Comprehensive linter warning fixes

galaxy.yml

@@ -35,7 +35,6 @@ issues: https://github.com/ansible-middleware/keycloak/issues
 build_ignore:
   - .gitignore
   - .github
-  - .ansible-lint
   - .yamllint
   - '*.tar.gz'
   - '*.zip'

molecule/prepare.yml

@@ -25,7 +25,7 @@
     fail_msg: "sudo is not installed on target system"
 
 - name: "Install iproute"
-  become: yes
+  become: true
   ansible.builtin.yum:
     name:
       - iproute
@@ -33,7 +33,7 @@
 
 - name: "Retrieve assets server from env"
   ansible.builtin.set_fact:
-    assets_server: "{{ lookup('env','MIDDLEWARE_DOWNLOAD_RELEASE_SERVER_URL') }}"
+    assets_server: "{{ lookup('env', 'MIDDLEWARE_DOWNLOAD_RELEASE_SERVER_URL') }}"
 
 - name: "Download artefacts only if assets_server is set"
   when:
@@ -51,6 +51,7 @@
         url: "{{ asset }}"
         dest: "{{ lookup('env', 'PWD') }}"
         validate_certs: no
+        mode: '0644'
       delegate_to: localhost
       loop: "{{ assets }}"
       loop_control:

molecule/quarkus-devmode/prepare.yml

@@ -30,11 +30,11 @@
         src: "{{ item }}"
         dest: /opt/openjdk
         force: true
-        with_fileglob:
+      with_fileglob:
-          - /usr/lib/jvm/java-17-openjdk*
+        - /usr/lib/jvm/java-17-openjdk*
       when:
         - ansible_facts.os_family == "Debian"
-          
+
     - name: Link default logs directory
       ansible.builtin.file:
         state: link

roles/keycloak_quarkus/defaults/main.yml

@@ -86,7 +86,8 @@ keycloak_quarkus_proxy_mode: edge
 # disable xa transactions
 keycloak_quarkus_transaction_xa_enabled: true
 
-# If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies and we rely on the session affinity capabilities from reverse proxy
+# If the route should be attached to cookies to reflect the node that owns a particular session.
+# If false, route is not attached to cookies and we rely on the session affinity capabilities from reverse proxy
 keycloak_quarkus_spi_sticky_session_encoder_infinispan_should_attach_route: true
 
 keycloak_quarkus_metrics_enabled: false
@@ -120,7 +121,8 @@ keycloak_quarkus_default_jdbc:
   mssql:
     url: 'jdbc:sqlserver://localhost:1433;databaseName=keycloak;'
     version: 12.2.0
-    driver_jar_url: "https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/12.2.0.jre11/mssql-jdbc-12.2.0.jre11.jar" # cf. https://access.redhat.com/documentation/en-us/red_hat_build_of_keycloak/22.0/html/server_guide/db-#db-installing-the-microsoft-sql-server-driver
+    driver_jar_url: "https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/12.2.0.jre11/mssql-jdbc-12.2.0.jre11.jar"
+    # cf. https://access.redhat.com/documentation/en-us/red_hat_build_of_keycloak/22.0/html/server_guide/db-#db-installing-the-microsoft-sql-server-driver
 ### logging configuration
 keycloak_quarkus_log: file
 keycloak_quarkus_log_level: info

roles/keycloak_quarkus/handlers/main.yml

@@ -5,4 +5,4 @@
   listen: "rebuild keycloak config"
 - name: "Restart {{ keycloak.service_name }}"
   ansible.builtin.include_tasks: restart.yml
-  listen: "restart keycloak"
+  listen: "restart keycloak"

