Linting

.ansible-lint

@@ -1,37 +1,25 @@
 ---
-# The exclude_paths does not appear to be working in pre-commit
-# this issue describes similar behavior but suggested fix doesn't work
-# https://github.com/ansible/ansible-lint/issues/371
-# exclude_paths:
+# .ansible-lint
+
+profile: production # min, basic, moderate,safety, shared, production
+
+# Allows dumping of results in SARIF format
+# sarif_file: result.sarif
+
+# exclude_paths included in this file are parsed relative to this file's location
+# and not relative to the CWD of execution. CLI arguments passed to the --exclude
+# option are parsed relative to the CWD of execution.
 exclude_paths:
-  - '.github/'
-  - 'changelogs/'
-  - 'tests/templated_role_example'
+  - .github/
+  - changelogs/
+  - tests/templated_role_example
+
 parseable: true
-use_default_rules: true
-# https://github.com/ansible/ansible-lint/issues/808
-# with verbosity set to 1, its dumping 'unknown file type messages'
+# quiet: true
+# strict: true
 # verbosity: 1
-skip_list:
-  # Skipping fqcn[action] because this collection supports using either the awx.awx or ansible.controller collection
-  #   so a FQCN cannot be used in module names
-  - fqcn[action]
-  - fqcn[keyword]
-  - jinja[spacing]
-  - meta-runtime  # This collection with the appropriate awx.awx or ansible.controller still works with older ansible.
-  - role-name[path]
-  - sanity[cannot-ignore]  # We're only ignoring sanity rules when we have to
-  - var-naming[no-role-prefix]
-kinds:
-  - playbooks: "**/examples/templates/*.{yml,yaml}"
-  - playbooks: "**/examples/*.{yml,yaml}"
-  - playbooks: "**/examples/automatetheautomation/*.{yml,yaml}"
-  - tasks: "**/examples/tasks/*.yml"
-  - vars: "**/examples/automatetheautomation/orgs_vars/**/*.yml"
-  - vars: "**/examples/configs/*.yml"
-  - vars: "**/examples/configs_export_model/*.yml"
-  - vars: "**/examples/vars/*.yml"
-  - vars: "**/roles/**/tests/configs/*.yml"
+
+# Mock modules or roles in order to pass ansible-playbook --syntax-check
 mock_modules:
   - ansible.platform.authenticator_map
   - ansible.platform.user
@@ -48,4 +36,115 @@ mock_modules:
   - ansible.platform.http_port
   - ansible.platform.route
   - job_wait
+
+# mock_roles:
+#   - mocked_role
+#   - author.role_name # old standalone galaxy role
+#   - fake_namespace.fake_collection.fake_role # role within a collection
+
+# Enable checking of loop variable prefixes in roles
+loop_var_prefix: ^(__|{role}_)
+
+# Enforce variable names to follow pattern below, in addition to Ansible own
+# requirements, like avoiding python identifiers. To disable add `var-naming`
+# to skip_list.
+var_naming_pattern: ^[a-z_][a-z0-9_]*$
+
+use_default_rules: true
+# Load custom rules from this specific folder
+# rulesdir:
+#   - ./rule/directory/
+
+# Ansible-lint is able to recognize and load skip rules stored inside
+# `.ansible-lint-ignore` (or `.config/ansible-lint-ignore.txt`) files.
+# To skip a rule just enter filename and tag, like "playbook.yml package-latest"
+# on a new line.
+# Optionally you can add comments after the tag, prefixed by "#". We discourage
+# the use of skip_list below because that will hide violations from the output.
+# When putting ignores inside the ignore file, they are marked as ignored, but
+# still visible, making it easier to address later.
+skip_list:
+  # Skipping fqcn[action] because this collection supports using either the awx.awx or ansible.controller collection
+  #   so a FQCN cannot be used in module names
+  - fqcn[action]
+  - fqcn[keyword]
+  - jinja[spacing]
+  - meta-runtime # This collection with the appropriate awx.awx or ansible.controller still works with older ansible.
+  - role-name[path]
+  - sanity[cannot-ignore] # We're only ignoring sanity rules when we have to
+  - var-naming[no-role-prefix]
+
+# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
+# You must enable opt-in rules by listing each rule 'id' below.
+enable_list:
+  - args
+  - empty-string-compare # opt-in
+  - no-log-password # opt-in
+  - no-same-owner # opt-in
+  - name[prefix] # opt-in
+  - galaxy-version-incorrect # opt-in
+  # add yaml here if you want to avoid ignoring yaml checks when yamllint
+  # library is missing. Normally its absence just skips using that rule.
+  - yaml
+# Report only a subset of tags and fully ignore any others
+# tags:
+#   - jinja[spacing]
+
+# Ansible-lint does not fail on warnings from the rules or tags listed below
+warn_list:
+  - experimental # experimental is included in the implicit list
+  # - role-name
+  # - yaml[document-start]  # you can also use sub-rule matches
+
+# Some rules can transform files to fix (or make it easier to fix) identified
+# errors. `ansible-lint --fix` will reformat YAML files and run these transforms.
+# By default it will run all transforms (effectively `write_list: ["all"]`).
+# You can disable running transforms by setting `write_list: ["none"]`.
+# Or only enable a subset of rule transforms by listing rules/tags here.
+# write_list:
+#   - all
+
+# Offline mode disables installation of requirements.yml and schema refreshing
+offline: true
+
+# Define required Ansible's variables to satisfy syntax check
+# extra_vars:
+#   foo: bar
+#   multiline_string_variable: |
+#     line1
+#     line2
+#   complex_variable: ":{;\t$()"
+
+# Uncomment to enforce action validation with tasks, usually is not
+# needed as Ansible syntax check also covers it.
+# skip_action_validation: false
+
+# List of additional kind:pattern to be added at the top of the default
+# match list, first match determines the file kind.
+# kinds:
+# - playbook: "**/examples/*.{yml,yaml}"
+# - galaxy: "**/folder/galaxy.yml"
+# - tasks: "**/tasks/*.yml"
+# - vars: "**/vars/*.yml"
+# - meta: "**/meta/main.yml"
+# - yaml: "**/*.yaml-too"
+
+# List of additional collections to allow in only-builtins rule.
+# only_builtins_allow_collections:
+#   - example_ns.example_collection
+
+# List of additions modules to allow in only-builtins rule.
+# only_builtins_allow_modules:
+#   - example_module
+
+# Allow setting custom prefix for name[prefix] rule
+task_name_prefix: "{stem} | "
+# Complexity related settings
+
+# Limit the depth of the nested blocks:
+# max_block_depth: 20
+
+# Also recognize these versions of Ansible as supported:
+# supported_ansible_also:
+#   - "2.14"
 ...

