From 990b40df3e7f8057c1d6315fad33ca40591e6586 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Sat, 17 May 2025 16:45:37 +0200 Subject: [PATCH] Add pylint (#892) * Move mypy/flake8/isort config files to more 'natural' places. * Add pylint. * Look at no-member. * Look at pointless-* and unnecessary-pass. * Look at useless-*. * Lint. --- tests/nox-config-flake8.ini => .flake8 | 0 tests/nox-config-isort.cfg => .isort.cfg | 0 tests/nox-config-mypy.ini => .mypy.ini | 0 .pylintrc | 615 ++++++++++++++++++ antsibull-nox.toml | 9 +- plugins/module_utils/_crypto/_asn1.py | 32 +- .../_crypto/cryptography_support.py | 8 +- .../_crypto/module_backends/certificate.py | 2 - .../module_backends/certificate_entrust.py | 16 +- .../_crypto/module_backends/privatekey.py | 1 - .../module_backends/privatekey_convert.py | 1 - plugins/module_utils/_gnupg/cli.py | 1 - plugins/modules/crypto_info.py | 6 + plugins/modules/ecs_certificate.py | 28 +- plugins/modules/ecs_domain.py | 12 +- plugins/modules/openssl_dhparam.py | 1 - .../_openssh/test_cryptography.py | 3 - 17 files changed, 681 insertions(+), 54 deletions(-) rename tests/nox-config-flake8.ini => .flake8 (100%) rename tests/nox-config-isort.cfg => .isort.cfg (100%) rename tests/nox-config-mypy.ini => .mypy.ini (100%) create mode 100644 .pylintrc diff --git a/tests/nox-config-flake8.ini b/.flake8 similarity index 100% rename from tests/nox-config-flake8.ini rename to .flake8 diff --git a/tests/nox-config-isort.cfg b/.isort.cfg similarity index 100% rename from tests/nox-config-isort.cfg rename to .isort.cfg diff --git a/tests/nox-config-mypy.ini b/.mypy.ini similarity index 100% rename from tests/nox-config-mypy.ini rename to .mypy.ini diff --git a/.pylintrc b/.pylintrc new file mode 100644 index 00000000..56ecb468 --- /dev/null +++ b/.pylintrc @@ -0,0 +1,615 @@ +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later +# SPDX-FileCopyrightText: 2025 Felix Fontein + +[MAIN] + +# Clear in-memory caches upon conclusion of linting. Useful if running pylint +# in a server-like mode. +clear-cache-post-run=no + +# Load and enable all available extensions. Use --list-extensions to see a list +# all available extensions. +#enable-all-extensions= + +# Specify a score threshold under which the program will exit with error. +fail-under=10 + +# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the +# number of processors available to use, and will cap the count on Windows to +# avoid hangs. +jobs=0 + +# Minimum Python version to use for version dependent checks. Will default to +# the version used to run pylint. +py-version=3.7 + +# Allow loading of arbitrary C extensions. Extensions are imported into the +# active Python interpreter and may run arbitrary code. +unsafe-load-any-extension=no + +# In verbose mode, extra non-checker-related info will be displayed. +#verbose= + + +[BASIC] + +# Naming style matching correct argument names. +argument-naming-style=snake_case + +# Regular expression matching correct argument names. Overrides argument- +# naming-style. If left empty, argument names will be checked with the set +# naming style. +#argument-rgx= + +# Naming style matching correct attribute names. +attr-naming-style=snake_case + +# Regular expression matching correct attribute names. Overrides attr-naming- +# style. If left empty, attribute names will be checked with the set naming +# style. +#attr-rgx= + +# Bad variable names which should always be refused, separated by a comma. +bad-names=foo, + bar, + baz, + toto, + tutu, + tata + +# Bad variable names regexes, separated by a comma. If names match any regex, +# they will always be refused +bad-names-rgxs= + +# Naming style matching correct class attribute names. +class-attribute-naming-style=any + +# Regular expression matching correct class attribute names. Overrides class- +# attribute-naming-style. If left empty, class attribute names will be checked +# with the set naming style. +#class-attribute-rgx= + +# Naming style matching correct class constant names. +class-const-naming-style=UPPER_CASE + +# Regular expression matching correct class constant names. Overrides class- +# const-naming-style. If left empty, class constant names will be checked with +# the set naming style. +#class-const-rgx= + +# Naming style matching correct class names. +class-naming-style=PascalCase + +# Regular expression matching correct class names. Overrides class-naming- +# style. If left empty, class names will be checked with the set naming style. +#class-rgx= + +# Naming style