Fix ansible-lint rule violations

nginxinc · Dec 2, 2024 · 5c46f10 · 5c46f10
1 parent 0a9d339
commit 5c46f10
Show file tree

Hide file tree

Showing 23 changed files with 111 additions and 74 deletions.
diff --git a/defaults/main/agent.yml b/defaults/main/agent.yml
@@ -3,7 +3,6 @@
 # Requires access to either the NGINX stub_status or the NGINX Plus REST API.
 nginx_agent_enable: false
 
-
 ########################################################################################################################
 # The following parameters let you configure the static configuration file of NGINX Agent.                             #
 # By default, the config produced is as close a match to the default config provided by NGINX Agent upon installation. #
@@ -86,7 +85,6 @@ nginx_agent_metrics:
 #   report_interval: 15s
 #   precompiled_publication: true
 
-
 #############################################################################################
 # The following parameters let you configure the dynamic configuration file of NGINX Agent. #
 # By default, nothing is configured.                                                        #

diff --git a/defaults/main/amplify.yml b/defaults/main/amplify.yml
@@ -4,4 +4,4 @@
 # Use your NGINX Amplify API key.
 # Default is null.
 nginx_amplify_enable: false
-nginx_amplify_api_key: null
+nginx_amplify_api_key:
diff --git a/defaults/main/logrotate.yml b/defaults/main/logrotate.yml
@@ -3,7 +3,7 @@
 nginx_logrotate_conf_enable: false
 nginx_logrotate_conf:
   paths: /var/log/nginx/*.log # String or list of strings
-    # - /var/log/nginx/*.log
+  # - /var/log/nginx/*.log
   options: # daily # String or a list of strings
     - daily
     - missingok

diff --git a/meta/main.yml b/meta/main.yml
@@ -7,7 +7,7 @@ galaxy_info:
 
   license: Apache License, Version 2.0
 
-  min_ansible_version: '2.16'
+  min_ansible_version: "2.16"
 
   galaxy_tags:
     - nginx

diff --git a/molecule/agent/cleanup.yml b/molecule/agent/cleanup.yml
@@ -25,7 +25,8 @@
 
         - name: Get list of NGINX One dangling instance IDs
           ansible.builtin.uri:
-            url: https://{{ lookup('env', 'ONE_TENANT') }}.console.ves.volterra.io/api/nginx/one/namespaces/default/instances?paginated=false&filter_fields=hostname&filter_ops=IN&filter_values=almalinux-8|almalinux-9|alpine-3.17|alpine-3.18|alpine-3.19|alpine-3.20|amazonlinux-2|amazonlinux-2023|debian-bullseye|debian-bookworm|oraclelinux-8|oraclelinux-9|rhel-8|rhel-9|rockylinux-8|rockylinux-9|sles-15|ubuntu-focal|ubuntu-jammy|ubuntu-noble
+            url: https://{{ lookup('env', 'ONE_TENANT') 
+              }}.console.ves.volterra.io/api/nginx/one/namespaces/default/instances?paginated=false&filter_fields=hostname&filter_ops=IN&filter_values=almalinux-8|almalinux-9|alpine-3.17|alpine-3.18|alpine-3.19|alpine-3.20|amazonlinux-2|amazonlinux-2023|debian-bullseye|debian-bookworm|oraclelinux-8|oraclelinux-9|rhel-8|rhel-9|rockylinux-8|rockylinux-9|sles-15|ubuntu-focal|ubuntu-jammy|ubuntu-noble
             method: GET
             headers:
               Authorization: APIToken {{ lookup('env', 'ONE_API_TOKEN') }}

diff --git a/molecule/agent/converge.yml b/molecule/agent/converge.yml
@@ -21,10 +21,10 @@
           treat_warnings_as_errors: false
         nginx_agent_config_dirs: '"/etc/nginx:/usr/local/etc/nginx:/usr/share/nginx/modules"'
         nginx_agent_queue_size: 100
-        nginx_agent_extensions: ['metrics']
+        nginx_agent_extensions: [metrics]
         nginx_agent_api:
           host: 127.0.0.1
           port: 8081
         nginx_agent_configure_dynamic: true
         nginx_agent_instance_group: ansible_instance_group
-        nginx_agent_tags: ['ansible', 'dev']
+        nginx_agent_tags: [ansible, dev]
diff --git a/molecule/downgrade-plus/converge.yml b/molecule/downgrade-plus/converge.yml
@@ -14,7 +14,8 @@
       when: ansible_facts['os_family'] == "Debian"
     - name: Set repo if Red Hat
       ansible.builtin.set_fact:
-        version: -32-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx
+        version: -32-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version']
+          | string)) }}.ngx
         cacheable: true
       when: ansible_facts['os_family'] == "RedHat"
     - name: Set repo if SLES

diff --git a/molecule/downgrade/converge.yml b/molecule/downgrade/converge.yml
@@ -14,7 +14,8 @@
       when: ansible_facts['os_family'] == "Debian"
     - name: Set repo if Red Hat
       ansible.builtin.set_fact:
-        version: -1.27.2-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx
+        version: -1.27.2-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version']
+          | string)) }}.ngx
         cacheable: true
       when: ansible_facts['os_family'] == "RedHat"
     - name: Set repo if SLES

diff --git a/molecule/upgrade-plus/prepare.yml b/molecule/upgrade-plus/prepare.yml
@@ -37,7 +37,8 @@
       when: ansible_facts['os_family'] == "Debian"
     - name: Set repo if Red Hat
       ansible.builtin.set_fact:
-        version: -32-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx
+        version: -32-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version']
+          | string)) }}.ngx
       when: ansible_facts['os_family'] == "RedHat"
     - name: Set repo if SLES
       ansible.builtin.set_fact:

diff --git a/molecule/upgrade/prepare.yml b/molecule/upgrade/prepare.yml
@@ -12,7 +12,8 @@
       when: ansible_facts['os_family'] == "Debian"
     - name: Set repo if Red Hat
       ansible.builtin.set_fact:
-        version: -1.27.2-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx
+        version: -1.27.2-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version']
+          | string)) }}.ngx
       when: ansible_facts['os_family'] == "RedHat"
     - name: Set repo if SLES
       ansible.builtin.set_fact:

diff --git a/molecule/version/converge.yml b/molecule/version/converge.yml
@@ -16,8 +16,10 @@
       when: ansible_facts['os_family'] == "Debian"
     - name: Set repo if Red Hat
       ansible.builtin.set_fact:
-        ngx_version: -1.27.2-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx
-        njs_version: -1.27.2+0.8.6-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx
+        ngx_version: -1.27.2-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el' + ansible_facts['distribution_major_version']
+          | string)) }}.ngx
+        njs_version: -1.27.2+0.8.6-1.{{ (ansible_facts['distribution'] == "Amazon") | ternary(('amzn' + ansible_facts['distribution_major_version'] | string), ('el'
+          + ansible_facts['distribution_major_version'] | string)) }}.ngx
         cacheable: true
       when: ansible_facts['os_family'] == "RedHat"
     - name: Set repo if SLES

diff --git a/tasks/agent/install-agent.yml b/tasks/agent/install-agent.yml
@@ -37,7 +37,7 @@
 - name: Check if the NGINX Agent dynamic configuration file has been modified
   ansible.builtin.lineinfile:
     path: /var/lib/nginx-agent/agent-dynamic.conf
-    line: '# agent-dynamic.conf'
+    line: "# agent-dynamic.conf"
     state: present
   check_mode: true
   changed_when: false
@@ -49,7 +49,8 @@
 - name: Dynamically generate NGINX Agent dynamic configuration file if it has not been externally modified
   ansible.builtin.template:
     src: nginx-agent/agent-dynamic.conf.j2
-    dest: "{{ (ansible_facts['system'] | lower is not search('bsd')) | ternary('/var/lib/nginx-agent/agent-dynamic.conf', '/var/db/nginx-agent/agent-dynamic.conf') }}"
+    dest: "{{ (ansible_facts['system'] | lower is not search('bsd')) | ternary('/var/lib/nginx-agent/agent-dynamic.conf', '/var/db/nginx-agent/agent-dynamic.conf')
+      }}"
     mode: "0644"
     backup: true
   when:

diff --git a/tasks/agent/setup-debian.yml b/tasks/agent/setup-debian.yml
@@ -2,6 +2,7 @@
 - name: (Debian/Ubuntu) Configure NGINX Agent repository
   ansible.builtin.apt_repository:
     filename: nginx-agent
-    repo: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.nginx.org/nginx-agent/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] | lower }} agent
+    repo: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.nginx.org/nginx-agent/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release']
+      | lower }} agent
     update_cache: true
     mode: "0644"
diff --git a/tasks/agent/setup-redhat.yml b/tasks/agent/setup-redhat.yml
@@ -3,7 +3,8 @@
   ansible.builtin.yum_repository:
     name: nginx-agent
     file: nginx-agent
-    baseurl: https://packages.nginx.org/nginx-agent/{{ (ansible_facts['distribution'] == 'Amazon') | ternary((ansible_facts['distribution_major_version'] is version('2', '==')) | ternary('amzn2', 'amzn'), 'centos') }}/{{ ansible_facts['distribution_major_version'] }}/$basearch
+    baseurl: https://packages.nginx.org/nginx-agent/{{ (ansible_facts['distribution'] == 'Amazon') | ternary((ansible_facts['distribution_major_version'] is version('2',
+      '==')) | ternary('amzn2', 'amzn'), 'centos') }}/{{ ansible_facts['distribution_major_version'] }}/$basearch
     description: NGINX Agent
     enabled: true
     gpgcheck: true

diff --git a/tasks/amplify/setup-debian.yml b/tasks/amplify/setup-debian.yml
@@ -2,6 +2,7 @@
 - name: (Debian/Ubuntu) Add NGINX Amplify agent repository
   ansible.builtin.apt_repository:
     filename: nginx-amplify
-    repo: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.amplify.nginx.com/py3/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] | lower }} amplify-agent
+    repo: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://packages.amplify.nginx.com/py3/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release']
+      | lower }} amplify-agent
     update_cache: true
     mode: "0644"
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -10,8 +10,7 @@
 
 - name: Set up signing keys
   ansible.builtin.include_tasks: "{{ role_path }}/tasks/keys/setup-keys.yml"
-  when: (nginx_enable | bool and nginx_install_from == 'nginx_repository')
-        or nginx_amplify_enable | bool
+  when: (nginx_enable | bool and nginx_install_from == 'nginx_repository') or nginx_amplify_enable | bool
   tags: nginx_key
 
 - name: "{{ nginx_setup | capitalize }} NGINX"

diff --git a/tasks/modules/install-modules.yml b/tasks/modules/install-modules.yml
@@ -27,24 +27,21 @@
 
 - name: Install NGINX modules
   ansible.builtin.package:
-    name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item['name'] | default(item) }}\
-          {{ (nginx_repository is not defined and ansible_facts['os_family'] == 'Alpine' and nginx_type != 'plus') | ternary('@nginx', '') }}{{ item['version'] | default('') }}"
+    name: nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item['name'] | default(item) }}{{ (nginx_repository is not defined and ansible_facts['os_family']
+      == 'Alpine' and nginx_type != 'plus') | ternary('@nginx', '') }}{{ item['version'] | default('') }}
     state: "{{ item['state'] | default('present') }}"
   loop: "{{ nginx_modules }}"
   when:
-    - (item['name'] | default(item) in nginx_modules_list and nginx_type == 'opensource')
-      or (item['name'] | default(item) in nginx_plus_modules_list and nginx_type == 'plus')
-    - not (item['name'] | default(item) == 'brotli')
-      or not (ansible_facts['os_family'] == 'Suse' and ansible_facts['distribution_major_version'] is version('12', '=='))
-    - not (item['name'] | default(item) == "geoip")
-      or not ((ansible_facts['os_family'] == 'FreeBSD')
-      or (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution'] != 'Amazon' and ansible_facts['distribution_major_version'] is version('8', '>='))
-      or (ansible_facts['distribution'] == 'Amazon' and ansible_facts['distribution_major_version'] is version('2023', '==')))
-    - not (item['name'] | default(item) == 'geoip2')
-      or not ((ansible_facts['os_family'] == 'Suse')
-      or (ansible_facts['distribution'] == 'Amazon' and ansible_facts['distribution_major_version'] is version('2', '==')))
-    - not (item['name'] | default(item) == 'lua')
-      or not ((ansible_facts['architecture'] == 's390x')
-      or (ansible_facts['os_family'] == 'Suse' and ansible_facts['distribution_major_version'] is version('12', '==')))
-    - not (item['name'] | default(item) == 'opentracing')
-      or not (ansible_facts['os_family'] == 'Suse' and ansible_facts['distribution_major_version'] is version('12', '=='))
+    - (item['name'] | default(item) in nginx_modules_list and nginx_type == 'opensource') or (item['name'] | default(item) in nginx_plus_modules_list and nginx_type
+      == 'plus')
+    - not (item['name'] | default(item) == 'brotli') or not (ansible_facts['os_family'] == 'Suse' and ansible_facts['distribution_major_version'] is version('12',
+      '=='))
+    - not (item['name'] | default(item) == "geoip") or not ((ansible_facts['os_family'] == 'FreeBSD') or (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution']
+      != 'Amazon' and ansible_facts['distribution_major_version'] is version('8', '>=')) or (ansible_facts['distribution'] == 'Amazon' and ansible_facts['distribution_major_version']
+      is version('2023', '==')))
+    - not (item['name'] | default(item) == 'geoip2') or not ((ansible_facts['os_family'] == 'Suse') or (ansible_facts['distribution'] == 'Amazon' and ansible_facts['distribution_major_version']
+      is version('2', '==')))
+    - not (item['name'] | default(item) == 'lua') or not ((ansible_facts['architecture'] == 's390x') or (ansible_facts['os_family'] == 'Suse' and ansible_facts['distribution_major_version']
+      is version('12', '==')))
+    - not (item['name'] | default(item) == 'opentracing') or not (ansible_facts['os_family'] == 'Suse' and ansible_facts['distribution_major_version'] is version('12',
+      '=='))
diff --git a/tasks/opensource/install-redhat.yml b/tasks/opensource/install-redhat.yml
@@ -2,7 +2,8 @@
 - name: (AlmaLinux/Amazon Linux/Oracle Linux/RHEL/Rocky Linux) {{ (nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX repository
   ansible.builtin.yum_repository:
     name: nginx
-    baseurl: "{{ nginx_repository | default(lookup('vars', 'nginx_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat')))) }}"
+    baseurl: "{{ nginx_repository | default(lookup('vars', 'nginx_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat'))))
+      }}"
     description: NGINX Repository
     enabled: true
     gpgcheck: true

diff --git a/tasks/opensource/install-source.yml b/tasks/opensource/install-source.yml
@@ -131,7 +131,8 @@
   block:
     - name: Download PCRE dependency
       ansible.builtin.get_url:
-        url: "{{ (pcre_release == 2) | ternary('https://github.com/PCRE2Project/pcre2/releases/download/pcre2-' ~ pcre_version ~ '/pcre2-' ~ pcre_version ~ '.tar.gz', 'https://ftp.exim.org/pub/pcre/pcre-' ~ pcre_version ~ '.tar.gz') }}"
+        url: "{{ (pcre_release == 2) | ternary('https://github.com/PCRE2Project/pcre2/releases/download/pcre2-' ~ pcre_version ~ '/pcre2-' ~ pcre_version ~ '.tar.gz',
+          'https://ftp.exim.org/pub/pcre/pcre-' ~ pcre_version ~ '.tar.gz') }}"
         dest: /tmp
         mode: "0600"
       register: pcre_source

diff --git a/tasks/plus/install-redhat.yml b/tasks/plus/install-redhat.yml
@@ -1,8 +1,10 @@
 ---
-- name: (AlmaLinux/Amazon Linux/Oracle Linux/RHEL/Rocky Linux) {{ (nginx_license_status is defined or nginx_setup == 'uninstall') | ternary('Remove', 'Configure') }} NGINX Plus repository
+- name: (AlmaLinux/Amazon Linux/Oracle Linux/RHEL/Rocky Linux) {{ (nginx_license_status is defined or nginx_setup == 'uninstall') | ternary('Remove', 'Configure')
+    }} NGINX Plus repository
   ansible.builtin.yum_repository:
     name: nginx-plus
-    baseurl: "{{ nginx_repository | default(lookup('vars', 'nginx_plus_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat')))) }}"
+    baseurl: "{{ nginx_repository | default(lookup('vars', 'nginx_plus_default_repository_' + ((ansible_facts['distribution'] == 'Amazon') | ternary('amazon', 'redhat'))))
+      }}"
     description: NGINX Plus Repository
     sslclientcert: /etc/ssl/nginx/nginx-repo.crt
     sslclientkey: /etc/ssl/nginx/nginx-repo.key

diff --git a/tasks/plus/setup-license.yml b/tasks/plus/setup-license.yml
@@ -70,7 +70,7 @@
 
     - name: (OracleLinux 8) Install cryptography package
       ansible.builtin.package:
-        name: "python3.11-cryptography"
+        name: python3.11-cryptography
       when:
         - ansible_facts['distribution'] == "OracleLinux"
         - ansible_facts['distribution_major_version'] == "8"
@@ -133,8 +133,8 @@
     - name: Set up JWT
       when:
         - nginx_setup in ['install', 'upgrade']
-        - nginx_plus_installed_version is defined and (nginx_setup == 'upgrade' or nginx_plus_target_version is defined and nginx_plus_target_version is version('33', '>='))
-          or nginx_plus_installed_version is not defined and (nginx_plus_target_version is not defined or nginx_plus_target_version is version('33', '>='))
+        - nginx_plus_installed_version is defined and (nginx_setup == 'upgrade' or nginx_plus_target_version is defined and nginx_plus_target_version is version('33',
+          '>=')) or nginx_plus_installed_version is not defined and (nginx_plus_target_version is not defined or nginx_plus_target_version is version('33', '>='))
       block:
         - name: Create NGINX Plus main directory
           ansible.builtin.file:
@@ -145,15 +145,17 @@
         - name: Copy NGINX Plus JWT
           ansible.builtin.copy:
             src: "{{ nginx_license['jwt']['src'] | default(nginx_license['jwt']) }}"
-            dest: "{{ nginx_license['jwt']['dest'] | default((ansible_facts['os_family'] == 'FreeBSD') | ternary('/usr/local/etc/nginx/license.jwt', '/etc/nginx/license.jwt')) }}"
+            dest: "{{ nginx_license['jwt']['dest'] | default((ansible_facts['os_family'] == 'FreeBSD') | ternary('/usr/local/etc/nginx/license.jwt', '/etc/nginx/license.jwt'))
+              }}"
             decrypt: true
             mode: "0444"
 
         - name: Verify NGINX Plus JWT claims
           block:
             - name: Read JWT file
               ansible.builtin.slurp:
-                src: "{{ nginx_license['jwt']['dest'] | default((ansible_facts['os_family'] == 'FreeBSD') | ternary('/usr/local/etc/nginx/license.jwt', '/etc/nginx/license.jwt')) }}"
+                src: "{{ nginx_license['jwt']['dest'] | default((ansible_facts['os_family'] == 'FreeBSD') | ternary('/usr/local/etc/nginx/license.jwt', '/etc/nginx/license.jwt'))
+                  }}"
               register: jwt_file
 
             - name: Decode JWT payload using base64url