ansible-collection-hardening icon indicating copy to clipboard operation
ansible-collection-hardening copied to clipboard

Published 20 hours ago verified publisher icon dev-sec

`ssh_gateway_ports` is documented to accept 'clientspecified' string, but only accepts bools

Open particleflux opened this issue 1 year ago • 0 comments

Description

The ssh_gateway_ports is documented to accept yes, no and 'clientspecified', yet the latter is a string and rejected by type: bool.

https://github.com/dev-sec/ansible-collection-hardening/blob/db2bfc91da7654283d34e1154ae564a61e0ac0ef/roles/ssh_hardening/meta/argument_specs.yml#L89C7-L94C67

Seems ansible starting with 4.x validates this strictly

Reproduction steps

- role: devsec.hardening.ssh_hardening
      vars:
        ssh_gateway_ports: 'clientspecified'

Current Behavior

argument 'ssh_gateway_ports' is of type <class 'ansible.parsing.yaml.objects.AnsibleUnicode'> and we were unable to convert to bool: The value 'clientspecified' is not a valid boolean. Valid booleans include: 0, 1, 'off', '0', 'yes', 'n', 'on', 'f', 't', '1', 'true', 'no', 'y', 'false'

Expected Behavior

'clientspecified' will be accepted and correctly written

OS / Environment

Provide all relevant information below, e.g. target OS versions, network device firmware, etc.

Ansible Version

ansible [core 2.11.12] 
  config file = xxx/ansible.cfg
  configured module search path = ['/home/stefan/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = xxx/lib/python3.11/site-packages/ansible
  ansible collection location = /home/stefan/.ansible/collections:/usr/share/ansible/collections
  executable location = xxx/bin/ansible
  python version = 3.11.8 (main, Mar 25 2024, 16:15:29) [GCC 13.2.1 20240210]
  jinja version = 3.1.3
  libyaml = True

Collection Version

9.0.1

Additional information

...

particleflux avatar Apr 09 '24 15:04 particleflux