Use fully qualified collection name for community.general.ini_file #13184

bontreger · 2025-03-14T20:25:52Z

Description:

Rationale:

Review Hints:

openshift-ci · 2025-03-14T20:26:03Z

Hi @bontreger. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

github-actions · 2025-03-14T20:36:41Z

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_disable_restart_shutdown' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_disable_restart_shutdown
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_disable_restart_shutdown
@@ -14,7 +14,7 @@
   - unknown_strategy
 
 - name: Disable the GNOME3 Login Restart and Shutdown Buttons
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/gdm.d/00-security-settings
     section: org/gnome/login-screen
     option: disable-restart-buttons

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_enable_smartcard_auth' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_enable_smartcard_auth
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_enable_smartcard_auth
@@ -16,7 +16,7 @@
   - unknown_strategy
 
 - name: Enable the GNOME3 Login Smartcard Authentication
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/gdm.d/00-security-settings
     section: org/gnome/login-screen
     option: enable-smartcard-authentication

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_lock_screen_on_smartcard_removal' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_lock_screen_on_smartcard_removal
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_lock_screen_on_smartcard_removal
@@ -30,7 +30,7 @@
   - unknown_strategy
 
 - name: Configure removal-action - default file
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d//00-security-settings
     section: org/gnome/settings-daemon/peripherals/smartcard
     option: removal-action
@@ -52,7 +52,7 @@
   - unknown_strategy
 
 - name: Configure removal-action - existing files
-  ini_file:
+  community.general.ini_file:
     dest: '{{ item.path }}'
     section: org/gnome/settings-daemon/peripherals/smartcard
     option: removal-action

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_login_retries' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_login_retries
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_login_retries
@@ -12,7 +12,7 @@
   - unknown_strategy
 
 - name: Enable the GNOME3 Login Number of Failures
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/gdm.d/00-security-settings
     section: org/gnome/login-screen
     option: allowed-failures

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login' differs.
--- xccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login
+++ xccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login
@@ -18,7 +18,7 @@
   - unknown_strategy
 
 - name: Disable GDM Automatic Login
-  ini_file:
+  community.general.ini_file:
     dest: /etc/gdm/custom.conf
     section: daemon
     option: AutomaticLoginEnable

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_gnome_gdm_disable_guest_login' differs.
--- xccdf_org.ssgproject.content_rule_gnome_gdm_disable_guest_login
+++ xccdf_org.ssgproject.content_rule_gnome_gdm_disable_guest_login
@@ -18,7 +18,7 @@
   - unknown_strategy
 
 - name: Disable GDM Guest Login
-  ini_file:
+  community.general.ini_file:
     dest: /etc/gdm/custom.conf
     section: daemon
     option: TimedLoginEnable

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_disable_automount' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_disable_automount
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_disable_automount
@@ -17,7 +17,7 @@
   - unknown_strategy
 
 - name: Disable GNOME3 Automounting - automount
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/desktop/media-handling
     option: automount

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_disable_autorun' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_disable_autorun
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_disable_autorun
@@ -15,7 +15,7 @@
   - unknown_strategy
 
 - name: Disable GNOME3 Automounting - autorun-never
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/desktop/media-handling
     option: autorun-never

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_disable_thumbnailers' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_disable_thumbnailers
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_disable_thumbnailers
@@ -13,7 +13,7 @@
   - unknown_strategy
 
 - name: Disable All GNOME3 Thumbnailers
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/desktop/thumbnailers
     option: disable-all

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_disable_wifi_create' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_disable_wifi_create
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_disable_wifi_create
@@ -11,7 +11,7 @@
   - unknown_strategy
 
 - name: Disable WiFi Network Connection Creation in GNOME3
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/nm-applet
     option: disable-wifi-create

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_disable_wifi_notification' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_disable_wifi_notification
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_disable_wifi_notification
@@ -11,7 +11,7 @@
   - unknown_strategy
 
 - name: Disable WiFi Network Notification in GNOME3
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/nm-applet
     option: suppress-wireless-networks-available

