Improve Bash macro name and description

The name "bash_validate_authselect_custom_profile" was not so intuitive about the variables defined there. On the other hand, the equivalent macro in Ansible was much clearer. In order to make it more readable, the macro was renamed to "bash_ensure_pam_variables_and_authselect_profile" and a more complete description was included. It is now more readble and more aligned to the equivalent in Ansible.
ComplianceAsCode · Dec 21, 2022 · d74855f · d74855f
1 parent 2c5b9e1
commit d74855f
Showing 1 changed file with 11 additions and 7 deletions.
diff --git a/shared/macros/10-bash.jinja b/shared/macros/10-bash.jinja
@@ -1043,12 +1043,16 @@ fi
 {{%- endmacro -%}}
 
 {{#
-    Validate an authselect custom profile.
-    This sequence of commands is used in multiple places. This macro avoids duplicated code.
+    Validate an authselect custom profile integrity and ensures the correct file path is defined
+    in the "PAM_FILE_PATH" variable. The macros which change PAM files are the same regardless of
+    using authselect or not. The only change is the file path. However, this file path can change
+    depending on the custom profile name used in the system. So, based on the informed PAM file,
+    the macro will properly locate the correct profile and file to be edited in the authselect
+    context. This sequence of commands is used in multiple PAM related macros.
 
     :param pam_file:    PAM config file.
 #}}
-{{%- macro bash_validate_authselect_custom_profile(pam_file) -%}}
+{{%- macro bash_ensure_pam_variables_and_authselect_profile(pam_file) -%}}
 {{{ bash_check_authselect_integrity() }}}
 {{{ bash_ensure_authselect_custom_profile() }}}
 PAM_FILE_NAME=$(basename "{{{ pam_file }}}")
@@ -1074,7 +1078,7 @@ if [ -f /usr/bin/authselect ]; then
     if authselect list-features minimal | grep -q with-pwhistory; then
         {{{ bash_enable_authselect_feature('with-pwhistory') | indent(8) }}}
     else
-        {{{ bash_validate_authselect_custom_profile(pam_file) | indent(8) }}}
+        {{{ bash_ensure_pam_variables_and_authselect_profile(pam_file) | indent(8) }}}
         {{{ bash_ensure_pam_module_line("$PAM_FILE_PATH", 'password', control, 'pam_pwhistory.so', after_match) | indent(8) }}}
     fi
 else
@@ -1115,7 +1119,7 @@ if [ -f $PWHISTORY_CONF ]; then
 else
     PAM_FILE_PATH="{{{ pam_file }}}"
     if [ -f /usr/bin/authselect ]; then
-        {{{ bash_validate_authselect_custom_profile(pam_file) | indent(8) }}}
+        {{{ bash_ensure_pam_variables_and_authselect_profile(pam_file) | indent(8) }}}
     fi
     {{{ bash_ensure_pam_module_option("$PAM_FILE_PATH", 'password', 'requisite', 'pam_pwhistory.so', option, value, '') | indent(4) }}}
     if [ -f /usr/bin/authselect ]; then
@@ -2149,7 +2153,7 @@ fi
 if [ -e "{{{ pam_file }}}" ] ; then
     PAM_FILE_PATH="{{{ pam_file }}}"
     if [ -f /usr/bin/authselect ]; then
-        {{{ bash_validate_authselect_custom_profile(pam_file) | indent(8) }}}
+        {{{ bash_ensure_pam_variables_and_authselect_profile(pam_file) | indent(8) }}}
     fi
     {{%- if option == '' %}}
     {{{ bash_ensure_pam_module_line("$PAM_FILE_PATH", group, control, module, after_match) }}}
@@ -2180,7 +2184,7 @@ fi
 if [ -e "{{{ pam_file }}}" ] ; then
     PAM_FILE_PATH="{{{ pam_file }}}"
     if [ -f /usr/bin/authselect ]; then
-        {{{ bash_validate_authselect_custom_profile(pam_file) | indent(8) }}}
+        {{{ bash_ensure_pam_variables_and_authselect_profile(pam_file) | indent(8) }}}
     fi
     {{{ bash_remove_pam_module_option("$PAM_FILE_PATH", group, control, module, option) }}}
     if [ -f /usr/bin/authselect ]; then