.markdownlint.yml

@@ -4,7 +4,7 @@ default: true
 # MD003/heading-style/header-style - Heading style
 # This will ensure that the heading format is consistent across all markdown files
 MD003:
-  style: "atx"
+  style: atx
 
 # MD013/line-length - Line length
 # Setting to false to match the yamllint setting
@@ -17,5 +17,5 @@ MD0046:
 
 MD033:
   allowed_elements:
-    - "br"
+    - br
 ...

.pre-commit-config.yaml

@@ -1,11 +1,11 @@
 ---
 repos:
-  - repo: 'https://github.com/pre-commit/pre-commit-hooks'
+  - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v5.0.0
     hooks:
       - id: end-of-file-fixer
       - id: trailing-whitespace
-  - repo: 'https://github.com/ansible-community/ansible-lint.git'
+  - repo: https://github.com/ansible-community/ansible-lint.git
     rev: v24.9.2
     hooks:
       # see discussions here about what arguments are used, and behavior
@@ -15,12 +15,12 @@ repos:
       - id: ansible-lint
         pass_filenames: false
         always_run: true
-        entry: "ansible-lint"
+        entry: ansible-lint
         args:
-          - "--profile=production"
+          - --profile=production
         additional_dependencies:
-          - "ansible-core>=2.15"
-          - "yamllint>=1.26,<2.0"
+          - ansible-core>=2.15
+          - yamllint>=1.26,<2.0
   - repo: https://github.com/DavidAnson/markdownlint-cli2
     rev: v0.14.0
     hooks:

.yamllint.yml → .yamllint

@@ -14,7 +14,7 @@ rules:
     min-spaces-from-content: 1 # prettier compatibility
   comments-indentation: false
   document-start: disable
-  document-end: {present: true}
+  document-end: { present: true }
   indentation:
     level: error
     # Require indentation https://redhat-cop.github.io/automation-good-practices/#_yaml_and_jinja2_syntax
@@ -31,6 +31,6 @@ rules:
     level: error
     # Allow only YAML 1.2 booleans https://redhat-cop.github.io/automation-good-practices/#_yaml_and_jinja2_syntax
     allowed-values:
-      - 'true'
-      - 'false'
+      - "true"
+      - "false"
 ...

meta/runtime.yml

@@ -1,3 +1,3 @@
 ---
-requires_ansible: '>=2.15.0'
+requires_ansible: ">=2.15.0"
 ...

playbooks/configure_aap.yml

@@ -7,7 +7,7 @@
       ansible.builtin.include_vars:
         dir: "{{ aap_configs_dir | default((lookup('env', 'AAP_CONFIGS_DIR') == '') | ternary('./configs', lookup('env', 'AAP_CONFIGS_DIR'))) }}"
         ignore_files: [controller_config.yml.template]
-        extensions: ["yml"]
+        extensions: [yml]
       tags:
         - always
 

playbooks/get_stats.yml

@@ -15,7 +15,7 @@
   tasks:
     - name: Get number of JT
       ansible.builtin.uri:
-        url: "https://{{ aap_hostname }}/api/v2/metrics/?format=json"
+        url: https://{{ aap_hostname }}/api/v2/metrics/?format=json
         method: GET
         force_basic_auth: true
         user: "{{ aap_username }}"
@@ -39,7 +39,7 @@
 
