Bump ansible-lint from 5.4.0 to 6.0.1 in /.github/workflows/requirements

.github/workflows/requirements/requirements_molecule.txt

@@ -1,6 +1,6 @@
 ansible-core==2.12.3
 Jinja2==3.0.3
-ansible-lint==5.4.0
+ansible-lint==6.0.1
 yamllint==1.26.3
 molecule[docker]==3.6.1
 docker==5.0.3

handlers/main.yml

@@ -1,10 +1,10 @@
 ---
 - name: (Handler - NGINX App Protect) Systemd daemon-reload
-  systemd:
+  ansible.builtin.systemd:
     daemon_reload: true
 
 - name: (Handler - NGINX App Protect) Restart NGINX
-  service:
+  ansible.builtin.service:
     name: nginx
     state: restarted
     enabled: true
@@ -14,14 +14,14 @@
   listen: (Handler - NGINX App Protect) Run NGINX
 
 - name: (Handler - NGINX App Protect) Check NGINX
-  command: nginx -t
+  ansible.builtin.command: nginx -t
   register: config_check
   ignore_errors: true
   changed_when: false
   listen: (Handler - NGINX App Protect) Run NGINX
 
 - name: (Handler - NGINX App Protect) Print NGINX error if syntax check fails
-  debug:
+  ansible.builtin.debug:
     var: config_check.stderr_lines
   failed_when: config_check.rc != 0
   when:

molecule/advanced/converge.yml

@@ -3,7 +3,7 @@
   hosts: nap
   tasks:
     - name: Install NGINX App Protect WAF
-      include_role:
+      ansible.builtin.include_role:
         name: ansible-role-nginx-app-protect
       vars:
         nginx_app_protect_license:

molecule/advanced/prepare.yml

@@ -4,14 +4,14 @@
   gather_facts: false
   tasks:
     - name: Create ephemeral license certificate file from b64 decoded env var
-      copy:
+      ansible.builtin.copy:
         content: "{{ lookup('env','NGINX_CRT') | b64decode }}"
         dest: ../../files/license/nginx-repo.crt
         force: false
         mode: 0444
 
     - name: Create ephemeral license key file from b64 decoded env var
-      copy:
+      ansible.builtin.copy:
         content: "{{ lookup('env','NGINX_KEY') | b64decode }}"
         dest: ../../files/license/nginx-repo.key
         force: false
@@ -21,7 +21,7 @@
   hosts: nap
   tasks:
     - name: Set up rsyslog
-      include_role:
+      ansible.builtin.include_role:
         name: robertdebock.rsyslog
       vars:
         rsyslog_receiver: true
@@ -33,5 +33,5 @@
   gather_facts: false
   tasks:
     - name: Start nginx on test workload
-      raw: nohup nginx </dev/null >/dev/null 2>&1 & sleep 1
+      ansible.builtin.raw: nohup nginx </dev/null >/dev/null 2>&1 & sleep 1
       changed_when: false

molecule/advanced/verify.yml

@@ -3,31 +3,31 @@
   hosts: nap
   tasks:
     - name: Check if NGINX Plus is installed
-      package:
+      ansible.builtin.package:
         name: nginx-plus
         state: present
       check_mode: true
       register: install
       failed_when: (install is changed) or (install is failed)
 
     - name: Check if NGINX App Protect WAF is installed
-      package:
+      ansible.builtin.package:
         name: app-protect
         state: present
       check_mode: true
       register: install
       failed_when: (install is changed) or (install is failed)
 
     - name: Check if NGINX App Protect WAF signatures is installed
-      package:
+      ansible.builtin.package:
         name: app-protect-attack-signatures
         state: present
       check_mode: true
       register: install
       failed_when: (install is changed) or (install is failed)
 
     - name: Check if NGINX App Protect WAF threat campaigns is installed
-      package:
+      ansible.builtin.package:
         name: app-protect-threat-campaigns
         state: present
       check_mode: true

molecule/common/cleanup.yml

@@ -6,18 +6,18 @@
     - name: Block
       block:
         - name: Wait for containers to be up
-          wait_for_connection:
+          ansible.builtin.wait_for_connection:
             delay: 1
             timeout: 2
           register: connection
           ignore_errors: true
 
         - name: Containers are not up, quit from here
-          fail:
+          ansible.builtin.fail:
           when: connection.failed
 
