Fix tests for sudo_require_authentication

[Mab879]

Description:

Fix test for sudo_require_authentication and a few other fixes.

See each commit for details.

Rationale:

• Fix a failing test sudo_require_authentication
• Add more docs for macros
• Convert a macro to use full Ansible module names

Review Hints:

Run the tests
./automatus.py rule --remediate-using ansible --datastream ../build/ssg-rhel9-ds.xml --libvirt qemu:///system automatus_rhel9_4_1 sudo_require_authentication

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sudo_remove_no_authenticate' differs.
--- xccdf_org.ssgproject.content_rule_sudo_remove_no_authenticate
+++ xccdf_org.ssgproject.content_rule_sudo_remove_no_authenticate
@@ -1,5 +1,5 @@
 - name: Find /etc/sudoers.d/ files
-  find:
+  ansible.builtin.find:
     paths:
     - /etc/sudoers.d/
   register: sudoers
@@ -16,7 +16,7 @@
   - sudo_remove_no_authenticate
 
 - name: Remove lines containing !authenticate from sudoers files
-  replace:
+  ansible.builtin.replace:
     regexp: (^(?!#).*[\s]+\!authenticate.*$)
     replace: '# \g<1>'
     path: '{{ item.path }}'

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sudo_remove_nopasswd' differs.
--- xccdf_org.ssgproject.content_rule_sudo_remove_nopasswd
+++ xccdf_org.ssgproject.content_rule_sudo_remove_nopasswd
@@ -1,5 +1,5 @@
 - name: Find /etc/sudoers.d/ files
-  find:
+  ansible.builtin.find:
     paths:
     - /etc/sudoers.d/
   register: sudoers
@@ -16,7 +16,7 @@
   - sudo_remove_nopasswd
 
 - name: Remove lines containing NOPASSWD from sudoers files
-  replace:
+  ansible.builtin.replace:
     regexp: (^(?!#).*[\s]+NOPASSWD[\s]*\:.*$)
     replace: '# \g<1>'
     path: '{{ item.path }}'

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sudo_require_authentication' differs.
--- xccdf_org.ssgproject.content_rule_sudo_require_authentication
+++ xccdf_org.ssgproject.content_rule_sudo_require_authentication
@@ -1,5 +1,5 @@
 - name: Find /etc/sudoers.d/ files
-  find:
+  ansible.builtin.find:
     paths:
     - /etc/sudoers.d/
   register: sudoers
@@ -16,7 +16,7 @@
   - sudo_require_authentication
 
 - name: Remove lines containing NOPASSWD from sudoers files
-  replace:
+  ansible.builtin.replace:
     regexp: (^(?!#).*[\s]+NOPASSWD[\s]*\:.*$)
     replace: '# \g<1>'
     path: '{{ item.path }}'
@@ -37,7 +37,7 @@
   - sudo_require_authentication
 
 - name: Find /etc/sudoers.d/ files
-  find:
+  ansible.builtin.find:
     paths:
     - /etc/sudoers.d/
   register: sudoers
@@ -54,7 +54,7 @@
   - sudo_require_authentication
 
 - name: Remove lines containing !authenticate from sudoers files
-  replace:
+  ansible.builtin.replace:
     regexp: (^(?!#).*[\s]+\!authenticate.*$)
     replace: '# \g<1>'
     path: '{{ item.path }}'

[codeclimate]

Code Climate has analyzed commit 722e6d6 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 58.5%.

View more on Code Climate.

[vojtapolasek]

LGTM.
Waiving Automatus tests because there is no visudo in containers, therefore the validation part of the Ansible task fails.
And waiving testingfarm tests as well. They fail on Ansible syntax check because the ini_file module can't be found. But this module is not touched by this PR, so the test failure is caused by something else.