From 91c4b83311a5ddde2d7a7396574d6bc54be81a44 Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Tue, 28 Jan 2025 15:20:09 -0300
Subject: [PATCH] Configure yamllint to be compatible with ansible-lint
Current version of ansible-list pre-commit hook required changes in the
ansible-freeipa yamllint configuration and these changes triggered
issues in the current playbooks on roles and tests.
This patch adds the required changes to yaml lint configuration and
fixes the affected playbooks.
Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
---
.yamllint | 7 ++-
playbooks/dnszone/dnszone-all-params.yml | 2 +-
.../vault-is-present-with-password-file.yml | 2 +-
.../vault-is-present-with-public-key-file.yml | 2 +-
roles/ipaclient/tasks/install.yml | 2 +-
roles/ipaclient/tasks/uninstall.yml | 5 --
roles/ipaclient/vars/Fedora-25.yml | 2 +-
roles/ipaclient/vars/Fedora-26.yml | 2 +-
roles/ipaclient/vars/RedHat-7.3.yml | 2 +-
roles/ipaclient/vars/RedHat-7.yml | 1 -
roles/ipaclient/vars/default.yml | 1 -
roles/ipareplica/defaults/main.yml | 8 +--
roles/ipaserver/defaults/main.yml | 8 +--
roles/ipaserver/tasks/uninstall.yml | 5 --
roles/ipasmartcard_client/tasks/main.yml | 2 +-
roles/ipasmartcard_server/tasks/main.yml | 2 +-
tests/ca-less/install_replica_without_ca.yml | 2 +-
tests/ca-less/install_server_without_ca.yml | 2 +-
tests/cert/test_cert_host.yml | 2 +-
tests/cert/test_cert_user.yml | 2 +-
...r-with-external-ca-with-automatic-copy.yml | 2 +-
...rver-with-external-ca-with-manual-copy.yml | 2 +-
tests/group/test_group.yml | 10 ++--
tests/host/test_host.yml | 56 +++++++++----------
tests/user/test_user.yml | 10 ++--
tests/user/test_users.yml | 20 +++----
tests/vault/env_setup.yml | 2 +-
27 files changed, 78 insertions(+), 85 deletions(-)
diff --git a/.yamllint b/.yamllint
index 5fbcc17c..4ed8db5b 100644
--- a/.yamllint
+++ b/.yamllint
@@ -20,4 +20,9 @@ rules:
max: 160
# Disabled rules
indentation: disable
- comments: disable
+ comments:
+ min-spaces-from-content: 1
+ comments-indentation: disable
+ octal-values:
+ forbid-implicit-octal: true
+ forbid-explicit-octal: true
diff --git a/playbooks/dnszone/dnszone-all-params.yml b/playbooks/dnszone/dnszone-all-params.yml
index 5cba47f8..e8a8ffc8 100644
--- a/playbooks/dnszone/dnszone-all-params.yml
+++ b/playbooks/dnszone/dnszone-all-params.yml
@@ -21,7 +21,7 @@
- ip_address: 8.8.8.8
- ip_address: 8.8.4.4
port: 52
- #serial: 1234
+ # serial: 1234
refresh: 3600
retry: 900
expire: 1209600
diff --git a/playbooks/vault/vault-is-present-with-password-file.yml b/playbooks/vault/vault-is-present-with-password-file.yml
index aa1700ce..a3dea2bc 100644
--- a/playbooks/vault/vault-is-present-with-password-file.yml
+++ b/playbooks/vault/vault-is-present-with-password-file.yml
@@ -11,7 +11,7 @@
dest: "{{ ansible_facts['env'].HOME }}/password.txt"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
- mode: 0600
+ mode: "0600"
- name: Ensure symmetric vault exists with password from file.
ipavault:
ipaadmin_password: SomeADMINpassword
diff --git a/playbooks/vault/vault-is-present-with-public-key-file.yml b/playbooks/vault/vault-is-present-with-public-key-file.yml
index fbd6d7d9..53dbcd8a 100644
--- a/playbooks/vault/vault-is-present-with-public-key-file.yml
+++ b/playbooks/vault/vault-is-present-with-public-key-file.yml
@@ -16,7 +16,7 @@
dest: "{{ ansible_facts['env'].HOME }}/public.pem"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
- mode: 0600
+ mode: "0600"
- name: Ensure asymmetric vault exists with public key from file.
ipavault:
ipaadmin_password: SomeADMINpassword
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index b5eb7165..08d0b2e0 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -152,7 +152,7 @@
ansible.builtin.copy:
src: "{{ ipaadmin_keytab }}"
dest: "{{ keytab_temp.path }}"
- mode: 0600
+ mode: "0600"
delegate_to: "{{ result_ipaclient_test.servers[0] }}"
when: ipaadmin_keytab is defined
diff --git a/roles/ipaclient/tasks/uninstall.yml b/roles/ipaclient/tasks/uninstall.yml
index 2b2996a9..fe5ca009 100644
--- a/roles/ipaclient/tasks/uninstall.yml
+++ b/roles/ipaclient/tasks/uninstall.yml
@@ -15,8 +15,3 @@
ipaclient_configure_dns_resolver:
state: absent
when: ipaclient_cleanup_dns_resolver | bool
-
-#- name: Remove IPA client package
-# ansible.builtin.package:
-# name: "{{ ipaclient_packages }}"
-# state: absent
diff --git a/roles/ipaclient/vars/Fedora-25.yml b/roles/ipaclient/vars/Fedora-25.yml
index 9999b331..c01176c6 100644
--- a/roles/ipaclient/vars/Fedora-25.yml
+++ b/roles/ipaclient/vars/Fedora-25.yml
@@ -2,4 +2,4 @@
# vars/Fedora-25.yml
---
ipaclient_packages: [ "ipa-client", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
+# ansible_python_interpreter: '/usr/bin/python2'
diff --git a/roles/ipaclient/vars/Fedora-26.yml b/roles/ipaclient/vars/Fedora-26.yml
index 12722c8a..29fa605a 100644
--- a/roles/ipaclient/vars/Fedora-26.yml
+++ b/roles/ipaclient/vars/Fedora-26.yml
@@ -2,4 +2,4 @@
# vars/Fedora-26.yml
---
ipaclient_packages: [ "ipa-client", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
+# ansible_python_interpreter: '/usr/bin/python2'
diff --git a/roles/ipaclient/vars/RedHat-7.3.yml b/roles/ipaclient/vars/RedHat-7.3.yml
index 51d2b10d..1acd1958 100644
--- a/roles/ipaclient/vars/RedHat-7.3.yml
+++ b/roles/ipaclient/vars/RedHat-7.3.yml
@@ -2,4 +2,4 @@
# vars/RedHat-7.3.yml
---
ipaclient_packages: [ "ipa-client", "ipa-admintools", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
+# ansible_python_interpreter: '/usr/bin/python2'
diff --git a/roles/ipaclient/vars/RedHat-7.yml b/roles/ipaclient/vars/RedHat-7.yml
index c2ea3ca5..c154c99f 100644
--- a/roles/ipaclient/vars/RedHat-7.yml
+++ b/roles/ipaclient/vars/RedHat-7.yml
@@ -2,4 +2,3 @@
# vars/RedHat-7
---
ipaclient_packages: [ "ipa-client", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
diff --git a/roles/ipaclient/vars/default.yml b/roles/ipaclient/vars/default.yml
index a28d81a1..2cfb3614 100644
--- a/roles/ipaclient/vars/default.yml
+++ b/roles/ipaclient/vars/default.yml
@@ -2,4 +2,3 @@
# vars/default.yml
---
ipaclient_packages: [ "ipa-client", "python3-libselinux" ]
-#ansible_python_interpreter: '/usr/bin/python3'
diff --git a/roles/ipareplica/defaults/main.yml b/roles/ipareplica/defaults/main.yml
index 01afc442..011647a2 100644
--- a/roles/ipareplica/defaults/main.yml
+++ b/roles/ipareplica/defaults/main.yml
@@ -17,10 +17,10 @@ ipareplica_no_ui_redirect: no
ipaclient_mkhomedir: no
ipaclient_force_join: no
ipaclient_no_ntp: no
-#ipaclient_ssh_trust_dns: no
-#ipaclient_no_ssh: no
-#ipaclient_no_sshd: no
-#ipaclient_no_dns_sshfp: no
+# ipaclient_ssh_trust_dns: no
+# ipaclient_no_ssh: no
+# ipaclient_no_sshd: no
+# ipaclient_no_dns_sshfp: no
ipaclient_ssh_trust_dns: no
### certificate system ###
ipareplica_skip_schema_check: no
diff --git a/roles/ipaserver/defaults/main.yml b/roles/ipaserver/defaults/main.yml
index b8d92f60..f99a16ec 100644
--- a/roles/ipaserver/defaults/main.yml
+++ b/roles/ipaserver/defaults/main.yml
@@ -16,10 +16,10 @@ ipaserver_random_serial_numbers: false
### client ###
ipaclient_mkhomedir: no
ipaclient_no_ntp: no
-#ipaclient_ssh_trust_dns: no
-#ipaclient_no_ssh: no
-#ipaclient_no_sshd: no
-#ipaclient_no_dns_sshfp: no
+# ipaclient_ssh_trust_dns: no
+# ipaclient_no_ssh: no
+# ipaclient_no_sshd: no
+# ipaclient_no_dns_sshfp: no
### certificate system ###
ipaserver_external_ca: no
### dns ###
diff --git a/roles/ipaserver/tasks/uninstall.yml b/roles/ipaserver/tasks/uninstall.yml
index 35ab6356..d404e2e8 100644
--- a/roles/ipaserver/tasks/uninstall.yml
+++ b/roles/ipaserver/tasks/uninstall.yml
@@ -54,8 +54,3 @@
# 1 means that uninstall failed because IPA server was not configured
failed_when: uninstall.rc != 0 and uninstall.rc != 1
changed_when: uninstall.rc == 0
-
-#- name: Remove IPA server packages
-# ansible.builtin.package:
-# name: "{{ ipaserver_packages }}"
-# state: absent
diff --git a/roles/ipasmartcard_client/tasks/main.yml b/roles/ipasmartcard_client/tasks/main.yml
index 8c87a80f..232706b2 100644
--- a/roles/ipasmartcard_client/tasks/main.yml
+++ b/roles/ipasmartcard_client/tasks/main.yml
@@ -109,7 +109,7 @@
ansible.builtin.file:
path: /etc/sssd/pki
state: directory
- mode: 0711
+ mode: "0711"
- name: Ensure /etc/sssd/pki/sssd_auth_ca_db.pem is absent
ansible.builtin.file:
diff --git a/roles/ipasmartcard_server/tasks/main.yml b/roles/ipasmartcard_server/tasks/main.yml
index c650511e..d95db685 100644
--- a/roles/ipasmartcard_server/tasks/main.yml
+++ b/roles/ipasmartcard_server/tasks/main.yml
@@ -201,7 +201,7 @@
ansible.builtin.file:
path: /etc/sssd/pki
state: directory
- mode: 0711
+ mode: "0711"
- name: Ensure /etc/sssd/pki/sssd_auth_ca_db.pem is absent
ansible.builtin.file:
diff --git a/tests/ca-less/install_replica_without_ca.yml b/tests/ca-less/install_replica_without_ca.yml
index 4e6952bb..8120b533 100644
--- a/tests/ca-less/install_replica_without_ca.yml
+++ b/tests/ca-less/install_replica_without_ca.yml
@@ -48,7 +48,7 @@
ansible.builtin.file:
path: "/root/ca-less-test"
state: directory
- mode: 0775
+ mode: "0775"
- name: Copy CA certificate
ansible.builtin.copy:
diff --git a/tests/ca-less/install_server_without_ca.yml b/tests/ca-less/install_server_without_ca.yml
index c5206e1a..aa8eab1f 100644
--- a/tests/ca-less/install_server_without_ca.yml
+++ b/tests/ca-less/install_server_without_ca.yml
@@ -48,7 +48,7 @@
ansible.builtin.file:
path: "/root/ca-less-test"
state: directory
- mode: 0775
+ mode: "0775"
- name: Copy CA certificate
ansible.builtin.copy:
diff --git a/tests/cert/test_cert_host.yml b/tests/cert/test_cert_host.yml
index 1ac04efa..31cd1a27 100644
--- a/tests/cert/test_cert_host.yml
+++ b/tests/cert/test_cert_host.yml
@@ -47,7 +47,7 @@
ansible.builtin.copy:
dest: "/root/host.csr"
content: "{{ host_req.stdout }}"
- mode: 0644
+ mode: "0644"
# TESTS
diff --git a/tests/cert/test_cert_user.yml b/tests/cert/test_cert_user.yml
index cba90deb..b8f80ebc 100644
--- a/tests/cert/test_cert_user.yml
+++ b/tests/cert/test_cert_user.yml
@@ -45,7 +45,7 @@
ansible.builtin.copy:
dest: "/root/user.csr"
content: "{{ user_req.stdout }}"
- mode: 0644
+ mode: "0644"
# TESTS
diff --git a/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml b/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml
index 08427b24..2d73a447 100644
--- a/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml
+++ b/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml
@@ -28,7 +28,7 @@
become: true
vars:
ipaserver_external_cert_files_from_controller: "{{ groups.ipaserver[0] + '-chain.crt' }}"
- #ipaserver_external_ca_file: "{{ groups.ipaserver[0] + '-cacert.asc' }}"
+ # ipaserver_external_ca_file: "{{ groups.ipaserver[0] + '-cacert.asc' }}"
roles:
- role: ipaserver
diff --git a/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml b/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml
index 39b9ac74..015e3580 100644
--- a/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml
+++ b/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml
@@ -34,7 +34,7 @@
become: true
vars:
ipaserver_external_cert_files: "/root/chain.crt"
- #ipaserver_external_ca_file: "cacert.asc"
+ # ipaserver_external_ca_file: "cacert.asc"
pre_tasks:
- name: Copy "{{ groups.ipaserver[0] + '-chain.crt' }}" to /root/chain.crt on node
diff --git a/tests/group/test_group.yml b/tests/group/test_group.yml
index 8cb76946..72fe1d74 100644
--- a/tests/group/test_group.yml
+++ b/tests/group/test_group.yml
@@ -298,11 +298,11 @@
register: result
failed_when: result.changed or result.failed
- #- ipagroup:
- # name: group1
- # user:
- # - user7
- # action: member
+ # - ipagroup:
+ # name: group1
+ # user:
+ # - user7
+ # action: member
- name: Ensure user user7 is absent in group group1
ipagroup:
diff --git a/tests/host/test_host.yml b/tests/host/test_host.yml
index 12a421a4..a97972b7 100644
--- a/tests/host/test_host.yml
+++ b/tests/host/test_host.yml
@@ -191,35 +191,35 @@
# disabled can only be checked with enabled hosts, all hosts above are
# not enabled.
- #- name: Hosts host1..host6 disabled
- # ipahost:
- # ipaadmin_password: SomeADMINpassword
- # ipaapi_context: "{{ ipa_context | default(omit) }}"
- # name:
- # - "{{ host1_fqdn }}"
- # - "{{ host2_fqdn }}"
- # - "{{ host3_fqdn }}"
- # - "{{ host4_fqdn }}"
- # - "{{ host5_fqdn }}"
- # - "{{ host6_fqdn }}"
- # state: disabled
- # register: result
- # failed_when: not result.changed or result.failed
+ # - name: Hosts host1..host6 disabled
+ # ipahost:
+ # ipaadmin_password: SomeADMINpassword
+ # ipaapi_context: "{{ ipa_context | default(omit) }}"
+ # name:
+ # - "{{ host1_fqdn }}"
+ # - "{{ host2_fqdn }}"
+ # - "{{ host3_fqdn }}"
+ # - "{{ host4_fqdn }}"
+ # - "{{ host5_fqdn }}"
+ # - "{{ host6_fqdn }}"
+ # state: disabled
+ # register: result
+ # failed_when: not result.changed or result.failed
#
- #- name: Hosts host1..host6 disabled again
- # ipahost:
- # ipaadmin_password: SomeADMINpassword
- # ipaapi_context: "{{ ipa_context | default(omit) }}"
- # name:
- # - "{{ host1_fqdn }}"
- # - "{{ host2_fqdn }}"
- # - "{{ host3_fqdn }}"
- # - "{{ host4_fqdn }}"
- # - "{{ host5_fqdn }}"
- # - "{{ host6_fqdn }}"
- # state: disabled
- # register: result
- # failed_when: result.changed or result.failed
+ # - name: Hosts host1..host6 disabled again
+ # ipahost:
+ # ipaadmin_password: SomeADMINpassword
+ # ipaapi_context: "{{ ipa_context | default(omit) }}"
+ # name:
+ # - "{{ host1_fqdn }}"
+ # - "{{ host2_fqdn }}"
+ # - "{{ host3_fqdn }}"
+ # - "{{ host4_fqdn }}"
+ # - "{{ host5_fqdn }}"
+ # - "{{ host6_fqdn }}"
+ # state: disabled
+ # register: result
+ # failed_when: result.changed or result.failed
- name: Hosts host1..host6 absent
ipahost:
diff --git a/tests/user/test_user.yml b/tests/user/test_user.yml
index 48e930dc..daad3e74 100644
--- a/tests/user/test_user.yml
+++ b/tests/user/test_user.yml
@@ -56,7 +56,7 @@
first: pinky
last: Acme
initials: pa
- #password: foo2
+ # password: foo2
principal: pa
random: yes
street: PinkyStreet
@@ -73,8 +73,8 @@
# sshpubkey
userauthtype: password,radius,otp
userclass: PinkyUserClass
- #radius: "http://some.link/"
- #radiususer: PinkyRadiusUser
+ # radius: "http://some.link/"
+ # radiususer: PinkyRadiusUser
departmentnumber: "1234"
employeenumber: "0815"
employeetype: "PinkyExmployeeType"
@@ -82,8 +82,8 @@
# certificate
noprivate: yes
nomembers: false
- #issuer: PinkyIssuer
- #subject: PinkySubject
+ # issuer: PinkyIssuer
+ # subject: PinkySubject
register: result
failed_when: not result.changed or result.failed
diff --git a/tests/user/test_users.yml b/tests/user/test_users.yml
index 651e06d0..e583c424 100644
--- a/tests/user/test_users.yml
+++ b/tests/user/test_users.yml
@@ -190,7 +190,7 @@
first: pinky
last: Acme
initials: pa
- #password: foo2
+ # password: foo2
principal: pa
random: yes
street: PinkyStreet
@@ -207,8 +207,8 @@
# sshpubkey
userauthtype: password,radius,otp
userclass: PinkyUserClass
- #radius: "http://some.link/"
- #radiususer: PinkyRadiusUser
+ # radius: "http://some.link/"
+ # radiususer: PinkyRadiusUser
departmentnumber: "1234"
employeenumber: "0815"
employeetype: "PinkyExmployeeType"
@@ -216,8 +216,8 @@
# certificate
noprivate: yes
nomembers: false
- #issuer: PinkyIssuer
- #subject: PinkySubject
+ # issuer: PinkyIssuer
+ # subject: PinkySubject
register: result
failed_when: not result.changed or result.failed
@@ -234,7 +234,7 @@
first: pinky
last: Acme
initials: pa
- #password: foo2
+ # password: foo2
principal: pa
random: yes
street: PinkyStreet
@@ -251,8 +251,8 @@
# sshpubkey
userauthtype: password,radius,otp
userclass: PinkyUserClass
- #radius: "http://some.link/"
- #radiususer: PinkyRadiusUser
+ # radius: "http://some.link/"
+ # radiususer: PinkyRadiusUser
departmentnumber: "1234"
employeenumber: "0815"
employeetype: "PinkyExmployeeType"
@@ -260,8 +260,8 @@
# certificate
noprivate: yes
nomembers: false
- #issuer: PinkyIssuer
- #subject: PinkySubject
+ # issuer: PinkyIssuer
+ # subject: PinkySubject
register: result
failed_when: result.changed or result.failed
diff --git a/tests/vault/env_setup.yml b/tests/vault/env_setup.yml
index a1224549..bab0f5e0 100644
--- a/tests/vault/env_setup.yml
+++ b/tests/vault/env_setup.yml
@@ -20,7 +20,7 @@
ansible.builtin.copy:
src: "{{ playbook_dir }}/{{ item }}"
dest: "{{ ansible_facts['env'].HOME }}/{{ item }}"
- mode: 0644
+ mode: "0644"
with_items:
- A_private.pem
- A_public.pem
--
GitLab