From e7f7a1533a73d2df1f21a55f6fae748d452fa6aa Mon Sep 17 00:00:00 2001 From: Adam Miller Date: Mon, 4 Dec 2023 17:10:47 -0600 Subject: [PATCH] ensure /bin/bash with pipefail as per lint Signed-off-by: Adam Miller --- .../targets/authorized_key/tasks/comments.yml | 1 + .../targets/authorized_key/tasks/ssh_dss.yml | 1 + tests/integration/targets/mount/tasks/main.yml | 11 +++++++++++ .../integration/targets/seboolean/tasks/seboolean.yml | 5 +++++ tests/integration/targets/sysctl/tasks/main.yml | 2 ++ 5 files changed, 20 insertions(+) diff --git a/tests/integration/targets/authorized_key/tasks/comments.yml b/tests/integration/targets/authorized_key/tasks/comments.yml index 5947c31..c56ad6e 100644 --- a/tests/integration/targets/authorized_key/tasks/comments.yml +++ b/tests/integration/targets/authorized_key/tasks/comments.yml @@ -21,6 +21,7 @@ - name: Get the file content ansible.builtin.shell: set -o pipefail && cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC + executable: /bin/bash changed_when: false register: content diff --git a/tests/integration/targets/authorized_key/tasks/ssh_dss.yml b/tests/integration/targets/authorized_key/tasks/ssh_dss.yml index 610d3ca..7ab6769 100644 --- a/tests/integration/targets/authorized_key/tasks/ssh_dss.yml +++ b/tests/integration/targets/authorized_key/tasks/ssh_dss.yml @@ -241,6 +241,7 @@ - name: Get the file content ansible.builtin.shell: set -o pipefail && cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC + executable: /bin/bash changed_when: false register: content diff --git a/tests/integration/targets/mount/tasks/main.yml b/tests/integration/targets/mount/tasks/main.yml index ce6e10c..c6770e9 100644 --- a/tests/integration/targets/mount/tasks/main.yml +++ b/tests/integration/targets/mount/tasks/main.yml @@ -104,6 +104,7 @@ - name: Get mount options ansible.builtin.shell: set -o pipefail && mount | grep mount_dest | grep -E -w '(ro|read-only)' | wc -l + executable: /bin/bash changed_when: false register: remount_options @@ -272,6 +273,7 @@ - name: Get the last write time ansible.builtin.shell: "set -o pipefail && dumpe2fs /tmp/myfs.img 2>/dev/null | grep -i last write time: |cut -d: -f2-" + executable: /bin/bash changed_when: false register: last_write_time @@ -286,6 +288,7 @@ - name: Get again the last write time ansible.builtin.shell: "set -o pipefail && dumpe2fs /tmp/myfs.img 2>/dev/null | grep -i last write time: |cut -d: -f2-" + executable: /bin/bash changed_when: false register: last_write_time2 @@ -302,6 +305,7 @@ - name: Get remounted options (Linux only) ansible.builtin.shell: set -o pipefail && mount | grep myfs | grep -E -w 'noexec' | wc -l + executable: /bin/bash changed_when: false register: remounted_options @@ -570,6 +574,7 @@ - name: Get mountinfo ansible.builtin.shell: set -o pipefail && mount -v | awk '{print $3}' | grep '^/tmp/myfs$' | wc -l + executable: /bin/bash register: check_mountinfo changed_when: false @@ -582,6 +587,7 @@ - name: Get first mount record ansible.builtin.shell: set -o pipefail && mount -v | grep '/tmp/myfs' + executable: /bin/bash register: ephemeral_mount_record_1 changed_when: false @@ -596,11 +602,13 @@ - name: Get second mount record (should be different than the first) ansible.builtin.shell: set -o pipefail && mount -v | grep '/tmp/myfs' + executable: /bin/bash register: ephemeral_mount_record_2 changed_when: false - name: Get mountinfo ansible.builtin.shell: set -o pipefail && mount -v | awk '{print $3}' | grep '^/tmp/myfs$' | wc -l + executable: /bin/bash register: check_mountinfo changed_when: false @@ -623,11 +631,13 @@ - name: Get third mount record (should be the same than the second) ansible.builtin.shell: set -o pipefail && mount -v | grep '/tmp/myfs' + executable: /bin/bash register: ephemeral_mount_record_3 changed_when: false - name: Get mountinfo ansible.builtin.shell: set -o pipefail && mount -v | awk '{print $3}' | grep '^/tmp/myfs$' | wc -l + executable: /bin/bash register: check_mountinfo changed_when: false @@ -656,6 +666,7 @@ - name: Get mountinfo ansible.builtin.shell: set -o pipefail && mount -v | awk '{print $3}' | grep '^/tmp/myfs$' | wc -l + executable: /bin/bash register: check_mountinfo changed_when: false diff --git a/tests/integration/targets/seboolean/tasks/seboolean.yml b/tests/integration/targets/seboolean/tasks/seboolean.yml index 97584ef..b108ff8 100644 --- a/tests/integration/targets/seboolean/tasks/seboolean.yml +++ b/tests/integration/targets/seboolean/tasks/seboolean.yml @@ -30,11 +30,13 @@ - name: Get getsebool output preflight ansible.builtin.shell: set -o pipefail && semanage boolean -l | grep 'httpd_can_network_connect\W' + executable: /bin/bash changed_when: false register: getsebool_output_preflight - name: Cleanup ansible.builtin.shell: set -o pipefail && setsebool -P httpd_can_network_connect 0 + executable: /bin/bash changed_when: getsebool_output_preflight.stdout.startswith('httpd_can_network_connect --> on') - name: Set flag and don't keep it persistent @@ -45,6 +47,7 @@ - name: Get getsebool output ansible.builtin.shell: set -o pipefail && semanage boolean -l | grep 'httpd_can_network_connect\W' + executable: /bin/bash changed_when: false register: getsebool_output @@ -63,6 +66,7 @@ - name: Get getsebool output ansible.builtin.shell: set -o pipefail && semanage boolean -l | grep 'httpd_can_network_connect\W' + executable: /bin/bash changed_when: false register: getsebool_output @@ -84,6 +88,7 @@ - name: Get getsebool output ansible.builtin.shell: set -o pipefail && semanage boolean -l | grep 'httpd_can_network_connect\W' + executable: /bin/bash changed_when: false register: getsebool_output diff --git a/tests/integration/targets/sysctl/tasks/main.yml b/tests/integration/targets/sysctl/tasks/main.yml index a183842..eeb00a3 100644 --- a/tests/integration/targets/sysctl/tasks/main.yml +++ b/tests/integration/targets/sysctl/tasks/main.yml @@ -66,6 +66,7 @@ - name: Get file content ansible.builtin.shell: set -o pipefail && cat {{ output_dir_test }}/sysctl.conf | egrep -v ^\# + executable: /bin/bash changed_when: false register: sysctl_content0 @@ -101,6 +102,7 @@ - name: Get file content ansible.builtin.shell: set -o pipefail && cat {{ output_dir_test }}/sysctl.conf | egrep -v ^\# + executable: /bin/bash changed_when: false register: sysctl_content2