From fcf5abdd3ad5abc938fe066cfabfb026184f2363 2020-01-05 23:29:57
From: Branko Majic <branko@majic.rs>
Date: 2020-01-05 23:29:57
Subject: [PATCH] MAR-148: Fixing linting errors:

- Do not compare against booleans when value is already boolean in
  "when" conditions.
- Use pipefail in conjunction with setting the shell to Bash when
  extracting the backup encryption key IDs.
- Do not compare variables to empty strings in "when" conditions. This
  change currently works only for complex variables (stuff can break
  badly in case of simple variables in current default Ansible
  configuration).
- Fix missing space in one of Jinja2 templates.

---

diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml
index b3ed9fcb6258b789fe61dc2c92f3cf7d8cd90d7a..594863272192132a9b1ef8e8559b50948ef00bfe 100644
--- a/roles/backup/tasks/main.yml
+++ b/roles/backup/tasks/main.yml
@@ -12,6 +12,6 @@
 
 - name: Explicitly run all handlers
   include: ../handlers/main.yml
-  when: "run_handlers | default(False) | bool() == True"
+  when: "run_handlers | default(False) | bool()"
   tags:
     - handlers
diff --git a/roles/backup_client/tasks/main.yml b/roles/backup_client/tasks/main.yml
index 57abda0611a3bb17e1053604ddac7594824d7251..a6e451485c7d9c4f0d03d138f7635c747b4e7b96 100644
--- a/roles/backup_client/tasks/main.yml
+++ b/roles/backup_client/tasks/main.yml
@@ -53,19 +53,23 @@
     - Import public keys
 
 - name: Extract encryption key identifier (Duplicty requires key ID in hexadecimal format)
-  shell: "{{ gnupg_binary }} --no-tty --list-packets /etc/duply/main/private_keys.asc | grep keyid: |
+  shell: "set -o pipefail && {{ gnupg_binary }} --no-tty --list-packets /etc/duply/main/private_keys.asc | grep keyid: |
     head -n1 | sed -e 's/.*: //' | sed -re 's/^.{{ '{' + gnupg_key_cutoff + '}' }}//'"
+  args:
+    executable: /bin/bash
   register: backup_encryption_key_id
   changed_when: false
-  failed_when: backup_encryption_key_id.stdout == ""
+  failed_when: not backup_encryption_key_id.stdout
 
 - name: Extract additional encryption keys identifiers (Duplicty requires key ID in hexadecimal format)
-  shell: "{{ gnupg_binary }} --no-tty --list-packets /etc/duply/main/public_keys.asc | grep keyid: |
+  shell: "set -o pipefail &&  {{ gnupg_binary }} --no-tty --list-packets /etc/duply/main/public_keys.asc | grep keyid: |
     sed -e 's/.*: //' | sort -u | sed -re 's/^.{{ '{' + gnupg_key_cutoff + '}' }}//' | tr '\n' ',' | sed -e 's/,$//'"
+  args:
+    executable: /bin/bash
   when: backup_additional_encryption_keys
   register: backup_additional_encryption_keys_ids
   changed_when: false
-  failed_when: backup_additional_encryption_keys_ids.stdout == ""
+  failed_when: not backup_additional_encryption_keys_ids.stdout
 
 - name: Deploy private SSH key for logging-in into backup server
   copy:
@@ -137,6 +141,6 @@
 
 - name: Explicitly run all handlers
   include: ../handlers/main.yml
-  when: "run_handlers | default(False) | bool() == True"
+  when: "run_handlers | default(False) | bool()"
   tags:
     - handlers
diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml
index 0dc84e81701367ed9669724bac219ea30ddb70ff..54769a489ae9ac36c4fd664b10402315b75d30e5 100644
--- a/roles/bootstrap/tasks/main.yml
+++ b/roles/bootstrap/tasks/main.yml
@@ -38,6 +38,6 @@
 
