From 77169877b6f075de65b8402c465a68b9dda130bd Mon Sep 17 00:00:00 2001
From: Ruben Ruiz de Gauna <rubenruizdegauna@proton.me>
Date: Mon, 8 Jan 2024 14:51:41 +0100
Subject: [PATCH] NR-164383 feat: fail if unexpected caps found

---
 .../roles/assert_privileged_caps/tasks/check_Linux.yaml     | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/caos.ansible_roles/roles/assert_privileged_caps/tasks/check_Linux.yaml b/caos.ansible_roles/roles/assert_privileged_caps/tasks/check_Linux.yaml
index b457186..cdbdb08 100644
--- a/caos.ansible_roles/roles/assert_privileged_caps/tasks/check_Linux.yaml
+++ b/caos.ansible_roles/roles/assert_privileged_caps/tasks/check_Linux.yaml
@@ -14,4 +14,10 @@
       - getcap.stdout is search(item)
   loop: "{{ caps }}"
 
+- name: fail if caps are found and were not expected
+  fail:
+    msg: "caps were not expected"
+  when:
+    - caps | length  == 0 and getcap.stdout != ""
+
 ...