matching correct constant names. +const-naming-style=UPPER_CASE + +# Regular expression matching correct constant names. Overrides const-naming- +# style. If left empty, constant names will be checked with the set naming +# style. +#const-rgx= + +# Minimum line length for functions/classes that require docstrings, shorter +# ones are exempt. +docstring-min-length=-1 + +# Naming style matching correct function names. +function-naming-style=snake_case + +# Regular expression matching correct function names. Overrides function- +# naming-style. If left empty, function names will be checked with the set +# naming style. +#function-rgx= + +# Good variable names which should always be accepted, separated by a comma. +good-names=i, + j, + k, + ex, + Run, + _ + +# Good variable names regexes, separated by a comma. If names match any regex, +# they will always be accepted +good-names-rgxs= + +# Include a hint for the correct naming format with invalid-name. +include-naming-hint=no + +# Naming style matching correct inline iteration names. +inlinevar-naming-style=any + +# Regular expression matching correct inline iteration names. Overrides +# inlinevar-naming-style. If left empty, inline iteration names will be checked +# with the set naming style. +#inlinevar-rgx= + +# Naming style matching correct method names. +method-naming-style=snake_case + +# Regular expression matching correct method names. Overrides method-naming- +# style. If left empty, method names will be checked with the set naming style. +#method-rgx= + +# Naming style matching correct module names. +module-naming-style=snake_case + +# Regular expression matching correct module names. Overrides module-naming- +# style. If left empty, module names will be checked with the set naming style. +#module-rgx= + +# Colon-delimited sets of names that determine each other's naming style when +# the name regexes allow several styles. +name-group= + +# Regular expression which should only match function or class names that do +# not require a docstring. +no-docstring-rgx=^_ + +# List of decorators that produce properties, such as abc.abstractproperty. Add +# to this list to register other decorators that produce valid properties. +# These decorators are taken in consideration only for invalid-name. +property-classes=abc.abstractproperty + +# Regular expression matching correct type alias names. If left empty, type +# alias names will be checked with the set naming style. +#typealias-rgx= + +# Regular expression matching correct type variable names. If left empty, type +# variable names will be checked with the set naming style. +#typevar-rgx= + +# Naming style matching correct variable names. +variable-naming-style=snake_case + +# Regular expression matching correct variable names. Overrides variable- +# naming-style. If left empty, variable names will be checked with the set +# naming style. +#variable-rgx= + + +[CLASSES] + +# Warn about protected attribute access inside special methods +check-protected-access-in-special-methods=no + +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods=__init__, + __new__, + setUp, + asyncSetUp, + __post_init__ + +# List of member names, which should be excluded from the protected access +# warning. +exclude-protected=_asdict,_fields,_replace,_source,_make,os._exit + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg=cls + +# List of valid names for the first argument in a metaclass class method. +valid-metaclass-classmethod-first-arg=mcs + + +[DESIGN] + +# List of regular expressions of class ancestor names to ignore when counting +# public methods (see R0903) +exclude-too-few-public-methods= + +# List of qualified class names to ignore when counting class parents (see +# R0901) +ignored-parents= + +# Maximum number of arguments for function / method. +max-args=5 + +# Maximum number of attributes for a class (see R0902). +max-attributes=7 + +# Maximum number of boolean expressions in an if statement (see R0916). +max-bool-expr=5 + +# Maximum number of branch for function / method body. +max-branches=12 + +# Maximum number of locals for function / method body. +max-locals=15 + +# Maximum number of parents for a class (see R0901). +max-parents=7 + +# Maximum number of positional arguments for function / method. +max-positional-arguments=5 + +# Maximum number of public methods for a class (see R0904). +max-public-methods=20 + +# Maximum number of return / yield for function / method body. +max-returns=6 + +# Maximum number of statements in function / method body. +max-statements=50 + +# Minimum number of public methods for a class (see R0903). +min-public-methods=2 + + +[EXCEPTIONS] + +# Exceptions that will emit a warning when caught. +overgeneral-exceptions=builtins.BaseException,builtins.Exception + + +[FORMAT] + +# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. +expected-line-ending-format= + +# Regexp for a line that is allowed to be longer than the limit. +ignore-long-lines=^\s*(# )??