 - name: Explicitly run all handlers
   include: ../handlers/main.yml
-  when: "run_handlers | default(False) | bool() == True"
+  when: "run_handlers | default(False) | bool()"
   tags:
     - handlers
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 62d900043a5a502bdc2e3f351ac6b024c26edf3e..540beea59e8c3dddcf52f5fe55b45ebc50c459b0 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -237,7 +237,7 @@
 - name: Enable ferm service on boot (workaround for systemctl broken handling of SysV)
   command: "rcconf -on ferm"
   register: result
-  changed_when: result.stderr == ""
+  changed_when: not result.stderr
 
 - name: Enable ferm service
   service:
@@ -468,6 +468,6 @@
 
 - name: Explicitly run all handlers
   include: ../handlers/main.yml
-  when: "run_handlers | default(False) | bool() == True"
+  when: "run_handlers | default(False) | bool()"
   tags:
     - handlers
diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml
index d4ac41b377c9ccd5eee8a76342b0d936048ffccf..4953f640e9d7e5ab4881b68d36db7f0db8d8e80c 100644
--- a/roles/database/tasks/main.yml
+++ b/roles/database/tasks/main.yml
@@ -18,6 +18,6 @@
 
 - name: Explicitly run all handlers
   include: ../handlers/main.yml
-  when: "run_handlers | default(False) | bool() == True"
+  when: "run_handlers | default(False) | bool()"
   tags:
     - handlers
diff --git a/roles/database_server/tasks/main.yml b/roles/database_server/tasks/main.yml
index b02450c93d65f09c79f665e33bca42ccacd5afc7..d945ce1d4ae3ed9046d8787ace1bacdde962f742 100644
--- a/roles/database_server/tasks/main.yml
+++ b/roles/database_server/tasks/main.yml
@@ -11,7 +11,7 @@
 - name: Enable MariaDB service on boot (workaround for systemctl broken handling of SysV)
   command: rcconf -on mysql
   register: result
-  changed_when: result.stderr == ""
+  changed_when: not result.stderr
 
 - name: Enable and start MariaDB
   service:
@@ -40,7 +40,7 @@
 
 - name: Disable use of unix socket login on Debian Stretch (temporary workaround)
   command: "mysql -B -e \"update mysql.user set plugin='' where user='root' and plugin='unix_socket'; flush privileges;\""
-  when: "ansible_distribution_release == 'stretch' and root_using_unix_socket_authentication.stdout != ''"
+  when: "ansible_distribution_release == 'stretch' and root_using_unix_socket_authentication.stdout"
 
 - name: Remove UTF-8 encoding configuration file from the old location on Debian Stretch
   file:
@@ -83,6 +83,6 @@
 
 - name: Explicitly run all handlers
   include: ../handlers/main.yml
-  when: "run_handlers | default(False) | bool() == True"
+  when: "run_handlers | default(False) | bool()"
   tags:
     - handlers
diff --git a/roles/ldap_client/tasks/main.yml b/roles/ldap_client/tasks/main.yml
index 44730330dece4018106bce54cc0ef39326f8de02..50869c03be2ea1c8b36c3dd31dcaaeeb5ade1f0d 100644
--- a/roles/ldap_client/tasks/main.yml
+++ b/roles/ldap_client/tasks/main.yml
@@ -15,6 +15,6 @@
 
 - name: Explicitly run all handlers
   include: ../handlers/main.yml
-  when: "run_handlers | default(False) | bool() == True"
+  when: "run_handlers | default(False) | bool()"
   tags:
     - handlers
diff --git a/roles/ldap_server/tasks/main.yml b/roles/ldap_server/tasks/main.yml
index a744d79595a8a37d1b7c6e3eb54de118bf1a0d83..0771e9c7e2ee4d87d04416aa692869d4ff2137ae 100644
--- a/roles/ldap_server/tasks/main.yml
+++ b/roles/ldap_server/tasks/main.yml
@@ -56,7 +56,7 @@
 - name: Enable slapd service on boot (workaround for systemctl broken handling of SysV)
   command: "rcconf -on slapd"
   register: result
-  changed_when: result.stderr == ""
+  changed_when: not result.stderr
 
