Bug 1890111

Summary: Remove deprecated follow argument from Ansible remediations [rhel-7.9.z]
Product: Red Hat Enterprise Linux 7 Reporter: Matus Marhefka <mmarhefk>
Component: scap-security-guideAssignee: Vojtech Polasek <vpolasek>
Status: CLOSED ERRATA QA Contact: Matus Marhefka <mmarhefk>
Severity: high Docs Contact: Mirek Jahoda <mjahoda>
Priority: unspecified    
Version: 7.9CC: ggasparb, jafiala, jreznik, matyc, mhaicman, mjahoda, wsato
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: scap-security-guide-0.1.54-3.el7_9 Doc Type: Bug Fix
Doc Text:
.`scap-security-guide` Ansible remediations no longer include the `follow` argument Prior to this update, `scap-security-guide` Ansible remediations could contain the `follow` argument in the `replace` module. Because `follow` was deprecated in Ansible 2.5, and will be removed in Ansible 2.10, using such remediations caused an error. With the release of the link:https://access.redhat.com/errata/RHBA-2021:1383[RHBA-2021:1383] advisory, the argument has been removed. As a result, Ansible playbooks by `scap-security-guide` will work properly in Ansible 2.10.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-27 11:30:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matus Marhefka 2020-10-21 12:17:45 UTC 
Description of problem:
Remove deprecated follow argument of replace module from Ansible remediations. The argument was deprecated in Ansible 2.5 and Ansible 2.10 completely removes it. This might cause that Ansible fixes from scap-security-guide which are still using the argument will fail.

Based on https://access.redhat.com/support/policy/updates/ansible-engine Ansible 2.10 is not yet supported, but this is to make sure that once it will be supported our Ansible playbooks won't have any issues with this new version.

Issue is already fixed in upstream: https://github.com/ComplianceAsCode/content/pull/6139


Version-Release number of selected component (if applicable):
scap-security-guide-0.1.49-13.el7


How reproducible:
always with ansible-2.10


Steps to Reproduce:
Run Ansible playbook of any profile containing one of the rules updated in the https://github.com/ComplianceAsCode/content/pull/6139


Actual results:
Ansible remediations which are still using follow argument are failing when using Ansible 2.10


Expected results:
Ansible remediations from scap-security-guide are no longer using follow argument and are working properly with Ansible 2.10


Additional info:
Comment 5 Vojtech Polasek 2021-03-24 10:28:06 UTC 
Fixed upstream in this PR:
https://github.com/ComplianceAsCode/content/pull/6139
Comment 15 errata-xmlrpc 2021-04-27 11:30:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1383