$ + +# Number of spaces of indent required inside a hanging or continued line. +indent-after-paren=4 + +# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 +# tab). +indent-string=' ' + +# Maximum number of characters on a single line. +max-line-length=160 + +# Maximum number of lines in a module. +max-module-lines=1000 + +# Allow the body of a class to be on the same line as the declaration if body +# contains single statement. +single-line-class-stmt=no + +# Allow the body of an if to be on the same line as the test if there is no +# else. +single-line-if-stmt=no + + +[IMPORTS] + +# List of modules that can be imported at any level, not just the top level +# one. +allow-any-import-level= + +# Allow explicit reexports by alias from a package __init__. +allow-reexport-from-package=no + +# Allow wildcard imports from modules that define __all__. +allow-wildcard-with-all=no + +# Deprecated modules which should not be used, separated by a comma. +deprecated-modules= + +# Output a graph (.gv or any supported image format) of external dependencies +# to the given file (report RP0402 must not be disabled). +ext-import-graph= + +# Output a graph (.gv or any supported image format) of all (i.e. internal and +# external) dependencies to the given file (report RP0402 must not be +# disabled). +import-graph= + +# Output a graph (.gv or any supported image format) of internal dependencies +# to the given file (report RP0402 must not be disabled). +int-import-graph= + +# Force import order to recognize a module as part of the standard +# compatibility libraries. +known-standard-library= + +# Force import order to recognize a module as part of a third party library. +known-third-party=enchant + +# Couples of modules and preferred modules, separated by a comma. +preferred-modules= + + +[LOGGING] + +# The type of string formatting that logging methods do. `old` means using % +# formatting, `new` is for `{}` formatting. +logging-format-style=old + +# Logging modules to check that the string format arguments are in logging +# function parameter format. +logging-modules=logging + + +[MESSAGES CONTROL] + +# Only show warnings with the listed confidence levels. Leave empty to show +# all. Valid levels: HIGH, CONTROL_FLOW, INFERENCE, INFERENCE_FAILURE, +# UNDEFINED. +confidence=HIGH, + CONTROL_FLOW, + INFERENCE, + INFERENCE_FAILURE, + UNDEFINED + +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifiers separated by comma (,) or put this +# option multiple times (only on the command line, not in the configuration +# file where it should appear only once). You can also use "--disable=all" to +# disable everything first and then re-enable specific checks. For example, if +# you want to run only the similarities checker, you can use "--disable=all +# --enable=similarities". If you want to run only the classes checker, but have +# no Warning level messages displayed, use "--disable=all --enable=classes +# --disable=W". +disable=raw-checker-failed, + bad-inline-option, + deprecated-pragma, + duplicate-code, + file-ignored, + import-outside-toplevel, + missing-class-docstring, + missing-function-docstring, + missing-module-docstring, + locally-disabled, + suppressed-message, + useless-suppression, + use-symbolic-message-instead, + use-implicit-booleaness-not-comparison, + use-implicit-booleaness-not-comparison-to-string, + use-implicit-booleaness-not-comparison-to-zero, + too-few-public-methods, + too-many-arguments, + too-many-boolean-expressions, + too-many-branches, + too-many-function-args, + too-many-instance-attributes, + too-many-lines, + too-many-locals, + too-many-nested-blocks, + too-many-positional-arguments, + too-many-return-statements, + too-many-statements, + ungrouped-imports, + useless-parent-delegation, + wrong-import-order, + wrong-import-position, + # To clean up: + arguments-differ, + attribute-defined-outside-init, + broad-exception-caught, + broad-exception-raised, + consider-using-dict-items, + consider-using-in, + consider-using-set-comprehension, + consider-using-with, + fixme, + inconsistent-return-statements, + invalid-name, + no-else-raise, + no-else-return, + possibly-used-before-assignment, + protected-access, + raise-missing-from, + redefined-argument-from-local, + redefined-builtin, + redefined-outer-name, + superfluous-parens, + super-with-arguments, + try-except-raise, + unknown-option-value, + unspecified-encoding, + unsupported-assignment-operation, + unsupported-binary-operation, + unused-argument, + unused-variable, + use-dict-literal, + +# Enable the message, report, category or checker with the given id(s). You can +# either give multiple identifier separated by comma (,) or put this option +# multiple time (only on the command line, not in the configuration file where +# it should appear only once). See also the "--disable" option for examples. +enable= + + +[METHOD_ARGS] + +# List of qualified names (i.e., library.method) which require a timeout +# parameter e.g. 'requests.api.get,requests.api.post' +timeout-methods=requests.api.delete,requests.api.get,requests.api.head,requests.api.options,requests.api.patch,requests.api.post,requests.api.put,requests.api.request + + +[MISCELLANEOUS] + +# List of note tags to take in consideration, separated by a comma. +notes=FIXME, + XXX, + TODO + +# Regular expression of note tags to take in consideration. +notes-rgx= + + +[REFACTORING] + +# Maximum number of nested blocks for function / method body +max-nested-blocks=5 + +# Complete name of functions that never returns. When checking for +# inconsistent-return-statements if a never returning function is called then +# it will be considered as an explicit return statement and no message will be +# printed. +never-returning-functions=sys.exit,argparse.parse_error + +# Let 'consider-using-join' be raised when the separator to join on would be +# non-empty (resulting in expected fixes of the type: ``"- " + " - +# ".join(items)``) +suggest-join-with-non-empty-separator=yes + + +[REPORTS] + +# Python expression which should return a score less than or equal to 10. You +# have access to the variables 'fatal', 'error', 'warning', 'refactor', +# 'convention', and 'info' which contain the number of messages in each +# category, as well as 'statement' which is the total number of statements +# analyzed. This score is used by the global evaluation report (RP0004). +evaluation=max(0, 0 if fatal else 10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)) + +# Template used to display messages. This is a python new-style format string +# used to format the message information. See doc for all details. +msg-template= + +# Set the output format. Available formats are: text, parseable, colorized, +# json2 (improved json format), json (old json format) and msvs (visual +# studio). You can also give a reporter class, e.g. +# mypackage.mymodule.MyReporterClass. +#output-format= + +# Tells whether to display a full report or only the messages. +reports=no + +# Activate the evaluation score. +score=yes + + +[SIMILARITIES] + +# Comments are removed from the similarity computation +ignore-comments=yes + +# Docstrings are removed from the similarity computation +ignore-docstrings=yes + +# Imports are removed from the similarity computation +ignore-imports=yes + +# Signatures are removed from the similarity computation +ignore-signatures=yes + +# Minimum lines number of a similarity. +min-similarity-lines=4 + + +[SPELLING] + +# Limits count of emitted suggestions for spelling mistakes. +max-spelling-suggestions=4 + +# Spelling dictionary name. No available dictionaries : You need to install +# both the python package and the system dependency for enchant to work. +spelling-dict= + +# List of comma separated words that should be considered directives if they +# appear at the beginning of a comment and should not be checked. +spelling-ignore-comment-directives=fmt: on,fmt: off,noqa:,noqa,nosec,isort:skip,mypy: + +# List of comma separated words that should not be checked. +spelling-ignore-words= + +# A path to a file that contains the private dictionary; one word per line. +spelling-private-dict-file= + +# Tells whether to store unknown words to the private dictionary (see the +# --spelling-private-dict-file option) instead of raising a message. +spelling-store-unknown-words=no + + +[STRING] + +# This flag controls whether inconsistent-quotes generates a warning when the +# character used as a quote delimiter is used inconsistently within a module. +check-quote-consistency=no + +# This flag controls whether the implicit-str-concat should generate a warning +# on implicit string concatenation in sequences defined over several lines. +check-str-concat-over-line-jumps=no + + +[TYPECHECK] + +# List of decorators that produce context managers, such as +# contextlib.contextmanager. Add to this list to register other decorators that +# produce valid context managers. +contextmanager-decorators=contextlib.contextmanager + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E1101 when accessed. Python regular +# expressions are accepted. +generated-members= + +# Tells whether to warn about missing members when the owner of the attribute +# is inferred to be None. +ignore-none=yes + +# This flag controls whether pylint should warn about no-member and similar +# checks whenever an opaque object is returned when inferring. The inference +# can return multiple potential results while evaluating a Python object, but +# some branches might not be evaluated, which results in partial inference. In +# that case, it might be useful to still emit no-member and other checks for +# the rest of the inferred objects. +ignore-on-opaque-inference=yes + +# List of symbolic message names to ignore for Mixin members. +ignored-checks-for-mixins=no-member, + not-async-context-manager, + not-context-manager, + attribute-defined-outside-init + +# List of class names for which member attributes should not be checked (useful +# for classes with dynamically set attributes). This supports the use of +# qualified names. +ignored-classes=optparse.Values,thread._local,_thread._local,argparse.Namespace + +# Show a hint with possible names when a member name was not found. The aspect +# of finding the hint is based on edit distance. +missing-member-hint=yes + +# The minimum edit distance a name should have in order to be considered a +# similar match for a missing member name. +missing-member-hint-distance=1 + +# The total number of similar names that should be taken in consideration when +# showing a hint for a missing member. +missing-member-max-choices=1 + +# Regex pattern to define which classes are considered mixins. +mixin-class-rgx=.*[Mm]ixin + +# List of decorators that change the signature of a decorated function. +signature-mutators= + + +[VARIABLES] + +# List of additional names supposed to be defined in builtins. Remember that +# you should avoid defining new builtins when possible. +additional-builtins= + +# Tells whether unused global variables should be treated as a violation. +allow-global-unused-variables=yes + +# List of names allowed to shadow builtins +allowed-redefined-builtins= + +# List of strings which can identify a callback function by name. A callback +# name must start or end with one of those strings. +callbacks=cb_, + _cb + +# A regular expression matching the name of dummy variables (i.e. expected to +# not be used). +dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_ + +# Argument names that match this expression will be ignored. +ignored-argument-names=_.*|^ignored_|^unused_ + +# Tells whether we should check for unused import in __init__ files. +init-import=no + +# List of qualified module names which can have objects that can redefine +# builtins. +redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io diff --git a/antsibull-nox.toml b/antsibull-nox.toml index 6fc33245..73162e06 100644 --- a/antsibull-nox.toml +++ b/antsibull-nox.toml @@ -9,18 +9,19 @@ [sessions.lint] run_isort = true -isort_config = "tests/nox-config-isort.cfg" +isort_config = ".isort.cfg" run_black = true run_flake8 = true -flake8_config = "tests/nox-config-flake8.ini" -run_pylint = false +flake8_config = ".flake8" +run_pylint = true +pylint_rcfile = ".pylintrc" run_yamllint = true yamllint_config = ".yamllint" yamllint_config_plugins = ".yamllint-docs" yamllint_config_plugins_examples = ".yamllint-examples" run_mypy = true mypy_ansible_core_package = "ansible-core>=2.19.0b3" -mypy_config = "tests/nox-config-mypy.ini" +mypy_config = ".mypy.ini" mypy_extra_deps = [ "cryptography", "types-mock", diff --git a/plugins/module_utils/_crypto/_asn1.py b/plugins/module_utils/_crypto/_asn1.py index 98976b38..3732e900 100644 --- a/plugins/module_utils/_crypto/_asn1.py +++ b/plugins/module_utils/_crypto/_asn1.py @@ -13,23 +13,21 @@ import re from ansible.module_utils.common.text.converters import to_bytes -""" -An ASN.1 serialized as a string in the OpenSSL format: - [modifier,]type[:value] - -modifier: - The modifier can be 'IMPLICIT:,' or 'EXPLICIT:' where IMPLICIT - changes the tag of the universal value to encode and EXPLICIT prefixes its tag to the