 - name: Enable slapd service
   service:
@@ -95,7 +95,7 @@
 
 - name: Deploy LDAP misc schema
   command: "ldapadd -H ldapi:/// -Q -Y EXTERNAL -f /etc/ldap/schema/misc.ldif"
-  when: ldap_misc_schema_present.stdout == ""
+  when: not ldap_misc_schema_present.stdout
 
 - name: Deploy LDAP TLS private key
   template:
@@ -280,7 +280,7 @@
     dn: "{{ item.dn }}"
     objectClass: "{{ item.attributes.objectClass }}"
     attributes: "{{ item.attributes }}"
-    state: "{{ item.state | default('present')}}"
+    state: "{{ item.state | default('present') }}"
   with_items: "{{ ldap_entries }}"
 
 - name: Deploy firewall configuration for LDAP
@@ -324,6 +324,6 @@
 
 - name: Explicitly run all handlers
   include: ../handlers/main.yml
-  when: "run_handlers | default(False) | bool() == True"
+  when: "run_handlers | default(False) | bool()"
   tags:
     - handlers
diff --git a/roles/mail_forwarder/tasks/main.yml b/roles/mail_forwarder/tasks/main.yml
index 09dd1c6d365e61d2d9ce8d61afbe40a43e77a12d..26fea15947b4913e2d185228058fabd2cade781a 100644
--- a/roles/mail_forwarder/tasks/main.yml
+++ b/roles/mail_forwarder/tasks/main.yml
@@ -81,6 +81,6 @@
 
 - name: Explicitly run all handlers
   include: ../handlers/main.yml
-  when: "run_handlers | default(False) | bool() == True"
+  when: "run_handlers | default(False) | bool()"
   tags:
     - handlers
diff --git a/roles/preseed/tasks/main.yml b/roles/preseed/tasks/main.yml
index 468cc21c55bc12309c6d8be4849a378473ed9430..8ca71e7b845b0785918a52a47b71bd542736980e 100644
--- a/roles/preseed/tasks/main.yml
+++ b/roles/preseed/tasks/main.yml
@@ -16,6 +16,6 @@
 
 - name: Explicitly run all handlers
   include: ../handlers/main.yml
-  when: "run_handlers | default(False) | bool() == True"
+  when: "run_handlers | default(False) | bool()"
   tags:
     - handlers
diff --git a/roles/web_server/tasks/main.yml b/roles/web_server/tasks/main.yml
index 5ab1d06975eb75fbb6463bb7c5d7de19782f72bf..f74c1629498239cafd7c6e5a1166e5b6c012cdba 100644
--- a/roles/web_server/tasks/main.yml
+++ b/roles/web_server/tasks/main.yml
@@ -207,6 +207,6 @@
 
 - name: Explicitly run all handlers
   include: ../handlers/main.yml
-  when: "run_handlers | default(False) | bool() == True"
+  when: "run_handlers | default(False) | bool()"
   tags:
     - handlers
diff --git a/roles/xmpp_server/tasks/main.yml b/roles/xmpp_server/tasks/main.yml
index 540bfce0ba1f4b4f4cbb9402bf86575f84ae61f9..d53bc30f3cd9ed8c3e492881a8da5673eb77a3b1 100644
--- a/roles/xmpp_server/tasks/main.yml
+++ b/roles/xmpp_server/tasks/main.yml
@@ -98,7 +98,7 @@
 - name: Enable Prosody service on boot (workaround for systemctl broken handling of SysV)
   command: "rcconf -on prosody"
   register: result
-  changed_when: result.stderr == ""
+  changed_when: not result.stderr
 
 - name: Enable and start Prosody service
   service:
@@ -117,6 +117,6 @@
 
 - name: Explicitly run all handlers
   include: ../handlers/main.yml
-  when: "run_handlers | default(False) | bool() == True"
+  when: "run_handlers | default(False) | bool()"
   tags:
     - handlers