From 366b8e96e7b8e44fc580a2ee0c27987712fba829 Mon Sep 17 00:00:00 2001 From: Carlos Matos Date: Tue, 18 Aug 2020 17:23:13 -0400 Subject: [PATCH] Updating when clause to prevent issue with tasks not being applied on vm's --- ssg/build_remediations.py | 3 +-- tests/unit/ssg-module/data/ansible-resolved.yml | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/ssg/build_remediations.py b/ssg/build_remediations.py index dea9eb1f64d..a9ef3014ac0 100644 --- a/ssg/build_remediations.py +++ b/ssg/build_remediations.py @@ -346,8 +346,7 @@ def _get_rule_reference(self, ref_class): def update_when_from_rule(self, to_update): additional_when = "" if self.associated_rule.platform == "machine": - additional_when = ('ansible_virtualization_role != "guest" ' - 'or ansible_virtualization_type != "docker"') + additional_when = 'ansible_virtualization_type not in ["docker", "lxc", "openvz"]' to_update.setdefault("when", "") new_when = ssg.yaml.update_yaml_list_or_string(to_update["when"], additional_when) if not new_when: diff --git a/tests/unit/ssg-module/data/ansible-resolved.yml b/tests/unit/ssg-module/data/ansible-resolved.yml index 87af7eb6905..953460db48e 100644 --- a/tests/unit/ssg-module/data/ansible-resolved.yml +++ b/tests/unit/ssg-module/data/ansible-resolved.yml @@ -2,7 +2,7 @@ stat: path: /boot/grub2/grub.cfg register: file_exists - when: ansible_virtualization_role != "guest" or ansible_virtualization_type != "docker" + when: ansible_virtualization_type not in ["docker", "lxc", "openvz"] tags: - file_owner_grub2_cfg - medium_severity @@ -22,7 +22,7 @@ owner: 0 when: - file_exists.stat.exists - - ansible_virtualization_role != "guest" or ansible_virtualization_type != "docker" + - ansible_virtualization_type not in ["docker", "lxc", "openvz"] tags: - file_owner_grub2_cfg - medium_severity