From 786c902a3cb73ad5b44df236a346fdcd6a656cef Mon Sep 17 00:00:00 2001 From: Josh Date: Mon, 31 Aug 2020 16:05:18 -0400 Subject: [PATCH 1/8] Update README-dnszone.md Fix indentation in example usage of name_from_ip --- README-dnszone.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README-dnszone.md b/README-dnszone.md index c5a7ab32..c9a5e164 100644 --- a/README-dnszone.md +++ b/README-dnszone.md @@ -181,7 +181,7 @@ Example playbook to create a zone for reverse DNS lookup, from an IP address, gi become: true tasks: - - name: Ensure zone for reverse DNS lookup is present. + - name: Ensure zone for reverse DNS lookup is present. ipadnszone: ipaadmin_password: SomeADMINpassword name_from_ip: 192.168.1.2/24 From 287d12d455b256291644e7c2cace2469dd872608 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 27 Aug 2020 16:26:18 -0300 Subject: [PATCH 2/8] Fix host's module managedby_host playbooks. The host's module example playbooks had syntax errors that prevented its execution. The tasks were described as dicts rather than lists. --- playbooks/host/host-member-managedby_host-absent.yml | 2 +- playbooks/host/host-member-managedby_host-present.yml | 2 +- playbooks/host/host-present-with-managedby_host.yml | 2 +- playbooks/host/hosts-member-managedby_host-absent.yml | 1 + playbooks/host/hosts-member-managedby_host-present.yml | 1 + playbooks/host/hosts-present-with-managedby_host.yml | 2 +- playbooks/host/hosts-present-with-randompasswords.yml | 1 - 7 files changed, 6 insertions(+), 5 deletions(-) diff --git a/playbooks/host/host-member-managedby_host-absent.yml b/playbooks/host/host-member-managedby_host-absent.yml index e9fc6b4c..2fd88683 100644 --- a/playbooks/host/host-member-managedby_host-absent.yml +++ b/playbooks/host/host-member-managedby_host-absent.yml @@ -4,7 +4,7 @@ become: true tasks: - ipahost: + - ipahost: ipaadmin_password: SomeADMINpassword name: host01.exmaple.com managedby_host: server.exmaple.com diff --git a/playbooks/host/host-member-managedby_host-present.yml b/playbooks/host/host-member-managedby_host-present.yml index c00548cf..1f326384 100644 --- a/playbooks/host/host-member-managedby_host-present.yml +++ b/playbooks/host/host-member-managedby_host-present.yml @@ -4,7 +4,7 @@ become: true tasks: - ipahost: + - ipahost: ipaadmin_password: SomeADMINpassword name: host01.exmaple.com managedby_host: server.exmaple.com diff --git a/playbooks/host/host-present-with-managedby_host.yml b/playbooks/host/host-present-with-managedby_host.yml index 51a1c21f..51b9662e 100644 --- a/playbooks/host/host-present-with-managedby_host.yml +++ b/playbooks/host/host-present-with-managedby_host.yml @@ -4,7 +4,7 @@ become: true tasks: - ipahost: + - ipahost: ipaadmin_password: SomeADMINpassword name: host01.exmaple.com managedby_host: server.exmaple.com diff --git a/playbooks/host/hosts-member-managedby_host-absent.yml b/playbooks/host/hosts-member-managedby_host-absent.yml index 40ae3b7d..0866dffa 100644 --- a/playbooks/host/hosts-member-managedby_host-absent.yml +++ b/playbooks/host/hosts-member-managedby_host-absent.yml @@ -4,6 +4,7 @@ become: true tasks: + - name: Ensure hosts manadegby_host is absent. ipahost: ipaadmin_password: SomeADMINpassword hosts: diff --git a/playbooks/host/hosts-member-managedby_host-present.yml b/playbooks/host/hosts-member-managedby_host-present.yml index fe70a59f..deb0ae60 100644 --- a/playbooks/host/hosts-member-managedby_host-present.yml +++ b/playbooks/host/hosts-member-managedby_host-present.yml @@ -4,6 +4,7 @@ become: true tasks: + - name: Ensure hosts manadegby_host is absent. ipahost: ipaadmin_password: SomeADMINpassword hosts: diff --git a/playbooks/host/hosts-present-with-managedby_host.yml b/playbooks/host/hosts-present-with-managedby_host.yml index 262f6c1d..610e20c1 100644 --- a/playbooks/host/hosts-present-with-managedby_host.yml +++ b/playbooks/host/hosts-present-with-managedby_host.yml @@ -4,7 +4,7 @@ become: true tasks: - ipahost: + - ipahost: ipaadmin_password: SomeADMINpassword hosts: - name: host01.exmaple.com diff --git a/playbooks/host/hosts-present-with-randompasswords.yml b/playbooks/host/hosts-present-with-randompasswords.yml index 5a1ea9c0..8f330c0d 100644 --- a/playbooks/host/hosts-present-with-randompasswords.yml +++ b/playbooks/host/hosts-present-with-randompasswords.yml @@ -23,4 +23,3 @@ - name: Print generated random password for host02.example.com debug: var: ipahost.host["host02.example.com"].randompassword - From b8398c4737c1687040649786346e5c2088d1ae66 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Tue, 1 Sep 2020 12:13:49 -0300 Subject: [PATCH 3/8] Enable ansible-lint Github action on every push. By running ansible-lint we check if playbooks provided in ansible-freipa follow Ansible's best practices, nd the verification will be performed on every push (even on forks) or pull-request. This patch provides the configuration needed to run ansible-lint to the playbooks found in the `tests`, `playbooks` and `molecule` directories, on every push or pull-request done on Github, using Ansible's Github Action ansible/ansible-lint-action. --- .ansible-lint | 23 +++++++++++++++++++++++ .github/workflows/lint.yml | 27 +++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 .ansible-lint create mode 100644 .github/workflows/lint.yml diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 00000000..b5f26cad --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,23 @@ +exclude_paths: + - roles + - .tox + - .venv + +parseable: true + +quiet: false + +skip_list: + - '201' # Trailing whitespace + - '204' # Lines should be no longer than 160 chars + - '206' # Variables should have spaces before and after: {{ var_name }}' + - '208' # File permissions not mentioned + - '301' # Commands should not change things if nothing needs doing' + - '305' # Use shell only when shell functionality is required' + - '306' # Shells that use pipes should set the pipefail option' + - '502' # All tasks should be named + - '505' # Referenced missing file + +use_default_rules: true + +verbosity: 1 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 00000000..053ce65e --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,27 @@ +--- +name: Run Linters +on: + - push + - pull_request +jobs: + linters: + name: Run Linters + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-python@v2 + with: + python-version: "3.6" + + - name: Run ansible-lint + uses: ansible/ansible-lint-action@master + with: + targets: | + tests/*.yml + tests/*/*.yml + tests/*/*/*.yml + playbooks/*.yml + playbooks/*/*.yml + env: + ANSIBLE_MODULE_UTILS: plugins/module_utils + ANSIBLE_LIBRARY: plugins/modules From c05a7233ec9a846a0c53bdb6af6d465a371f9f96 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Tue, 1 Sep 2020 12:50:48 -0300 Subject: [PATCH 4/8] Enable yaml-lint Github action on push/pull-requests. By running yamllint we add one more verification of quality to the playbooks used on/provided by ansible-freeipa, that will be executed on every push (even on forks) or pull-requests. This patch provides the configuration needed to run yamllint on the playbooks found in the `tests`, `playbooks` and `molecule` directories, on every push or pull-request done on Github, using ibiqlik/action-yamllint action version `v1`. The current configuration for yamllint has many rules disable, so the problems found can be fixed later. All rules after the comment `# Disabled rules` should be enabled in the near future. --- .github/workflows/lint.yml | 4 ++++ .yamllint | 28 ++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 .yamllint diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 053ce65e..403edaaa 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -25,3 +25,7 @@ jobs: env: ANSIBLE_MODULE_UTILS: plugins/module_utils ANSIBLE_LIBRARY: plugins/modules + + - name: Run yaml-lint + uses: ibiqlik/action-yamllint@v1 + diff --git a/.yamllint b/.yamllint new file mode 100644 index 00000000..3671e728 --- /dev/null +++ b/.yamllint @@ -0,0 +1,28 @@ +--- +ignore: | + /.tox/ + /.venv/ + /.github/ + +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + truthy: + allowed-values: ["yes", "no", "true", "false", "True", "False"] + level: error + # Disabled rules + document-start: disable + indentation: disable + line-length: disable + colons: disable + empty-lines: disable + comments: disable + comments-indentation: disable + trailing-spaces: disable + new-line-at-end-of-file: disable From f2b4bac386e7476ce58f8bfec083a47e037800ca Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Tue, 