From d88998cd686d67efc5b7ce3c23353ef2c257eefc Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Mon, 5 Apr 2021 11:48:48 +0300 Subject: [PATCH] Bump ansible-lint and ansible version ansible-lint 5.0.9 has merged our NoLogPasswordRule [1] APTRepositoryCacheUpdateRule is not relevant since ansible fix has been merged for several years now. Also ansible-lint provides yamllint check. This means, we shouldn't really carry custom lint rules and can jsut use upstream ones. We also update ansible and collections version to match with the integrated repo. [1] https://github.com/ansible-community/ansible-lint/commit/8bef056d698f4cda64a52eec73fc9b6f70e40cb3 Change-Id: Ie85d6d0a17849bbc665a7f49644c38b5f6a96bb2 --- ansible-lint/APTRepositoryCacheUpdateRule.py | 35 ------------- ansible-lint/NoLogPasswordsRule.py | 50 ------------------- ansible-lint/YAMLdictchecker.py | 35 ------------- .../test/TestAPTRepositoryCacheUpdateRule.py | 23 --------- ansible-lint/test/TestNoLogPasswordsRule.py | 23 --------- ansible-lint/test/__init__.py | 0 .../apt-repository-cache-update-failure.yml | 23 --------- .../apt-repository-cache-update-success.yml | 13 ----- .../test/no-log-passwords-failure.yml | 21 -------- .../test/no-log-passwords-success.yml | 14 ------ test-ansible-collection-requirements.yml | 10 ++-- test-ansible-deps.txt | 2 +- test-ansible-lint.sh | 12 +---- test-prepare-host.yml | 8 +-- test-requirements.txt | 2 +- 15 files changed, 16 insertions(+), 255 deletions(-) delete mode 100755 ansible-lint/APTRepositoryCacheUpdateRule.py delete mode 100755 ansible-lint/NoLogPasswordsRule.py delete mode 100755 ansible-lint/YAMLdictchecker.py delete mode 100644 ansible-lint/test/TestAPTRepositoryCacheUpdateRule.py delete mode 100644 ansible-lint/test/TestNoLogPasswordsRule.py delete mode 100644 ansible-lint/test/__init__.py delete mode 100644 ansible-lint/test/apt-repository-cache-update-failure.yml delete mode 100644 ansible-lint/test/apt-repository-cache-update-success.yml delete mode 100644 ansible-lint/test/no-log-passwords-failure.yml delete mode 100644 ansible-lint/test/no-log-passwords-success.yml diff --git a/ansible-lint/APTRepositoryCacheUpdateRule.py b/ansible-lint/APTRepositoryCacheUpdateRule.py deleted file mode 100755 index 13ce3223..00000000 --- a/ansible-lint/APTRepositoryCacheUpdateRule.py +++ /dev/null @@ -1,35 +0,0 @@ -#!/usr/bin/env python -# Copyright 2018, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -import ansiblelint - - -class APTRepositoryCacheUpdateRule(ansiblelint.AnsibleLintRule): - id = "OSA0002" - shortdesc = "apt_repository update_cache should be disabled." - description = ( - "apt_repository cache updates silently fail when a task is retried. " - "Disable cache updates by setting `update_cache: no` and use a " - "separate apt task to update the APT cache. This bug is tracked by " - "https://github.com/ansible/ansible/issues/36605." - ) - tags = ["bug"] - - def matchtask(self, file, task): - module = task["action"]["__ansible_module__"] - update_cache_enabled = task["action"].get("update_cache", True) - - return module == "apt_repository" and update_cache_enabled diff --git a/ansible-lint/NoLogPasswordsRule.py b/ansible-lint/NoLogPasswordsRule.py deleted file mode 100755 index 3e8b44fd..00000000 --- a/ansible-lint/NoLogPasswordsRule.py +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/env python -# Copyright 2018, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -import ansiblelint - -try: - from ansible.module_utils.parsing.convert_bool import boolean -except ImportError: - try: - from ansible.utils.boolean import boolean - except ImportError: - try: - from ansible.utils import boolean - except ImportError: - from ansible import constants - boolean = constants.mk_boolean - - -class NoLogPasswordsRule(ansiblelint.AnsibleLintRule): - id = "OSA0003" - shortdesc = "password should not be logged." - description = ( - "all the modules that take a password argument must fail " - "if no_log is not set or set to False in the task." - ) - tags = ["passwords"] - - def matchtask(self, file, task): - - has_password = False - for param in task["action"].keys(): - if 'password' in param: - has_password = True - # No nog_log and no_log: False behave the same way - # and should return a failure (return True), so we - # need to invert the boolean - return has_password and not boolean(task.get('no_log', False)) diff --git a/ansible-lint/YAMLdictchecker.py b/ansible-lint/YAMLdictchecker.py deleted file mode 100755 index 701280d8..00000000 --- a/ansible-lint/YAMLdictchecker.py +++ /dev/null @@ -1,35 +0,0 @@ -#!/usr/bin/env python -# Copyright 2016, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - - -import ansiblelint - - -class YAMLdictchecker(ansiblelint.AnsibleLintRule): - id = 'OSA0001' - shortdesc = 'Please use ":" YAML dictionary format instead of "="' - description = 'Please follow YAML dictionary format while creating' - 'task and other roles in Ansible' - 'Follow this url for examples of how to use YAML dictionary ' - 'format. "https://docs.openstack.org/openstack-ansible/latest/' - 'contribute/contribute.html#ansible-style-guide"' - tags = ['task'] - - def match(self, file, line): - for item in line.split(" "): - if "=" in item: - return True - return False diff --git a/ansible-lint/test/TestAPTRepositoryCacheUpdateRule.py b/ansible-lint/test/TestAPTRepositoryCacheUpdateRule.py deleted file mode 100644 index 90190766..00000000 --- a/ansible-lint/test/TestAPTRepositoryCacheUpdateRule.py +++ /dev/null @@ -1,23 +0,0 @@ -import unittest - -from ansiblelint.rules import RulesCollection -from ansiblelint.runner import Runner -from APTRepositoryCacheUpdateRule import APTRepositoryCacheUpdateRule - - -class TestAPTRepositoryCacheUpdateRule(unittest.TestCase): - collection = RulesCollection() - - def setUp(self): - self.collection.register(APTRepositoryCacheUpdateRule()) - - def test_file_positive(self): - success = 'ansible-lint/test/apt-repository-cache-update-success.yml' - good_runner = Runner(self.collection, success, [], [], []) - self.assertEqual([], good_runner.run()) - - def test_file_negative(self): - failure = 'ansible-lint/test/apt-repository-cache-update-failure.yml' - bad_runner = Runner(self.collection, failure, [], [], []) - errs = bad_runner.run() - self.assertEqual(4, len(errs)) diff --git a/ansible-lint/test/TestNoLogPasswordsRule.py b/ansible-lint/test/TestNoLogPasswordsRule.py deleted file mode 100644 index 1feedfa5..00000000 --- a/ansible-lint/test/TestNoLogPasswordsRule.py +++ /dev/null @@ -1,23 +0,0 @@ -import unittest - -from ansiblelint.rules import RulesCollection -from ansiblelint.runner import Runner -from NoLogPasswordsRule import NoLogPasswordsRule - - -class TestNoLogPasswordsRule(unittest.TestCase): - collection = RulesCollection() - - def setUp(self): - self.collection.register(NoLogPasswordsRule()) - - def test_file_positive(self): - success = 'ansible-lint/test/no-log-passwords-success.yml' - good_runner = Runner(self.collection, success, [], [], []) - self.assertEqual([], good_runner.run()) - - def