Merge pull request #11 from ansible-lockdown/audit_vars

Add the ability to pass/change environment variable- current workflow failure expected

defaults/main.yml

@@ -622,6 +622,12 @@ rhel9cis_passwd_label: "{{ (this_item | default(item)).id }}: {{ (this_item | de
 # 6.2.9
 rhel9cis_dotperm_ansiblemanaged: true
 #### Goss Configuration Settings ####
+# Set correct env for the run_audit.sh script from https://github.com/ansible-lockdown/{{ benchmark }}-Audit.git"
+audit_run_script_environment:
+    AUDIT_BIN: "{{ audit_bin }}"
+    AUDIT_FILE: 'goss.yml'
+    AUDIT_CONTENT_LOCATION: "{{ audit_out_dir }}"
+
 
 ### Goss binary settings ###
 goss_version:

tasks/post_remediation_audit.yml

@@ -2,6 +2,9 @@
 
 - name: "Post Audit | Run post_remediation {{ benchmark }} audit"
   shell: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -o {{ post_audit_outfile }} -g {{ group_names }}"
+  environment: "{{ audit_run_script_environment|default({}) }}"
+  changed_when: audit_run_post_remediation.rc == 0
+  register: audit_run_post_remediation
   args:
       warn: false
 

tasks/pre_remediation_audit.yml

@@ -86,6 +86,9 @@
 
 - name: "Pre Audit | Run pre_remediation {{ benchmark }} audit"
   shell: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -o {{ pre_audit_outfile }} -g {{ group_names }}"
+  environment: "{{ audit_run_script_environment|default({}) }}"
+  changed_when: audit_run_pre_remediation.rc == 0
+  register: audit_run_pre_remediation
   args:
       warn: false