1 Sep 2020 12:58:31 -0300 Subject: [PATCH 5/8] Fix ansible-lint warning on molecule playbooks. Ansible best practice is to not use `latest` for the `package` module state. As we want to use it in the case of nss, this change will disable checking for this case. --- molecule/resources/playbooks/prepare-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/resources/playbooks/prepare-build.yml b/molecule/resources/playbooks/prepare-build.yml index d6523699..41f513d4 100644 --- a/molecule/resources/playbooks/prepare-build.yml +++ b/molecule/resources/playbooks/prepare-build.yml @@ -11,7 +11,7 @@ - name: Ensure nss package is updated package: name: nss - state: latest + state: latest # noqa 403 - include_role: name: ipaserver From bbf6d51f70a35d11a42c50484dbeb23fb2dc0d01 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Tue, 1 Sep 2020 15:58:01 -0300 Subject: [PATCH 6/8] Enable Python linters as Github Actions Flake8 and Pydocstyle were already being used as checks on Azure pipelines, and this change enable the use of both as Github actions run on every push (on any fork) end every pull-request. I uses `rjeffman/python-lint-action` to run both linters using the project's configuration. --- .github/workflows/lint.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 403edaaa..fc05dfe9 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -29,3 +29,5 @@ jobs: - name: Run yaml-lint uses: ibiqlik/action-yamllint@v1 + - name: Run Python linters + uses: rjeffman/python-lint-action@master From 121f59bba7480f629ac7818b8ffd2f96e84d303f Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Tue, 1 Sep 2020 16:00:01 -0300 Subject: [PATCH 7/8] Disable Python linters on Azure pipelines. This patch disables execution of Python lintes on Azure pipelines, as they are now executed through Github Actions. --- tests/azure/azure-pipelines.yml | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/tests/azure/azure-pipelines.yml b/tests/azure/azure-pipelines.yml index db3d52f5..d8914d96 100644 --- a/tests/azure/azure-pipelines.yml +++ b/tests/azure/azure-pipelines.yml @@ -18,27 +18,6 @@ pool: vmImage: 'ubuntu-18.04' stages: -- stage: Linters - jobs: - - job: RunLinters - displayName: Run Linters - steps: - - task: UsePythonVersion@0 - inputs: - versionSpec: '3.6' - - - script: python -m pip install --upgrade pip setuptools wheel - displayName: Install tools - - - script: pip install pydocstyle flake8 - displayName: Install dependencies - - - script: flake8 . - displayName: Run flake8 checks - - - script: pydocstyle . - displayName: Verify docstings - - stage: Centos7 dependsOn: [] jobs: From b7900f1c64aca063b42345e4b22479ee5feb9b73 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Tue, 1 Sep 2020 16:32:51 -0300 Subject: [PATCH 8/8] Add script to run linters. The scprit `lint_check.sh` under utils runs the same linters as the Github Actions, with the same configuration. The changes on setup.cfg are required if flake8-docstrings is used, so its output is the same as pydocstlye. --- setup.cfg | 3 ++- utils/lint_check.sh | 25 +++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100755 utils/lint_check.sh diff --git a/setup.cfg b/setup.cfg index d87f6f06..4d60e31f 100644 --- a/setup.cfg +++ b/setup.cfg @@ -22,7 +22,8 @@ data_files = /usr/share/ansible/roles/ipareplica = roles/ipareplica/* [flake8] -extend-ignore = E203 +extend-ignore = E203, D1, D212, D203, D400, D401 +exclude = .git,__pycache__,.tox,.venv per-file-ignores = plugins/*:E402 roles/*:E402 diff --git a/utils/lint_check.sh b/utils/lint_check.sh new file mode 100755 index 00000000..49700266 --- /dev/null +++ b/utils/lint_check.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +topdir=`dirname $(dirname $0)` + +flake8 . +pydocstyle . + +ANSIBLE_LIBRARY=${ANSIBLE_LIBRARY:-"${topdir}/plugins/modules"} +ANSIBLE_MODULE_UTILS=${ANSIBLE_MODULE_UTILS:-"${topdir}/plugins/module_utils"} + +export ANSIBLE_LIBRARY ANSIBLE_MODULE_UTILS + +yaml_dirs=( + "${topdir}/tests/*.yml" + "${topdir}/tests/*/*.yml" + "${topdir}/tests/*/*/*.yml" + "${topdir}/playbooks/*.yml" + "${topdir}/playbooks/*/*.yml" + "${topdir}/molecule/*/*.yml" + "${topdir}/molecule/*/*/*.yml" +) + +ansible-lint --force-color ${yaml_dirs[@]} + +yamllint -f colored ${yaml_dirs[@]}