QA Fixes

Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>
2026-03-25 22:37:11 +00:00 · 2025-06-16 17:18:08 -04:00 · 2025-06-16 17:18:08 -04:00 · acacb7a6bc
commit acacb7a6bc
parent 38a173546c
4 changed files with 6 additions and 11 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -17,9 +17,7 @@
    success_msg: "This role is running a supported version of ansible {{ ansible_version.full }} >= {{ min_ansible_version }}"

 - name: "Setup rules if container"
-  when:
-    - ansible_connection == 'docker' or
-      ansible_facts.virtualization_type in ["docker", "lxc", "openvz", "podman", "container"]
+  when: ansible_connection == 'docker' or ansible_facts.virtualization_type in ["docker", "lxc", "openvz", "podman", "container"]
  tags:
    - container_discovery
    - always
@ -101,8 +99,7 @@

        - name: "Check account is not locked for {{ ansible_env.SUDO_USER }} | Assert local account not locked"  # noqa name[template]
          ansible.builtin.assert:
-            that:
-              - not prelim_ansible_user_password_set.stdout.startswith("!")
+            that: not prelim_ansible_user_password_set.stdout.startswith("!")
            fail_msg: "You have {{ sudo_password_rule }} enabled but the user = {{ ansible_env.SUDO_USER }} is locked - It can break access"
            success_msg: "The local account is not locked for {{ ansible_env.SUDO_USER }} user"

--- a/tasks/pre_remediation_audit.yml
+++ b/tasks/pre_remediation_audit.yml
@ -1,4 +1,5 @@
 ---
+
 - name: Pre Audit Setup | Setup the LE audit
  when: setup_audit
  tags: setup_audit
--- a/tasks/prelim.yml
+++ b/tasks/prelim.yml
@ -191,8 +191,7 @@

 - name: "PRELIM | PATCH | Install dconf if gui installed"
  when: rhel9cis_gui
-  tags:
-    - always
+  tags: always
  ansible.builtin.package:
    name: dconf
    state: present
@ -201,8 +200,7 @@
  when:
    - rhel9cis_rule_3_1_2
    - not system_is_container
-  tags:
-    - always
+  tags: always
  block:
    - name: "PRELIM | AUDIT | Discover is wireless adapter on system"
      ansible.builtin.command: find /sys/class/net/*/ -type d -name wireless
--- a/tasks/section_1/cis_1.1.1.x.yml
+++ b/tasks/section_1/cis_1.1.1.x.yml
@ -27,8 +27,7 @@
        mode: 'go-rwx'

    - name: "1.1.1.1 | PATCH | Ensure cramfs kernel module is not available | Disable cramfs"
-      when:
-        - not system_is_container
+      when: not system_is_container
      community.general.modprobe:
        name: cramfs
        state: absent