cybercinch/ansible-role-auth-duo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 1 Wiki Activity

Linting

Browse Source
This commit is contained in:
Aaron Guise
2023-10-10 23:24:47 +13:00
parent 8b8d5e3d45
commit 9024db2652
9 changed files with 35 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.ansible-lint Normal file
View File

@@ -0,0 +1,11 @@
profile: basic
skip_list: # or 'skip_list' to silence them completely
- experimental # all rules tagged as experimental
- unnamed-task # All tasks should be named
- fqcn-builtins
warn_list:
- name[casing]
- var-naming[pattern]
- no-free-form

2
.yamllint
View File

@@ -2,6 +2,8 @@
# Based on ansible-lint config
extends: default
ignore:
- .venv/
rules:
braces:
max-spaces-inside: 1

2
handlers/main.yml
View File

@@ -1,6 +1,6 @@
---
# handlers file for auth_duo
- name: restart sshd
- name: Restart sshd
service:
name: sshd
state: restarted

8
meta/main.yml
View File

@@ -2,7 +2,8 @@ galaxy_info:
author: Aaron Guise
description: Enable duo_unix - Multifactor Authentication for Linux
company: Ultrafast Fibre
namespace: cybercinch
role_name: auth_duo
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
@@ -16,7 +17,7 @@ galaxy_info:
# - CC-BY-4.0
license: MIT
min_ansible_version: 2.9
min_ansible_version: "2.9"
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
@@ -30,7 +31,8 @@ galaxy_info:
platforms:
- name: EL
versions:
- 7
- "7"
- "8"
# galaxy_tags: []
# # List tags for your role here, one per line. A tag is a keyword that describes

10
molecule/default/converge.yml
View File

@@ -2,14 +2,14 @@
- name: Converge
hosts: all
tasks:
- name: "Include auth_duo"
- name: "Include role under test"
include_role:
name: "auth_duo"
name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
vars:
auth_duo_settings:
- key: ikey
value: "{{ lookup('env','AUTH_DUO_IKEY') }}"
value: "{{ lookup('env', 'AUTH_DUO_IKEY') }}"
- key: skey
value: "{{ lookup('env','AUTH_DUO_SKEY') }}"
value: "{{ lookup('env', 'AUTH_DUO_SKEY') }}"
- key: host
value: "{{ lookup('env','AUTH_DUO_HOST') }}"
value: "{{ lookup('env', 'AUTH_DUO_HOST') }}"

2
molecule/default/molecule.yml
View File

@@ -6,7 +6,7 @@ driver:
platforms:
- name: instance
command: ${MOLECULE_DOCKER_COMMAND:-""}
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
image: "cybercinch/docker-${MOLECULE_DISTRO:-almalinux8}-ansible:latest"
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true

8
molecule/default/prepare.yml
View File

@@ -2,21 +2,21 @@
- name: Prepare
hosts: all
tasks:
- name: ensure openssh installed
- name: Ensure openssh installed
yum:
name: openssh-server, openssh-clients, sshpass
state: installed
- name: ensure sshd is running
- name: Ensure sshd is running
service:
name: sshd
state: started
enabled: true
- name: ensure nologin files are absent
- name: Ensure nologin files are absent
file:
path: "{{ item }}"
state: absent
with_items:
- /etc/nologin
- /var/run/nologin
- /var/run/nologin

2
molecule/default/verify.yml
View File

@@ -25,4 +25,4 @@
- name: Did duo prompt show?
assert:
that: "'Duo two-factor login for auth_duo_test' in slurpfile['content'] | b64decode"
that: "'Duo two-factor login for' in slurpfile['content'] | b64decode"

7
tasks/main.yml
View File

@@ -28,7 +28,7 @@
copy:
src: etc.pam.d.sshd
dest: /etc/pam.d/sshd
notify: restart sshd
notify: Restart sshd
- name: Ensure PAM is enabled for SSH
lineinfile:
@@ -40,12 +40,15 @@
line: 'UsePAM yes'
- regex: '^ChallengeResponseAuthentication '
line: 'ChallengeResponseAuthentication yes'
notify: restart sshd
notify: Restart sshd
- name: Flush Handlers
meta: flush_handlers
- name: Duo SELinux Enablement
when: >
ansible_virtualization_type != 'docker' and
ansible_virtualization_type != 'container'
block:
- name: Copy SELinux Module
copy: