-
Feature Request
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
False
-
sat-endeavour
-
None
-
None
-
None
-
None
Problem Statement
Current Ansible modules can manage OpenSCAP content and tailoring files, but lack the ability to create the final policy itself. This forces users to rely on hammer commands or REST API calls, which undermines the declarative and idempotent nature of Ansible. A dedicated module is needed to fully automate compliance policy management.
User Experience & Workflow
With a new module, a user could create an OpenSCAP policy using a clean, declarative Ansible task. The workflow would look like this:
- The user writes an Ansible playbook with a task using the new module (e.g., redhat.satellite.scap_policy).
- The task would specify key parameters such as the policy name, SCAP content ID, profile ID, and the desired schedule.
- The module would connect to the Satellite server and create the policy. It would be idempotent, so re-running the playbook would not re-create an existing policy.
- The user could verify success by checking the Satellite UI under Content > SCAP Policies or by running hammer policy list.
Requirements
**
Module Functionality: The module must be able to create a new OpenSCAP policy on the Satellite server.
Key Parameters: It must support all necessary parameters for policy creation, including:
name: The name for the new policy.
scap_content_id: The ID of the SCAP content.
scap_content_profile_id: The ID of the profile within the SCAP content.
deploy_by: The deployment method (e.g., manual, puppet).
period: The frequency of the scan (e.g., weekly, daily).
weekday: The day for a weekly scan.
Idempotency: The module must ensure the policy is created only if it does not already exist.
Collection Inclusion: The module should be added to the redhat.satellite Ansible collection.
Business Impact
Without this feature, customers must continue to rely on fragmented automation workflows that mix Ansible with shell commands or API calls. This increases complexity and maintenance overhead for managing security compliance at scale. Providing a dedicated module would deliver a complete, seamless automation experience for Satellite users, directly addressing a key gap and improving the value proposition of the redhat.satellite Ansible collection.