validate-modules: Fix all system modules (#52384)

This PR includes validate-modules fixes for all system modules. Except a few that are deliberately implemented like this.
2025-04-26 12:21:26 -07:00 · 2019-02-19 15:42:14 +01:00 · 2019-02-19 15:42:14 +01:00 · 8c74df5e67
commit 8c74df5e67
parent c9eb186a94
26 changed files with 568 additions and 495 deletions
--- a/lib/ansible/modules/system/selinux.py
+++ b/lib/ansible/modules/system/selinux.py
@ -1,86 +1,85 @@
 #!/usr/bin/python
 # -*- coding: utf-8 -*-

-# (c) 2012, Derek Carter<goozbach@friocorte.com>
+# Copyright: (c) 2012, Derek Carter<goozbach@friocorte.com>
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

 from __future__ import absolute_import, division, print_function
 __metaclass__ = type

-
 ANSIBLE_METADATA = {
    'metadata_version': '1.1',
    'status': ['stableinterface'],
    'supported_by': 'core'
 }

-
-DOCUMENTATION = '''
+DOCUMENTATION = r'''
 ---
 module: selinux
 short_description: Change policy and state of SELinux
 description:
-  - Configures the SELinux mode and policy. A reboot may be required after usage. Ansible will not issue this reboot but will let you know when it is required.
+  - Configures the SELinux mode and policy.
+  - A reboot may be required after usage.
+  - Ansible will not issue this reboot but will let you know when it is required.
 version_added: "0.7"
 options:
  policy:
    description:
-      - "name of the SELinux policy to use (example: C(targeted)) will be required if state is not C(disabled)"
+      - The name of the SELinux policy to use (e.g. C(targeted)) will be required if state is not C(disabled).
  state:
    description:
-      - The SELinux mode
+      - The SELinux mode.
    required: true
-    choices: [ "enforcing", "permissive", "disabled" ]
-  conf:
+    choices: [ disabled, enforcing, permissive ]
+  configfile:
    description:
-      - path to the SELinux configuration file, if non-standard
-    default: "/etc/selinux/config"
-    aliases: ['configfile', 'file']
-notes:
-   - Not tested on any debian based system
+      - The path to the SELinux configuration file, if non-standard.
+    default: /etc/selinux/config
+    aliases: [ conf, file ]
 requirements: [ libselinux-python ]
-author: "Derek Carter (@goozbach) <goozbach@friocorte.com>"
+author:
+- Derek Carter (@goozbach) <goozbach@friocorte.com>
 '''

-EXAMPLES = '''
-# Enable SELinux
- selinux:
+EXAMPLES = r'''
+- name: Enable SELinux
+  selinux:
    policy: targeted
    state: enforcing

-# Put SELinux in permissive mode, logging actions that would be blocked.
- selinux:
+- name: Put SELinux in permissive mode, logging actions that would be blocked.
+  selinux:
    policy: targeted
    state: permissive

-# Disable SELinux
- selinux:
+- name: Disable SELinux
+  selinux:
    state: disabled
 '''

-RETURN = '''
+RETURN = r'''
 msg:
-    description: Messages that describe changes that were made
+    description: Messages that describe changes that were made.
    returned: always
    type: str
    sample: Config SELinux state changed from 'disabled' to 'permissive'
 configfile:
-    description: Path to SELinux configuration file
+    description: Path to SELinux configuration file.
    returned: always
    type: str
    sample: /etc/selinux/config
 policy:
-    description: Name of the SELinux policy
+    description: Name of the SELinux policy.
    returned: always
    type: str
    sample: targeted
 state:
-    description: SELinux mode
+    description: SELinux mode.
    returned: always
    type: str
    sample: enforcing
 reboot_required:
-    description: Whether or not an reboot is required for the changes to take effect
+    description: Whether or not an reboot is required for the changes to take effect.
    returned: always
    type: bool
    sample: true
@ -171,11 +170,11 @@ def set_config_policy(module, policy, configfile):
 def main():
    module = AnsibleModule(
        argument_spec=dict(
-            policy=dict(required=False),
-            state=dict(choices=['enforcing', 'permissive', 'disabled'], required=True),
-            configfile=dict(aliases=['conf', 'file'], default='/etc/selinux/config')
+            policy=dict(type='str'),
+            state=dict(type='str', required='True', choices=['enforcing', 'permissive', 'disabled']),
+            configfile=dict(type='str', default='/etc/selinux/config', aliases=['conf', 'file']),
        ),
-        supports_check_mode=True
+        supports_check_mode=True,
    )

    if not HAS_SELINUX:
@ -210,7 +209,7 @@ def main():
    # check to see if policy is set if state is not 'disabled'
    if state != 'disabled':
        if not policy:
-            module.fail_json(msg='Policy is required if state is not \'disabled\'')
+            module.fail_json(msg="Policy is required if state is not 'disabled'")
    else:
        if not policy:
            policy = config_policy
@ -220,14 +219,14 @@ def main():
        if module.check_mode:
            module.exit_json(changed=True)
        # cannot change runtime policy
-        msgs.append('Running SELinux policy changed from \'%s\' to \'%s\'' % (runtime_policy, policy))
+        msgs.append("Running SELinux policy changed from '%s' to '%s'" % (runtime_policy, policy))
        changed = True

    if policy != config_policy:
        if module.check_mode:
            module.exit_json(changed=True)
        set_config_policy(module, policy, configfile)
-        msgs.append('SELinux policy configuration in \'%s\' changed from \'%s\' to \'%s\'' % (configfile, config_policy, policy))
+        msgs.append("SELinux policy configuration in '%s' changed from '%s' to '%s'" % (configfile, config_policy, policy))
        changed = True

    if state != runtime_state:
@ -237,7 +236,7 @@ def main():
                    # Temporarily set state to permissive
                    if not module.check_mode:
                        set_state(module, 'permissive')
-                    module.warn('SELinux state temporarily changed from \'%s\' to \'permissive\'. State change will take effect next reboot.' % (runtime_state))
+                    module.warn("SELinux state temporarily changed from '%s' to 'permissive'. State change will take effect next reboot." % (runtime_state))
                    changed = True
                else:
                    module.warn('SELinux state change will take effect next reboot')
@ -245,19 +244,19 @@ def main():
            else:
                if not module.check_mode:
                    set_state(module, state)
-                msgs.append('SELinux state changed from \'%s\' to \'%s\'' % (runtime_state, state))
+                msgs.append("SELinux state changed from '%s' to '%s'" % (runtime_state, state))

                # Only report changes if the file is changed.
                # This prevents the task from reporting changes every time the task is run.
                changed = True
        else:
-            module.warn("Reboot is required to set SELinux state to %s" % state)
+            module.warn("Reboot is required to set SELinux state to '%s'" % state)
            reboot_required = True

    if state != config_state:
        if not module.check_mode:
            set_config_state(module, state, configfile)
-        msgs.append('Config SELinux state changed from \'%s\' to \'%s\'' % (config_state, state))
+        msgs.append("Config SELinux state changed from '%s' to '%s'" % (config_state, state))
        changed = True

    module.exit_json(changed=changed, msg=', '.join(msgs), configfile=configfile, policy=policy, state=state, reboot_required=reboot_required)