-
Notifications
You must be signed in to change notification settings - Fork 686
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pipefail not really compatible with grep #6779
pipefail not really compatible with grep #6779
Conversation
The pipefail option traps on all non 0 reurn codes, but grep exits with 1 if the pattern is not found. So, just disable that ansible-lint check if the shell snippet is using grep.
Hi @brett060102. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Changes identified: Show detailsRule no_host_based_files: Recommended tests to execute: |
We did find and fix this in our development branch, but I dropped that part of the fix when doing #6730 |
@@ -5,8 +5,7 @@ | |||
# disruption = low | |||
- block: | |||
- name: "Find local mount points" | |||
shell: | | |||
set -o pipefail | |||
shell: | #noqa 306 we don't care about grep failure in this case |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately the yaml libraries strip out comments when processing them.
The exception for ansible-lint should be added here: https://github.com/ComplianceAsCode/content/blob/master/tests/ansible-lint_config.yml
Here is an alternative approach which does not require removal of ansible-lint checks. If it works. |
@vojtapolasek I know about the workaround options, but they look messy to me. |
@vojtapolasek Think this should be OK, now. In pam_options/ansible.template and set_password_hashing_min_rounds_logindefs/ansible/shared.yml I tried usimh a single line command since there is no piping used there, but ansible-lint still objected. This code now makes more sense than the original. The "| cat" was just being used to eat the "1" return code from grep, the execute "true" on failure is really a better way to do that. Thanks for your time on this. |
@vojtapolasek should be done messing with this now. |
@vojtapolasek How does this one look now? |
I am checking it, give me a bit more time, there are other warnings and I need to filter them out. |
I think it looks good. Thank you for fixing this. |
@vojtapolasek Thank you. |
The pipefail option traps on all non 0 reurn codes, but grep exits
with 1 if the pattern is not found. So, just disable that ansible-lint
check if the shell snippet is using grep.
Description:
Rationale:
The pipefail option traps on all non 0 reurn codes, but grep exits with 1 if the pattern is not found. So, just disable that ansible-lint check if the shell snippet is using grep.
Without this the ansible play will hit pipefail trap if pattern is not found, which pretty much breaks, if not found, add cases.
Fixes # Issue number here (e.g. Updating sysctl XCCDF naming #26) or remove this line if no issue exists.