openstack/openstack-ansible-tests
Code Issues Proposed changes

Bump ansible-lint and ansible version

Browse Source 
ansible-lint 5.0.9 has merged our NoLogPasswordRule [1]
APTRepositoryCacheUpdateRule is not relevant since
ansible fix has been merged for several years now.
Also ansible-lint provides yamllint check.

This means, we shouldn't really carry custom lint
rules and can jsut use upstream ones.

We also update ansible and collections version to
match with the integrated repo.

[1] 8bef056d69

Change-Id: Ie85d6d0a17849bbc665a7f49644c38b5f6a96bb2
This commit is contained in:
Dmitriy Rabotyagov 2021-04-05 11:48:48 +03:00
parent efd8b4a1a4
commit d88998cd68
15 changed files with 16 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
ansible-lint/APTRepositoryCacheUpdateRule.py
View File

@ -1,35 +0,0 @@
#!/usr/bin/env python
# Copyright 2018, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
import ansiblelint
class APTRepositoryCacheUpdateRule(ansiblelint.AnsibleLintRule):
id = "OSA0002"
shortdesc = "apt_repository update_cache should be disabled."
description = (
"apt_repository cache updates silently fail when a task is retried. "
"Disable cache updates by setting `update_cache: no` and use a "
"separate apt task to update the APT cache. This bug is tracked by "
"https://github.com/ansible/ansible/issues/36605."
)
tags = ["bug"]
def matchtask(self, file, task):
module = task["action"]["__ansible_module__"]
update_cache_enabled = task["action"].get("update_cache", True)
return module == "apt_repository" and update_cache_enabled

50
ansible-lint/NoLogPasswordsRule.py
View File

@ -1,50 +0,0 @@
#!/usr/bin/env python
# Copyright 2018, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
import ansiblelint
try:
from ansible.module_utils.parsing.convert_bool import boolean
except ImportError:
try:
from ansible.utils.boolean import boolean
except ImportError:
try:
from ansible.utils import boolean
except ImportError:
from ansible import constants
boolean = constants.mk_boolean
class NoLogPasswordsRule(ansiblelint.AnsibleLintRule):
id = "OSA0003"
shortdesc = "password should not be logged."
description = (
"all the modules that take a password argument must fail "
"if no_log is not set or set to False in the task."
)
tags = ["passwords"]
def matchtask(self, file, task):
has_password = False
for param in task["action"].keys():
if 'password' in param:
has_password = True
# No nog_log and no_log: False behave the same way
# and should return a failure (return True), so we
# need to invert the boolean
return has_password and not boolean(task.get('no_log', False))

35
ansible-lint/YAMLdictchecker.py
View File

@ -1,35 +0,0 @@
#!/usr/bin/env python
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
import ansiblelint
class YAMLdictchecker(ansiblelint.AnsibleLintRule):
id = 'OSA0001'
shortdesc = 'Please use ":" YAML dictionary format instead of "="'
description = 'Please follow YAML dictionary format while creating'
'task and other roles in Ansible'
'Follow this url for examples of how to use YAML dictionary '
'format. "https://docs.openstack.org/openstack-ansible/latest/'
'contribute/contribute.html#ansible-style-guide"'
tags = ['task']
def match(self, file, line):
for item in line.split(" "):
if "=" in item:
return True
return False

23
ansible-lint/test/TestAPTRepositoryCacheUpdateRule.py
View File

@ -1,23 +0,0 @@
import unittest
from ansiblelint.rules import RulesCollection
from ansiblelint.runner import Runner
from APTRepositoryCacheUpdateRule import APTRepositoryCacheUpdateRule
class TestAPTRepositoryCacheUpdateRule(unittest.TestCase):
collection = RulesCollection()
def setUp(self):
self.collection.register(APTRepositoryCacheUpdateRule())
def test_file_positive(self):
success = 'ansible-lint/test/apt-repository-cache-update-success.yml'
good_runner = Runner(self.collection, success, [], [], [])
self.assertEqual([], good_runner.run())
def test_file_negative(self):
failure = 'ansible-lint/test/apt-repository-cache-update-failure.yml'
bad_runner = Runner(self.collection, failure, [], [], [])
errs = bad_runner.run()
self.assertEqual(4, len(errs))

23
ansible-lint/test/TestNoLogPasswordsRule.py
View File

@ -1,23 +0,0 @@
import unittest
from ansiblelint.rules import RulesCollection
from ansiblelint.runner import Runner
from NoLogPasswordsRule import NoLogPasswordsRule
class TestNoLogPasswordsRule(unittest.TestCase):
collection = RulesCollection()
def setUp(self):
self.collection.register(NoLogPasswordsRule())
def test_file_positive(self):
success = 'ansible-lint/test/no-log-passwords-success.yml'
good_runner = Runner(self.collection, success, [], [], [])
self.assertEqual([], good_runner.run())
def test_file_negative(self):
failure = 'ansible-lint/test/no-log-passwords-failure.yml'
bad_runner = Runner(self.collection, failure, [], [], [])
errs = bad_runner.run()
self.assertEqual(3, len(errs))

0
ansible-lint/test/__init__.py
View File

23
ansible-lint/test/apt-repository-cache-update-failure.yml
View File

@ -1,23 +0,0 @@
- tasks:
- name: APT cache updates implicitly enabled
apt_repository:
repo: "deb https://example.com/foo/ bar baz"
- name: APT cache updates explicitly enabled
apt_repository:
repo: "deb https://example.com/foo/ bar baz"
update_cache: true
- name: APT cache updates implicitly enabled and retries
apt_repository:
repo: "deb https://example.com/foo/ bar baz"
register: add_repo
until: add_repo is success
- name: APT cache updates explicitly enabled and retries
apt_repository:
repo: "deb https://example.com/foo/ bar baz"
update_cache: true
register: add_repo
until: add_repo is success

