Security: Check for grub.cfg first

As noted in bug 1550426, the tasks for grub.cfg will fail if
the file is not present. This patch checks for the grub.cfg
and only tries to make changes if the file is present.

Closes-bug: 1550426

Change-Id: Id5368dfa2c24d555c59f9ceef4676f3d15706ad9

tasks/boot.yml

@@ -13,6 +13,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Check to see if grub.cfg exists
+  stat:
+    path: /boot/grub/grub.cfg
+  register: grub_cfg
+  always_run: True
+
 - name: V-38579 - Bootloader configuration files must be owned by root
   file:
     path: /boot/grub/grub.cfg
@@ -21,6 +27,7 @@
     - boot
     - cat2
     - V-38579
+  when: grub_cfg.stat.exists
 
 - name: V-38581 - Bootloader configuration files must be group-owned by root
   file:
@@ -30,6 +37,7 @@
     - boot
     - cat2
     - V-38581
+  when: grub_cfg.stat.exists
 
 - name: V-38582 - Bootloader configuration files must have mode 0644 or less
   file:
@@ -39,3 +47,4 @@
     - boot
     - cat2
     - V-38582
+  when: grub_cfg.stat.exists

tests/test.yml

@@ -15,5 +15,9 @@
 
 - name: Playbook for role testing
   hosts: localhost
+  pre_tasks:
+    - name: Ensure apt cache is updated before testing
+      apt:
+        update_cache: yes
   roles:
     - role: "{{ rolename }}"