Merge pull request #6 from sscheib/ft-lint_fixes

Lint fixes + fixing undefined users

Author: sscheib

.ansible-lint

@@ -1,17 +1,18 @@
 ---
-enable_list:
-  - 'args'
-  - 'empty-string-compare'
-  - 'no-log-password'
-  - 'no-same-owner'
-  - 'name[prefix]'
+exclude_paths:
+  - '.git/'
+  - 'files/'
 
 kinds:
+  - tasks: 'tasks/*.{yml,yaml}'
+  - vars: 'vars/*.{yml,yaml}'
+  - vars: 'defaults/*.{yml,yaml}'
+  - meta: 'meta/main.{yml,yaml}'
   - yaml: '.ansible-lint'
   - yaml: '.github/workflows/*.{yml,yaml}'
   - yaml: '.pre-commit-config.yaml'
   - yaml: '.yamllint'
-  - yaml: '**/*.{yml,yaml}'
+  - yaml: 'collections/requirements.yml'
 
 loop_var_prefix: '^(__|{role}_)'
 max_block_depth: 20

tasks/assert.yml

@@ -1,7 +1,7 @@
 ---
 # NOTE: _quiet_assert does not impact this task, as it first needs to be ensured that it actually is
 #       properly defined
-- name: 'Ensure mandatory variables, as  well as variables, which have a default value, are set (boolean)'
+- name: 'assert | Ensure mandatory variables, as  well as variables, which have a default value, are set (boolean)'
   ansible.builtin.assert:
     that:
       - "lookup('ansible.builtin.vars', item) is defined"
@@ -21,7 +21,7 @@
   loop_control:
     label: 'variable: {{ item }}'
 
-- name: 'Ensure mandatory variables, as well as variables, which have a default value, are set (string)'
+- name: 'assert | Ensure mandatory variables, as well as variables, which have a default value, are set (string)'
   ansible.builtin.assert:
     that:
       - "lookup('ansible.builtin.vars', item) is defined"
@@ -63,7 +63,7 @@
   loop_control:
     label: 'variable: {{ item }}'
 
-- name: 'Ensure mandatory variables, as well as variables, which have a default value, are set (integer)'
+- name: 'assert | Ensure mandatory variables, as well as variables, which have a default value, are set (integer)'
   ansible.builtin.assert:
     that:
       - "lookup('ansible.builtin.vars', item) is defined"
@@ -80,7 +80,7 @@
   loop_control:
     label: 'variable: {{ item }}'
 
-- name: 'Ensure kickstart path is set when defined'
+- name: 'assert | Ensure kickstart path is set when defined'
   ansible.builtin.assert:
     that:
       - '_kickstart_path is string'
@@ -91,7 +91,7 @@
     quiet: '{{ _quiet_assert }}'
   when: '_kickstart_path is defined'
 
-- name: 'Ensure kickstart root password is set when defined'
+- name: 'assert | Ensure kickstart root password is set when defined'
   ansible.builtin.assert:
     that:
       - '_kickstart_root_password is string'
@@ -103,7 +103,7 @@
   no_log: true
   when: '_kickstart_root_password is defined'
 
-- name: 'Ensure api_token is defined properly (string)'
+- name: 'assert | Ensure api_token is defined properly (string)'
   ansible.builtin.assert:
     that:
       - '_api_token is defined'
@@ -115,7 +115,7 @@
     quiet: '{{ _quiet_assert }}'
   no_log: true
 
-- name: 'Ensure optional variables, are defined properly, if set (list)'
+- name: 'assert | Ensure optional variables, are defined properly, if set (list)'
   ansible.builtin.assert:
     that:
       - "lookup('ansible.builtin.vars', __var) is defined"
@@ -136,7 +136,7 @@
     loop_var: '__var'
     label: 'variable: {{ __var }}'
 
-- name: 'Ensure post_sections are defined properly'
+- name: 'assert | Ensure post_sections are defined properly'
   ansible.builtin.assert:
     that:
       - '_section.name is defined'
@@ -159,7 +159,7 @@
     _post_sections is defined
     and _post_sections | length > 0
 
-- name: 'Ensure _users is defined properly'
+- name: 'assert | Ensure _users is defined properly'
   ansible.builtin.assert:
     that:
       # _user.name
@@ -243,7 +243,7 @@
     _users is defined
     and _users | length > 0
 
