Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Breaking change in ansible-lint - set file permissions explicitly #299

Closed
danielkubat opened this issue Aug 18, 2020 · 0 comments · Fixed by #300
Closed

Breaking change in ansible-lint - set file permissions explicitly #299

danielkubat opened this issue Aug 18, 2020 · 0 comments · Fixed by #300
Assignees
@schurzi
Labels
enhancement minor os_hardening

Comments

@danielkubat
Copy link
Contributor

danielkubat commented Aug 18, 2020
edited
Loading

Describe the bug
Due to breaking change in recent ansible-lint release, we need to add file permissions (mode) - there are no default ones anymore due to security concerns.

ansible/ansible#71200

Expected behavior
ansible-lint pass without any failures.

Actual behavior

ansible-lint .
[208] File permissions not mentioned
tasks/sysctl.yml:71
Task/Handler: Apply ufw defaults

[208] File permissions not mentioned
tasks/yum.yml:21
Task/Handler: activate gpg-check for yum-repository-files

[208] File permissions not mentioned
tasks/yum.yml:32
Task/Handler: activate gpg-check for config files

OS / Environment
Not related to OS / Environment, but to the role itself.

Ansible Version

ansible 2.9.11, ansible-lint 4.3.1.dev2+g71a8522

Role Version

6.2.0

Additional context
N/A
@danielkubat danielkubat changed the title Breaking change in ansible-lint Breaking change in ansible-lint - set file permissions explicitly Aug 18, 2020
@danielkubat danielkubat mentioned this issue Aug 18, 2020
Merged
@schurzi schurzi self-assigned this Aug 18, 2020
rndmh3ro pushed a commit that referenced this issue Nov 6, 2020
Update changelog for collection
b416265 
This adds all labels to the line in the changelog:

- Breaking change in ansible-lint - set file permissions explicitly [\#299](#299) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-os-hardening/labels/minor)]

[minor] in this case. This will be used to tag the issues in the changelog according to the role, e.g. ssh_hardening

Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
rndmh3ro pushed a commit that referenced this issue Nov 7, 2020
Update changelog for collection
e7563dc 
This adds all labels to the line in the changelog:

- Breaking change in ansible-lint - set file permissions explicitly [\#299](#299) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-os-hardening/labels/minor)]

[minor] in this case. This will be used to tag the issues in the changelog according to the role, e.g. ssh_hardening

Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
@rndmh3ro rndmh3ro mentioned this issue Nov 7, 2020
Merged
rndmh3ro added a commit that referenced this issue Nov 8, 2020
@rndmh3ro
Update changelog for collection (#324)
b1db73b 
This adds all labels to the line in the changelog:

- Breaking change in ansible-lint - set file permissions explicitly [\#299](#299) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-os-hardening/labels/minor)]

[minor] in this case. This will be used to tag the issues in the changelog according to the role, e.g. ssh_hardening

Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@schurzi schurzi

Labels
enhancement minor os_hardening
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

file permissions explicitly defined
3 participants
@schurzi @rndmh3ro @danielkubat