Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

getent task is skipped if user previously ran it with a key parameter #646

Closed
gbolo opened this issue Mar 6, 2023 · 0 comments
Closed

getent task is skipped if user previously ran it with a key parameter #646

gbolo opened this issue Mar 6, 2023 · 0 comments
Labels
bug

Comments

@gbolo
Copy link
Contributor

gbolo commented Mar 6, 2023

Description

if the user previously successfully called ansible.builtin.getent with a valid key parameter, this results in a fact getent_passwd that has a length of 1 (only the user specified in the key is returned instead of ALL users).

However, the logic in the os_hardening role's task does not consider this possibility, since it simply skips the getent task if the fact getent_passwd is defined

- name: Read local linux user database
  getent:
    database: passwd
    # creates a dict for each user containing UID/HOMEDIR etc...
  when: getent_passwd is undefined  # skip this task if "getent" has run before

this may cause unintended consequences later ;)

{
  "msg": "'root_users' is undefined. 'root_users' is undefined",
  "_ansible_no_log": false
}

Reproduction steps

run a `get_ent` task with a `key` before calling the `os_hardening` role

Current Behavior

{
  "msg": "'root_users' is undefined. 'root_users' is undefined",
  "_ansible_no_log": false
}

Expected Behavior

root_users is defined

OS / Environment

N/A

Ansible Version

N/A

Collection Version

8.6

Additional information

you should probably only skip the task if its not defined or has a length of 1
@gbolo gbolo added the bug label Mar 6, 2023
gbolo added a commit to gbolo/ansible-collection-hardening that referenced this issue Mar 6, 2023
@gbolo
fixes dev-sec#646 - add another condition to getent task
b7d0e03
@gbolo gbolo mentioned this issue Mar 6, 2023
Merged
gbolo added a commit to gbolo/ansible-collection-hardening that referenced this issue Mar 6, 2023
@gbolo
fixes dev-sec#646 - add another condition to getent task
eab6f6d 
Signed-off-by: gbolo <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gbolo