-- name: 'Ensure _users does not specify conflicting options'
+- name: 'assert | Ensure _users does not specify conflicting options'
   ansible.builtin.assert:
     that:
       - '_user.home is defined'
@@ -260,13 +260,13 @@
     _user.authorized_keys is defined
     and _user.authorized_keys | length > 0
 
-- name: 'Skip block if no variables defined beforehand'
+- name: 'assert | Skip block if no variables defined beforehand'
   when: >
     __tmp_list_variables.results is defined and
     __tmp_list_variables.results | map(attribute='skipped', default=[]) | select() | length > 0
   block:
 
-    - name: 'Show variables that have been skipped to check, due to being undefined'
+    - name: 'assert | Show variables that have been skipped to check, due to being undefined'
       ansible.builtin.debug:
         msg: 'Variable name: {{ __var }}'
       loop:
@@ -275,7 +275,7 @@
         loop_var: '__var'
         label: '{{ __var }}'
 
-    - name: 'Ensure above variables are not important to you, as they are not going to be used!'
+    - name: 'assert | Ensure above variables are not important to you, as they are not going to be used!'
       ansible.builtin.pause:
         seconds: 5
 ...

tasks/authenticate.yml

@@ -1,5 +1,5 @@
 ---
-- name: 'Authenticate on the Red Hat Portal'
+- name: 'authenticate | Authenticate on the Red Hat Portal'
   ansible.builtin.uri:
     url: '{{ _redhat_portal_auth_url }}'
     return_content: true
@@ -12,7 +12,7 @@
   register: '__t_auth'
   no_log: true
 
-- name: 'Ensure access token has been returned by the API'
+- name: 'authenticate | Ensure access token has been returned by the API'
   ansible.builtin.assert:
     that:
       - '__t_auth.json is defined'
@@ -30,7 +30,7 @@
     quiet: '{{ _quiet_assert }}'
   no_log: true
 
-- name: 'Set fact: Extract access token'
+- name: 'authenticate | Set fact: Extract access token'
   ansible.builtin.set_fact:
     __access_token: '{{ __t_auth.json.access_token }}'
 ...

tasks/build_user_statement.yml

@@ -1,59 +1,59 @@
 ---
-- name: 'Set fact: Start building the user statement for user {{ _user.name }}'
+- name: 'build_user_statement | Set fact: Start building the user statement for user {{ _user.name }}'
   ansible.builtin.set_fact:
     _user_statement: "{{ 'user --name=' ~ _user.name }}"
 
-- name: 'Set fact: Insert gecos into the user statement for user {{ _user.name }}'
+- name: 'build_user_statement | Set fact: Insert gecos into the user statement for user {{ _user.name }}'
   ansible.builtin.set_fact:
     _user_statement: "{{ _user_statement ~ ' --gecos=\"' ~ _user.gecos ~ '\"' }}"
   when: >
     _user.gecos is defined
     and _user.gecos != ''
     and _user.gecos != None
 
-- name: 'Set fact: Insert uid into the user statement for user {{ _user.name }}'
+- name: 'build_user_statement | Set fact: Insert uid into the user statement for user {{ _user.name }}'
   ansible.builtin.set_fact:
     _user_statement: "{{ _user_statement ~ ' --uid=' ~ _user.uid }}"
   when: >
     _user.uid is defined
     and _user.uid | string != ''
 
-- name: 'Set fact: Insert gid into the user statement for user {{ _user.name }}'
+- name: 'build_user_statement | Set fact: Insert gid into the user statement for user {{ _user.name }}'
   ansible.builtin.set_fact:
     _user_statement: "{{ _user_statement ~ ' --gid=' ~ _user.gid }}"
   when: >
     _user.gid is defined
     and _user.gid | string != ''
 
-- name: 'Set fact: Insert groups into the user statement for user {{ _user.name }}'
+- name: 'build_user_statement | Set fact: Insert groups into the user statement for user {{ _user.name }}'
   ansible.builtin.set_fact:
     _user_statement: "{{ _user_statement ~ ' --groups=' ~ _user.groups | join(',') }}"
   when: >
     _user.groups is defined
     and _user.groups | string != ''
 
-- name: 'Set fact: Insert homedir into the user statement for user {{ _user.name }}'
+- name: 'build_user_statement | Set fact: Insert homedir into the user statement for user {{ _user.name }}'
   ansible.builtin.set_fact:
     _user_statement: "{{ _user_statement ~ ' --homedir=' ~ _user.home }}"
   when: >
     _user.home is defined
     and _user.home | string != ''
 
-- name: 'Set fact: Insert shell into the user statement for user {{ _user.name }}'
+- name: 'build_user_statement | Set fact: Insert shell into the user statement for user {{ _user.name }}'
   ansible.builtin.set_fact:
     _user_statement: "{{ _user_statement ~ ' --shell=' ~ _user.shell }}"
   when: >
     _user.shell is defined
     and _user.shell | string != ''
 
-- name: 'Set fact: Insert lock into the user statement for user {{ _user.name }}'
+- name: 'build_user_statement | Set fact: Insert lock into the user statement for user {{ _user.name }}'
   ansible.builtin.set_fact:
     _user_statement: "{{ _user_statement ~ ' --lock' }}"
   when: >
     _user.lock is defined
     and _user.lock
 
-- name: 'Set fact: Insert password into the user statement for user {{ _user.name }}'
+- name: 'build_user_statement | Set fact: Insert password into the user statement for user {{ _user.name }}'
   ansible.builtin.set_fact:
     _user_statement: >
       {{
@@ -65,7 +65,7 @@
     _user.gid is defined
     and _user.gid | string != ''
 
-- name: 'Insert user creation statement into the provided kickstart for user {{ _user.name }}'
+- name: 'build_user_statement | Insert user creation statement into the provided kickstart for user {{ _user.name }}'
   ansible.builtin.lineinfile:
     path: '{{ __work_dir_kickstart_path }}'
     regex: '^user\s--name={{ _user.name }}.+$'

tasks/cleanup.yml

@@ -1,5 +1,5 @@
 ---
-- name: 'Ensure downloaded ISO is removed: {{ __iso_path }}'
+- name: 'cleanup | Ensure downloaded ISO is removed: {{ __iso_path }}'
   ansible.builtin.file:
     path: '{{ __iso_path }}'
     state: 'absent'
@@ -8,7 +8,7 @@
     _cleanup_iso is defined
     and _cleanup_iso
 
-- name: 'Ensure temporary work directory is removed: {{ _temporary_work_dir_path }}'
+- name: 'cleanup | Ensure temporary work directory is removed: {{ _temporary_work_dir_path }}'
   ansible.builtin.file:
     path: '{{ _temporary_work_dir_path }}'
     state: 'absent'

tasks/create_iso.yml

@@ -1,15 +1,15 @@
 ---
-- name: 'Ensure xorriso is present'
+- name: 'create_iso | Ensure xorriso is present'
   ansible.builtin.package:
     name: '{{ _xorriso_package_name }},syslinux'
     state: 'present'
   become: true
 
-- name: 'Set fact: Destination ISO path'
+- name: 'create_iso | Set fact: Destination ISO path'
   ansible.builtin.set_fact:
     __dest_iso_path: "{{ _dest_dir_path ~ '/' ~ __iso_filename | splitext | first ~ '-ks.iso' }}"
 
-- name: 'Remove ISO if forced to recreate the ISO is asked for: {{ __dest_iso_path }}'
+- name: 'create_iso | Remove ISO if forced to recreate the ISO is asked for: {{ __dest_iso_path }}'
   ansible.builtin.file:
     path: '{{ __dest_iso_path }}'
     state: 'absent'
@@ -18,21 +18,21 @@
     _force_recreate_custom_iso is defined
     and _force_recreate_custom_iso
 
-- name: 'Retrieve the label of {{ __iso_path }}'
+- name: 'create_iso | Retrieve the label of {{ __iso_path }}'
   ansible.builtin.command:
     cmd: 'blkid --match-tag=LABEL -o value {{ __iso_path }}'
   changed_when: false
   become: true
   register: '__t_label'
 
-- name: 'Set fact: label of {{ __iso_path }}'
+- name: 'create_iso | Set fact: label of {{ __iso_path }}'
   ansible.builtin.set_fact:
     __iso_label: '{{ __t_label.stdout }}'
 
