satisfy checkov

suhancz · May 16, 2024 · 452b89d · 452b89d
1 parent a276ae7
commit 452b89d
Show file tree

Hide file tree

Showing 13 changed files with 311 additions and 301 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,6 @@
-FROM quay.io/almalinuxorg/8-init
+#checkov:skip=CKV_DOCKER_2: no need for health check
+#checkov:skip=CKV_DOCKER_3: no need for special user
+FROM quay.io/almalinuxorg/8-init:latest
 ENV container docker
 
 RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in ; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done);

diff --git a/tasks/backups.yml b/tasks/backups.yml
@@ -1,4 +1,5 @@
 ---
+#checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition and the tags
 - name: Create backup directories
   ansible.builtin.file:
     path: "{{ item }}"

diff --git a/tasks/convert_user_to_ldif.yml b/tasks/convert_user_to_ldif.yml
@@ -1,4 +1,5 @@
 ---
+#checkov:skip=CKV2_ANSIBLE_3: Block is used for the when condition only
 - name: Select passwd line
   ansible.builtin.command: 'grep "^{{ user_data_item.name }}:" /var/tmp/passwd.mig'
   register: passwd_mig_content

diff --git a/tasks/httpd.yml b/tasks/httpd.yml
@@ -1,4 +1,5 @@
 ---
+#checkov:skip=CKV2_ANSIBLE_3: Block is used for the when condition only
 - name: Open firewall
   tags:
     - dyndns

diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml
@@ -1,4 +1,5 @@
 ---
+#checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition and the tags
 - name: Sync old IMAP account to the current mailbox
   no_log: yes
   when: current_user.old_imap_mail is defined