existing universal value. - The tag_number must be set while the tag_class can be 'U', 'A', 'P', or 'C" for 'Universal', 'Application', - 'Private', or 'Context Specific' with C being the default. - -type: - The underlying ASN.1 type of the value specified. Currently only the following have been implemented: - UTF8: The value must be a UTF-8 encoded string. - -value: - The value to encode, the format of this value depends on the specified. -""" +# An ASN.1 serialized as a string in the OpenSSL format: +# [modifier,]type[:value] +# +# 'modifier': +# The modifier can be 'IMPLICIT:,' or 'EXPLICIT:' where IMPLICIT +# changes the tag of the universal value to encode and EXPLICIT prefixes its tag to the existing universal value. +# The tag_number must be set while the tag_class can be 'U', 'A', 'P', or 'C" for 'Universal', 'Application', +# 'Private', or 'Context Specific' with C being the default. +# +# 'type': +# The underlying ASN.1 type of the value specified. Currently only the following have been implemented: +# UTF8: The value must be a UTF-8 encoded string. +# +# 'value': +# The value to encode, the format of this value depends on the specified. ASN1_STRING_REGEX = re.compile( r"^((?PIMPLICIT|EXPLICIT):(?P\d+)(?PU|A|P|C)?,)?" r"(?P[\w\d]+):(?P.*)" diff --git a/plugins/module_utils/_crypto/cryptography_support.py b/plugins/module_utils/_crypto/cryptography_support.py index beed44eb..e8108580 100644 --- a/plugins/module_utils/_crypto/cryptography_support.py +++ b/plugins/module_utils/_crypto/cryptography_support.py @@ -40,9 +40,8 @@ try: _HAS_CRYPTOGRAPHY = True except ImportError: - _HAS_CRYPTOGRAPHY = False # Error handled in the calling module. - pass + _HAS_CRYPTOGRAPHY = False try: import cryptography.hazmat.primitives.asymmetric.dh @@ -906,12 +905,13 @@ def _parse_pkcs12_35_0_0( # Since load_key_and_certificates succeeded, it should not fail. pkcs12 = backend._ffi.gc( backend._lib.d2i_PKCS12_bio( - backend._bytes_to_bio(pkcs12_bytes).bio, backend._ffi.NULL + backend._bytes_to_bio(pkcs12_bytes).bio, # pylint: disable=no-member + backend._ffi.NULL, ), backend._lib.PKCS12_free, ) certificate_x509_ptr = backend._ffi.new("X509 **") - with backend._zeroed_null_terminated_buf( + with backend._zeroed_null_terminated_buf( # pylint: disable=no-member to_bytes(passphrase) if passphrase is not None else None ) as passphrase_buffer: backend._lib.PKCS12_parse( diff --git a/plugins/module_utils/_crypto/module_backends/certificate.py b/plugins/module_utils/_crypto/module_backends/certificate.py index aaf9d53a..7ee09b5a 100644 --- a/plugins/module_utils/_crypto/module_backends/certificate.py +++ b/plugins/module_utils/_crypto/module_backends/certificate.py @@ -114,12 +114,10 @@ class CertificateBackend(metaclass=abc.ABCMeta): @abc.abstractmethod def generate_certificate(self) -> None: """(Re-)Generate certificate.""" - pass @abc.abstractmethod def get_certificate_data(self) -> bytes: """Return bytes for self.cert.""" - pass def set_existing(self, certificate_bytes: bytes | None) -> None: """Set existing certificate bytes. None indicates that the key does not exist.""" diff --git a/plugins/module_utils/_crypto/module_backends/certificate_entrust.py b/plugins/module_utils/_crypto/module_backends/certificate_entrust.py index 3b0dc9fc..d57f5246 100644 --- a/plugins/module_utils/_crypto/module_backends/certificate_entrust.py +++ b/plugins/module_utils/_crypto/module_backends/certificate_entrust.py @@ -140,7 +140,9 @@ class EntrustCertificateBackend(CertificateBackend): } try: - result = self.ecs_client.NewCertRequest(Body=body) + result = self.ecs_client.NewCertRequest( # pylint: disable=no-member + Body=body + ) self.trackingId = result.get("trackingId") except RestOperationException as e: self.module.fail_json( @@ -204,9 +206,11 @@ class EntrustCertificateBackend(CertificateBackend): # If a trackingId is not already defined (from the result of a generate) # use the serial number to identify the tracking Id if self.trackingId is None and serial_number is not None: - cert_results = self.ecs_client.GetCertificates( - serialNumber=serial_number - ).get("certificates", {}) + cert_results = ( + self.ecs_client.GetCertificates( # pylint: disable=no-member + serialNumber=serial_number + ).get("certificates", {}) + ) # Finding 0 or more than 1 result is a very unlikely use case, it simply means we cannot perform additional checks # on the 'state' as returned by Entrust Certificate Services (ECS). The general certificate validity is @@ -216,7 +220,9 @@ class