Undefined variable when rendering GOSS template

[heni-amiri]

Have you checked ReadtheDocs?: Yes

Describe the Issue
In Ansible Lockdown, while running an audit, the role fails during the pre remediation audit phase and returns an error when rendering GOSS variables, apparently because it tries to lookup a variable that is not defined (grub_user_pass)

TASK [ansible-lockdown.ubuntu22_cis : Pre Audit Setup | Copy ansible default vars values to test audit] *************************************************************
task path: /Users/user/.ansible/roles/ansible-lockdown.ubuntu22_cis/tasks/pre_remediation_audit.yml:63
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.errors.AnsibleUndefinedVariable: 'grub_user_pass' is undefined
fatal: [hostname]: FAILED! => {"changed": false, "msg": "AnsibleUndefinedVariable: 'grub_user_pass' is undefined"}

Expected Behavior
Ansible Lockdown should be able to correctly render GOSS template using Ansible variables and finish running the audit phase.

Actual Behavior
Ansible Lockdown fails with AnsibleUndefinedVariable error when copying Ansible variables to the GOSS template.
Tested with Ansible Lockdown v2.0.0 for Ubuntu 22.04.

Possible Solution
grub_user_pass should be changed to ubtu22cis_bootloader_password_hash in GOSS template.

UBUNTU22-CIS/templates/ansible_vars_goss.yml.j2

Line 470 in fe4776b

ubtu22cis_bootloader_password_hash: {{ grub_user_pass }} # pragma: allowlist secret

[frederickw082922]

Thank you for submitting your GH Issue! Good catch @heni-amiri

UBUNTU22-CIS/templates/ansible_vars_goss.yml.j2

Line 470 in 8561295

ubtu22cis_bootloader_password_hash: {{ grub_user_pass }} # pragma: allowlist secret

[uk-bolly]

hi @heni-amiri

This should be fixed in PR #297 now in devel. This is due to be merged this week into main.

Thank you once again for the feedback.

Kindest regards

uk-bolly