Cleanup with ruff check (#963)

* Implement improvements suggested by ruff check. * Add ruff check to CI. * Add changelog fragment.
2026-05-06 13:22:58 +00:00 · 2025-10-28 07:21:11 +01:00
parent 6f0c58f483
commit 5420f9baaf
39 changed files with 198 additions and 199 deletions
--- a/plugins/modules/acme_account_info.py
+++ b/plugins/modules/acme_account_info.py
@@ -227,6 +227,17 @@ if t.TYPE_CHECKING:
    from ansible.module_utils.basic import AnsibleModule  # pragma: no cover


+def _collect_next(info: dict[str, t.Any]) -> list[str]:
+    result: list[str] = []
+
+    def f(link: str, relation: str) -> None:
+        if relation == "next":
+            result.append(link)
+
+    process_links(info=info, callback=f)
+    return result
+
+
 def get_orders_list(
    module: AnsibleModule, client: ACMEClient, orders_url: str
 ) -> list[str]:
@@ -257,12 +268,7 @@ def get_orders_list(
        orders.extend(res["orders"])
        # Extract URL of next part of results list
        new_orders_url: list[str | None] = []
-
-        def f(link: str, relation: str) -> None:
-            if relation == "next":
-                new_orders_url.append(link)
-
-        process_links(info=info, callback=f)
+        new_orders_url.extend(_collect_next(info))
        new_orders_url.append(None)
        previous_orders_url, next_orders_url = next_orders_url, new_orders_url.pop(0)
        if next_orders_url == previous_orders_url:
--- a/plugins/modules/acme_certificate.py
+++ b/plugins/modules/acme_certificate.py
@@ -795,13 +795,12 @@ class ACMECertificateClient:
                raise ModuleFailException(
                    f"Found no challenge of type '{self.challenge}' for identifier {type_identifier}!"
                )
-            if self.challenge == "dns-01":
-                if self.challenge in challenges:
-                    values = data_dns.get(challenges[self.challenge]["record"])
-                    if values is None:
-                        values = []
-                        data_dns[challenges[self.challenge]["record"]] = values
-                    values.append(challenges[self.challenge]["resource_value"])
+            if self.challenge == "dns-01" and self.challenge in challenges:
+                values = data_dns.get(challenges[self.challenge]["record"])
+                if values is None:
+                    values = []
+                    data_dns[challenges[self.challenge]["record"]] = values
+                values.append(challenges[self.challenge]["resource_value"])
        return data, data_dns

    def finish_challenges(self) -> None:
--- a/plugins/modules/acme_certificate_order_finalize.py
+++ b/plugins/modules/acme_certificate_order_finalize.py
@@ -440,9 +440,8 @@ def main() -> t.NoReturn:
                module.params["deactivate_authzs"] == "always"
                or (module.params["deactivate_authzs"] == "on_success" and done)
                or (module.params["deactivate_authzs"] == "on_error" and not done)
-            ):
-                if order:
-                    client.deactivate_authzs(order)
+            ) and order:
+                client.deactivate_authzs(order)
        module.exit_json(
            changed=changed,
            account_uri=client.client.account_uri,
--- a/plugins/modules/certificate_complete_chain.py
+++ b/plugins/modules/certificate_complete_chain.py
@@ -206,11 +206,10 @@ def is_parent(
            )
        elif isinstance(
            public_key,
-            cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey,
-        ):
-            public_key.verify(cert.cert.signature, cert.cert.tbs_certificate_bytes)
-        elif isinstance(
-            public_key, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey
+            (
+                cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey,
+                cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey,
+            ),
        ):
            public_key.verify(cert.cert.signature, cert.cert.tbs_certificate_bytes)
        else:
@@ -365,13 +364,12 @@ def main() -> t.NoReturn:

    # Check chain
    for i, parent in enumerate(chain):
-        if i > 0:
-            if not is_parent(module, chain[i - 1], parent):
-                module.fail_json(
-                    msg=(
-                        f"Cannot verify input chain: certificate #{i + 1}: {format_cert(parent)} is not issuer of certificate #{i}: {format_cert(chain[i - 1])}"
-                    )
+        if i > 0 and not is_parent(module, chain[i - 1], parent):
+            module.fail_json(
+                msg=(
+                    f"Cannot verify input chain: certificate #{i + 1}: {format_cert(parent)} is not issuer of certificate #{i}: {format_cert(chain[i - 1])}"
                )
+            )