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_remote_access_credential_prompt' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_remote_access_credential_prompt
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_remote_access_credential_prompt
@@ -12,7 +12,7 @@
   - unknown_strategy
 
 - name: Require Credential Prompting for Remote Access in GNOME3
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/Vino
     option: authentication-methods

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_remote_access_encryption' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_remote_access_encryption
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_remote_access_encryption
@@ -15,7 +15,7 @@
   - unknown_strategy
 
 - name: Require Encryption for Remote Access in GNOME3
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/Vino
     option: require-encryption

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_activation_enabled' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_activation_enabled
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_activation_enabled
@@ -18,7 +18,7 @@
   - unknown_strategy
 
 - name: Enable GNOME3 Screensaver Idle Activation
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/desktop/screensaver
     option: idle-activation-enabled

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_delay' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_delay
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_delay
@@ -24,7 +24,7 @@
     - always
 
 - name: Set GNOME3 Screensaver Inactivity Timeout
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/desktop/session
     option: idle-delay

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_delay' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_delay
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_delay
@@ -23,7 +23,7 @@
     - always
 
 - name: Set GNOME3 Screensaver Lock Delay After Activation Period
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/desktop/screensaver
     option: lock-delay

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled
@@ -40,7 +40,7 @@
   - unknown_strategy
 
 - name: Enable GNOME3 Screensaver Lock After Idle Period
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/desktop/screensaver
     option: lock-enabled
@@ -94,7 +94,7 @@
   - unknown_strategy
 
 - name: Enable GNOME3 Screensaver Lock After Idle Period
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/desktop/lockdown
     option: disable-lock-screen

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_mode_blank' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_mode_blank
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_mode_blank
@@ -19,7 +19,7 @@
   - unknown_strategy
 
 - name: Implement Blank Screensaver
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/desktop/screensaver
     option: picture-uri

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_info' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_info
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_info
@@ -11,7 +11,7 @@
   - unknown_strategy
 
 - name: Disable Full Username on Splash Screen
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/desktop/screensaver
     option: show-full-name-in-top-bar

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_disable_ctrlaltdel_reboot' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_disable_ctrlaltdel_reboot
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_disable_ctrlaltdel_reboot
@@ -16,7 +16,7 @@
   - unknown_strategy
 
 - name: Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/settings-daemon/plugins/media-keys
     option: logout

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_disable_geolocation' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_disable_geolocation
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_disable_geolocation
@@ -10,7 +10,7 @@
   - unknown_strategy
 
 - name: Disable Geolocation in GNOME3 - location tracking
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/system/location
     option: enabled
@@ -29,7 +29,7 @@
   - unknown_strategy
 
 - name: Disable Geolocation in GNOME3 - clock location tracking
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d/00-security-settings
     section: org/gnome/clocks
     option: gelocation

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_disable_user_admin' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_disable_user_admin
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_disable_user_admin
@@ -30,7 +30,7 @@
   - unknown_strategy
 
 - name: Configure user-administration-disabled - default file
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/local.d//00-security-settings
     section: org/gnome/desktop/lockdown
     option: user-administration-disabled
@@ -52,7 +52,7 @@
   - unknown_strategy
 
 - name: Configure user-administration-disabled - existing files
-  ini_file:
+  community.general.ini_file:
     dest: '{{ item.path }}'
     section: org/gnome/desktop/lockdown
     option: user-administration-disabled

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates' differs.
--- xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates
+++ xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates
@@ -14,7 +14,7 @@
   - unknown_strategy
 
 - name: Configure dnf-automatic to Install Available Updates Automatically
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dnf/automatic.conf
     section: commands
     option: apply_updates

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dnf-automatic_security_updates_only' differs.
--- xccdf_org.ssgproject.content_rule_dnf-automatic_security_updates_only
+++ xccdf_org.ssgproject.content_rule_dnf-automatic_security_updates_only
@@ -14,7 +14,7 @@
   - unknown_strategy
 
