Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Task validation fixes (by Steampunk Spotter) #321

Merged
merged 6 commits into from
Sep 15, 2023
Merged

Task validation fixes (by Steampunk Spotter) #321

merged 6 commits into from
Sep 15, 2023

Conversation

anzoman
Copy link
Contributor

@anzoman anzoman commented Sep 13, 2023

Overall Review of Changes:
These changes will try to correct some errors and warnings within Ansible tasks that I have come across when running some checks with Steampunk Spotter.

Enhancements:
These changes fix the following errors detected by the Spotter CLI:

(.venv) user@ubuntu:~/RHEL7-CIS$ spotter scan --ansible-version 2.12 --display-level error .
Scanning...success. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00
------------------------------------------------------------------------
tasks/check_prereqs.yml:3:3: ERROR: [E001] list is not a valid parameter in module ansible.builtin.package.
tasks/check_prereqs.yml:3:3: ERROR: [E005] name is a required parameter in module ansible.builtin.package.
tasks/post.yml:4:3: ERROR: [E001] autoremove is not a valid parameter in module ansible.builtin.package.
tasks/post.yml:4:3: ERROR: [E005] name is a required parameter in module ansible.builtin.package.
tasks/post.yml:4:3: ERROR: [E005] state is a required parameter in module ansible.builtin.package.
tasks/pre_remediation_audit.yml:67:9: ERROR: [E005] that is a required parameter in module ansible.builtin.assert.
tasks/section_1/cis_1.2.x.yml:76:3: ERROR: [E001] masked is not a valid parameter in module ansible.builtin.service.
tasks/section_5/cis_5.7.yml:12:9: ERROR: [E001] groups is not a valid parameter in module ansible.builtin.group.
------------------------------------------------------------------------
Spotter took 2.068 s to scan your input.
It resulted in 9 error(s), 162 warning(s) and 181 hint(s).
Overall status: ERROR

How has this been tested?:
N/A

github-actions[bot]
github-actions bot reviewed Sep 13, 2023
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Congrats on opening your first pull request and thank you for taking the time to help improve Ansible-Lockdown!
Please join in the conversation happening on the Discord Server as well.

uk-bolly
uk-bolly reviewed Sep 14, 2023
View reviewed changes
tasks/post.yml Outdated Show resolved Hide resolved
uk-bolly
uk-bolly requested changes Sep 14, 2023
View reviewed changes
Copy link
Member

@uk-bolly uk-bolly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the quick and very comprehensive feedback for this PR. I have made a couple of comments that would be great to discuss further.
thanks

uk-bolly

@anzoman anzoman force-pushed the steampunk-spotter-fixes branch 2 times, most recently from c1bca28 to ff4d96e Compare September 14, 2023 09:37
uk-bolly
uk-bolly approved these changes Sep 14, 2023
View reviewed changes
Copy link
Member

@uk-bolly uk-bolly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch

tasks/pre_remediation_audit.yml Show resolved Hide resolved
@uk-bolly
Copy link
Member

hi @anzoman

Thank you again for your work on this and the great comms. I have just noted that you last push is not meeting DCO requirements apart from that i am happy to approve.

thanks again

uk-bolly

@anzoman
Replace service with systemd module
895d42b 
Signed-off-by: Anže Luzar <anze.luzar@xlab.si>
@anzoman
Use FQCNs in tasks/section_5/cis_5.5.x.yml
30667fd 
Signed-off-by: Anže Luzar <anze.luzar@xlab.si>
@anzoman
Use FQCN for user module
fd6be3b 
Signed-off-by: Anže Luzar <anze.luzar@xlab.si>
@anzoman
Use FQCN for debug module
2cde1d5 
Signed-off-by: Anže Luzar <anze.luzar@xlab.si>
@anzoman
Use name instead of list in package
7e98687 
Signed-off-by: Anže Luzar <anze.luzar@xlab.si>
@anzoman
Add that parameter and remove when for the assert module
aa610ce 
Signed-off-by: Anže Luzar <anze.luzar@xlab.si>
@uk-bolly uk-bolly merged commit 21614a6 into ansible-lockdown:devel Sep 15, 2023
3 checks passed
@anzoman anzoman deleted the steampunk-spotter-fixes branch September 18, 2023 16:50
@uk-bolly uk-bolly mentioned this pull request Mar 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions left review comments

@uk-bolly uk-bolly uk-bolly approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@anzoman @uk-bolly