ansible-collection-hardening/molecule/os_hardening/prepare.yml

---
- name: wrapper playbook for kitchen testing "ansible-os-hardening" with custom vars for testing
  hosts: all
  become: true
  collections:
    - devsec.hardening
  environment:
    http_proxy: "{{ lookup('env', 'http_proxy') | default(omit)  }}"
    https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
    no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
  tasks:
    - name: set ansible_python_interpreter to "/usr/bin/python3" on fedora
      set_fact:
        ansible_python_interpreter: "/usr/bin/python3"
      when: ansible_facts.distribution == 'Fedora'

    - name: Run the equivalent of "apt-get update && apt-get upgrade"
      apt:
        name: "*"
        state: latest
        update_cache: true
      when: ansible_os_family == 'Debian'

    - name: install required tools on SuSE
      # cannot use zypper module, since it depends on python-xml
      shell: "zypper -n install python-xml"
      when: ansible_facts.os_family == 'Suse'

    - name: install required tools on fedora
      dnf:
        name:
          - python
          - findutils
          - procps-ng
      when: ansible_facts.distribution == 'Fedora'

    - name: install required tools on Arch
      community.general.pacman:
        name:
          - awk
        state: present
        update_cache: true
      when: ansible_facts.os_family == 'Archlinux'

    - name: install required tools on RHEL  # noqa ignore-errors
      yum:
        name:
          - openssh-clients
          - openssh
        state: present
        update_cache: true
      ignore_errors: true

    - name: create recursing symlink to test minimize access
      shell: "rm -f /usr/bin/zzz && ln -s /usr/bin /usr/bin/zzz"
      changed_when: false

    - name: include YUM prepare tasks
      include_tasks: prepare_tasks/yum.yml
      when: ansible_facts.os_family == 'RedHat'

    - name: include preparation tasks
      ansible.builtin.include_tasks:
        file: "{{ item }}"
      loop:
        - prepare_tasks/netrc.yml
        - prepare_tasks/pw_ageing.yml
        - prepare_tasks/sys_account_shell.yml
        - prepare_tasks/ignore_home_folders.yml