Linter warnings fix pass

ansible-middleware · May 7, 2024 · 1115ee4 · 1115ee4
1 parent b497e94
commit 1115ee4
Show file tree

Hide file tree

Showing 17 changed files with 90 additions and 68 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -28,14 +28,14 @@ warn_list:
   - name[casing]
   - fqcn[action]
   - schema[meta]
-  - var-naming[no-role-prefix]
   - key-order[task]
   - blocked_modules
 
 skip_list:
   - vars_should_not_be_used
   - file_is_small_enough
   - name[template]
+  - var-naming[no-role-prefix]
 
 use_default_rules: true
 parseable: true
diff --git a/changelogs/config.yaml b/changelogs/config.yaml
@@ -11,22 +11,22 @@ notesdir: fragments
 prelude_section_name: release_summary
 prelude_section_title: Release Summary
 sections:
-- - major_changes
-  - Major Changes
-- - minor_changes
-  - Minor Changes
-- - breaking_changes
-  - Breaking Changes / Porting Guide
-- - deprecated_features
-  - Deprecated Features
-- - removed_features
-  - Removed Features
-- - security_fixes
-  - Security Fixes
-- - bugfixes
-  - Bugfixes
-- - known_issues
-  - Known Issues
+  - - major_changes
+    - Major Changes
+  - - minor_changes
+    - Minor Changes
+  - - breaking_changes
+    - Breaking Changes / Porting Guide
+  - - deprecated_features
+    - Deprecated Features
+  - - removed_features
+    - Removed Features
+  - - security_fixes
+    - Security Fixes
+  - - bugfixes
+    - Bugfixes
+  - - known_issues
+    - Known Issues
 title: middleware_automation.keycloak
 trivial_section_name: trivial
 use_fqcn: true
diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml
@@ -86,7 +86,9 @@ argument_specs:
                 type: "str"
             keycloak_features:
                 default: "[]"
-                description: "List of `name`/`status` pairs of features (also known as profiles on RH-SSO) to `enable` or `disable`, example: `[ { name: 'docker', status: 'enabled' } ]`"
+                description: >
+                  List of `name`/`status` pairs of features (also known as profiles on RH-SSO) to `enable` or `disable`,
+                  example: `[ { name: 'docker', status: 'enabled' } ]`
                 type: "list"
             keycloak_bind_address:
                 default: "0.0.0.0"
@@ -310,7 +312,8 @@ argument_specs:
                 type: "str"
             keycloak_jgroups_subnet:
                 required: false
-                description: "Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration"
+                description: >
+                  Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration
                 type: "str"
             keycloak_log_target:
                 default: '/var/log/keycloak'
@@ -323,7 +326,8 @@ argument_specs:
                 description: "Set a username with which to authenticate when downloading JDBC drivers from an alternative location"
                 type: "str"
             keycloak_jdbc_download_pass:
-                description: "Set a password with which to authenticate when downloading JDBC drivers from an alternative location (requires keycloak_jdbc_download_user)"
+                description: >
+                  Set a password with which to authenticate when downloading JDBC drivers from an alternative location (requires keycloak_jdbc_download_user)
                 type: "str"
             keycloak_jdbc_download_validate_certs:
                 default: true

diff --git a/roles/keycloak/tasks/fastpackages.yml b/roles/keycloak/tasks/fastpackages.yml
@@ -8,7 +8,8 @@
 
 - name: "Add missing packages to the yum install list"
   ansible.builtin.set_fact:
-    packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}"
+    packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | \
+                          map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}"
   when: ansible_facts.os_family == "RedHat"
 
 - name: "Install packages: {{ packages_to_install }}"
@@ -17,8 +18,8 @@
     name: "{{ packages_to_install }}"
     state: present
   when:
-  - packages_to_install | default([]) | length > 0
-  - ansible_facts.os_family == "RedHat"
+    - packages_to_install | default([]) | length > 0
+    - ansible_facts.os_family == "RedHat"
 
 - name: "Install packages: {{ packages_list }}"
   become: true

diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml
@@ -41,8 +41,8 @@
   ansible.builtin.user:
     name: "{{ keycloak_service_user }}"
     home: /opt/keycloak
-    system: yes
-    create_home: no
+    system: true
+    create_home: false
 
 - name: "Create install location for {{ keycloak.service_name }}"
   become: true
@@ -51,7 +51,7 @@
     state: directory
     owner: "{{ keycloak_service_user }}"
     group: "{{ keycloak_service_group }}"
-    mode: 0750
+    mode: '0750'
 
