cybercinch/ansible-role-auth-duo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 1 Wiki Activity

Linting

Browse Source
This commit is contained in:
Aaron Guise
2023-10-10 23:24:47 +13:00
parent 8b8d5e3d45
commit 9024db2652
9 changed files with 35 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.ansible-lint Normal file
View File

@@ -0,0 +1,11 @@
profile: basic
skip_list: # or 'skip_list' to silence them completely
- experimental # all rules tagged as experimental
- unnamed-task # All tasks should be named
- fqcn-builtins
warn_list:
- name[casing]
- var-naming[pattern]
- no-free-form

2
.yamllint
View File

@@ -2,6 +2,8 @@
# Based on ansible-lint config # Based on ansible-lint config
extends: default extends: default
ignore:
- .venv/
rules: rules:
braces: braces:
max-spaces-inside: 1 max-spaces-inside: 1

2
handlers/main.yml
View File

@@ -1,6 +1,6 @@
--- ---
# handlers file for auth_duo # handlers file for auth_duo
- name: restart sshd - name: Restart sshd
service: service:
name: sshd name: sshd
state: restarted state: restarted

8
meta/main.yml
View File

@@ -2,7 +2,8 @@ galaxy_info:
author: Aaron Guise author: Aaron Guise
description: Enable duo_unix - Multifactor Authentication for Linux description: Enable duo_unix - Multifactor Authentication for Linux
company: Ultrafast Fibre company: Ultrafast Fibre
namespace: cybercinch
role_name: auth_duo
# If the issue tracker for your role is not on github, uncomment the # If the issue tracker for your role is not on github, uncomment the
# next line and provide a value # next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker # issue_tracker_url: http://example.com/issue/tracker
@@ -16,7 +17,7 @@ galaxy_info:
# - CC-BY-4.0 # - CC-BY-4.0
license: MIT license: MIT
min_ansible_version: 2.9 min_ansible_version: "2.9"
# If this a Container Enabled role, provide the minimum Ansible Container version. # If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version: # min_ansible_container_version:
@@ -30,7 +31,8 @@ galaxy_info:
platforms: platforms:
- name: EL - name: EL
versions: versions:
- 7 - "7"
- "8"
# galaxy_tags: [] # galaxy_tags: []
# # List tags for your role here, one per line. A tag is a keyword that describes # # List tags for your role here, one per line. A tag is a keyword that describes

10
molecule/default/converge.yml
View File

@@ -2,14 +2,14 @@
- name: Converge - name: Converge
hosts: all hosts: all
tasks: tasks:
- name: "Include auth_duo" - name: "Include role under test"
include_role: include_role:
name: "auth_duo" name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
vars: vars:
auth_duo_settings: auth_duo_settings:
- key: ikey - key: ikey
value: "{{ lookup('env','AUTH_DUO_IKEY') }}" value: "{{ lookup('env', 'AUTH_DUO_IKEY') }}"
- key: skey - key: skey
value: "{{ lookup('env','AUTH_DUO_SKEY') }}" value: "{{ lookup('env', 'AUTH_DUO_SKEY') }}"
- key: host - key: host
value: "{{ lookup('env','AUTH_DUO_HOST') }}" value: "{{ lookup('env', 'AUTH_DUO_HOST') }}"

2
molecule/default/molecule.yml
View File

@@ -6,7 +6,7 @@ driver:
platforms: platforms:
- name: instance - name: instance
command: ${MOLECULE_DOCKER_COMMAND:-""} command: ${MOLECULE_DOCKER_COMMAND:-""}
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" image: "cybercinch/docker-${MOLECULE_DISTRO:-almalinux8}-ansible:latest"
volumes: volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro - /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true privileged: true

8
molecule/default/prepare.yml
View File

@@ -2,21 +2,21 @@
- name: Prepare - name: Prepare
hosts: all hosts: all
tasks: tasks:
- name: ensure openssh installed - name: Ensure openssh installed
yum: yum:
name: openssh-server, openssh-clients, sshpass name: openssh-server, openssh-clients, sshpass
state: installed state: installed
- name: ensure sshd is running - name: Ensure sshd is running
service: service:
name: sshd name: sshd
state: started state: started
enabled: true enabled: true
- name: ensure nologin files are absent - name: Ensure nologin files are absent
file: file:
path: "{{ item }}" path: "{{ item }}"
state: absent state: absent
with_items: with_items:
- /etc/nologin - /etc/nologin
- /var/run/nologin - /var/run/nologin

2
molecule/default/verify.yml
View File

@@ -25,4 +25,4 @@
- name: Did duo prompt show? - name: Did duo prompt show?
assert: assert:
that: "'Duo two-factor login for auth_duo_test' in slurpfile['content'] | b64decode" that: "'Duo two-factor login for' in slurpfile['content'] | b64decode"

7
tasks/main.yml
View File

@@ -28,7 +28,7 @@
copy: copy:
src: etc.pam.d.sshd src: etc.pam.d.sshd
dest: /etc/pam.d/sshd dest: /etc/pam.d/sshd
notify: restart sshd notify: Restart sshd
- name: Ensure PAM is enabled for SSH - name: Ensure PAM is enabled for SSH
lineinfile: lineinfile:
@@ -40,12 +40,15 @@
line: 'UsePAM yes' line: 'UsePAM yes'
- regex: '^ChallengeResponseAuthentication ' - regex: '^ChallengeResponseAuthentication '
line: 'ChallengeResponseAuthentication yes' line: 'ChallengeResponseAuthentication yes'
notify: restart sshd notify: Restart sshd
- name: Flush Handlers - name: Flush Handlers
meta: flush_handlers meta: flush_handlers
- name: Duo SELinux Enablement - name: Duo SELinux Enablement
when: >
ansible_virtualization_type != 'docker' and
ansible_virtualization_type != 'container'
block: block:
- name: Copy SELinux Module - name: Copy SELinux Module
copy: copy: