From 8fa067f61c2cddcabcbf40e0fee54b95459fd8de Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 18 Jan 2022 10:11:44 +0000
Subject: [PATCH] container standards

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 defaults/main.yml               | 2 +-
 local.yml                       | 5 +----
 site.yml                        | 4 ----
 tasks/section_2/cis_2.2.1.x.yml | 4 ++--
 tasks/section_6/cis_6.2.x.yml   | 6 ++++--
 5 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 1bffc3f..1ec968e 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,7 +2,7 @@
 # defaults file for rhel9-cis
 
 rhel9cis_skip_for_travis: false
-rhel9cis_system_is_container: false
+system_is_container: false
 # rhel9cis is left off the front of this var for consistency in testing pipeline
 # system_is_ec2 toggle will disable tasks that fail on Amazon EC2 instances. Set true to skip and false to run tasks
 system_is_ec2: false
diff --git a/local.yml b/local.yml
index 2c649b2..3f17560 100644
--- a/local.yml
+++ b/local.yml
@@ -3,10 +3,7 @@
 - hosts: localhost
   connection: local
   become: true
-  vars:
-      is_container: false
 
   roles:
   - role: "{{ playbook_dir }}"
-    rhel9cis_system_is_container: "{{ is_container | default(false) }}"
-    rhel9cis_skip_for_travis: false
+
diff --git a/site.yml b/site.yml
index 2763e43..379549f 100644
--- a/site.yml
+++ b/site.yml
@@ -1,11 +1,7 @@
 ---
 - hosts: all
   become: true
-  vars:
-      is_container: false
 
   roles:
 
       - role: "{{ playbook_dir }}"
-        rhel9cis_system_is_container: "{{ is_container | default(false) }}"
-        rhel9cis_skip_for_travis: false
diff --git a/tasks/section_2/cis_2.2.1.x.yml b/tasks/section_2/cis_2.2.1.x.yml
index 78f52ae..8b8b39c 100644
--- a/tasks/section_2/cis_2.2.1.x.yml
+++ b/tasks/section_2/cis_2.2.1.x.yml
@@ -6,7 +6,7 @@
       state: present
   when:
       - rhel9cis_rule_2_2_1_1
-      - not rhel9cis_system_is_container
+      - not system_is_container
   tags:
       - level1-server
       - level1-workstation
@@ -34,7 +34,7 @@
   when:
       - rhel9cis_time_synchronization == "chrony"
       - rhel9cis_rule_2_2_1_2
-      - not rhel9cis_system_is_container
+      - not system_is_container
   tags:
       - level1-server
       - level1-workstation
diff --git a/tasks/section_6/cis_6.2.x.yml b/tasks/section_6/cis_6.2.x.yml
index b618417..ad51121 100644
--- a/tasks/section_6/cis_6.2.x.yml
+++ b/tasks/section_6/cis_6.2.x.yml
@@ -177,7 +177,8 @@
             recursive: true
             etype: "{{ item.1.etype }}"
             permissions: "{{ item.1.mode }}"
-        when: not rhel9cis_system_is_container
+        when: 
+            - not system_is_container
         with_nested:
             - "{{ (ansible_check_mode | ternary(rhel_09_6_2_7_patch_audit, rhel_09_6_2_7_patch)).results |
               rejectattr('skipped', 'defined') | map(attribute='item') | map('first') | list }}"
@@ -541,7 +542,8 @@
             recursive: true
             etype: "{{ item.1.etype }}"
             permissions: "{{ item.1.mode }}"
-        when: not rhel9cis_system_is_container
+        when: 
+            - not system_is_container
         with_nested:
             - "{{ (ansible_check_mode | ternary(rhel_09_6_2_20_patch_audit, rhel_09_6_2_20_patch)).results |
               rejectattr('skipped', 'defined') | map(attribute='item') | map('first') | list }}"