 - name: Configure dnf-automatic to Install Only Security Updates
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dnf/automatic.conf
     section: commands
     option: upgrade_type

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_enable_gpgcheck_for_all_repositories' differs.
--- xccdf_org.ssgproject.content_rule_enable_gpgcheck_for_all_repositories
+++ xccdf_org.ssgproject.content_rule_enable_gpgcheck_for_all_repositories
@@ -18,7 +18,7 @@
 
 - name: 'Ensure gpgcheck Is Enabled for All Package Repositories: Set gpgcheck=1 for
     each yum repo'
-  ini_file:
+  community.general.ini_file:
     path: '{{ item[0] }}'
     section: '{{ item[1] }}'
     option: gpgcheck

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated' differs.
--- xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated
+++ xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated
@@ -26,7 +26,7 @@
   - no_reboot_needed
 
 - name: Ensure GPG check is globally activated
-  ini_file:
+  community.general.ini_file:
     dest: /etc/yum.conf
     section: main
     option: gpgcheck

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages' differs.
--- xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages
+++ xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages
@@ -33,7 +33,7 @@
     when: pkg.stat.lnk_target is defined
 
   - name: Ensure GPG check Enabled for Local Packages (yum)
-    ini_file:
+    community.general.ini_file:
       dest: '{{ pkg_config_file_symlink |  default("/etc/yum.conf") }}'
       section: main
       option: localpkg_gpgcheck

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled' differs.
--- xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled
+++ xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled
@@ -29,7 +29,7 @@
   - no_reboot_needed
 
 - name: Set gpgcheck=1 for each yum repo
-  ini_file:
+  community.general.ini_file:
     path: '{{ item[0] }}'
     section: '{{ item[1] }}'
     option: gpgcheck

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled
@@ -16,7 +16,7 @@
   - unknown_strategy
 
 - name: Enable GNOME3 Login Warning Banner
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/gdm.d/00-security-settings
     section: org/gnome/login-screen
     option: banner-message-enable

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text' differs.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text
@@ -68,7 +68,7 @@
   - unknown_strategy
 
 - name: Set the GNOME3 Login Warning Banner Text
-  ini_file:
+  community.general.ini_file:
     dest: /etc/dconf/db/gdm.d/00-security-settings
     section: org/gnome/login-screen
     option: banner-message-text

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_journald_compress' differs.
--- xccdf_org.ssgproject.content_rule_journald_compress
+++ xccdf_org.ssgproject.content_rule_journald_compress
@@ -51,7 +51,7 @@
 
 - name: Ensure journald is configured to compress large log files - Add missing configuration
     to correct section
-  ini_file:
+  community.general.ini_file:
     path: '{{item}}'
     section: Journal
     option: Compress
@@ -74,7 +74,7 @@
 
 - name: Ensure journald is configured to compress large log files - Add configuration
     to new remediation file
-  ini_file:
+  community.general.ini_file:
     path: /etc/systemd/journald.conf.d/complianceascode_hardening.conf
     section: Journal
     option: Compress

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_journald_forward_to_syslog' differs.
--- xccdf_org.ssgproject.content_rule_journald_forward_to_syslog
+++ xccdf_org.ssgproject.content_rule_journald_forward_to_syslog
@@ -51,7 +51,7 @@
 
 - name: Ensure journald is configured to send logs to rsyslog - Add missing configuration
     to correct section
-  ini_file:
+  community.general.ini_file:
     path: '{{item}}'
     section: Journal
     option: ForwardToSyslog
@@ -74,7 +74,7 @@
 
 - name: Ensure journald is configured to send logs to rsyslog - Add configuration
     to new remediation file
-  ini_file:
+  community.general.ini_file:
     path: /etc/systemd/journald.conf.d/complianceascode_hardening.conf
     section: Journal
     option: ForwardToSyslog

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_journald_storage' differs.
--- xccdf_org.ssgproject.content_rule_journald_storage
+++ xccdf_org.ssgproject.content_rule_journald_storage
@@ -51,7 +51,7 @@
 