test_file_negative(self): - failure = 'ansible-lint/test/no-log-passwords-failure.yml' - bad_runner = Runner(self.collection, failure, [], [], []) - errs = bad_runner.run() - self.assertEqual(3, len(errs)) diff --git a/ansible-lint/test/__init__.py b/ansible-lint/test/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/ansible-lint/test/apt-repository-cache-update-failure.yml b/ansible-lint/test/apt-repository-cache-update-failure.yml deleted file mode 100644 index 3f5a4d71..00000000 --- a/ansible-lint/test/apt-repository-cache-update-failure.yml +++ /dev/null @@ -1,23 +0,0 @@ -- tasks: - - - name: APT cache updates implicitly enabled - apt_repository: - repo: "deb https://example.com/foo/ bar baz" - - - name: APT cache updates explicitly enabled - apt_repository: - repo: "deb https://example.com/foo/ bar baz" - update_cache: true - - - name: APT cache updates implicitly enabled and retries - apt_repository: - repo: "deb https://example.com/foo/ bar baz" - register: add_repo - until: add_repo is success - - - name: APT cache updates explicitly enabled and retries - apt_repository: - repo: "deb https://example.com/foo/ bar baz" - update_cache: true - register: add_repo - until: add_repo is success diff --git a/ansible-lint/test/apt-repository-cache-update-success.yml b/ansible-lint/test/apt-repository-cache-update-success.yml deleted file mode 100644 index 0a51bc04..00000000 --- a/ansible-lint/test/apt-repository-cache-update-success.yml +++ /dev/null @@ -1,13 +0,0 @@ -- tasks: - - - name: Apt cache update disabled - apt_repository: - repo: "deb https://example.com/foo/ bar baz" - update_cache: false - - - name: Apt cache update disabled with retries - apt_repository: - repo: "deb https://example.com/foo/ bar baz" - update_cache: false - register: add_repo - until: add_repo is success diff --git a/ansible-lint/test/no-log-passwords-failure.yml b/ansible-lint/test/no-log-passwords-failure.yml deleted file mode 100644 index a80a4cff..00000000 --- a/ansible-lint/test/no-log-passwords-failure.yml +++ /dev/null @@ -1,21 +0,0 @@ -- tasks: - - - name: Fail no_log isn't used - user: - name: bidule - password: "wow" - state: absent - - - name: Fail when no_log is set to False - user: - name: bidule - password: "wow" - state: absent - no_log: False - - - name: Fail when no_log is set to no - user: - name: bidule - password: "wow" - state: absent - no_log: no diff --git a/ansible-lint/test/no-log-passwords-success.yml b/ansible-lint/test/no-log-passwords-success.yml deleted file mode 100644 index 98a3b777..00000000 --- a/ansible-lint/test/no-log-passwords-success.yml +++ /dev/null @@ -1,14 +0,0 @@ -- tasks: - - name: Succeed when no_log is set to yes - user: - name: bidule - password: "wow" - state: absent - no_log: yes - - - name: Succeed when no_log is set to True - user: - name: bidule - password: "wow" - state: absent - no_log: True diff --git a/test-ansible-collection-requirements.yml b/test-ansible-collection-requirements.yml index b87989cd..3d413f9d 100644 --- a/test-ansible-collection-requirements.yml +++ b/test-ansible-collection-requirements.yml @@ -3,17 +3,21 @@ collections: version: 1.2.1 type: git - name: https://github.com/ansible-collections/community.general - version: 1.3.0 + version: 2.1.1 type: git - name: https://github.com/ansible-collections/community.rabbitmq version: 1.0.1 type: git - name: https://github.com/ansible-collections/community.mysql - version: 1.1.1 + version: 1.2.0 type: git - name: https://github.com/ansible-collections/community.crypto - version: 1.3.0 + version: 1.4.0 type: git + - name: https://github.com/ansible-collections/ansible.posix + version: 1.1.1 + type: git + # NOTE(noonedeadpunk): needs version in galaxy.yml to pull from git - name: openvswitch.openvswitch version: 1.1.0 source: https://galaxy.ansible.com diff --git a/test-ansible-deps.txt b/test-ansible-deps.txt index 36294903..4fc3ff9a 100644 --- a/test-ansible-deps.txt +++ b/test-ansible-deps.txt @@ -8,7 +8,7 @@ # target configuration in each role. # The Ansible version used for testing -ansible-base==2.10.5 +ansible-base==2.10.9 # Used for the ip filter within ansible netaddr diff --git a/test-ansible-lint.sh b/test-ansible-lint.sh index d84e97c0..ddbbb9a8 100755 --- a/test-ansible-lint.sh +++ b/test-ansible-lint.sh @@ -42,16 +42,8 @@ echo "ANSIBLE_LINT_PARAMS: ${ANSIBLE_LINT_PARAMS}" # Ensure that the Ansible environment is properly prepared source "${COMMON_TESTS_PATH}/test-ansible-env-prep.sh" -# Run unit tests for OSA ansible-lint rules -# Only do it if the repository being tested is the openstack-ansible-tests -# repository. -if [[ "$(basename ${WORKING_DIR})" == "openstack-ansible-tests" ]]; then - python -m unittest discover -s "${WORKING_DIR}/ansible-lint" -p 'Test*.py' -fi - # Execute ansible-lint. We do not want to test dependent roles located # in $HOME/.ansible/roles since we only care about the role we are currently # testing. -ANSIBLE_LINT_WARNINGS="-w 204 -w 208 -w 306 -w metadata" -ansible-lint ${ANSIBLE_LINT_PARAMS} ${ANSIBLE_LINT_WARNINGS} --exclude=$HOME/.ansible/roles \ - -R -r ${COMMON_TESTS_PATH}/ansible-lint/ ${TEST_PLAYBOOK} +ANSIBLE_LINT_WARNINGS="-w 208 -w 306 -w 502 -w 503 -w metadata" +ansible-lint ${ANSIBLE_LINT_PARAMS} ${ANSIBLE_LINT_WARNINGS} --exclude=$HOME/.ansible/roles ${TEST_PLAYBOOK} diff --git a/test-prepare-host.yml b/test-prepare-host.yml index 47dfdeb2..40f3b2b4 100644 --- a/test-prepare-host.yml +++ b/test-prepare-host.yml @@ -127,7 +127,7 @@ vars: systemd_interface_cleanup: true systemd_run_networkd: true - systemd_netdevs: |- + systemd_netdevs: |- # noqa var-spacing {% set systemd_network_devices = [] %} {% for interface in (bridges | default([])) %} {% if interface is string %} @@ -139,7 +139,8 @@ {% set _ = systemd_network_devices.append({'NetDev': {'Name': interface_name, 'Kind': 'bridge'}}) %} {% if interface.veth_peer is defined %} {% set _ = systemd_network_devices.append({'NetDev': {'Name': interface_name + '-veth', 'Kind': 'veth'}, - 'Peer': {'Name': interface.veth_peer}}) %} + 'Peer': {'Name': interface.veth_peer} + }) %} {% endif %} {% endif %} {% endfor %} @@ -158,7 +159,8 @@ {% set _ = systemd_network_networks.append({'interface': interface_name, 'netmask': (interface.netmask | default('255.255.255.0')), 'config_overrides': {'Network': {'Address': {(interface.ip_addr | default('10.1.0.1')): null, - (interface.alias | string): null}}}}) %} + (interface.alias | string): null} + }}}) %} {% else %} {% set _ = systemd_network_networks.append({'interface': 'dummy-' + interface_name, 'bridge': interface_name}) %} {% set _ = systemd_network_networks.append({'interface': interface_name, diff --git a/test-requirements.txt b/test-requirements.txt index d965a546..cb7198ee 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -19,7 +19,7 @@ # Used for lint tests bashate>=0.5.1 # Apache-2.0 flake8==3.8.3 # MIT -ansible-lint==4.3.5 # MIT +ansible-lint==5.0.9 # MIT # Used to help make SNI connections work from python # if python itself does not support it properly (<2.7.9).