EntrustCertificateBackend(CertificateBackend): if self.trackingId is not None: cert_details.update( - self.ecs_client.GetCertificate(trackingId=self.trackingId) + self.ecs_client.GetCertificate( # pylint: disable=no-member + trackingId=self.trackingId + ) ) return cert_details diff --git a/plugins/module_utils/_crypto/module_backends/privatekey.py b/plugins/module_utils/_crypto/module_backends/privatekey.py index 3096a183..e3c77229 100644 --- a/plugins/module_utils/_crypto/module_backends/privatekey.py +++ b/plugins/module_utils/_crypto/module_backends/privatekey.py @@ -132,7 +132,6 @@ class PrivateKeyBackend(metaclass=abc.ABCMeta): @abc.abstractmethod def generate_private_key(self) -> None: """(Re-)Generate private key.""" - pass def convert_private_key(self) -> None: """Convert existing private key (self.existing_private_key) to new private key (self.private_key). diff --git a/plugins/module_utils/_crypto/module_backends/privatekey_convert.py b/plugins/module_utils/_crypto/module_backends/privatekey_convert.py index a0502b83..6ee92dec 100644 --- a/plugins/module_utils/_crypto/module_backends/privatekey_convert.py +++ b/plugins/module_utils/_crypto/module_backends/privatekey_convert.py @@ -91,7 +91,6 @@ class PrivateKeyConvertBackend(metaclass=abc.ABCMeta): @abc.abstractmethod def get_private_key_data(self) -> bytes: """Return bytes for self.src_private_key in output format.""" - pass def set_existing_destination(self, *, privatekey_bytes: bytes | None) -> None: """Set existing private key bytes. None indicates that the key does not exist.""" diff --git a/plugins/module_utils/_gnupg/cli.py b/plugins/module_utils/_gnupg/cli.py index 644931b4..f6f0b626 100644 --- a/plugins/module_utils/_gnupg/cli.py +++ b/plugins/module_utils/_gnupg/cli.py @@ -31,7 +31,6 @@ class GPGRunner(metaclass=abc.ABCMeta): Raises a ``GPGError`` in case of errors. """ - pass def get_fingerprint_from_stdout(*, stdout: str) -> str: diff --git a/plugins/modules/crypto_info.py b/plugins/modules/crypto_info.py index eaedcd27..3c38ba9f 100644 --- a/plugins/modules/crypto_info.py +++ b/plugins/modules/crypto_info.py @@ -221,6 +221,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]: has_dsa = True try: # added later in 1.5 + # pylint: disable-next=pointless-statement cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey.sign has_dsa_sign = True except AttributeError: @@ -238,6 +239,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]: has_rsa = True try: # added later in 1.4 + # pylint: disable-next=pointless-statement cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey.sign has_rsa_sign = True except AttributeError: @@ -263,6 +265,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]: has_ed25519 = True try: # added with the primitive in 2.6 + # pylint: disable-next=pointless-statement cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey.sign has_ed25519_sign = True except AttributeError: @@ -286,6 +289,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]: has_ed448 = True try: # added with the primitive in 2.6 + # pylint: disable-next=pointless-statement cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey.sign has_ed448_sign = True except AttributeError: @@ -302,6 +306,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]: try: # added later in 2.5 + # pylint: disable-next=pointless-statement cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.private_bytes full = True except AttributeError: @@ -351,6 +356,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]: has_ec = True try: # added later in 1.5 + # pylint: disable-next=pointless-statement cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign has_ec_sign = True except AttributeError: diff --git a/plugins/modules/ecs_certificate.py b/plugins/modules/ecs_certificate.py index ed76f264..2028530d 100644 --- a/plugins/modules/ecs_certificate.py +++ b/plugins/modules/ecs_certificate.py @@ -658,7 +658,7 @@ class EcsCertificate: except SessionConfigurationException as e: module.fail_json(msg=f"Failed to initialize Entrust Provider: {e}") try: - self.ecs_client.GetAppVersion() + self.ecs_client.GetAppVersion() # pylint: disable=no-member except RestOperationException as e: module.fail_json( msg=f"Please verify credential information. Received exception when testing ECS connection: {e.message}" @@ -732,19 +732,21 @@ class EcsCertificate: # Use serial_number to identify if certificate is an Entrust Certificate # with an associated tracking ID serial_number = f"{self.cert.serial_number:X}" - cert_results = self.ecs_client.GetCertificates( + cert_results = self.ecs_client.GetCertificates( # pylint: disable=no-member serialNumber=serial_number ).get("certificates", {}) if len(cert_results) == 1: self.tracking_id = cert_results[0].get("trackingId") except RestOperationException: # If we fail to find a cert by serial number, that's fine, we just do not set self.tracking_id - return + pass def set_cert_details(self, module): try: - self.cert_details = self.ecs_client.GetCertificate( - trackingId=self.tracking_id + self.cert_details = ( + self.ecs_client.GetCertificate( # pylint: disable=no-member + trackingId=self.tracking_id + ) ) self.cert_status = self.cert_details.get("status") self.serial_number = self.cert_details.get("serialNumber") @@ -828,15 +830,23 @@ class EcsCertificate: try: if self.request_type == "validate_only": body["validateOnly"] = "true" - result = self.ecs_client.NewCertRequest(Body=body) + result = ( + self.ecs_client.NewCertRequest( # pylint: disable=no-member + Body=body + ) + ) if self.request_type == "new": - result = self.ecs_client.NewCertRequest(Body=body) + result = ( + self.ecs_client.NewCertRequest( # pylint: disable=no-member + Body=body + ) + ) elif self.request_type == "renew": - result = self.ecs_client.RenewCertRequest( + result = self.ecs_client.RenewCertRequest( # pylint: disable=no-member trackingId=self.tracking_id, Body=body ) elif self.request_type == "reissue": - result = self.ecs_client.ReissueCertRequest( + result = self.ecs_client.ReissueCertRequest( # pylint: disable=no-member trackingId=self.tracking_id, Body=body ) self.tracking_id = result.get("trackingId") diff --git a/plugins/modules/ecs_domain.py b/plugins/modules/ecs_domain.py index c2e68f74..7f8fdeac 100644 --- a/plugins/modules/ecs_domain.py +++ b/plugins/modules/ecs_domain.py @@ -276,7 +276,7 @@ class EcsDomain: except SessionConfigurationException as e: module.fail_json(msg=f"Failed to initialize Entrust Provider: {e}") try: - self.ecs_client.GetAppVersion() + self.ecs_client.GetAppVersion() # pylint: disable=no-member except RestOperationException as e: module.fail_json( msg=f"Please verify credential information. Received exception when testing ECS connection: {e.message}" @@ -310,7 +310,7 @@ class EcsDomain: def check(self, module): try: - domain_details = self.ecs_client.GetDomain( + domain_details = self.ecs_client.GetDomain( # pylint: disable=no-member clientId=module.params["client_id"], domain=module.params["domain_name"] ) self.set_domain_details(domain_details) @@ -355,18 +355,18 @@ class EcsDomain: body["domainName"] = module.params["domain_name"] try: if not self.domain_status: - self.ecs_client.AddDomain( + self.ecs_client.AddDomain( # pylint: disable=no-member clientId=module.params["client_id"], Body=body ) else: - self.ecs_client.ReverifyDomain( + self.ecs_client.ReverifyDomain( # pylint: disable=no-member clientId=module.params["client_id"], domain=module.params["domain_name"], Body=body, ) time.sleep(5) - result = self.ecs_client.GetDomain( + result = self.ecs_client.GetDomain( # pylint: disable=no-member clientId=module.params["client_id"], domain=module.params["domain_name"], ) @@ -393,7 +393,7 @@ class EcsDomain: ): break time.sleep(10) - result = self.ecs_client.GetDomain( + result = self.ecs_client.GetDomain( # pylint: disable=no-member clientId=module.params["client_id"], domain=module.params["domain_name"], ) diff --git a/plugins/modules/openssl_dhparam.py b/plugins/modules/openssl_dhparam.py index a93707b6..89846819 100644 --- a/plugins/modules/openssl_dhparam.py +++ b/plugins/modules/openssl_dhparam.py @@ -188,7 +188,6 @@ class DHParameterBase: @abc.abstractmethod def _do_generate(self, module: AnsibleModule) -> None: """Actually generate the DH params.""" - pass def generate(self, module: AnsibleModule) -> None: """Generate DH params.""" diff --git a/tests/unit/plugins/module_utils/_openssh/test_cryptography.py b/tests/unit/plugins/module_utils/_openssh/test_cryptography.py index 59d19059..a27cafe4 100644 --- a/tests/unit/plugins/module_utils/_openssh/test_cryptography.py +++ b/tests/unit/plugins/module_utils/_openssh/test_cryptography.py @@ -205,7 +205,6 @@ def test_invalid_user_key_params( result = True except Exception as e: print(e) - pass assert result @@ -225,7 +224,6 @@ def test_invalid_key_sizes( result = True except Exception as e: print(e) - pass assert result @@ -239,7 +237,6 @@ def test_valid_comment_update() -> None: pair.comment = new_comment except Exception as e: print(e) - pass assert ( pair.comment == new_comment