Bump ansible-lint from 6.5.2 to 6.7.0 in /.github/workflows/requirements (#211)

dependabot[bot] · web-flow · commit 32ce340e4f48 · 2022-09-28T04:47:38.000+02:00
diff --git a/.ansible-lint b/.ansible-lint
@@ -1,4 +1,5 @@
 ---
 offline: true
 skip_list:
+  - name[template]
   - yaml[line-length]
diff --git a/.github/workflows/requirements/requirements_molecule.txt b/.github/workflows/requirements/requirements_molecule.txt
@@ -1,6 +1,6 @@
 ansible-core==2.13.4
 Jinja2==3.1.2
-ansible-lint==6.5.2
+ansible-lint==6.7.0
 yamllint==1.28.0
 molecule[docker]==4.0.1
 docker==6.0.0
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -21,7 +21,7 @@ TESTS:
 
 * Update GitHub actions to only skip \*plus\* scenarios when the NGINX Plus license secrets are not present (it used to only run the NGINX Plus test scenarios during internal PRs).
 * Remove Yamllint (Ansible Lint now incorporates Yamllint).
-* Skip Ansible Lint line length rule.
+* Skip Ansible Lint line length and no templates in name rules. Slightly refactor code to incorporate changes added to Ansible Lint 6.7.0.
 
 ## 0.8.0 (April 6, 2022)
 
diff --git a/molecule/advanced/prepare.yml b/molecule/advanced/prepare.yml
@@ -3,14 +3,14 @@
   hosts: localhost
   gather_facts: false
   tasks:
-    - name: Create ephemeral license certificate file from b64 decoded env var
+    - name: Create ephemeral license certificate file from b64 decoded env var # noqa template-instead-of-copy
       ansible.builtin.copy:
         content: "{{ lookup('env', 'NGINX_CRT') | b64decode }}"
         dest: ../../files/license/nginx-repo.crt
         force: false
         mode: 0444
 
-    - name: Create ephemeral license key file from b64 decoded env var
+    - name: Create ephemeral license key file from b64 decoded env var # noqa template-instead-of-copy
       ansible.builtin.copy:
         content: "{{ lookup('env', 'NGINX_KEY') | b64decode }}"
         dest: ../../files/license/nginx-repo.key
diff --git a/molecule/common/prepare.yml b/molecule/common/prepare.yml
@@ -3,14 +3,14 @@
   hosts: localhost
   gather_facts: false
   tasks:
-    - name: Create ephemeral license certificate file from b64 decoded env var
+    - name: Create ephemeral license certificate file from b64 decoded env var # noqa template-instead-of-copy
       ansible.builtin.copy:
         content: "{{ lookup('env', 'NGINX_CRT') | b64decode }}"
         dest: ../../files/license/nginx-repo.crt
         force: false
         mode: 0444
 
-    - name: Create ephemeral license key file from b64 decoded env var
+    - name: Create ephemeral license key file from b64 decoded env var # noqa template-instead-of-copy
       ansible.builtin.copy:
         content: "{{ lookup('env', 'NGINX_KEY') | b64decode }}"
         dest: ../../files/license/nginx-repo.key
diff --git a/molecule/uninstall/prepare.yml b/molecule/uninstall/prepare.yml
@@ -5,14 +5,14 @@
   tasks:
     - name: Create ephemeral license certificate file from b64 decoded env var
       ansible.builtin.copy:
-        content: "{{ lookup('env', 'NGINX_CRT') | b64decode }}"
+        content: "{{ lookup('env', 'NGINX_CRT') | b64decode }}" # noqa template-instead-of-copy
         dest: ../../files/license/nginx-repo.crt
         force: false
         mode: 0444
 
     - name: Create ephemeral license key file from b64 decoded env var
       ansible.builtin.copy:
-        content: "{{ lookup('env', 'NGINX_KEY') | b64decode }}"
+        content: "{{ lookup('env', 'NGINX_KEY') | b64decode }}" # noqa template-instead-of-copy
         dest: ../../files/license/nginx-repo.key
         force: false
         mode: 0444
diff --git a/tasks/common/config/configure-app-protect.yml b/tasks/common/config/configure-app-protect.yml
@@ -1,5 +1,6 @@
 ---
 - name: Copy NGINX App Protect security policy files
+  when: nginx_app_protect_security_policy_file_enable | bool
   block:
     - name: Ensure NGINX App Protect security policy directories exist
       ansible.builtin.file:
@@ -15,9 +16,9 @@
         backup: true
         mode: 0644
       loop: "{{ nginx_app_protect_security_policy_file }}"
-  when: nginx_app_protect_security_policy_file_enable | bool
 
