Fix Ansible Tasks order

In #11033, we have switched to a new script for generating profile oriented Ansible Playbooks. Unfortunately, when Python 2 is used the generated Ansible Playbooks don't preserve the order of Ansible Tasks in the order defined in the SCAP source data stream. The wrong order of Ansible Tasks in a Playbook might cause an unexpected conflict between them during the run, for example #11104. The root cause of the problem is that dictionaries in Python 2 don't preserve order of elements but starting from Python 3.6 the dictionaries preserve order of its elements. Fixes: #11104
ComplianceAsCode · Sep 14, 2023 · b86685b · b86685b
1 parent f0d2c92
commit b86685b
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/build-scripts/generate_profile_remediations.py b/build-scripts/generate_profile_remediations.py
@@ -1,6 +1,7 @@
 #!/usr/bin/python3
 
 import argparse
+import collections
 import os
 import re
 import xml.etree.ElementTree as ET
@@ -192,7 +193,7 @@ def get_benchmark_data(self):
         self.variables = get_all_variables(benchmark)
 
     def load_all_remediations(self, benchmark):
-        self.remediations = {}
+        self.remediations = collections.OrderedDict()
         rule_xpath = ".//{%s}Rule" % (XCCDF12_NS)
         for rule_el in benchmark.findall(rule_xpath):
             rule_id = rule_el.get("id")
@@ -238,7 +239,7 @@ def create_output_ansible(self, profile_el):
     def collect_ansible_vars_and_tasks(self, profile_el):
         selected_rules = get_selected_rules(profile_el)
         refinements = get_value_refinenements(profile_el)
-        all_vars = {}
+        all_vars = collections.OrderedDict()
         all_tasks = []
         for rule_id, fix_el in self.remediations.items():
             if rule_id not in selected_rules: