Merge pull request #83 from ansible-lockdown/template_and_secrets

Template and secrets
2023-08-09 12:28:44 +01:00 · 2023-08-09 12:28:44 +01:00 · 5bedad6472
commit 5bedad6472
parent 83c4e5c7e5 dadeeab2c7
22 changed files with 29 additions and 110 deletions
--- a/.config/.secrets.baseline
+++ b/.config/.secrets.baseline
@ -109,6 +109,12 @@
    },
    {
      "path": "detect_secrets.filters.heuristic.is_templated_secret"
    },
    {
      "path": "detect_secrets.filters.regex.should_exclude_file",
      "pattern": [
        ".config/.gitleaks-report.json"
      ]
    }
  ],
  "results": {
@ -166,5 +172,5 @@
      }
    ]
  },
-  "generated_at": "2023-08-07T15:38:18Z"
+  "generated_at": "2023-08-09T08:11:03Z"
 }
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -1,34 +0,0 @@
 ---
 name: Report Issue
 about: Create a bug issue ticket to help us improve
 title: ''
 labels: bug
 assignees: ''
 ---
 **Describe the Issue**
 A clear and concise description of what the bug is.
 **Expected Behavior**
 A clear and concise description of what you expected to happen.
 **Actual Behavior**
 A clear and concise description of what's happening.
 **Control(s) Affected**
 What controls are being affected by the issue
 **Environment (please complete the following information):**
 - branch being used: [e.g. devel]
 - Ansible Version: [e.g. 2.10]
 - Host Python Version: [e.g. Python 3.7.6]
 - Ansible Server Python Version: [e.g. Python 3.7.6]
 - Additional Details:
 **Additional Notes**
 Anything additional goes here
 **Possible Solution**
 Enter a suggested fix here
--- a/.github/ISSUE_TEMPLATE/feature-request-or-enhancement.md
+++ b/.github/ISSUE_TEMPLATE/feature-request-or-enhancement.md
@ -1,22 +0,0 @@
 ---
 name: Feature Request or Enhancement
 about: Suggest an idea for this project
 title: ''
 labels: enhancement
 assignees: ''
 ---
 ## Feature Request or Enhancement
 - Feature []
 - Enhancement []
 **Summary of Request**
 A clear and concise description of what you want to happen.
 **Describe alternatives you've considered**
 A clear and concise description of any alternative solutions or features you've considered.
 **Suggested Code**
 Please provide any code you have in mind to fulfill the request
--- a/.github/ISSUE_TEMPLATE/question.md
+++ b/.github/ISSUE_TEMPLATE/question.md
@ -1,18 +0,0 @@
 ---
 name: Question
 about: Ask away.......
 title: ''
 labels: question
 assignees: ''
 ---
 **Question**
 Pose question here.
 **Environment (please complete the following information):**
 - Ansible Version: [e.g. 2.10]
 - Host Python Version: [e.g. Python 3.7.6]
 - Ansible Server Python Version: [e.g. Python 3.7.6]
 - Additional Details:
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -1,12 +0,0 @@
 **Overall Review of Changes:**
 A general description of the changes made that are being requested for merge
 **Issue Fixes:**
 Please list (using linking) any open issues this PR addresses
 **Enhancements:**
 Please list any enhancements/features that are not open issue tickets
 **How has this been tested?:**
 Please give an overview of how these changes were tested. If they were not please use N/A
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -33,15 +33,14 @@ repos:
  rev: v1.4.0
  hooks:
  - id: detect-secrets
-    args: ['--baseline', '.config/.secrets.baseline']
+    args: [ '--baseline', '.config/.secrets.baseline' ]
-    exclude: package.lock.json
+    exclude: .config/.gitleaks-report.json
 - repo: https://github.com/gitleaks/gitleaks
  rev: v8.17.0
  hooks:
  - id: gitleaks
-    args: ['--baseline-path','.config/.gitleaks-report.json']
+    args: ['--baseline-path', '.config/.gitleaks-report.json']
 - repo: https://github.com/ansible-community/ansible-lint
  rev: v6.17.2
--- a/README.md
+++ b/README.md
@ -22,7 +22,7 @@
 [![Main Pipeline Status](https://github.com/ansible-lockdown/RHEL9-CIS/actions/workflows/main_pipeline_validation.yml/badge.svg?)](https://github.com/ansible-lockdown/RHEL9-CIS/actions/workflows/main_pipeline_validation.yml)
 [![Devel Pipeline Status](https://github.com/ansible-lockdown/RHEL9-CIS/actions/workflows/devel_pipeline_validation.yml/badge.svg?)](https://github.com/ansible-lockdown/RHEL9-CIS/actions/workflows/devel_pipeline_validation.yml)
-![Devel Commits](https://img.shields.io/github/commit-activity/m/ansible-lockdown/RHEL9-CIS/devel?color=dark%20green&label=Devel%20Branch%20commits)
+![Devel Commits](https://img.shields.io/github/commit-activity/m/ansible-lockdown/RHEL9-CIS/devel?color=dark%20green&label=Devel%20Branch%20Commits)
 ![Issues Open](https://img.shields.io/github/issues-raw/ansible-lockdown/RHEL9-CIS?label=Open%20Issues)
 ![Issues Closed](https://img.shields.io/github/issues-closed-raw/ansible-lockdown/RHEL9-CIS?label=Closed%20Issues&&color=success)
--- a/tasks/section_1/cis_1.2.x.yml
+++ b/tasks/section_1/cis_1.2.x.yml
@ -17,7 +17,7 @@
      - name: "1.2.1 | AUDIT | Ensure GPG keys are configured | expected keys fail"
        ansible.builtin.fail:
-            msg: Installed GPG Keys do not meet expected values or keys installed that are not expected
+            msg: Installed GPG Keys do not meet expected values or expected keys are not installed
        when:
            - os_installed_pub_keys.rc == 1 or
              os_gpg_key_check.rc == 1