Skip to content

accounts_password_pam_unix_no_remember: fix test scenarios and remediations#14215

Merged
Mab879 merged 5 commits intoComplianceAsCode:masterfrom
vojtapolasek:fix_pam_unix_remove_remember_authselect
Dec 15, 2025
Merged

accounts_password_pam_unix_no_remember: fix test scenarios and remediations#14215
Mab879 merged 5 commits intoComplianceAsCode:masterfrom
vojtapolasek:fix_pam_unix_remove_remember_authselect

Conversation

@vojtapolasek
Copy link
Collaborator

@vojtapolasek vojtapolasek commented Dec 5, 2025
edited
Loading

Description:

  • enhance test scenarios so that they account for cases when there exists / does not exist Authselect
  • improve Ansible remediation so that it is aligned with the Bash remediation
  • make Bash remediation more explicit by specifying '.*' as regex for PAM control keyword

Rationale:

Review Hints:

Automatus Tests, ideally on all RHELs.

@vojtapolasek vojtapolasek added this to the 0.1.80 milestone Dec 5, 2025
@vojtapolasek vojtapolasek added bugfix Fixes to reported bugs. Ansible Ansible remediation update. Test Suite Update in Test Suite. Bash Bash remediation update. RHEL9 Red Hat Enterprise Linux 9 product related. Update Rule Issues or pull requests related to Rules updates. RHEL8 Red Hat Enterprise Linux 8 product related. RHEL10 Red Hat Enterprise Linux 10 product related. labels Dec 5, 2025
@Mab879 Mab879 self-assigned this Dec 5, 2025
@Mab879
Copy link
Member

Mab879 commented Dec 5, 2025

Rebase on master should fix Fedora CI

Mab879
Mab879 requested changes Dec 5, 2025
View reviewed changes
...tions/password_storage/accounts_password_pam_unix_no_remember/tests/no_remember_rhel.pass.sh Outdated
@@ -1,16 +1,24 @@
#!/bin/bash
# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_almalinux
# platform = multi_platform_rhel,multi_platform_fedora
Copy link
Member

@Mab879 Mab879 Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on the bash remediation it behave the same on these platforms.

@Mab879
Copy link
Member

Mab879 commented Dec 5, 2025

Please double check the Ansible Automatus tests as for me on RHEL 10 they are failing.

@vojtapolasek vojtapolasek force-pushed the fix_pam_unix_remove_remember_authselect branch from da7fc3a to 46e2ec0 Compare December 12, 2025 10:14
@vojtapolasek
Copy link
Collaborator Author

vojtapolasek commented Dec 12, 2025

@Mab879 I have rebased and fixed Ansible remediations. I also renamed test scenarios and made them applicable on more platforms.

@github-actions
Copy link

github-actions bot commented Dec 12, 2025

ATEX Test Results

Test artifacts have been submitted to Testing Farm.

Results: View Test Results
Workflow Run: View Workflow Details

This comment was automatically generated by the ATEX workflow.

@openshift-ci
Copy link

openshift-ci bot commented Dec 12, 2025

@vojtapolasek: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-openshift-node-compliance 46e2ec0 link true /test e2e-aws-openshift-node-compliance

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@Mab879
Copy link
Member

Mab879 commented Dec 15, 2025

Automatus passes locally.

@Mab879 Mab879 merged commit 05d742f into ComplianceAsCode:master Dec 15, 2025
141 of 145 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mab879 Mab879 Mab879 approved these changes

@matusmarhefka matusmarhefka Awaiting requested review from matusmarhefka matusmarhefka is a code owner

@jan-cerny jan-cerny Awaiting requested review from jan-cerny jan-cerny is a code owner

Assignees

@Mab879 Mab879

Labels

Ansible Ansible remediation update. Bash Bash remediation update. bugfix Fixes to reported bugs. RHEL8 Red Hat Enterprise Linux 8 product related. RHEL9 Red Hat Enterprise Linux 9 product related. RHEL10 Red Hat Enterprise Linux 10 product related. Test Suite Update in Test Suite. Update Rule Issues or pull requests related to Rules updates.

Projects

None yet

Milestone

0.1.80

Development

Successfully merging this pull request may close these issues.

Rule accounts_password_pam_unix_no_remember has failing scenario remember_present_system_auth.fail

2 participants

@vojtapolasek @Mab879