Refs #8025: Refactor-awx - rol Debian-base - Task grub_startup. Refactoring grub.cfg passbolt query to retrive grub user password

roles/debian-base/tasks/grub_startup.yml

@@ -1,9 +1,9 @@
-# Added password protection to restrict only GRUB editing, leaving menu entries unprotected.
+# Enabled password protection to restrict GRUB editing only, leaving menu entries accessible without authentication.
-# Added --unrestricted option to 09_make_OS_entries_unrestricted custom template.
+# Added the --unrestricted option to the custom 09_make_OS_entries_unrestricted template.
-# Oficial grub Manual -->> https://www.gnu.org/software/grub/manual/grub/html_node/Authentication-and-authorisation.html
+# Official GRUB Manual: https://www.gnu.org/software/grub/manual/grub/html_node/Authentication-and-authorisation.html
-# Questions -->> http://daniel-lange.com/archives/75-Securing-the-grub-boot-loader.html
+# Additional guidance: http://daniel-lange.com/archives/75-Securing-the-grub-boot-loader.html
-# Questions -->> https://askubuntu.com/questions/1088215/grub-2-avoid-unrestricted-boot-options-are-overwritten-with-kernel-updates
+# Discussion and troubleshooting: https://wiki.archlinux.org/title/Talk:GRUB/Tips_and_tricks
-# Resolution -->> https://wiki.archlinux.org/title/Talk:GRUB/Tips_and_tricks
+# To generate a GRUB password, use the command syntax provided by grub-mkpasswd-pbkdf2 --help.
 - name: GRUB edit unrestricted option
   copy:
     content: |
@@ -19,6 +19,9 @@
     checksum: fed5c365f11a919b857b78207565cf341b86082b
     mode: u=rwx,g=rx,o=rx
   register: grubunrestricted
+- name: Search grub password in Passbolt
+  set_fact:
+    grub_code: "{{ lookup(passbolt, 'grub', folder_parent_id=passbolt_folder).description }}"
 - name: GRUB edit password protection
   copy:
     content: |