Merge pull request #666 from bshephar/sshd-server-options

Use private variable for sshd_options
openstack-k8s-operators · Jun 11, 2024 · 75f65b4 · 75f65b4
2 parents d10789e + b941b4a
commit 75f65b4
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 2 deletions.
diff --git a/roles/edpm_sshd/molecule/banners/converge.yml b/roles/edpm_sshd/molecule/banners/converge.yml
@@ -21,3 +21,4 @@
     - name: osp.edpm.edpm_sshd
       edpm_sshd_motd_enabled: true
       edpm_sshd_banner_enabled: true
+      edpm_sshd_banner_text: "Test banner"
diff --git a/roles/edpm_sshd/molecule/banners/verify.yml b/roles/edpm_sshd/molecule/banners/verify.yml
@@ -0,0 +1,12 @@
+---
+- name: Verify
+  hosts: all
+  tasks:
+    - name: Ensure banner is set correctly
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        line: "Banner /etc/issue"
+        state: present
+      register: banner
+      failed_when:
+        - banner is changed
diff --git a/roles/edpm_sshd/tasks/configure.yml b/roles/edpm_sshd/tasks/configure.yml
@@ -68,7 +68,7 @@
 
     - name: Update sshd configuration options from vars
       ansible.builtin.set_fact:
-        edpm_sshd_server_options: |-
+        _edpm_sshd_server_options: |-
          {% set _ = edpm_sshd_server_options.__setitem__('PasswordAuthentication', edpm_sshd_password_authentication) %}
          {% if edpm_sshd_banner_enabled %}
          {% set _ = edpm_sshd_server_options.__setitem__('Banner', '/etc/issue') %}

diff --git a/roles/edpm_sshd/templates/sshd_config_block.j2 b/roles/edpm_sshd/templates/sshd_config_block.j2
@@ -1,6 +1,6 @@
 ## {{ ansible_managed }}
 
-{% for k, v in edpm_sshd_server_options.items() %}
+{% for k, v in _edpm_sshd_server_options.items() %}
 {%   if (v is iterable) and (v is not string) %}
 {%     set vars = (v | unique) %}
 {%     for var in vars %}