 - name: Create pidfile folder
   become: true
@@ -60,7 +60,7 @@
     state: directory
     owner: "{{ keycloak_service_user if keycloak_service_runas else omit }}"
     group: "{{ keycloak_service_group if keycloak_service_runas else omit }}"
-    mode: 0750
+    mode: '0750'
 
 ## check remote archive
 - name: Set download archive path
@@ -84,7 +84,7 @@
   ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user
     url: "{{ keycloak_download_url }}"
     dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
-    mode: 0644
+    mode: '0644'
   delegate_to: localhost
   run_once: true
   when:
@@ -136,7 +136,7 @@
   ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user
     url: "{{ keycloak_rhsso_download_url }}"
     dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
-    mode: 0644
+    mode: '0644'
   delegate_to: localhost
   run_once: true
   when:
@@ -160,7 +160,7 @@
     dest: "{{ archive }}"
     owner: "{{ keycloak_service_user }}"
     group: "{{ keycloak_service_group }}"
-    mode: 0640
+    mode: '0640'
   register: new_version_downloaded
   when:
     - not archive_path.stat.exists
@@ -221,7 +221,7 @@
     dest: "{{ keycloak_config_path_to_standalone_xml }}"
     owner: "{{ keycloak_service_user }}"
     group: "{{ keycloak_service_group }}"
-    mode: 0640
+    mode: '0640'
   notify:
     - restart keycloak
   when: keycloak_config_override_template | length > 0
@@ -233,7 +233,7 @@
     dest: "{{ keycloak_config_path_to_standalone_xml }}"
     owner: "{{ keycloak_service_user }}"
     group: "{{ keycloak_service_group }}"
-    mode: 0640
+    mode: '0640'
   notify:
     - restart keycloak
   when:
@@ -261,7 +261,7 @@
     dest: "{{ keycloak_config_path_to_standalone_xml }}"
     owner: "{{ keycloak_service_user }}"
     group: "{{ keycloak_service_group }}"
-    mode: 0640
+    mode: '0640'
   notify:
     - restart keycloak
   when:
@@ -276,7 +276,7 @@
     dest: "{{ keycloak_config_path_to_standalone_xml }}"
     owner: "{{ keycloak_service_user }}"
     group: "{{ keycloak_service_group }}"
-    mode: 0640
+    mode: '0640'
   notify:
     - restart keycloak
   when:
@@ -291,7 +291,7 @@
     dest: "{{ keycloak_config_path_to_properties }}"
     owner: "{{ keycloak_service_user }}"
     group: "{{ keycloak_service_group }}"
-    mode: 0640
+    mode: '0640'
   notify:
     - restart keycloak
   when: keycloak_features | length > 0
diff --git a/roles/keycloak/tasks/jdbc_driver.yml b/roles/keycloak/tasks/jdbc_driver.yml
@@ -12,16 +12,17 @@
     recurse: true
     owner: "{{ keycloak_service_user }}"
     group: "{{ keycloak_service_group }}"
-    mode: 0750
+    mode: '0750'
   become: true
   when:
     - not dest_path.stat.exists
 - name: "Verify valid parameters for download credentials when specified"
   ansible.builtin.fail:
     msg: >-
       When JDBC driver download credentials are set, both the username and the password MUST be set
-  when:
-    - (keycloak_jdbc_download_user is undefined and keycloak_jdbc_download_pass is not undefined) or (keycloak_jdbc_download_pass is undefined and keycloak_jdbc_download_user is not undefined)
+  when: >
+    (keycloak_jdbc_download_user is undefined and keycloak_jdbc_download_pass is not undefined) or
+    (keycloak_jdbc_download_pass is undefined and keycloak_jdbc_download_user is not undefined)
 
 - name: "Retrieve JDBC Driver from {{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_url }}"
   ansible.builtin.get_url:
@@ -32,7 +33,7 @@
     url_username: "{{ keycloak_jdbc_download_user | default(omit) }}"
     url_password: "{{ keycloak_jdbc_download_pass | default(omit) }}"
     validate_certs: "{{ keycloak_jdbc_download_validate_certs | default(omit) }}"
-    mode: 0640
+    mode: '0640'
   become: true
 
 - name: "Deploy module.xml for JDBC Driver"
@@ -41,5 +42,5 @@
     dest: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}/module.xml"
     group: "{{ keycloak_service_group }}"
     owner: "{{ keycloak_service_user }}"
-    mode: 0640
+    mode: '0640'
   become: true
diff --git a/roles/keycloak/tasks/prereqs.yml b/roles/keycloak/tasks/prereqs.yml
@@ -4,13 +4,16 @@
     that:
       - keycloak_admin_password | length > 12
     quiet: true
-    fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_admin_password variable to a 12+ char long string"
+    fail_msg: >
+      The console administrator password is empty or invalid. Please set the keycloak_admin_password variable to a 12+ char long string
     success_msg: "{{ 'Console administrator password OK' }}"
 