     - name: Get users info
       ansible.builtin.uri:
-        url: "https://{{ aap_hostname }}/api/v2/users/?format=json"
+        url: https://{{ aap_hostname }}/api/v2/users/?format=json
         method: GET
         force_basic_auth: true
         user: "{{ aap_username }}"
@@ -58,7 +58,8 @@
           - "{{ ansible_facts['date_time']['date'] | to_datetime('%Y-%m-%d') }}"
           - "{{ r_users['json']['results'][0]['last_login'] | regex_search('[0-9]{4}-[0-9]{2}-[0-9]{2}', '\\0') | first }}"
           - "{{ (r_users['json']['results'][0]['last_login'] | regex_search('[0-9]{4}-[0-9]{2}-[0-9]{2}', '\\0') | first) | to_datetime('%Y-%m-%d') }}"
-          - "{{ (((r_users['json']['results'][0]['last_login'] | regex_search('[0-9]{4}-[0-9]{2}-[0-9]{2}', '\\0') | first) | to_datetime('%Y-%m-%d')) - (ansible_facts['date_time']['date'] | to_datetime('%Y-%m-%d'))).days }}"
+          - "{{ (((r_users['json']['results'][0]['last_login'] | regex_search('[0-9]{4}-[0-9]{2}-[0-9]{2}', '\\0') | first) | to_datetime('%Y-%m-%d')) - (ansible_facts['date_time']['date']
+            | to_datetime('%Y-%m-%d'))).days }}"
 
     - name: Remove users who have never logged in (null)
       ansible.builtin.set_fact:
@@ -77,12 +78,13 @@
       ansible.builtin.set_fact:
         active_users: "{{ active_users + [item] }}"
       # when: (((item | regex_search('[0-9]{4}-[0-9]{2}-[0-9]{2}', '\\0') | first) | to_datetime('%Y-%m-%d')) - ('2023-03-30' | to_datetime('%Y-%m-%d'))).days <= 30
-      when: ((((item | regex_search('[0-9]{4}-[0-9]{2}-[0-9]{2}', '\\0') | first) | to_datetime('%Y-%m-%d')) - (ansible_facts['date_time']['date'] | to_datetime('%Y-%m-%d'))).days) <= 30
+      when: ((((item | regex_search('[0-9]{4}-[0-9]{2}-[0-9]{2}', '\\0') | first) | to_datetime('%Y-%m-%d')) - (ansible_facts['date_time']['date'] | to_datetime('%Y-%m-%d'))).days)
+        <= 30
       loop: "{{ temp_user_list }}"
 
     - name: Get subscription info
       ansible.builtin.uri:
-        url: "https://{{ aap_hostname }}/api/v2/settings/all/?format=json"
+        url: https://{{ aap_hostname }}/api/v2/settings/all/?format=json
         method: GET
         force_basic_auth: true
         user: "{{ aap_username }}"

playbooks/rename_objects.yaml

@@ -1,10 +1,10 @@
 ---
-- name: "Play to rename an object to every other object that is using it"
+- name: Play to rename an object to every other object that is using it
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
-    - name: "Get all the files using this object from the specified path"
+    - name: Get all the files using this object from the specified path
       ansible.builtin.find:
         paths: "{{ path }}"
         file_type: file
@@ -13,11 +13,11 @@
         contains: "{{ current_name | regex_escape() }}"
       register: __list_files
 
-    - name: "Update the name into the found files"
+    - name: Update the name into the found files
       ansible.builtin.replace:
         path: "{{ __file.path }}"
-        regexp: '^(.*){{ current_name | regex_escape() }}(.*)$'
-        replace: '\1{{ new_name }}\2'
+        regexp: ^(.*){{ current_name | regex_escape() }}(.*)$
+        replace: \1{{ new_name }}\2
       loop: "{{ __list_files.files }}"
       loop_control:
         loop_var: __file

playbooks/set_organization.yaml

@@ -1,21 +1,21 @@
 ---
-- name: "Play to set given organization to every object found in the search path"
+- name: Play to set given organization to every object found in the search path
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
-    - name: "Get all the files from the specified path"
+    - name: Get all the files from the specified path
       ansible.builtin.find:
         paths: "{{ path }}"
         file_type: file
         recurse: true
       register: __list_files
 
-    - name: "Update the organization into the found files"
+    - name: Update the organization into the found files
       ansible.builtin.replace:
         path: "{{ __file.path }}"
-        regexp: '^(.*)organization: (.*)$'
-        replace: '\1organization: {{ new_organization }}'
+        regexp: "^(.*)organization: (.*)$"
+        replace: "\\1organization: {{ new_organization }}"
       loop: "{{ __list_files.files }}"
       loop_control:
         loop_var: __file

roles/ansible_config/defaults/main.yml

@@ -10,7 +10,7 @@
 # ansible_config_owner: # optional
 # ansible_config_group: # optional
 ansible_config_mode: "0644"
-aap_configuration_working_dir: "/var/tmp"
+aap_configuration_working_dir: /var/tmp
 validate_certs: false
 ah_path_prefix: galaxy
 # a list of dictionaries describing the Automation Hub namespace

roles/ansible_config/meta/argument_specs.yml

@@ -96,5 +96,4 @@ argument_specs:
         required: false
         type: bool
         description: This variable enables secure logging across all roles as a default.
-
 ...