Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix YAML multiline config for package names #358

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
+6 −6
Draft

Fix YAML multiline config for package names #358

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0d99a03
Fix YAML multiline config for package names
widhalmt Jan 22, 2025
38563a7
Merge branch 'main' into fix/yaml-multiline-packagename-357
widhalmt Feb 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion roles/beats/tasks/auditbeat.yml
View file
Original file line number Diff line number Diff line change
@@ -2,7 +2,7 @@

- name: Construct exact name of Auditbeat package
ansible.builtin.set_fact:
beats_auditbeat_package: >
beats_auditbeat_package: >-
{{
'auditbeat' +
(elasticstack_versionseparator +
@@ -59,7 +59,7 @@
- name: Install Auditbeat latest version - rpm - standalone
ansible.builtin.package:
name: auditbeat
state: latest

Check warning on line 62 in roles/beats/tasks/auditbeat.yml

GitHub Actions / kics

[LOW] Unpinned Package Version 

Setting state to latest performs an update and installs additional packages possibly resulting in performance degradation or loss of service
notify:
- Restart Auditbeat
when:
@@ -71,7 +71,7 @@
- name: Install Auditbeat latest version - deb
ansible.builtin.package:
name: auditbeat
state: latest

Check warning on line 74 in roles/beats/tasks/auditbeat.yml

GitHub Actions / kics

[LOW] Unpinned Package Version 

Setting state to latest performs an update and installs additional packages possibly resulting in performance degradation or loss of service
notify:
- Restart Auditbeat
when:
2 changes: 1 addition & 1 deletion roles/beats/tasks/filebeat.yml
View file
Original file line number Diff line number Diff line change
@@ -2,7 +2,7 @@

- name: Construct exact name of Filebeat package
ansible.builtin.set_fact:
beats_filebeat_package: >
beats_filebeat_package: >-
{{
'filebeat' +
(elasticstack_versionseparator +
@@ -41,7 +41,7 @@
- name: Install Filebeat latest version - rpm - full stack
ansible.builtin.package:
name: filebeat
state: latest

Check warning on line 44 in roles/beats/tasks/filebeat.yml

GitHub Actions / kics

[LOW] Unpinned Package Version 

Setting state to latest performs an update and installs additional packages possibly resulting in performance degradation or loss of service
enablerepo:
- "elastic-{{ elasticstack_release }}.x"
notify:
@@ -55,7 +55,7 @@
- name: Install Filebeat latest version - rpm - standalone
ansible.builtin.package:
name: filebeat
state: latest

Check warning on line 58 in roles/beats/tasks/filebeat.yml

GitHub Actions / kics

[LOW] Unpinned Package Version 

Setting state to latest performs an update and installs additional packages possibly resulting in performance degradation or loss of service
notify:
- Restart Filebeat
when:
@@ -67,7 +67,7 @@
- name: Install Filebeat latest version - deb
ansible.builtin.package:
name: filebeat
state: latest

Check warning on line 70 in roles/beats/tasks/filebeat.yml

GitHub Actions / kics

[LOW] Unpinned Package Version 

Setting state to latest performs an update and installs additional packages possibly resulting in performance degradation or loss of service
notify:
- Restart Filebeat
when:
2 changes: 1 addition & 1 deletion roles/beats/tasks/metricbeat.yml
View file
Original file line number Diff line number Diff line change
@@ -2,7 +2,7 @@

- name: Construct exact name of Metricbeat package
ansible.builtin.set_fact:
beats_metricbeat_package: >
beats_metricbeat_package: >-
{{
'metricbeat' +
(elasticstack_versionseparator +
@@ -42,7 +42,7 @@
- name: Install Metricbeat latest version - rpm - full stack
ansible.builtin.package:
name: metricbeat
state: latest

Check warning on line 45 in roles/beats/tasks/metricbeat.yml

GitHub Actions / kics

[LOW] Unpinned Package Version 

Setting state to latest performs an update and installs additional packages possibly resulting in performance degradation or loss of service
enablerepo:
- "elastic-{{ elasticstack_release }}.x"
notify:
@@ -56,7 +56,7 @@
- name: Install Metricbeat latest version - rpm - standalone
ansible.builtin.package:
name: metricbeat
state: latest

Check warning on line 59 in roles/beats/tasks/metricbeat.yml

GitHub Actions / kics

[LOW] Unpinned Package Version 

Setting state to latest performs an update and installs additional packages possibly resulting in performance degradation or loss of service
notify:
- Restart Metricbeat
when:
@@ -69,7 +69,7 @@
- name: Install Metricbeat latest version - deb
ansible.builtin.package:
name: metricbeat
state: latest

Check warning on line 72 in roles/beats/tasks/metricbeat.yml

GitHub Actions / kics

[LOW] Unpinned Package Version 

Setting state to latest performs an update and installs additional packages possibly resulting in performance degradation or loss of service
notify:
- Restart Metricbeat
when:
2 changes: 1 addition & 1 deletion roles/kibana/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -41,7 +41,7 @@

- name: Construct exact name of Kibana package
ansible.builtin.set_fact:
kibana_package: >
kibana_package: >-
{{
'kibana' +
('-oss' if elasticstack_variant == 'oss' else '') +
4 changes: 2 additions & 2 deletions roles/logstash/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -58,7 +58,7 @@

- name: Construct exact name of Logstash package
ansible.builtin.set_fact:
logstash_package: >
logstash_package: >-
{{
'logstash' +
('-oss' if elasticstack_variant == 'oss' else '') +
@@ -72,7 +72,7 @@

- name: Construct exact name of Logstash package
ansible.builtin.set_fact:
logstash_package: >
logstash_package: >-
{{
'logstash' +
('-oss' if elasticstack_variant == 'oss' else '') +

Unchanged files with check annotations Beta

View file
roles/elasticsearch/tasks/main.yml
- name: Check for cluster status without security
ansible.builtin.uri:
# kics-scan ignore-line
url: "http://{{ elasticsearch_api_host }}:{{ elasticstack_elasticsearch_http_port }}/_cluster/health?pretty"

Check warning on line 278 in roles/elasticsearch/tasks/main.yml

GitHub Actions / kics

[MEDIUM] Communication Over HTTP 

Using HTTP URLs (without encryption) could lead to security vulnerabilities and risks
register: elasticsearch_cluster_status
ignore_errors: "{{ ansible_check_mode }}"
until: elasticsearch_cluster_status.json.status == "green"
View file
roles/logstash/tasks/logstash-security.yml
register: logstash_check_cert_zip_file_ca_host
- name: Move cert zip file on elasticstack_ca host
ansible.builtin.copy:

Check warning on line 95 in roles/logstash/tasks/logstash-security.yml

GitHub Actions / kics

[INFO] Risky File Permissions 

Some modules could end up creating new files on disk with permissions that might be too open or unpredictable
src: "{{ elasticstack_ca_dir }}/{{ ansible_hostname }}-ls.zip"
dest: "{{ elasticstack_ca_dir }}/{{ ansible_hostname }}-ls.zip_{{ ansible_date_time.iso8601_micro }}"
mode: preserve