 - name: Validate configuration
   ansible.builtin.assert:
-    that:
-      - (keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and not keycloak_db_enabled)
+    that: >
+      (keycloak_ha_enabled and keycloak_db_enabled) or
+      (not keycloak_ha_enabled and keycloak_db_enabled) or
+      (not keycloak_ha_enabled and not keycloak_db_enabled)
     quiet: true
     fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_ha_enabled and keycloak_db_enabled"
     success_msg: "{{ 'Configuring HA' if keycloak_ha_enabled else 'Configuring standalone' }}"

diff --git a/roles/keycloak/tasks/restart_keycloak.yml b/roles/keycloak/tasks/restart_keycloak.yml
@@ -22,7 +22,7 @@
 - name: "Restart and enable {{ keycloak.service_name }} service"
   ansible.builtin.systemd:
     name: keycloak
-    enabled: yes
+    enabled: true
     state: restarted
   become: true
   when: inventory_hostname != ansible_play_hosts | first
diff --git a/roles/keycloak/tasks/rhsso_cli.yml b/roles/keycloak/tasks/rhsso_cli.yml
@@ -10,4 +10,4 @@
   ansible.builtin.command: >
     {{ keycloak.cli_path }} --connect --command='{{ query }}' --controller={{ keycloak_host }}:{{ keycloak_management_http_port }}
   changed_when: false
-  register: cli_result
+  register: cli_result
diff --git a/roles/keycloak/tasks/rhsso_patch.yml b/roles/keycloak/tasks/rhsso_patch.yml
@@ -45,7 +45,7 @@
 
     - name: Determine latest version
       ansible.builtin.set_fact:
-         sso_latest_version: "{{ filtered_versions | middleware_automation.common.version_sort | last }}"
+        sso_latest_version: "{{ filtered_versions | middleware_automation.common.version_sort | last }}"
       when: sso_patch_version is not defined or sso_patch_version | length == 0
       delegate_to: localhost
       run_once: true
@@ -95,7 +95,7 @@
     dest: "{{ patch_archive }}"
     owner: "{{ keycloak_service_user }}"
     group: "{{ keycloak_service_group }}"
-    mode: 0640
+    mode: '0640'
   register: new_version_downloaded
   when:
     - not patch_archive_path.stat.exists
@@ -135,8 +135,8 @@
         - cli_result.rc == 0
       args:
         apply:
-            become: true
-            become_user: "{{ keycloak_service_user }}"
+          become: true
+          become_user: "{{ keycloak_service_user }}"
 
     - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
       ansible.builtin.uri:
@@ -152,8 +152,8 @@
         query: "patch info"
       args:
         apply:
-            become: true
-            become_user: "{{ keycloak_service_user }}"
+          become: true
+          become_user: "{{ keycloak_service_user }}"
 
     - name: "Verify installed patch version"
       ansible.builtin.assert:

diff --git a/roles/keycloak/tasks/systemd.yml b/roles/keycloak/tasks/systemd.yml
@@ -6,7 +6,7 @@
     dest: "{{ keycloak_dest }}/keycloak-service.sh"
     owner: root
     group: root
-    mode: 0755
+    mode: '0755'
   notify:
     - restart keycloak
 
@@ -17,7 +17,7 @@
     dest: "{{ keycloak_sysconf_file }}"
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
   notify:
     - restart keycloak
 
@@ -27,7 +27,7 @@
     dest: /etc/systemd/system/keycloak.service
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
   become: true
   register: systemdunit
   notify:

diff --git a/roles/keycloak/vars/debian.yml b/roles/keycloak/vars/debian.yml
@@ -6,6 +6,7 @@ keycloak_prereq_package_list:
       - procps
       - apt
       - tzdata
-keycloak_configure_iptables: True
+keycloak_configure_iptables: true
 keycloak_sysconf_file: /etc/default/keycloak
-keycloak_pkg_java_home: "/usr/lib/jvm/java-{{ keycloak_varjvm_package | regex_search('(?!:openjdk-)[0-9.]+') }}-openjdk-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
+keycloak_pkg_java_home: "/usr/lib/jvm/java-{{ keycloak_varjvm_package | \
+                         regex_search('(?!:openjdk-)[0-9.]+') }}-openjdk-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"