From 063f3190b883d33f51de7e9115abcbab7a93d3e2 Mon Sep 17 00:00:00 2001
From: Martin Schurz <Martin.Schurz@telekom.de>
Date: Sun, 4 Feb 2024 15:42:09 +0100
Subject: [PATCH] Always update Vagrant Boxes before using

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
---
 .github/workflows/os_hardening_vm.yml   |  4 ++++
 .github/workflows/ssh_hardening_bsd.yml |  4 ++++
 molecule/ssh_hardening_bsd/converge.yml | 11 -----------
 molecule/ssh_hardening_bsd/prepare.yml  |  6 ------
 molecule/ssh_hardening_bsd/verify.yml   |  6 ------
 5 files changed, 8 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/os_hardening_vm.yml b/.github/workflows/os_hardening_vm.yml
index 073c577c..469e6818 100644
--- a/.github/workflows/os_hardening_vm.yml
+++ b/.github/workflows/os_hardening_vm.yml
@@ -58,6 +58,10 @@ jobs:
           path: ansible_collections/devsec/hardening
           submodules: true
 
+      - name: Update Vagrant Box
+        run: |
+          vagrant box update --box ${{ matrix.molecule_distro }}
+
       - name: Test with molecule
         run: |
           molecule --version
diff --git a/.github/workflows/ssh_hardening_bsd.yml b/.github/workflows/ssh_hardening_bsd.yml
index 931bddc8..971eca06 100644
--- a/.github/workflows/ssh_hardening_bsd.yml
+++ b/.github/workflows/ssh_hardening_bsd.yml
@@ -47,6 +47,10 @@ jobs:
           path: ansible_collections/devsec/hardening
           submodules: true
 
+      - name: Update Vagrant Box
+        run: |
+          vagrant box update --box generic/${{ matrix.molecule_distro }}
+
       - name: Test with molecule
         run: |
           molecule --version
diff --git a/molecule/ssh_hardening_bsd/converge.yml b/molecule/ssh_hardening_bsd/converge.yml
index a8de0650..315b47c1 100644
--- a/molecule/ssh_hardening_bsd/converge.yml
+++ b/molecule/ssh_hardening_bsd/converge.yml
@@ -1,15 +1,4 @@
 ---
-- name: Prepare OpenBSD host
-  hosts: all
-  become: true
-  gather_facts: false
-  tasks:
-    - name: Use Python 3 on OpenBSD
-      ansible.builtin.set_fact:
-        ansible_python_interpreter: /usr/bin/python3
-      changed_when: false
-      when: lookup('env', 'MOLECULE_DISTRO') == 'openbsd7'
-
 - name: Wrapper playbook for kitchen testing "ansible-ssh-hardening" with default settings
   hosts: all
   environment:
diff --git a/molecule/ssh_hardening_bsd/prepare.yml b/molecule/ssh_hardening_bsd/prepare.yml
index b982911c..ce69adf5 100644
--- a/molecule/ssh_hardening_bsd/prepare.yml
+++ b/molecule/ssh_hardening_bsd/prepare.yml
@@ -9,12 +9,6 @@
       ansible.builtin.raw: pkg_add python%3.10
       changed_when: false
       when: lookup('env', 'MOLECULE_DISTRO') == 'openbsd7'
-      
-    - name: Use Python 3 on OpenBSD
-      ansible.builtin.set_fact:
-        ansible_python_interpreter: /usr/bin/python3
-      changed_when: false
-      when: lookup('env', 'MOLECULE_DISTRO') == 'openbsd7'
 
 - name: Wrapper playbook for kitchen testing "ansible-ssh-hardening" with default settings
   hosts: all
diff --git a/molecule/ssh_hardening_bsd/verify.yml b/molecule/ssh_hardening_bsd/verify.yml
index d51a6e34..6566f684 100644
--- a/molecule/ssh_hardening_bsd/verify.yml
+++ b/molecule/ssh_hardening_bsd/verify.yml
@@ -3,12 +3,6 @@
   hosts: all
   become: true
   tasks:
-    - name: Use Python 3 on OpenBSD
-      ansible.builtin.set_fact:
-        ansible_python_interpreter: /usr/bin/python3
-      changed_when: false
-      when: lookup('env', 'MOLECULE_DISTRO') == 'openbsd7'
-      
     - name: Use the type command instead of which to detect existing commands
       ansible.builtin.file:
         src: /usr/bin/which