"]
+
+- name: test if openssh_use_dns is set correctly
+  assert:
+    that:
+      - openssh_use_dns is defined
+      - openssh_use_dns in ["yes", "no"]
+
+- name: test if openssh_pid_file is set correctly
+  assert:
+    that:
+      - openssh_pid_file is defined
+
+- name: test if openssh_max_startups is set correctly
+  assert:
+    that:
+      - openssh_max_startups is defined
+
+- name: test if openssh_permit_tunnel is set correctly
+  assert:
+    that:
+      - openssh_permit_tunnel is defined
+      - openssh_permit_tunnel in ["yes", "no"]
+
+- name: test if openssh_chroot_directory is set correctly
+  assert:
+    that:
+      - openssh_chroot_directory is defined
+
+- name: test if openssh_version_addendum is set correctly
+  assert:
+    that:
+      - openssh_version_addendum is defined
+
+- name: test if openssh_banner is set correctly
+  assert:
+    that:
+      - openssh_banner is defined
+
+- name: test if openssh_accept_env is set correctly
+  assert:
+    that:
+      - openssh_accept_env is defined
+      - openssh_accept_env | length > 0
+
+- name: test if openssh_subsystem is set correctly
+  assert:
+    that:
+      - openssh_subsystem is defined
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,5 +1,8 @@
 ---
 # tasks file for openssh
+- name: include assert.yml
+  include_tasks: assert.yml
+
 - name: install openssh
   package:
     name: "{{ openssh_packages }}"