 - name: Ensure journald is configured to write log files to persistent disk - Add
     missing configuration to correct section
-  ini_file:
+  community.general.ini_file:
     path: '{{item}}'
     section: Journal
     option: Storage
@@ -74,7 +74,7 @@
 
 - name: Ensure journald is configured to write log files to persistent disk - Add
     configuration to new remediation file
-  ini_file:
+  community.general.ini_file:
     path: /etc/systemd/journald.conf.d/complianceascode_hardening.conf
     section: Journal
     option: Storage

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_network_nmcli_permissions' differs.
--- xccdf_org.ssgproject.content_rule_network_nmcli_permissions
+++ xccdf_org.ssgproject.content_rule_network_nmcli_permissions
@@ -16,7 +16,7 @@
   - restrict_strategy
 
 - name: Ensure non-privileged users do not have access to nmcli
-  ini_file:
+  community.general.ini_file:
     path: /etc/polkit-1/localauthority/20-org.d/10-nm-harden-access.pkla
     section: Disable General User Access to NetworkManager
     option: '{{ item.option }}'

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sssd_certificate_verification' differs.
--- xccdf_org.ssgproject.content_rule_sssd_certificate_verification
+++ xccdf_org.ssgproject.content_rule_sssd_certificate_verification
@@ -18,7 +18,7 @@
     - always
 
 - name: Ensure that "certificate_verification" is not set in /etc/sssd/sssd.conf
-  ini_file:
+  community.general.ini_file:
     path: /etc/sssd/sssd.conf
     section: sssd
     option: certificate_verification
@@ -37,7 +37,7 @@
   - sssd_certificate_verification
 
 - name: Ensure that "certificate_verification" is not set in  /etc/sssd/conf.d/*.conf
-  ini_file:
+  community.general.ini_file:
     path: /etc/sssd/conf.d/*.conf
     section: sssd
     option: certificate_verification
@@ -56,7 +56,7 @@
   - sssd_certificate_verification
 
 - name: Ensure that "certificate_verification" is set
-  ini_file:
+  community.general.ini_file:
     path: /etc/sssd/conf.d/certificate_verification.conf
     section: sssd
     option: certificate_verification

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sssd_enable_pam_services' differs.
--- xccdf_org.ssgproject.content_rule_sssd_enable_pam_services
+++ xccdf_org.ssgproject.content_rule_sssd_enable_pam_services
@@ -112,7 +112,7 @@
   - sssd_enable_pam_services
 
 - name: Configure PAM in SSSD Services - Insert entry to /etc/sssd/sssd.conf
-  ini_file:
+  community.general.ini_file:
     path: /etc/sssd/sssd.conf
     section: sssd
     option: services

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sssd_enable_smartcards' differs.
--- xccdf_org.ssgproject.content_rule_sssd_enable_smartcards
+++ xccdf_org.ssgproject.content_rule_sssd_enable_smartcards
@@ -31,7 +31,7 @@
   - sssd_enable_smartcards
 
 - name: Add default domain group (if no domain there)
-  ini_file:
+  community.general.ini_file:
     path: /etc/sssd/sssd.conf
     section: '{{ item.section }}'
     option: '{{ item.option }}'
@@ -61,7 +61,7 @@
   - sssd_enable_smartcards
 
 - name: Enable Smartcards in SSSD
-  ini_file:
+  community.general.ini_file:
     dest: /etc/sssd/sssd.conf
     section: pam
     option: pam_cert_auth

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sssd_memcache_timeout' differs.
--- xccdf_org.ssgproject.content_rule_sssd_memcache_timeout
+++ xccdf_org.ssgproject.content_rule_sssd_memcache_timeout
@@ -36,7 +36,7 @@
   - unknown_strategy
 
 - name: Add default domain group (if no domain there)
-  ini_file:
+  community.general.ini_file:
     path: /etc/sssd/sssd.conf
     section: '{{ item.section }}'
     option: '{{ item.option }}'
@@ -66,7 +66,7 @@
   - unknown_strategy
 
 - name: Configure SSSD's Memory Cache to Expire
-  ini_file:
+  community.general.ini_file:
     dest: /etc/sssd/sssd.conf
     section: nss
     option: memcache_timeout

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sssd_offline_cred_expiration' differs.
--- xccdf_org.ssgproject.content_rule_sssd_offline_cred_expiration
+++ xccdf_org.ssgproject.content_rule_sssd_offline_cred_expiration
@@ -33,7 +33,7 @@
   - sssd_offline_cred_expiration
 
 - name: Add default domain group (if no domain there)
-  ini_file:
+  community.general.ini_file:
     path: /etc/sssd/sssd.conf
     section: '{{ item.section }}'
     option: '{{ item.option }}'
@@ -64,7 +64,7 @@
   - sssd_offline_cred_expiration
 
 - name: Configure SSD to Expire Offline Credentials
-  ini_file:
+  community.general.ini_file:
     dest: /etc/sssd/sssd.conf
     section: pam
     option: offline_credentials_expiration

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sssd_ssh_known_hosts_timeout' differs.
--- xccdf_org.ssgproject.content_rule_sssd_ssh_known_hosts_timeout
+++ xccdf_org.ssgproject.content_rule_sssd_ssh_known_hosts_timeout
@@ -36,7 +36,7 @@
   - unknown_strategy
 
 - name: Add default domain group (if no domain there)
-  ini_file:
+  community.general.ini_file:
     path: /etc/sssd/sssd.conf
     section: '{{ item.section }}'
     option: '{{ item.option }}'
@@ -66,7 +66,7 @@
   - unknown_strategy
 
 - name: Configure SSSD to Expire SSH Known Hosts
-  ini_file:
+  community.general.ini_file:
     dest: /etc/sssd/sssd.conf
     section: ssh
     option: ssh_known_hosts_timeout

jan-cerny · 2025-03-17T09:18:28Z

The testing farm failures are caused by infrastructure outage and shouldn't be directly caused by the contents of this PR. Please bear with us, I will try to issue a rerun.

jan-cerny · 2025-03-17T09:18:35Z

/packit build

codeclimate · 2025-03-17T12:07:21Z

Code Climate has analyzed commit b0365db and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 61.9% (0.0% change).

View more on Code Climate.

jan-cerny

LGTM. I was able to succefully run automatus tests on sssd_certificate_verification.

Use fully qualified collection name for community.general.ini_file

c08b08e

openshift-ci bot added the needs-ok-to-test Used by openshift-ci bot. label Mar 14, 2025

bontreger added 2 commits March 14, 2025 16:31

Update shared.yml

282a8a7

Update shared.yml

b0365db

jan-cerny self-assigned this Mar 18, 2025

jan-cerny added this to the 0.1.77 milestone Mar 18, 2025

jan-cerny added the Ansible Ansible remediation update. label Mar 18, 2025

jan-cerny approved these changes Mar 18, 2025

View reviewed changes

jan-cerny merged commit b2c72e8 into ComplianceAsCode:master Mar 18, 2025
95 of 100 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use fully qualified collection name for community.general.ini_file #13184

Use fully qualified collection name for community.general.ini_file #13184

bontreger commented Mar 14, 2025

openshift-ci bot commented Mar 14, 2025

github-actions bot commented Mar 14, 2025

jan-cerny commented Mar 17, 2025

jan-cerny commented Mar 17, 2025

codeclimate bot commented Mar 17, 2025

jan-cerny left a comment

Use fully qualified collection name for community.general.ini_file #13184

Use fully qualified collection name for community.general.ini_file #13184

Conversation

bontreger commented Mar 14, 2025

Description:

Rationale:

Review Hints:

openshift-ci bot commented Mar 14, 2025

github-actions bot commented Mar 14, 2025

jan-cerny commented Mar 17, 2025

jan-cerny commented Mar 17, 2025

codeclimate bot commented Mar 17, 2025

jan-cerny left a comment

Choose a reason for hiding this comment