 - name: Copy NGINX App Protect log policy files
+  when: nginx_app_protect_log_policy_file_enable | bool
   block:
     - name: Ensure NGINX App Protect log policy directories exist
       ansible.builtin.file:
@@ -33,4 +34,3 @@
         backup: true
         mode: 0644
       loop: "{{ nginx_app_protect_log_policy_file }}"
-  when: nginx_app_protect_log_policy_file_enable | bool
diff --git a/tasks/common/install/service-modification.yml b/tasks/common/install/service-modification.yml
@@ -1,5 +1,8 @@
 ---
 - name: Modify NGINX Plus service
+  when:
+    - ansible_service_mgr == "systemd"
+    - nginx_app_protect_service_modify | bool
   block:
     - name: Create override for NGINX Plus service
       ansible.builtin.file:
@@ -15,6 +18,3 @@
         group: root
         mode: 0644
       notify: (Handler - NGINX App Protect) Systemd daemon-reload
-  when:
-    - ansible_service_mgr == "systemd"
-    - nginx_app_protect_service_modify | bool
diff --git a/tasks/common/install/setup-license.yml b/tasks/common/install/setup-license.yml
@@ -1,5 +1,6 @@
 ---
 - name: (Alpine Linux) Set up NGINX App Protect WAF/DoS license
+  when: ansible_os_family == "Alpine"
   block:
     - name: Install cryptography package
       ansible.builtin.package:
@@ -42,9 +43,9 @@
           - cert.public_key == key.public_key
         success_msg: Your NGINX App Protect WAF/DoS license is valid!
         fail_msg: Something went wrong! Make sure your App Protect WAF/DoS license is valid!
-  when: ansible_os_family == "Alpine"
 
 - name: (Debian/Red Hat OSs) Set up NGINX App Protect WAF/DoS license
+  when: ansible_os_family != "Alpine"
   block:
     - name: (Debian/Red Hat OSs) Create SSL directory
       ansible.builtin.file:
@@ -83,4 +84,3 @@
           - cert.public_key == key.public_key
         success_msg: Your NGINX App Protect WAF/DoS license is valid!
         fail_msg: Something went wrong! Make sure your NGINX App Protect WAF/DoS license is valid!
-  when: ansible_os_family != "Alpine"
diff --git a/tasks/common/keys/setup-keys.yml b/tasks/common/keys/setup-keys.yml
@@ -1,5 +1,6 @@
 ---
 - name: (Alpine Linux) Set up NGINX App Protect DoS signing key
+  when: ansible_os_family == "Alpine"
   block:
     - name: (Alpine Linux) Set up NGINX App Protect DoS signing key URL
       ansible.builtin.set_fact:
@@ -10,9 +11,9 @@
         url: "{{ keysite }}"
         dest: /etc/apk/keys/nginx_signing.rsa.pub
         mode: 0400
-  when: ansible_os_family == "Alpine"
 
 - name: (Debian/Ubuntu) Set up NGINX App Protect and security updates signing key
+  when: ansible_os_family == "Debian"
   block:
     - name: (Debian/Ubuntu) Add NGINX Plus signing key
       ansible.builtin.apt_key:
@@ -24,9 +25,9 @@
         keyring: /usr/share/keyrings/nginx-archive-keyring.gpg
         url: "{{ nginx_app_protect_waf_signing_key.waf_security_updates | default(nginx_app_protect_waf_security_updates_default_signing_key_pgp) }}"
       when: (nginx_app_protect_waf_install_signatures | bool) or (nginx_app_protect_waf_install_threat_campaigns | bool)
-  when: ansible_os_family == "Debian"
 
