-
Notifications
You must be signed in to change notification settings - Fork 671
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conditional for Ansible remediation on RHEL7 #9440
Conditional for Ansible remediation on RHEL7 #9440
Conversation
@marcusburghardt: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
ansible.builtin.user: | ||
user: '{{ item }}' | ||
password_expire_max: '{{ var_accounts_maximum_age_login_defs }}' | ||
{{% else %}} | ||
ansible.builtin.command: > | ||
chage -M 60 {{ item }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should 60 be replaced with var_accounts_maximum_age_login_defs
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should. I will fix. Thanks.
The Ansible remediation for the accounts_password_set_max_life_existing rule was recently updated to use the user module with the password_expire_max parameter. However, this parameter was introduced on Ansible 2.11 while RHEL7 uses Ansible 2.9. Therefore, the former remediation approach was kept for RHEL7 via a Jinja2 conditional.
a395254
to
d1fc78e
Compare
Code Climate has analyzed commit d1fc78e and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 42.3% (0.0% change). View more on Code Climate. |
Description:
The Ansible remediation for the
accounts_password_set_max_life_existing
rule was recently updated to use theuser
module with thepassword_expire_max
parameter. However, this parameter was introduced on Ansible 2.11 while RHEL7 uses Ansible 2.9. Therefore, the former remediation approach was kept for RHEL7 via a Jinja2 conditional.Rationale: