Merge pull request #400 from rjeffman/lint_fix_ansible_lint_issues

Make ansible-lint and yamllint use more strict rules.

Merge pull request #400 from rjeffman/lint_fix_ansible_lint_issues
b434c5f3 · Thomas Woerner · GitHub · 7b05c026 · a5310b0a · b434c5f3
Unverified Commit b434c5f3 authored Sep 30, 2021 by Thomas Woerner Committed by GitHub Sep 30, 2021
--- a/.ansible-lint
+++ b/.ansible-lint
+---
 exclude_paths:
  - .ansible-freeipa-tests/
  - .cache/
@@ -8,22 +9,21 @@ exclude_paths:
  - .yamllint
  - molecule/
  - tests/azure/
+  - meta/runtime.yml

+kinds:
+  - playbook: '**/tests/**/test_*.yml'
+  - playbook: '**/playbooks/**/*.yml'

 parseable: true

 quiet: false

 skip_list:
-  - '201'  # Trailing whitespace
-  - '204'  # Lines should be no longer than 160 chars
-  - '206'  # Variables should have spaces before and after: {{ var_name }}'
-  - '208'  # File permissions not mentioned
  - '301'  # Commands should not change things if nothing needs doing'
-  - '305'  # Use shell only when shell functionality is required'
-  - '306'  # Shells that use pipes should set the pipefail option'
-  - '502'  # All tasks should be named
-  - '505'  # Referenced missing file
+  - '305'  # Use shell only when shell functionality is required
+  - '306'  # risky-shell-pipe
+  - yaml   # yamllint should be executed separately.

 use_default_rules: true


--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -21,6 +21,7 @@ jobs:
            tests/*/*/*.yml
            playbooks/*.yml
            playbooks/*/*.yml
+            roles/*/*/*.yml
        env:
          ANSIBLE_MODULE_UTILS: plugins/module_utils
          ANSIBLE_LIBRARY: plugins/modules

--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -7,7 +7,9 @@ repos:
    always_run: false
    pass_filenames: true
    files: \.(yaml|yml)$
-    entry: env ANSIBLE_LIBRARY=./plugins/modules ANSIBLE_MODULE_UTILS=./plugins/module_utils ANSIBLE_DOC_FRAGMENT_PLUGINS=./plugins/doc_fragments ansible-lint --force-color
+    exclude: /env[^/]*.(yaml|yml)$
+    entry: |
+        env ANSIBLE_LIBRARY=./plugins/modules ANSIBLE_MODULE_UTILS=./plugins/module_utils ANSIBLE_DOC_FRAGMENT_PLUGINS=./plugins/doc_fragments ansible-lint
 - repo: https://github.com/adrienverge/yamllint.git
  rev: v1.26.1
  hooks:

--- a/.yamllint
+++ b/.yamllint
@@ -16,13 +16,8 @@ rules:
  truthy:
    allowed-values: ["yes", "no", "true", "false", "True", "False"]
    level: error
+  line-length:
+    max: 160
  # Disabled rules
-  document-start: disable
  indentation: disable
-  line-length: disable
-  colons: disable
-  empty-lines: disable
  comments: disable
-  comments-indentation: disable
-  trailing-spaces: disable
-  new-line-at-end-of-file: disable
--- a/README-config.md
+++ b/README-config.md
--- a/galaxy.yml
+++ b/galaxy.yml
+---
 namespace: "freeipa"
 name: "ansible_freeipa"
 version: "A.B.C"

--- a/meta/runtime.yml
+++ b/meta/runtime.yml
+---
 requires_ansible: ">=2.9"
--- a/molecule/resources/playbooks/prepare-common.yml
+++ b/molecule/resources/playbooks/prepare-common.yml
+---
 # IPA depends on IPv6 and without it dirsrv service won't start.
 - name: Ensure IPv6 is ENABLED
  sysctl:
@@ -25,9 +26,8 @@
 - name: Ensure fs.protected_regular is disabled
  sysctl:
    name: fs.protected_regular
-    value: 0
+    value: '0'
    sysctl_set: yes
    state: present
    reload: yes
  when: result.stat.exists
-
--- a/molecule/resources/playbooks/prepare.yml
+++ b/molecule/resources/playbooks/prepare.yml
@@ -16,6 +16,7 @@
      owner: dirsrv
      group: dirsrv
      path: "{{ item }}"
+      mode: 0770
    loop:
      - /var/lock/dirsrv/
      - /var/lock/dirsrv/slapd-TEST-LOCAL/

--- a/playbooks/automount/automount-location-absent.yml
+++ b/playbooks/automount/automount-location-absent.yml
@@ -10,4 +10,3 @@
        - DMZ
        - internal
      state: absent
-
--- a/playbooks/automount/automount-location-present.yml
+++ b/playbooks/automount/automount-location-present.yml
@@ -10,4 +10,3 @@
        - DMZ
        - internal
      state: present
-
--- a/playbooks/config/retrieve-config.yml
+++ b/playbooks/config/retrieve-config.yml
@@ -10,5 +10,6 @@
      ipaadmin_password: SomeADMINpassword
    register: serverconfig