 - name: (Amazon Linux/CentOS/RHEL) Set up NGINX App Protect and security updates signing key
+  when: ansible_os_family == "RedHat"
   block:
     - name: (CentOS/RHEL) Add NGINX Plus signing key
       ansible.builtin.rpm_key:
@@ -36,4 +37,3 @@
       ansible.builtin.rpm_key:
         key: "{{ nginx_app_protect_waf_signing_key.waf_security_updates | default(nginx_app_protect_waf_security_updates_default_signing_key_pgp) }}"
       when: (nginx_app_protect_waf_install_signatures | bool) or (nginx_app_protect_waf_install_threat_campaigns | bool)
-  when: ansible_os_family == "RedHat"
diff --git a/tasks/common/prerequisites/install-dependencies.yml b/tasks/common/prerequisites/install-dependencies.yml
@@ -20,6 +20,7 @@
   when: ansible_distribution == "Amazon"
 
 - name: (Amazon Linux/CentOS/RHEL) Install package dependencies
+  when: ansible_os_family == "RedHat"
   block:
     - name: (Amazon Linux/CentOS/RHEL) Import EPEL GPG key
       ansible.builtin.rpm_key:
@@ -31,9 +32,9 @@
         name: "{{ nginx_app_protect_redhat_dependencies }}"
         update_cache: true
         state: latest # noqa package-latest
-  when: ansible_os_family == "RedHat"
 
 - name: (RHEL) Set up RHEL specific repositories
+  when: ansible_distribution == "RedHat"
   block:
     - name: (RHEL 7) Set up RHEL dependencies from OSS repositories
       ansible.builtin.yum_repository:
@@ -83,4 +84,3 @@
       when:
         - ansible_distribution_major_version == "8"
         - nginx_app_protect_use_rhel_subscription_repos | bool
-  when: ansible_distribution == "RedHat"
diff --git a/tasks/common/prerequisites/prerequisites.yml b/tasks/common/prerequisites/prerequisites.yml
@@ -3,6 +3,11 @@
   ansible.builtin.include_tasks: "{{ role_path }}/tasks/common/prerequisites/install-dependencies.yml"
 
 - name: Set up SELinux
+  when:
+    - nginx_app_protect_selinux | bool or (nginx_app_protect_dos_enable | bool and nginx_app_protect_dos_setup == "install")
+    - "'selinux' in ansible_facts"
+    - ansible_facts['os_family'] in ['RedHat', 'Suse']
+    - ansible_facts['distribution'] not in ['Amazon', 'OracleLinux']
   block:
     - name: Check if SELinux is enabled
       ansible.builtin.debug:
@@ -12,8 +17,3 @@
     - name: Configure SELinux
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/common/prerequisites/setup-selinux.yml"
       when: ansible_facts['selinux']['mode'] is defined
-  when:
-    - nginx_app_protect_selinux | bool or (nginx_app_protect_dos_enable | bool and nginx_app_protect_dos_setup == "install")
-    - "'selinux' in ansible_facts"
-    - ansible_facts['os_family'] in ['RedHat', 'Suse']
-    - ansible_facts['distribution'] not in ['Amazon', 'OracleLinux']
diff --git a/tasks/common/prerequisites/validate-supported-os.yml b/tasks/common/prerequisites/validate-supported-os.yml
@@ -1,5 +1,6 @@
 ---
 - name: (WAF) Set supported_os_waf when platform and major/minor version are in the WAF supported platforms dictionary
+  when: nginx_app_protect_waf_enable | bool and nginx_app_protect_waf_state != "absent"
   block:
     - name: (WAF) Set fact to true if item present in dictionary
       ansible.builtin.set_fact:
@@ -18,9 +19,9 @@
       ansible.builtin.fail:
         msg: NGINX App Protect WAF is not supported on OS family {{ ansible_distribution }} version {{ ansible_distribution_version }}
       when: not supported_os_waf
-  when: nginx_app_protect_waf_enable | bool and nginx_app_protect_waf_state != "absent"
 
 - name: (DoS) Set supported_os_dos when platform and major/minor version are in the DoS supported platforms dictionary
+  when: nginx_app_protect_dos_enable | bool and nginx_app_protect_dos_state != "absent"
   block:
     - name: (DoS) Set fact to true if item present in dictionary
       ansible.builtin.set_fact:
@@ -39,7 +40,6 @@
       ansible.builtin.fail:
         msg: NGINX App Protect DoS is not supported on OS family {{ ansible_distribution }} version {{ ansible_distribution_version }}
       when: not supported_os_dos
-  when: nginx_app_protect_dos_enable | bool and nginx_app_protect_dos_state != "absent"
 
 - name: Abort if installing on RHEL > 7 without subscription details
   ansible.builtin.fail:
