Add more test coverage

This commit cleans up the testing variables and enables more tasks in the CI jobs. Change-Id: Ia937928e46b8ffefc54b499b8d8383ad4d81d907
2017-05-24 09:48:01 -05:00 · 2017-05-24 09:48:01 -05:00 · 40c744c86d
commit 40c744c86d
parent d7600f1a12
2 changed files with 14 additions and 18 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -373,13 +373,6 @@ security_unattended_upgrades_notifications: false
 # |  _ <|  _  | |___| |___    / /    ___) || |  | | |_| |
 # |_| \_\_| |_|_____|_____|  /_/    |____/ |_| |___\____|
 #
-#  UNDER ACTIVE DEVELOPMENT
-#
-#  The default configurations after this marker apply to the RHEL 7 STIG
-#  content in the openstack-ansible-security role. This content is still under
-#  active development and will not be applied to systems by default until
-#  the development work is complete.
-#
 ###############################################################################

 ## AIDE (aide)
--- a/tests/test.yml
+++ b/tests/test.yml
@ -77,23 +77,26 @@
  roles:
    - role: "openstack-ansible-security"
  vars:
+    security_disable_account_if_password_expires: yes
+    security_enable_firewalld: yes
    security_pwquality_apply_rules: yes
+    security_enable_pwquality_password_set: yes
+    security_lock_session: yes
+    security_pwquality_require_minimum_password_length: yes
    security_package_clean_on_remove: yes
+    security_pam_faillock_enable: yes
+    security_password_remember_password: 5
+    security_reset_perm_ownership: yes
+    security_require_grub_authentication: yes
+    security_rhel7_automatic_package_updates: yes
+    security_rhel7_initialize_aide: yes
+    security_rhel7_remove_shosts_files: yes
+    security_search_for_invalid_owner: yes
+    security_search_for_invalid_group_owner: yes
    security_unattended_upgrades_enabled: yes
    security_unattended_upgrades_notifications: yes
-    security_rhel7_automatic_package_updates: yes
    # NOTE(mhayden): clamav is only available if EPEL is installed. There needs
    # to be some work done to figure out how to install EPEL for use with
    # this role without causing disruptions on the system.
    security_enable_virus_scanner: no
    security_run_virus_scanner_update: no
-    security_search_for_invalid_owner: yes
-    security_search_for_invalid_group_owner: yes
-    security_enable_firewalld: yes
-    security_password_remember_password: 5
-    security_disable_account_if_password_expires: yes
-    security_rhel7_initialize_aide: yes
-    security_require_grub_authentication: yes
-    security_set_home_directory_permissions_and_owners_recursively: no
-    security_reset_perm_ownership: yes
-    security_rhel7_remove_shosts_files: yes