Disable scanning for http connections without TLS

widhalmt · widhalmt · commit f51fa0fc97b9 · 2024-10-23T13:27:10.000+02:00
diff --git a/molecule/elasticsearch_no-security/verify.yml b/molecule/elasticsearch_no-security/verify.yml
@@ -1,5 +1,7 @@
 ---
-# This is an example playbook to execute Ansible tests.
+# kics-scan disable=2e8d4922-8362-4606-8c14-aa10466a1ce3
+# above command will disable scanning for `http` (without `s`)
+# connections
 
 - name: Verify
   hosts: all
@@ -9,7 +11,6 @@
   tasks:
 
 # Remember, this is the no-security scenario. So no https
-# kics-scan ignore-block
     - name: Health check
       ansible.builtin.uri:
         url: http://localhost:{{ elasticstack_elasticsearch_http_port }}/_cluster/health
@@ -23,7 +24,6 @@
       delay: 10
       when: groups[elasticstack_elasticsearch_group_name] | length > 1
 
-# kics-scan ignore-block
     - name: Node check
       ansible.builtin.uri:
         url: http://localhost:{{ elasticstack_elasticsearch_http_port }}/_cat/nodes
diff --git a/roles/elasticsearch/tasks/main.yml b/roles/elasticsearch/tasks/main.yml
@@ -1,4 +1,7 @@
 ---
+# kics-scan disable=2e8d4922-8362-4606-8c14-aa10466a1ce3
+# above command will disable scanning for `http` (without `s`)
+# connections
 
 - name: Check for versions
   ansible.builtin.fail:
@@ -244,7 +247,6 @@
     enabled: yes
   register: elasticsearch_freshstart
 
-# kics-scan ignore-block
 - name: Handle cluster setup without security
   when: not elasticsearch_security | bool
   block:
