change: enable_authselect/ansible: use failed_when instead of ignore_…

…errors Commands can fail because of multiple reasons. Even external, so ignore_errors is not recommended. For "rpm -V" it is packages with issuers. man authselect: The authselect can return these exit codes: • 0: Success. • 1: Generic error. • 2: Profile or configuration was not found or the system was not configured with authselect. • 3: Current configuration is not valid, it was edited without authselect. • 4: System configuration must be overwritten to activate an authselect profile, --force parameter is needed. • 5: Executed command must be run as root. • 6: No configuration was detected. This fixes ansible-lint issue: ignore-errors Use failed_when and specify error conditions instead of using ignore_errors
marcusburghardt · Mar 26, 2023 · a7cdf35 · a7cdf35
1 parent 89dd0c0
commit a7cdf35
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml b/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml
@@ -9,14 +9,21 @@
 - name: Select authselect profile
   ansible.builtin.command:
     cmd: authselect select "{{ var_authselect_profile }}"
-  ignore_errors: yes
   register: result_authselect_select
+  failed_when: result_authselect_select.rc not in [0, 4]
 
 - name: Verify if PAM has been altered
   ansible.builtin.command:
     cmd: rpm -qV pam
   register: result_altered_authselect
   ignore_errors: yes
+  # return:
+  # - 0 if no alterations
+  # - otherwise: number of failured packages
+  #   We have 1 package here. So 1 it is.
+  failed_when: result_altered_authselect.rc not in [0, 1]
+  args:
+    warn: False
   when:
     - result_authselect_select is failed