13
ansible-lint/test/apt-repository-cache-update-success.yml
View File

@ -1,13 +0,0 @@
- tasks:
- name: Apt cache update disabled
apt_repository:
repo: "deb https://example.com/foo/ bar baz"
update_cache: false
- name: Apt cache update disabled with retries
apt_repository:
repo: "deb https://example.com/foo/ bar baz"
update_cache: false
register: add_repo
until: add_repo is success

21
ansible-lint/test/no-log-passwords-failure.yml
View File

@ -1,21 +0,0 @@
- tasks:
- name: Fail no_log isn't used
user:
name: bidule
password: "wow"
state: absent
- name: Fail when no_log is set to False
user:
name: bidule
password: "wow"
state: absent
no_log: False
- name: Fail when no_log is set to no
user:
name: bidule
password: "wow"
state: absent
no_log: no

14
ansible-lint/test/no-log-passwords-success.yml
View File

@ -1,14 +0,0 @@
- tasks:
- name: Succeed when no_log is set to yes
user:
name: bidule
password: "wow"
state: absent
no_log: yes
- name: Succeed when no_log is set to True
user:
name: bidule
password: "wow"
state: absent
no_log: True

10
test-ansible-collection-requirements.yml
View File

@ -3,17 +3,21 @@ collections:
version: 1.2.1
type: git
- name: https://github.com/ansible-collections/community.general
version: 1.3.0
version: 2.1.1
type: git
- name: https://github.com/ansible-collections/community.rabbitmq
version: 1.0.1
type: git
- name: https://github.com/ansible-collections/community.mysql
version: 1.1.1
version: 1.2.0
type: git
- name: https://github.com/ansible-collections/community.crypto
version: 1.3.0
version: 1.4.0
type: git
- name: https://github.com/ansible-collections/ansible.posix
version: 1.1.1
type: git
# NOTE(noonedeadpunk): needs version in galaxy.yml to pull from git
- name: openvswitch.openvswitch
version: 1.1.0
source: https://galaxy.ansible.com

2
test-ansible-deps.txt
View File

@ -8,7 +8,7 @@
# target configuration in each role.
# The Ansible version used for testing
ansible-base==2.10.5
ansible-base==2.10.9
# Used for the ip filter within ansible
netaddr

12
test-ansible-lint.sh
View File

@ -42,16 +42,8 @@ echo "ANSIBLE_LINT_PARAMS: ${ANSIBLE_LINT_PARAMS}"
# Ensure that the Ansible environment is properly prepared
source "${COMMON_TESTS_PATH}/test-ansible-env-prep.sh"
# Run unit tests for OSA ansible-lint rules
# Only do it if the repository being tested is the openstack-ansible-tests
# repository.
if [[ "$(basename ${WORKING_DIR})" == "openstack-ansible-tests" ]]; then
python -m unittest discover -s "${WORKING_DIR}/ansible-lint" -p 'Test*.py'
fi
# Execute ansible-lint. We do not want to test dependent roles located
# in $HOME/.ansible/roles since we only care about the role we are currently
# testing.
ANSIBLE_LINT_WARNINGS="-w 204 -w 208 -w 306 -w metadata"
ansible-lint ${ANSIBLE_LINT_PARAMS} ${ANSIBLE_LINT_WARNINGS} --exclude=$HOME/.ansible/roles \
-R -r ${COMMON_TESTS_PATH}/ansible-lint/ ${TEST_PLAYBOOK}
ANSIBLE_LINT_WARNINGS="-w 208 -w 306 -w 502 -w 503 -w metadata"
ansible-lint ${ANSIBLE_LINT_PARAMS} ${ANSIBLE_LINT_WARNINGS} --exclude=$HOME/.ansible/roles ${TEST_PLAYBOOK}

8
test-prepare-host.yml
View File

@ -127,7 +127,7 @@
vars:
systemd_interface_cleanup: true
systemd_run_networkd: true
systemd_netdevs: |-
systemd_netdevs: |- # noqa var-spacing
{% set systemd_network_devices = [] %}
{% for interface in (bridges | default([])) %}
{% if interface is string %}
@ -139,7 +139,8 @@
{% set _ = systemd_network_devices.append({'NetDev': {'Name': interface_name, 'Kind': 'bridge'}}) %}
{% if interface.veth_peer is defined %}
{% set _ = systemd_network_devices.append({'NetDev': {'Name': interface_name + '-veth', 'Kind': 'veth'},
'Peer': {'Name': interface.veth_peer}}) %}
'Peer': {'Name': interface.veth_peer}
}) %}
{% endif %}
{% endif %}
{% endfor %}
@ -158,7 +159,8 @@
{% set _ = systemd_network_networks.append({'interface': interface_name,
'netmask': (interface.netmask | default('255.255.255.0')),
'config_overrides': {'Network': {'Address': {(interface.ip_addr | default('10.1.0.1')): null,
(interface.alias | string): null}}}}) %}
(interface.alias | string): null}
}}}) %}
{% else %}
{% set _ = systemd_network_networks.append({'interface': 'dummy-' + interface_name, 'bridge': interface_name}) %}
{% set _ = systemd_network_networks.append({'interface': interface_name,

2
test-requirements.txt
View File

@ -19,7 +19,7 @@
# Used for lint tests
bashate>=0.5.1 # Apache-2.0
flake8==3.8.3 # MIT
ansible-lint==4.3.5 # MIT
ansible-lint==5.0.9 # MIT
# Used to help make SNI connections work from python
# if python itself does not support it properly (<2.7.9).