-  - debug:
+  - name: Display current configuration.
+    debug:
      msg: "{{ serverconfig }}"
--- a/playbooks/dnsforwardzone/ensure-dnsforwardzone-is-absent.yml
+++ b/playbooks/dnsforwardzone/ensure-dnsforwardzone-is-absent.yml
@@ -5,7 +5,7 @@
  gather_facts: false

  tasks:
-  # Ensure DNS zone is present
-  - ipadnsforwardzone:
+  - name: Ensure DNS forward zone is absent
+    ipadnsforwardzone:
      ipaadmin_password: SomeADMINpassword
      state: absent
--- a/playbooks/dnsforwardzone/ensure-dnsforwardzone-is-present.yml
+++ b/playbooks/dnsforwardzone/ensure-dnsforwardzone-is-present.yml
@@ -5,8 +5,8 @@
  gather_facts: false

  tasks:
-  # Ensure DNS zone is present
-  - ipadnsforwardzone:
+  - name: Ensure DNS forward zone is present
+    ipadnsforwardzone:
      ipaadmin_password: SomeADMINpassword
      name: example.com
      forwarders:

--- a/playbooks/dnsforwardzone/ensure-dnsforwardzone-with-forwarder-port.yml
+++ b/playbooks/dnsforwardzone/ensure-dnsforwardzone-with-forwarder-port.yml
@@ -5,8 +5,8 @@
  gather_facts: false

  tasks:
-  # Ensure DNS zone is present
-  - ipadnsforwardzone:
+  - name: Ensure DNS forward zone is present with forwarder address and non-standard port.
+    ipadnsforwardzone:
      ipaadmin_password: SomeADMINpassword
      name: example.com
      forwarders:

--- a/playbooks/dnsrecord/ensure-A-and-AAAA-records-are-absent.yml
+++ b/playbooks/dnsrecord/ensure-A-and-AAAA-records-are-absent.yml
 ---
- name: Test PTR Record is present.
+- name: Playbook to manage DNS records.
  hosts: ipaserver
  become: true
  gather_facts: false

  tasks:
-  # Ensure a PTR record is present
-  - name: Ensure that 'host04' has A and AAAA records.
+  - name: Ensure that 'host04' A and AAAA records are absent.
    ipadnsrecord:
      ipaadmin_password: SomeADMINpassword
      zone_name: ipatest.local

--- a/playbooks/dnsrecord/ensure-A-and-AAAA-records-are-present.yml
+++ b/playbooks/dnsrecord/ensure-A-and-AAAA-records-are-present.yml
 ---
- name: Test PTR Record is present.
+- name: Playbook to manage DNS records.
  hosts: ipaserver
  become: true
  gather_facts: false

  tasks:
-  # Ensure a PTR record is present
-  - name: Ensure that 'host04' has A and AAAA records.
+  - name: Ensure that 'host04' A and AAAA records are present.
    ipadnsrecord:
      ipaadmin_password: SomeADMINpassword
      zone_name: ipatest.local

--- a/playbooks/dnsrecord/ensure-CNAME-record-is-absent.yml
+++ b/playbooks/dnsrecord/ensure-CNAME-record-is-absent.yml
 ---
- name: Test CNAME Record is present.
+- name: Playbook to manage DNS records.
  hosts: ipaserver
  become: true
  gather_facts: false

  tasks:
-  # Ensure that 'host04' has CNAME, with cname_hostname
-  - ipadnsrecord:
+  - name: Ensure that 'host04' has CNAME, with cname_hostname, is absent
+    ipadnsrecord:
      zone_name: example.com
      name: host04
      cname_hostname: host04.example.com

--- a/playbooks/dnsrecord/ensure-CNAME-record-is-present.yml
+++ b/playbooks/dnsrecord/ensure-CNAME-record-is-present.yml
 ---
- name: Test CNAME Record is present.
+- name: Playbook to manage DNS records.
  hosts: ipaserver
  become: true
  gather_facts: false

  tasks:
-  # Ensure that 'host04' has CNAME, with cname_hostname
-  - ipadnsrecord:
+  - name: Ensure that 'host04' has CNAME, with cname_hostname, is present
+    ipadnsrecord:
      zone_name: example.com
      name: host04
      cname_hostname: host04.example.com
--- a/playbooks/dnsrecord/ensure-MX-record-is-present.yml
+++ b/playbooks/dnsrecord/ensure-MX-record-is-present.yml
 ---
- name: Ensure MX Record is present.
+- name: Playbook to manage DNS records.
  hosts: ipaserver
  become: true
  gather_facts: false

  tasks:
-  # Ensure an MX record is absent
-  - ipadnsrecord:
+  - name: Ensure an MX record is present
+    ipadnsrecord:
      ipaadmin_password: SomeADMINpassword
      name: '@'
      record_type: 'MX'