`cron_file` should not/cannot edit /etc/crontab

[ChandlerSwift]

Describe the Issue https://github.com/ansible/ansible/commit/8cccabf1eb8283ddff0c610c4469606b42a8c010 began enforcing that /etc/crontab should not be edited with cron_file. Per the docs:

cron_file:
description:
    - If specified, uses this file instead of an individual user's crontab.
    The assumption is that this file is exclusively managed by the module,
    do not use if the file contains multiple entries, NEVER use for /etc/crontab.

This is currently done in 1.3.2:

- name: "1.3.2 | PATCH | Ensure filesystem integrity is regularly checked"
  cron:
      name: Run AIDE integrity check
      cron_file: "{{ rhel8cis_aide_cron['cron_file'] }}"

with defaults from defaults/main.yml:

# AIDE
rhel8cis_config_aide: true
# AIDE cron settings
rhel8cis_aide_cron:
    cron_user: root
    cron_file: /etc/crontab
    aide_job: '/usr/sbin/aide --check'
    aide_minute: 0
    aide_hour: 5
    aide_day: '*'
    aide_month: '*'
    aide_weekday: '*'

Expected Behavior Create a new file in /etc/cron.d, or not override cron_file in the first place and use the default.

Actual Behavior

TASK [RHEL8-CIS : 1.3.2 | PATCH | Ensure filesystem integrity is regularly checked] ***********************************************************************************
fatal: [host]: FAILED! => {"changed": false, "msg": "Will not manage /etc/crontab via cron_file, see documentation."}

Control(s) Affected 1.3.2

[uk-bolly]

linked to #160

[uk-bolly]

hi @ChandlerSwift

Thank you again for you support and feedback by raising these issues, it is only with feedback like this that we are able to improve this work. For this particular issue i have linked this to #160 as this is based upon the same change since the introduction of the latest module update in 2.12. We are hoping to get this merged into devel by the end of the week.

regards

uk-bolly

[ChandlerSwift]

Thanks! I'd not managed to find that previous issue, so sorry about the dupe.