with_items to loop

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-24 22:23:06 +00:00 · 2023-01-26 08:30:26 +00:00 · 2023-01-26 08:30:26 +00:00 · 8694bfde75
commit 8694bfde75
parent 904d7811d4
4 changed files with 8 additions and 14 deletions
--- a/tasks/section_5/cis_5.3.x.yml
+++ b/tasks/section_5/cis_5.3.x.yml
@ -48,8 +48,7 @@
      regexp: '^([^#|{% if system_is_ec2 %}ec2-user{% endif %}].*)NOPASSWD(.*)'
      replace: '\1PASSWD\2'
      validate: '/usr/sbin/visudo -cf %s'
-  with_items:
-      - "{{ rhel9cis_sudoers_files.stdout_lines }}"
+  loop: "{{ rhel9cis_sudoers_files.stdout_lines }}"
  when:
      - rhel9cis_rule_5_3_4
  tags:
@ -65,8 +64,7 @@
      regexp: '^([^#].*)!authenticate(.*)'
      replace: '\1authenticate\2'
      validate: '/usr/sbin/visudo -cf %s'
-  with_items:
-      - "{{ rhel9cis_sudoers_files.stdout_lines }}"
+  loop: "{{ rhel9cis_sudoers_files.stdout_lines }}"
  when:
      - rhel9cis_rule_5_3_5
  tags:
@ -98,8 +96,7 @@
            regexp: 'timestamp_timeout=(\d+)'
            replace: "timestamp_timeout={{ rhel9cis_sudo_timestamp_timeout }}"
            validate: '/usr/sbin/visudo -cf %s'
-        with_items:
-            - "{{ rhel9cis_5_3_6_timeout_files.stdout_lines }}"
+        loop: "{{ rhel9cis_5_3_6_timeout_files.stdout_lines }}"
        when: rhel9cis_5_3_6_timeout_files.stdout | length > 0
  when:
      - rhel9cis_rule_5_3_6
--- a/tasks/section_5/cis_5.5.x.yml
+++ b/tasks/section_5/cis_5.5.x.yml
@ -7,7 +7,7 @@
            path: /etc/security/pwquality.conf
            regexp: ^{{ item.name }}
            line: "{{ item.name }} = {{ item.value }}"
-        with_items:
+        loop:
            - { name: minlen, value: "{{ rhel9cis_pam_password.minlen }}" }
            - { name: minclass, value: "{{ rhel9cis_pam_password.minclass }}" }

@ -37,7 +37,7 @@
      path: /etc/security/faillock.conf
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
-  with_items:
+  loop:
      - { regexp: '^\s*deny\s*=\s*[1-5]\b', line: 'deny = 5' }
      - { regexp: '^\s*unlock_time\s*=\s*(0|9[0-9][0-9]|[1-9][0-9][0-9][0-9]+)\b', line: 'unlock_time = 900' }
  when:
--- a/tasks/section_5/cis_5.6.1.x.yml
+++ b/tasks/section_5/cis_5.6.1.x.yml
@ -63,8 +63,7 @@

      - name: "5.6.1.4 | PATCH | Ensure inactive password lock is 30 days or less | Apply Inactive setting to existing accounts"
        ansible.builtin.shell: chage --inactive {{ rhel9cis_inactivelock.lock_days }} "{{ item }}"
-        with_items:
-            - "{{ rhel9cis_5_6_1_4_user_list.stdout_lines }}"
+        loop: "{{ rhel9cis_5_6_1_4_user_list.stdout_lines }}"
  when:
      - rhel9cis_rule_5_6_1_4
  tags:
@ -108,8 +107,7 @@
        when:
            - rhel9cis_5_6_1_5_user_list.stdout | length > 0
            - rhel9cis_futurepwchgdate_autofix
-        with_items:
-            - "{{ rhel9cis_5_6_1_5_user_list.stdout_lines }}"
+        loop: "{{ rhel9cis_5_6_1_5_user_list.stdout_lines }}"
  vars:
      warn_control_id: '5.6.1.5'
  when:
--- a/tasks/section_5/cis_5.6.x.yml
+++ b/tasks/section_5/cis_5.6.x.yml
@ -6,8 +6,7 @@
        ansible.builtin.user:
            name: "{{ item.id }}"
            shell: /usr/sbin/nologin
-        with_items:
-            - "{{ rhel9cis_passwd }}"
+        loop: "{{ rhel9cis_passwd }}"
        when:
            - item.id != "root"
            - item.id != "sync"