---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Generate a list of services
- name: Check if /etc/exports exists
  stat:
    path: /etc/exports
  register: exports
  always_run: yes
  tags:
    - nfs
    - cat1
    - cat2
    - cat3

- name: Check if 'all_squash' appears in /etc/exports (for V-38460)
  shell: grep all_squash /etc/exports
  register: v38460_result
  changed_when: v38460_result.rc == 0
  when: exports.stat.exists
  tags:
    - nfs
    - cat3
    - V-38460

- name: V-38460 - The NFS server must not have the all_squash option enabled
  fail:
    msg: "FAILED: Remove all_squash from /etc/exports"
  changed_when: v38460_result.rc == 0
  when: exports.stat.exists and v38460_result.rc == 0
  tags:
    - nfs
    - cat3
    - V-38460

- name: Check if 'insecure_locks' appears in /etc/exports (for V-38677)
  shell: grep insecure_locks /etc/exports
  register: v38677_result
  changed_when: v38677_result.rc == 0
  when: exports.stat.exists
  tags:
    - nfs
    - cat3
    - V-38677

- name: V-38677 - The NFS server must not have the insecure_locks option enabled
  fail:
    msg: "FAILED: Remove insecure_locks from /etc/exports"
  changed_when: v38677_result.rc == 0
  when: exports.stat.exists and v38677_result.rc == 0
  tags:
    - nfs
    - cat3
    - V-38677