    # Load intermediate certificates
    intermediates = CertificateSet(module)
--- a/plugins/modules/crypto_info.py
+++ b/plugins/modules/crypto_info.py
@@ -222,7 +222,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]:
        has_dsa = True
        try:
            # added later in 1.5
-            dsa.DSAPrivateKey.sign  # pylint: disable=pointless-statement
+            dsa.DSAPrivateKey.sign  # noqa: B018 # pylint: disable=pointless-statement
            has_dsa_sign = True
        except AttributeError:
            pass
@@ -239,7 +239,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]:
        has_rsa = True
        try:
            # added later in 1.4
-            rsa.RSAPrivateKey.sign  # pylint: disable=pointless-statement
+            rsa.RSAPrivateKey.sign  # noqa: B018 # pylint: disable=pointless-statement
            has_rsa_sign = True
        except AttributeError:
            pass
@@ -261,7 +261,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]:
        has_ed25519 = True
        try:
            # added with the primitive in 2.6
-            ed25519.Ed25519PrivateKey.sign  # pylint: disable=pointless-statement
+            ed25519.Ed25519PrivateKey.sign  # noqa: B018 # pylint: disable=pointless-statement
            has_ed25519_sign = True
        except AttributeError:
            pass
@@ -283,7 +283,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]:
        has_ed448 = True
        try:
            # added with the primitive in 2.6
-            ed448.Ed448PrivateKey.sign  # pylint: disable=pointless-statement
+            ed448.Ed448PrivateKey.sign  # noqa: B018 # pylint: disable=pointless-statement
            has_ed448_sign = True
        except AttributeError:
            pass
@@ -299,7 +299,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]:

        try:
            # added later in 2.5
-            x25519.X25519PrivateKey.private_bytes  # pylint: disable=pointless-statement
+            x25519.X25519PrivateKey.private_bytes  # noqa: B018 # pylint: disable=pointless-statement
            full = True
        except AttributeError:
            full = False
@@ -344,7 +344,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]:
        has_ec = True
        try:
            # added later in 1.5
-            ec.EllipticCurvePrivateKey.sign  # pylint: disable=pointless-statement
+            ec.EllipticCurvePrivateKey.sign  # noqa: B018 # pylint: disable=pointless-statement
            has_ec_sign = True
        except AttributeError:
            pass
--- a/plugins/modules/get_certificate.py
+++ b/plugins/modules/get_certificate.py
@@ -376,9 +376,8 @@ def main() -> t.NoReturn:
    if timeout:
        setdefaulttimeout(timeout)

-    if ca_cert:
-        if not isfile(ca_cert):
-            module.fail_json(msg="ca_cert file does not exist")
+    if ca_cert and not isfile(ca_cert):
+        module.fail_json(msg="ca_cert file does not exist")

    verified_chain = None
    unverified_chain = None
--- a/plugins/modules/luks_device.py
+++ b/plugins/modules/luks_device.py
@@ -936,9 +936,7 @@ class ConditionsHandler(Handler):

        name = self.opened_luks_name(self.device)

-        if name is None:
-            return True
-        return False
+        return name is None

    def luks_close(self) -> bool:
        if (
--- a/plugins/modules/openssl_dhparam.py
+++ b/plugins/modules/openssl_dhparam.py
@@ -391,7 +391,7 @@ def main() -> t.NoReturn:
            # Detection what is possible
            can_use_cryptography = (
                CRYPTOGRAPHY_FOUND
-                and CRYPTOGRAPHY_VERSION >= LooseVersion(MINIMAL_CRYPTOGRAPHY_VERSION)
+                and LooseVersion(MINIMAL_CRYPTOGRAPHY_VERSION) <= CRYPTOGRAPHY_VERSION
            )
            can_use_openssl = module.get_bin_path("openssl", False) is not None

--- a/plugins/modules/openssl_pkcs12.py
+++ b/plugins/modules/openssl_pkcs12.py
@@ -342,10 +342,10 @@ if t.TYPE_CHECKING:
    )

    PKCS12 = tuple[
-        t.Union[CertificateIssuerPrivateKeyTypes, None],
-        t.Union[cryptography.x509.Certificate, None],
+        t.Union[CertificateIssuerPrivateKeyTypes, None],  # noqa: UP007
+        t.Union[cryptography.x509.Certificate, None],  # noqa: UP007
        list[cryptography.x509.Certificate],
-        t.Union[bytes, None],
+        t.Union[bytes, None],  # noqa: UP007
    ]  # pragma: no cover


@@ -823,9 +823,9 @@ def main() -> t.NoReturn:
                    changed = True

            file_args = module.load_file_common_arguments(module.params)
-            if module.check_file_absent_if_check_mode(file_args["path"]):
-                changed = True
-            elif module.set_fs_attributes_if_different(file_args, changed):
+            if module.check_file_absent_if_check_mode(
+                file_args["path"]
+            ) or module.set_fs_attributes_if_different(file_args, changed):
                changed = True
        else:
            if module.check_mode:
--- a/plugins/modules/openssl_publickey.py
+++ b/plugins/modules/openssl_publickey.py
@@ -325,9 +325,9 @@ class PublicKey(OpenSSLObject):
            passphrase=self.privatekey_passphrase,
        )
        file_args = module.load_file_common_arguments(module.params)
-        if module.check_file_absent_if_check_mode(file_args["path"]):
-            self.changed = True
-        elif module.set_fs_attributes_if_different(file_args, False):
+        if module.check_file_absent_if_check_mode(
+            file_args["path"]
+        ) or module.set_fs_attributes_if_different(file_args, False):
            self.changed = True

    def check(self, module: AnsibleModule, *, perms_required: bool = True) -> bool:
--- a/plugins/modules/openssl_signature.py
+++ b/plugins/modules/openssl_signature.py
@@ -200,13 +200,10 @@ class SignatureCryptography(SignatureBase):

            elif isinstance(
                private_key,
-                cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey,
-            ):
-                signature = private_key.sign(_in)
-
-            elif isinstance(
-                private_key,
-                cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey,
+                (
+                    cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey,
+                    cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey,
+                ),
            ):
                signature = private_key.sign(_in)

--- a/plugins/modules/openssl_signature_info.py
+++ b/plugins/modules/openssl_signature_info.py
@@ -197,15 +197,10 @@ class SignatureInfoCryptography(SignatureInfoBase):

                elif isinstance(
                    public_key,
-                    cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey,
-                ):
-                    public_key.verify(_signature, _in)
-                    verified = True
-                    valid = True
-
-                elif isinstance(
-                    public_key,
-                    cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey,
+                    (
+                        cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey,
+                        cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey,
+                    ),
                ):
                    public_key.verify(_signature, _in)
                    verified = True
--- a/plugins/modules/x509_certificate_convert.py
+++ b/plugins/modules/x509_certificate_convert.py
@@ -244,9 +244,9 @@ class X509CertificateConvertModule(OpenSSLObject):
            return True
        if self.input != self.dest_content:
            return True
-        if self.format == "pem" and self.dest_content_pem_type != self.wanted_pem_type:
-            return True
-        return False
+        return bool(
+            self.format == "pem" and self.dest_content_pem_type != self.wanted_pem_type
+        )

    def get_dest_certificate(self) -> bytes:
        if self.format == "der":
--- a/plugins/modules/x509_crl.py
+++ b/plugins/modules/x509_crl.py
@@ -823,10 +823,7 @@ class CRL(OpenSSLObject):
            if old_entries != new_entries:
                return False

-        if self.format != self.actual_format and not ignore_conversion:
-            return False
-
-        return True
+        return not (self.format != self.actual_format and not ignore_conversion)

    def _generate_crl(self) -> bytes:
        crl = CertificateRevocationListBuilder()
@@ -919,9 +916,9 @@ class CRL(OpenSSLObject):
            self.changed = True

        file_args = self.module.load_file_common_arguments(self.module.params)
-        if self.module.check_file_absent_if_check_mode(file_args["path"]):
-            self.changed = True
-        elif self.module.set_fs_attributes_if_different(file_args, False):
+        if self.module.check_file_absent_if_check_mode(
+            file_args["path"]
+        ) or self.module.set_fs_attributes_if_different(file_args, False):
            self.changed = True

    def dump(self, check_mode: bool = False) -> dict[str, t.Any]: