Fix Ansible inventory scan command (#484)

* Fix Ansible inventory scan command * Put it in the right place good heavens
mondoohq · Nov 26, 2024 · aac6331 · aac6331
1 parent dc488ef
commit aac6331
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 3 deletions.
diff --git a/docs/platform/infra/opsys/automation/_ansible-hide.md b/docs/platform/infra/opsys/automation/_ansible-hide.md
@@ -10,10 +10,10 @@ The method for scanning an Ansible inventory depends on whether your shell suppo
 
 ##### Option A: Pipe the Ansible inventory to cnspec scan
 
-The first option if you are using a shell such as `bash` or `zsh` that supports `|` redirects is to pipe the output of the `ansible-inventory -i hosts.ini --list` command to `cnspec scan --inventory-format-ansible`. For `FILENAME`, substitute the name of the inventory file.
+The first option if you are using a shell such as `bash` or `zsh` that supports `|` redirects is to pipe the output of the `ansible-inventory -i hosts.ini --list` command to `cnspec scan --inventory-format-ansible`.
 
 ```bash title="Pipe the contents of an Ansible inventory to the cnspec scan command"
-ansible-inventory -i hosts.ini --list | cnspec scan --inventory-format-ansible
+ansible-inventory -i hosts.ini --list | cnspec scan --inventory-file - --inventory-format-ansible
 ```
 
 ##### Option B: Scan Ansible inventory hosts.json

diff --git a/docs/platform/infra/opsys/automation/ansible.md b/docs/platform/infra/opsys/automation/ansible.md
@@ -232,13 +232,31 @@ instance1 | SUCCESS => {
 
 #### Step 2: Scan the Ansible inventory
 
+The method for scanning an Ansible inventory depends on whether your shell supports `|`.
+
+##### Option A: Pipe the Ansible inventory to cnspec scan
+
+The first option if you are using a shell such as `bash` or `zsh` that supports `|` redirects is to pipe the output of the `ansible-inventory -i hosts.ini --list` command to `cnspec scan --inventory-format-ansible`. If the inventory file is
+
+```bash title="Pipe the contents of an Ansible inventory to the cnspec scan command"
+ansible-inventory -i hosts.ini --list | cnspec scan --inventory-file - --inventory-format-ansible
+```
+
+##### Option B: Scan Ansible inventory hosts.json
+
+If your shell does not support pipes, you can generate a `hosts.json` from the `ansible-inventory` command and then pass that file to `cnspec scan` using the `--inventory-file` flag.
+
+```bash title="Generate hosts.json and scan with cnspec scan command"
+ansible-inventory -i hosts.ini --list > hosts.json
+cnspec scan --inventory-file hosts.json --inventory-format-ansible
+```
+
 Generate a `hosts.json` file from the `ansible-inventory` command and then pass that file to `cnspec scan` using the `--inventory-file` flag.
 
 ```bash title="Generate hosts.json and scan with cnspec scan command"
 ansible-inventory -i hosts.ini --list > hosts.json
 
 cnspec scan --inventory-file hosts.json --inventory-format-ansible
-
 ```
 
 Both cnspec and the Mondoo Console show results from each policy that runs against your assets.