cleanup: use updated conditionals

This role made use of conditionals that still used filters, this
patch removes them all and switches them to the new system.

Change-Id: I7c68f4e5f7248aedd3cdae734aac6d97a8ce058b

tasks/main.yml

@@ -39,7 +39,7 @@
 
   - name: Set facts
     set_fact:
-      check_mode: "{{ noop_result | skipped }}"
+      check_mode: "{{ noop_result is skipped }}"
       linux_security_module: "{{ (ansible_os_family == 'Debian') | ternary('apparmor','selinux') }}"
       grub_config_file_boot: "{{ booted_with_efi | ternary(grub_conf_file_efi, grub_conf_file) }}"
     tags:

tasks/rhel7stig/aide.yml

@@ -115,7 +115,7 @@
   command: "mv {{ aide_database_out_file }} {{ aide_database_file }}"
   changed_when: false
   when:
-    - not aide_init | skipped
+    - aide_init is not skipped
     - ansible_pkg_mgr in ['yum', 'zypper']
   tags:
     - medium

tasks/rhel7stig/auth.yml

@@ -125,7 +125,7 @@
       Remove the directive to ensure that all users must provide a password to
       run commands as the root user.
   when:
-    - not sudoers_nopasswd_check | skipped
+    - sudoers_nopasswd_check is not skipped
     - sudoers_nopasswd_check.stdout != 'not found'
   tags:
     - auth
@@ -149,7 +149,7 @@
       files. Remove the directive to ensure that all users must provide a
       password to run commands as the root user each time they use sudo.
   when:
-    - not sudoers_authenticate_check | skipped
+    - sudoers_authenticate_check is not skipped
     - sudoers_authenticate_check.stdout != 'not found'
   tags:
     - auth
@@ -249,7 +249,7 @@
   until: job_result.finished | bool
   retries: 30
   when:
-    - not shosts_find | skipped
+    - shosts_find is not skipped
   tags:
     - high
     - auth
@@ -262,7 +262,7 @@
     state: absent
   with_items: "{{ job_result.files }}"
   when:
-    - not job_result | skipped
+    - job_result is not skipped
     - security_rhel7_remove_shosts_files | bool
   tags:
     - high

tasks/rhel7stig/file_perms.yml

@@ -136,7 +136,7 @@
       {{ world_writable_dirs.stdout }}
   when:
     - world_writable_dirs is defined
-    - not world_writable_dirs | skipped
+    - world_writable_dirs is not skipped
   tags:
     - medium
     - file_perms

tasks/rhel7stig/lsm.yml

@@ -80,7 +80,7 @@
     state: enforcing
     policy: targeted
   register: selinux_status_change
-  changed_when: selinux_status_change | changed and ansible_selinux.status != 'disabled'
+  changed_when: selinux_status_change is changed and ansible_selinux.status != 'disabled'
   when:
     - ansible_os_family == "RedHat"
     - security_rhel7_enable_linux_security_module | bool

tasks/rhel7stig/rpm.yml

@@ -22,7 +22,7 @@
   until: job_result.finished
   retries: 30
   when:
-    - not rpmverify_task | skipped
+    - rpmverify_task is not skipped
   tags:
     - rpm
     - high

tasks/rhel7stig/zypper.yml

@@ -23,7 +23,7 @@
   until: job_result.finished
   retries: 30
   when:
-    - not rpmverify_task | skipped
+    - rpmverify_task is not skipped
   tags:
     - rpm
     - high