         - name: Gather facts
-          setup:
+          ansible.builtin.setup:
             gather_subset:
               - "!all"
               - "!any"
@@ -29,4 +29,4 @@
           when: ansible_distribution == "RedHat"
       rescue:
         - name: It's ok we're at startup
-          meta: noop
+          ansible.builtin.meta: noop

molecule/common/prepare.yml

@@ -4,14 +4,14 @@
   gather_facts: false
   tasks:
     - name: Create ephemeral license certificate file from b64 decoded env var
-      copy:
+      ansible.builtin.copy:
         content: "{{ lookup('env', 'NGINX_CRT') | b64decode }}"
         dest: ../../files/license/nginx-repo.crt
         force: false
         mode: 0444
 
     - name: Create ephemeral license key file from b64 decoded env var
-      copy:
+      ansible.builtin.copy:
         content: "{{ lookup('env', 'NGINX_KEY') | b64decode }}"
         dest: ../../files/license/nginx-repo.key
         force: false

molecule/default/converge.yml

@@ -5,7 +5,7 @@
     rhel_subscription: false
   pre_tasks:
     - name: (RHEL) Check if there is a valid RHEL subscription
-      set_fact:
+      ansible.builtin.set_fact:
         rhel_subscription: true
       when:
         - lookup('env', 'RHEL_USERNAME') | length > 0
@@ -20,7 +20,7 @@
         - rhel_subscription| bool
   tasks:
     - name: Install NGINX App Protect WAF
-      include_role:
+      ansible.builtin.include_role:
         name: ansible-role-nginx-app-protect
       vars:
         nginx_app_protect_license:

molecule/default/verify.yml

@@ -3,39 +3,39 @@
   hosts: all
   tasks:
     - name: Check if NGINX Plus is installed
-      package:
+      ansible.builtin.package:
         name: nginx-plus
         state: present
       check_mode: true
       register: install
       failed_when: (install is changed) or (install is failed)
 
     - name: Check if NGINX App Protect WAF is installed
-      package:
+      ansible.builtin.package:
         name: app-protect
         state: present
       check_mode: true
       register: install
       failed_when: (install is changed) or (install is failed)
 
     - name: Check if NGINX App Protect WAF signatures is installed
-      package:
+      ansible.builtin.package:
         name: app-protect-attack-signatures
         state: present
       check_mode: true
       register: install
       failed_when: (install is changed) or (install is failed)
 
     - name: Check if NGINX App Protect WAF threat campaigns is installed
-      package:
+      ansible.builtin.package:
         name: app-protect-threat-campaigns
         state: present
       check_mode: true
       register: install
       failed_when: (install is changed) or (install is failed)
 
     - name: Check if NGINX service is running
-      service:
+      ansible.builtin.service:
         name: nginx
         state: started
         enabled: true
@@ -44,19 +44,19 @@
       failed_when: (service is changed) or (service is failed)
 
     - name: Store the statistics of /etc/app_protect/conf/test-security-policy.json in the 'security_policy' variable
-      stat:
+      ansible.builtin.stat:
         path: /etc/app_protect/conf/test-security-policy.json
       register: security_policy
 
     - name: Ensure /etc/app_protect/conf/test-security-policy.json exists
-      assert:
+      ansible.builtin.assert:
         that: security_policy.stat.exists | bool
 
     - name: Store the statistics of /etc/app_protect/conf/test-log-profile.json in the 'log_profile' variable
-      stat:
+      ansible.builtin.stat:
         path: /etc/app_protect/conf/test-log-profile.json
       register: log_profile
 
     - name: Ensure /etc/app_protect/conf/test-security-profile.json exists
-      assert:
+      ansible.builtin.assert:
         that: log_profile.stat.exists | bool

molecule/dos/converge.yml

@@ -5,7 +5,7 @@
     rhel_subscription: false
   pre_tasks:
     - name: (RHEL) Check if there is a valid RHEL subscription
-      set_fact:
+      ansible.builtin.set_fact:
         rhel_subscription: true
       when:
         - lookup('env', 'RHEL_USERNAME') | length > 0
@@ -20,7 +20,7 @@
         - rhel_subscription| bool
   tasks:
     - name: Install NGINX App Protect DoS
-      include_role:
+      ansible.builtin.include_role:
         name: ansible-role-nginx-app-protect
       vars:
         nginx_app_protect_waf_enable: false

molecule/dos/verify.yml

@@ -3,23 +3,23 @@
   hosts: all
   tasks:
     - name: Check if NGINX Plus is installed
-      package:
+      ansible.builtin.package:
         name: nginx-plus
         state: present
       check_mode: true
       register: install
       failed_when: (install is changed) or (install is failed)
 
     - name: Check if NGINX App Protect DoS is installed
-      package:
+      ansible.builtin.package:
         name: app-protect-dos
         state: present
       check_mode: true
       register: install
       failed_when: (install is changed) or (install is failed)
 
     - name: Check if NGINX service is running
-      service:
+      ansible.builtin.service:
         name: nginx
         state: started
         enabled: true

molecule/specific-version/converge.yml

@@ -12,17 +12,17 @@
       redhat: "-2020.08.20"
   tasks:
     - name: Set NGINX App Protect WAF signature version fact
-      set_fact:
+      ansible.builtin.set_fact:
         nginx_app_protect_waf_signatures_version: "{{ app_protect_signature_version_matrix[ansible_os_family | lower] }}{{ (ansible_os_family | lower == 'debian') | ternary('~' ~ ansible_distribution_release, '') }}"
       when: specify_app_protect_signatures_version| bool
 
     - name: Set NGINX App Protect WAF threat campaigns version fact
-      set_fact:
+      ansible.builtin.set_fact:
         nginx_app_protect_waf_threat_campaigns_version: "{{ app_protect_threat_campaigns_version_matrix[ansible_os_family | lower] }}{{ (ansible_os_family | lower == 'debian') | ternary('~' ~ ansible_distribution_release, '') }}"
       when: specify_app_protect_threat_campaigns_version| bool
 
     - name: Install NGINX App Protect WAF
-      include_role:
+      ansible.builtin.include_role:
         name: ansible-role-nginx-app-protect
       vars:
         nginx_app_protect_license:

molecule/specific-version/verify.yml

@@ -12,39 +12,39 @@
       redhat: "-2020.08.20"
   tasks:
     - name: Check if NGINX Plus is installed
-      package:
+      ansible.builtin.package:
         name: nginx-plus
         state: present
       check_mode: true
       register: install
       failed_when: (install is changed) or (install is failed)
 
     - name: Check if NGINX App Protect WAF is installed
-      package:
+      ansible.builtin.package:
         name: app-protect
         state: present
       check_mode: true
       register: install
       failed_when: (install is changed) or (install is failed)
 
     - name: Check if NGINX App Protect WAF signatures is installed
-      package:
+      ansible.builtin.package:
         name: app-protect-attack-signatures
         state: present
       check_mode: true
       register: install
       failed_when: (install is changed) or (install is failed)
 
     - name: Check if NGINX App Protect WAF threat campaigns is installed
-      package:
+      ansible.builtin.package:
         name: app-protect-threat-campaigns
         state: present
       check_mode: true
       register: install
       failed_when: (install is changed) or (install is failed)
 
     - name: Check if NGINX service is running
-      service:
+      ansible.builtin.service:
         name: nginx
         state: started
         enabled: true
@@ -55,13 +55,13 @@
     - name: Check NGINX App Protect WAF version
       block:
         - name: Check installed software
-          package_facts:
+          ansible.builtin.package_facts:
             manager: auto
 
         - name: Verify installed NAP signatures version matches requested version
-          assert:
+          ansible.builtin.assert:
             that: "{{ (ansible_facts.packages['app-protect-attack-signatures'] | map(attribute='version') | first) == (app_protect_signature_version_matrix[ansible_os_family | lower] | regex_replace('^-|=','') + (ansible_os_family | lower == 'debian') | ternary('~' ~ ansible_distribution_release, '')) }}"
 
         - name: Verify installed NAP threat campaigns version matches requested version
-          assert:
+          ansible.builtin.assert:
             that: "{{ (ansible_facts.packages['app-protect-threat-campaigns'] | map(attribute='version') | first) == (app_protect_threat_campaigns_version_matrix[ansible_os_family | lower] | regex_replace('^-|=','') + (ansible_os_family | lower == 'debian') | ternary('~' ~ ansible_distribution_release, '')) }}"

molecule/uninstall/converge.yml

@@ -3,7 +3,7 @@
   hosts: all
   tasks:
     - name: Uninstall NGINX App Protect WAF and DoS
-      include_role:
+      ansible.builtin.include_role:
         name: ansible-role-nginx-app-protect
       vars:
         nginx_app_protect_waf_enable: true