Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Update state-labels for greater portability #450

Closed
1 of 4 tasks
ferricoxide opened this issue Sep 13, 2023 · 0 comments · Fixed by #451
Closed
1 of 4 tasks

[BUG] Update state-labels for greater portability #450

ferricoxide opened this issue Sep 13, 2023 · 0 comments · Fixed by #451

Comments

@ferricoxide
Copy link
Member

Describe the bug

The join-domain-formula's EL8 components references the PAM-modification content in the:

  • ash-linux/el8/STIGbyID/cat1/RHEL-08-no_pam_nullok.sls
  • ash-linux/el8/STIGbyID/cat2/RHEL-08-pam_faillock.sls
  • ash-linux/el8/STIGbyID/cat2/RHEL-08-pam_pwhistory.sls

Files. The relevant state-labels are not written in a way that is portably-referencible, breaking those references.

Severity

  • Completely Broken (No work-around evident)
  • Severely Broken (Work-around possible but difficult)
  • Moderately Broken (Trivial work-around)
  • Nuisance (Functions but untrapped errors can slip through)

To Reproduce
Steps to reproduce the behavior:

  1. Launch an EL8 EC2
  2. Run watchmaker with latest content for this formula and the join-domain-formula
  3. Watchmaker fails due to bad IDs when referencing the join-domain-formula states from the join-domain-formula states on EL8 platforms:
    Cannot extend ID 'Ensure Valid Starting Config (RHEL-08-no_pam_nullok)' in 'base:join-domain.elx.sssd'. It is not part of the high state.
This is likely due to a missing include statement or an incorrectly typed ID.
Ensure that a state with an ID of 'Ensure Valid Starting Config (RHEL-08-no_pam_nullok)' is available
in environment 'base' and to SLS 'join-domain.elx.sssd'
----------
    Cannot extend ID 'Ensure Valid Starting Config (RHEL-08-pam_pwhistory)' in 'base:join-domain.elx.sssd'. It is not part of the high state.
This is likely due to a missing include statement or an incorrectly typed ID.
Ensure that a state with an ID of 'Ensure Valid Starting Config (RHEL-08-pam_pwhistory)' is available
in environment 'base' and to SLS 'join-domain.elx.sssd'
----------
    Cannot extend ID 'Ensure Valid Starting Config (RHEL-08-pam_faillock)' in 'base:join-domain.elx.sssd'. It is not part of the high state.
This is likely due to a missing include statement or an incorrectly typed ID.
Ensure that a state with an ID of 'Ensure Valid Starting Config (RHEL-08-pam_faillock)' is available
in environment 'base' and to SLS 'join-domain.elx.sssd'

Expected behavior

References from join-domain-formula work on EL8+ platforms while the ash-linux-formula content continues to work on all ELx-versions

Deviance Description

Breaks watchmaker execution on EL8 systems where domain-join content has been activated

Screenshots

Additional context

Fix Suggestions

Update the state-labels in the ash-linux/el8/STIGbyID/cat1/RHEL-08-no_pam_nullok.sls, ash-linux/el8/STIGbyID/cat2/RHEL-08-pam_faillock.sls and ash-linux/el8/STIGbyID/cat2/RHEL-08-pam_pwhistory.sls files to replace the ({{ stig_id }}) label-tags with something more-portable.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove STIG-ID tags ferricoxide/ash-linux-formula
1 participant
@ferricoxide