infra-run/TESTED.md

# Tested

This file documents the validation status for `infra-run`.

## Tested Locally

- Repository structure and documentation links were reviewed.
- Bash scripts were reviewed for dry-run defaults, quoting, and obvious unsafe cleanup behavior.
- Disk-full examples use fake data and can be read without access to production systems.

## Syntax Checked

Recommended local checks:

```bash
find infra-run/scripts/bash -name '*.sh' -print0 | xargs -0 shellcheck -x -P infra-run/scripts/bash/disk-full -P infra-run/scripts/bash/gpfs -P infra-run/scripts/bash/veritas
yamllint .
cd infra-run/ansible && ansible-lint playbooks roles
```

The GitHub Actions workflow runs shell and YAML validation. `ansible-lint` is non-blocking because role behavior depends on platform facts, installed collections, and target OS support.

## Not Tested Against Real Systems

- Veritas VxVM/VCS commands were not tested against a live Veritas cluster here.
- GPFS / IBM Spectrum Scale commands were not tested against a live GPFS cluster here.
- AIX hardening tasks were not tested against a real AIX LPAR here.
- SSH hardening was not validated across every possible `sshd_config` layout.

## Known Limitations

- Destructive storage operations are dry-run by default where applicable, but dry-run output is not a substitute for peer review.
- Some scripts require vendor commands that are not available on a normal Linux workstation.
- Ansible examples are selected baseline controls, not full hardening benchmarks.
- Local linting does not prove production safety.

## Suggested Validation Steps

1. Run `shellcheck` against all Bash scripts.
2. Run `yamllint` against repository YAML.
3. Run `cd infra-run/ansible && ansible-lint playbooks roles` and review any non-blocking warnings.
4. Run disk-full read-only scripts on disposable local paths.
5. For Veritas or GPFS, test only in a lab with fake volumes/disks or a controlled training environment.
6. Validate SSH changes on a disposable host using the full effective `sshd` configuration.
Improve infra-run portfolio credibility 2026-05-08 21:18:22 +00:00			`# Tested`

			This file documents the validation status for `infra-run`.

			`## Tested Locally`

			`- Repository structure and documentation links were reviewed.`
			`- Bash scripts were reviewed for dry-run defaults, quoting, and obvious unsafe cleanup behavior.`
			`- Disk-full examples use fake data and can be read without access to production systems.`

			`## Syntax Checked`

			`Recommended local checks:`

			```bash
			`find infra-run/scripts/bash -name '*.sh' -print0 \| xargs -0 shellcheck -x -P infra-run/scripts/bash/disk-full -P infra-run/scripts/bash/gpfs -P infra-run/scripts/bash/veritas`
			`yamllint .`
			`cd infra-run/ansible && ansible-lint playbooks roles`
			```

			The GitHub Actions workflow runs shell and YAML validation. `ansible-lint` is non-blocking because role behavior depends on platform facts, installed collections, and target OS support.

			`## Not Tested Against Real Systems`

			`- Veritas VxVM/VCS commands were not tested against a live Veritas cluster here.`
			`- GPFS / IBM Spectrum Scale commands were not tested against a live GPFS cluster here.`
			`- AIX hardening tasks were not tested against a real AIX LPAR here.`
			- SSH hardening was not validated across every possible `sshd_config` layout.

			`## Known Limitations`

			`- Destructive storage operations are dry-run by default where applicable, but dry-run output is not a substitute for peer review.`
			`- Some scripts require vendor commands that are not available on a normal Linux workstation.`
			`- Ansible examples are selected baseline controls, not full hardening benchmarks.`
			`- Local linting does not prove production safety.`

			`## Suggested Validation Steps`

			1. Run `shellcheck` against all Bash scripts.
			2. Run `yamllint` against repository YAML.
			3. Run `cd infra-run/ansible && ansible-lint playbooks roles` and review any non-blocking warnings.
			`4. Run disk-full read-only scripts on disposable local paths.`
			`5. For Veritas or GPFS, test only in a lab with fake volumes/disks or a controlled training environment.`
			6. Validate SSH changes on a disposable host using the full effective `sshd` configuration.