do not force type of ssh_gateway_ports (#765)

* do not force type of gatewayports-var this way it can be a bool or a string. we also now test for it Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> * replace yum with dnf Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> --------- Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
2024-11-10 01:04:13 +00:00 · 2024-05-31 12:20:00 +02:00 · 2024-05-31 12:20:00 +02:00 · 85aa1b22b3
commit 85aa1b22b3
parent 4af40129c6
9 changed files with 9 additions and 9 deletions
--- a/molecule/mysql_hardening/prepare.yml
+++ b/molecule/mysql_hardening/prepare.yml
@ -67,7 +67,7 @@
        - ansible_distribution_major_version|int < 20

    - name: Install required MySQL Python libraries on RHEL
-      ansible.builtin.yum:
+      ansible.builtin.dnf:
        name: "{% if 'python3' in ansible_python_interpreter | default('') %}python36-PyMySQL{% else %}python2-PyMySQL{% endif %}"
      when:
        - ansible_os_family == "RedHat"
--- a/molecule/os_hardening/prepare.yml
+++ b/molecule/os_hardening/prepare.yml
@ -41,7 +41,7 @@
      when: ansible_facts.os_family == 'Archlinux'

    - name: Install required tools on RHEL # noqa ignore-errors
-      ansible.builtin.yum:
+      ansible.builtin.dnf:
        name:
          - openssh-clients
          - openssh
--- a/molecule/os_hardening_vm/prepare.yml
+++ b/molecule/os_hardening_vm/prepare.yml
@ -73,7 +73,7 @@
      when: ansible_facts.os_family == 'Archlinux'

    - name: Install required tools on RHEL # noqa ignore-errors
-      ansible.builtin.yum:
+      ansible.builtin.dnf:
        name:
          - openssh-clients
          - openssh
--- a/molecule/ssh_hardening/prepare.yml
+++ b/molecule/ssh_hardening/prepare.yml
@ -13,7 +13,7 @@
      when: ansible_facts.distribution == 'Fedora'

    - name: Install packages # noqa ignore-errors
-      ansible.builtin.yum:
+      ansible.builtin.dnf:
        name:
          - openssh-clients
          - openssh-server
--- a/molecule/ssh_hardening_custom_tests/converge.yml
+++ b/molecule/ssh_hardening_custom_tests/converge.yml
@ -21,7 +21,7 @@
          - root
    network_ipv6_enable: true
    ssh_allow_tcp_forwarding: "yes"
-    ssh_gateway_ports: true
+    ssh_gateway_ports: "clientspecified"
    ssh_allow_agent_forwarding: true
    ssh_server_permit_environment_vars: "yes"
    ssh_server_accept_env_vars: PWD HTTP_PROXY
--- a/molecule/ssh_hardening_custom_tests/prepare.yml
+++ b/molecule/ssh_hardening_custom_tests/prepare.yml
@ -13,7 +13,7 @@
      when: ansible_facts.distribution == 'Fedora'

    - name: Install packages # noqa ignore-errors
-      ansible.builtin.yum:
+      ansible.builtin.dnf:
        name:
          - openssh-clients
          - openssh-server
--- a/roles/os_hardening/tasks/pam_rhel.yml
+++ b/roles/os_hardening/tasks/pam_rhel.yml
@ -1,6 +1,6 @@
 ---
 - name: Install sssd-clients
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
    name: sssd-client
    state: present
  when:
--- a/roles/os_hardening/tasks/yum.yml
+++ b/roles/os_hardening/tasks/yum.yml
@ -45,7 +45,7 @@
    - /etc/yum/pluginconf.d/rhnplugin.conf

 - name: Remove deprecated or insecure packages | package-01 - package-09
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
    name: "{{ os_security_packages_list }}"
    state: absent
  when: os_security_packages_clean | bool
--- a/roles/ssh_hardening/meta/argument_specs.yml
+++ b/roles/ssh_hardening/meta/argument_specs.yml
@ -88,7 +88,7 @@ argument_specs:
          you can specify `'yes'`, `'no'`, `'all'`, `'local'`or`'remote'`.
      ssh_gateway_ports:
        default: false
-        type: bool
+        type: raw
        description: Set to `false` to disable binding forwarded ports to non-loopback
          addresses. Set to `true` to force binding on wildcard address. Set to `clientspecified`
          to allow the client to specify which address to bind to.