Fix ansible lint for SLE platforms

[teacup-on-rockingchair]

Description:

• Fixes in SLES specific ansible to make lint checks pass

Rationale:

• Small patches in ansible remediations

• Fixes Many Ansible remediations for SLES fail ansible-lint tests #6726

ansible-lint-output.txt

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled' differs.
--- xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled
+++ xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled
@@ -36,7 +36,7 @@
     value: '1'
     no_extra_spaces: true
   loop: '{{ repo_grep_results.stdout |regex_findall( ''(.+\.repo):\[(.+)\]\n?'' )
-    if repo_grep_results is not skipped else []}}'
+    if repo_grep_results is not skipped else [] }}'
   when: repo_grep_results is not skipped
   tags:
   - CCE-80792-5

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_rsyslog_files_groupownership' differs.
--- xccdf_org.ssgproject.content_rule_rsyslog_files_groupownership
+++ xccdf_org.ssgproject.content_rule_rsyslog_files_groupownership
@@ -41,7 +41,7 @@
 - name: Ensure Log Files Are Owned By Appropriate Group - Get include files directives
   ansible.builtin.shell: |
     set -o pipefail
-    awk '/)/{f=0} /include\(/{f=1} f{nf=gensub("^(include\\(|\\s*)file=\"(\\S+)\".*","\\2",1); if($0!=nf){print nf}}' {{ rsyslog_etc_config }} || true
+    awk '/)/{f=0} /include\(/{f=1} f{ nf=gensub("^(include\\(|\\s*)file=\"(\\S+)\".*","\\2",1); if($0!=nf){ print nf }}' {{ rsyslog_etc_config }} || true
   register: rsyslog_new_inc
   changed_when: false
   when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_rsyslog_files_ownership' differs.
--- xccdf_org.ssgproject.content_rule_rsyslog_files_ownership
+++ xccdf_org.ssgproject.content_rule_rsyslog_files_ownership
@@ -41,7 +41,7 @@
 - name: Ensure Log Files Are Owned By Appropriate User - Get include files directives
   ansible.builtin.shell: |
     set -o pipefail
-    awk '/)/{f=0} /include\(/{f=1} f{nf=gensub("^(include\\(|\\s*)file=\"(\\S+)\".*","\\2",1); if($0!=nf){print nf}}' {{ rsyslog_etc_config }} || true
+    awk '/)/{f=0} /include\(/{f=1} f{ nf=gensub("^(include\\(|\\s*)file=\"(\\S+)\".*","\\2",1); if($0!=nf){ print nf }}' {{ rsyslog_etc_config }} || true
   register: rsyslog_new_inc
   changed_when: false
   when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_rsyslog_files_permissions' differs.
--- xccdf_org.ssgproject.content_rule_rsyslog_files_permissions
+++ xccdf_org.ssgproject.content_rule_rsyslog_files_permissions
@@ -41,7 +41,7 @@
 - name: Ensure System Log Files Have Correct Permissions - Get include files directives
   ansible.builtin.shell: |
     set -o pipefail
-    awk '/)/{f=0} /include\(/{f=1} f{nf=gensub("^(include\\(|\\s*)file=\"(\\S+)\".*","\\2",1); if($0!=nf){print nf}}' {{ rsyslog_etc_config }} || true
+    awk '/)/{f=0} /include\(/{f=1} f{ nf=gensub("^(include\\(|\\s*)file=\"(\\S+)\".*","\\2",1); if($0!=nf){ print nf }}' {{ rsyslog_etc_config }} || true
   register: rsyslog_new_inc
   changed_when: false
   when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands
+++ xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands
@@ -21,7 +21,7 @@
 - name: Ensure auditd Collects Information on the Use of Privileged Commands - Set
     List of Mount Points Which Permits Execution of Privileged Commands
   ansible.builtin.set_fact:
-    privileged_mount_points: '{{(ansible_facts.mounts | rejectattr(''options'', ''search'',
+    privileged_mount_points: '{{ (ansible_facts.mounts | rejectattr(''options'', ''search'',
       ''noexec|nosuid'') | rejectattr(''mount'', ''match'', ''/proc($|/.*$)'') | map(attribute=''mount'')
       | list ) }}'
   when:

[github-actions]

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:11911
This image was built from commit: 728536a

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:11911

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:11911 make deploy-local

[codeclimate]

Code Climate has analyzed commit 728536a and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.4% (0.0% change).

View more on Code Climate.

[marcusburghardt]

LGTM

[marcusburghardt]

The error in Automatus SLE15 / Run Tests (pull_request) seems legit but doesn't seem related to the changes in this PR. @teacup-on-rockingchair , could you take a look, please?