do not force type of gatewayports-var

rndmh3ro · rndmh3ro · commit c53d37669cea · 2024-05-30T14:58:53.000+02:00
this way it can be a bool or a string. we also now test for it

Signed-off-by: Sebastian Gumprich &lt;rndmh3ro@users.noreply.github.com&gt;
diff --git a/molecule/ssh_hardening_custom_tests/converge.yml b/molecule/ssh_hardening_custom_tests/converge.yml
@@ -21,7 +21,7 @@
           - root
     network_ipv6_enable: true
     ssh_allow_tcp_forwarding: "yes"
-    ssh_gateway_ports: true
+    ssh_gateway_ports: "clientspecified"
     ssh_allow_agent_forwarding: true
     ssh_server_permit_environment_vars: "yes"
     ssh_server_accept_env_vars: PWD HTTP_PROXY
diff --git a/roles/ssh_hardening/meta/argument_specs.yml b/roles/ssh_hardening/meta/argument_specs.yml
@@ -88,7 +88,7 @@ argument_specs:
           you can specify `'yes'`, `'no'`, `'all'`, `'local'`or`'remote'`.
       ssh_gateway_ports:
         default: false
-        type: bool
+        type: raw
         description: Set to `false` to disable binding forwarded ports to non-loopback
           addresses. Set to `true` to force binding on wildcard address. Set to `clientspecified`
           to allow the client to specify which address to bind to.
