From af1e41c98d0dd9b41ed5c540b10dae31abca6b03 Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Wed, 10 Jul 2024 09:35:37 +0200
Subject: [PATCH] modify the Ansible remediation so that Jinja is not evaluated
 in the when conditional

The evaluation is done in a separate task and saved as a fact.
---
 .../systemd_dropin_configuration/ansible.template         | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/shared/templates/systemd_dropin_configuration/ansible.template b/shared/templates/systemd_dropin_configuration/ansible.template
index 59c4c837dcf2..b9af23e71c8f 100644
--- a/shared/templates/systemd_dropin_configuration/ansible.template
+++ b/shared/templates/systemd_dropin_configuration/ansible.template
@@ -17,6 +17,10 @@
     - path: "{{{ DROPIN_DIR }}}"
       pattern: "*.conf"
 
+- name: "{{{ rule_title }}} - Count number of files which contain the correct section"
+  ansible.builtin.set_fact:
+    count_of_systemd_dropin_files_with_section: "{{systemd_dropin_files_with_section.results | map(attribute='matched') | list | map('int') | sum}}"
+
 - name: "{{{ rule_title   }}} - Add missing configuration to correct section"
   ini_file:
     path: "{{item}}"
@@ -29,7 +33,7 @@
 {{% endif %}}
     state: present
     no_extra_spaces: true
-  when: "{{systemd_dropin_files_with_section.results | map(attribute='matched') | list | map('int') | sum > 0}}"
+  when: count_of_systemd_dropin_files_with_section | int > 0
   loop: "{{systemd_dropin_files_with_section.results | sum(attribute='files', start=[]) | map(attribute='path') | list }}"
 
 - name: "{{{ rule_title }}} - Add configuration to new remediation file"
@@ -45,4 +49,4 @@
     state: present
     no_extra_spaces: true
     create: true
-  when: "{{systemd_dropin_files_with_section.results | map(attribute='matched') | list | map('int') | sum == 0}}"
+  when: count_of_systemd_dropin_files_with_section | int == 0