 # Note: Adding '-no-emul-boot' *twice* is necessary to avoid the following issue:
 # https://unix.stackexchange.com/questions/491043/boot-grub-efi-img-invalid-image-size
 # Command has been built according to https://access.redhat.com/solutions/60959
-- name: 'Create the ISO with the included kickstart at: {{ __dest_iso_path }}'
+- name: 'create_iso | Create the ISO with the included kickstart at: {{ __dest_iso_path }}'
   ansible.builtin.command:
     argv:
       - 'mkisofs'
@@ -61,32 +61,33 @@
     creates: '{{ __dest_iso_path }}'
   become: true
 
-- name: 'Ensure ISO is bootable via BIOS and UEFI'  # noqa: no-changed-when
+- name: 'create_iso | Ensure ISO is bootable via BIOS and UEFI'
   ansible.builtin.command:
     argv:
       - 'isohybrid'
       - '--uefi'
       - '{{ __dest_iso_path }}'
+  changed_when: true
   become: true
 
-- name: 'Block: Handle implanting of MD5 into ISO'
+- name: 'create_iso | Block: Handle implanting of MD5 into ISO'
   become: true
   when: >
     _implant_md5 is defined
     and _implant_md5
   block:
 
-    - name: 'Ensure implantisomd5 is present'
+    - name: 'create_iso | Ensure implantisomd5 is present'
       ansible.builtin.package:
         name: '{{ _implantisomd5_package_name }}'
         state: 'present'
 
-    - name: 'Implant MD5 checksum into the ISO'
+    - name: 'create_iso | Implant MD5 checksum into the ISO'
       ansible.builtin.command:
         cmd: 'implantisomd5 {{ __dest_iso_path }}'
       changed_when: true
 
-- name: 'Ensure created ISO has the proper permissions'
+- name: 'create_iso | Ensure created ISO has the proper permissions'
   ansible.builtin.file:
     path: '{{ __dest_iso_path }}'
     owner: '{{ _custom_iso_owner }}'

tasks/download_iso.yml

@@ -1,5 +1,5 @@
 ---
-- name: 'Ensure download directory exists: {{ _download_directory }}'
+- name: 'download_iso | Ensure download directory exists: {{ _download_directory }}'
   ansible.builtin.file:
     path: '{{ _download_directory }}'
     state: 'directory'
@@ -8,11 +8,11 @@
     mode: '{{ _download_directory_mode }}'
   become: true
 
-- name: 'Set fact: Red Hat Portal API download URL'
+- name: 'download_iso | Set fact: Red Hat Portal API download URL'
   ansible.builtin.set_fact:
     __download_url: '{{ _redhat_portal_download_base_url }}/{{ _checksum }}/download'
 
-- name: 'Gather information about the ISO to download'
+- name: 'download_iso | Gather information about the ISO to download'
   ansible.builtin.uri:
     url: '{{ __download_url }}'
     method: 'GET'
@@ -23,7 +23,7 @@
       Authorization: 'Bearer {{ __access_token }}'
   register: '__t_iso_information'
 
-- name: 'Ensure filename has been returned by the API'
+- name: 'download_iso | Ensure filename has been returned by the API'
   ansible.builtin.assert:
     that:
       - '__t_iso_information.json is defined'
@@ -46,15 +46,15 @@
     fail_msg: 'The API did not return the filename of the ISO'
     quiet: '{{ _quiet_assert }}'
 
-- name: 'Set fact: Extract filename of the ISO to download'
+- name: 'download_iso | Set fact: Extract filename of the ISO to download'
   ansible.builtin.set_fact:
     __iso_filename: '{{ __t_iso_information.json.body.filename }}'
 
-- name: 'Set fact: Destination path for the ISO to download'
+- name: 'download_iso | Set fact: Destination path for the ISO to download'
   ansible.builtin.set_fact:
     __iso_path: '{{ _download_directory }}/{{ __iso_filename }}'
 
-- name: 'Download and verify the checksum of the ISO: {{ __iso_filename }}'
+- name: 'download_iso | Download and verify the checksum of the ISO: {{ __iso_filename }}'
   ansible.builtin.get_url:
     url: '{{ __download_url }}'
     dest: '{{ __iso_path }}'