roles/keycloak_quarkus/meta/argument_specs.yml

@@ -161,7 +161,10 @@ argument_specs:
                 description: "Heap memory JVM setting"
                 type: "str"
             keycloak_quarkus_java_jvm_opts:
-                default: "-XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Dfile.encoding=UTF-8 -Dsun.stdout.encoding=UTF-8 -Dsun.err.encoding=UTF-8 -Dstdout.encoding=UTF-8 -Dstderr.encoding=UTF-8 -XX:+ExitOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -XX:+UseParallelGC -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:FlightRecorderOptions=stackdepth=512"
+                default: >
+                  -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Dfile.encoding=UTF-8 -Dsun.stdout.encoding=UTF-8 -Dsun.err.encoding=UTF-8
+                  -Dstdout.encoding=UTF-8 -Dstderr.encoding=UTF-8 -XX:+ExitOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -XX:+UseParallelGC
+                  -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:FlightRecorderOptions=stackdepth=512
                 description: "Other JVM settings"
                 type: "str"
             keycloak_quarkus_java_opts:
@@ -272,7 +275,9 @@ argument_specs:
             keycloak_quarkus_log_max_file_size:
                 default: 10M
                 type: "str"
-                description: "Set the maximum log file size before a log rotation happens; A size configuration option recognises string in this format (shown as a regular expression): [0-9]+[KkMmGgTtPpEeZzYy]?. If no suffix is given, assume bytes."
+                description: >
+                  Set the maximum log file size before a log rotation happens; A size configuration option recognises string in this format (shown as a regular
+                  expression): [0-9]+[KkMmGgTtPpEeZzYy]?. If no suffix is given, assume bytes.
             keycloak_quarkus_log_max_backup_index:
                 default: 10
                 type: "str"
@@ -280,7 +285,9 @@ argument_specs:
             keycloak_quarkus_log_file_suffix:
                 default: '.yyyy-MM-dd.zip'
                 type: "str"
-                description: "Set the log file handler rotation file suffix. When used, the file will be rotated based on its suffix; Note: If the suffix ends with .zip or .gz, the rotation file will also be compressed."
+                description: >
+                  Set the log file handler rotation file suffix. When used, the file will be rotated based on its suffix. Note: If the suffix ends
+                  with .zip or .gz, the rotation file will also be compressed.
             keycloak_quarkus_proxy_mode:
                 default: 'edge'
                 type: "str"
@@ -300,15 +307,21 @@ argument_specs:
             keycloak_quarkus_hostname_strict:
                 default: true
                 type: "bool"
-                description: "Disables dynamically resolving the hostname from request headers. Should always be set to true in production, unless proxy verifies the Host header."
+                description: >
+                  Disables dynamically resolving the hostname from request headers. Should always be set to true in production, unless
+                  proxy verifies the Host header.
             keycloak_quarkus_hostname_strict_backchannel:
                 default: false
                 type: "bool"
-                description: "By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications. If all applications use the public URL this option should be enabled."
+                description: >
+                  By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications. If all
+                  applications use the public URL this option should be enabled.
             keycloak_quarkus_spi_sticky_session_encoder_infinispan_should_attach_route:
                 default: true
                 type: "bool"
-                description: "If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies and we rely on the session affinity capabilities from reverse proxy"
+                description: >
+                  If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies
+                  and we rely on the session affinity capabilities from reverse proxy
     downstream:
         options:
             rhbk_version:

roles/keycloak_quarkus/tasks/fastpackages.yml

@@ -8,7 +8,8 @@
 
 - name: "Add missing packages to the yum install list"
   ansible.builtin.set_fact:
-    packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}"
+    packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | \
+                             map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}"
   when: ansible_facts.os_family == "RedHat"
 
 - name: "Install packages: {{ packages_to_install }}"
@@ -17,8 +18,8 @@
     name: "{{ packages_to_install }}"
     state: present
   when:
-  - packages_to_install | default([]) | length > 0
+    - packages_to_install | default([]) | length > 0
-  - ansible_facts.os_family == "RedHat"
+    - ansible_facts.os_family == "RedHat"
 
 - name: "Install packages: {{ packages_list }}"
   become: true

roles/keycloak_quarkus/tasks/install.yml

@@ -132,7 +132,7 @@
   register: path_to_workdir
   become: true
 
-- name: "Extract Keycloak archive on target"
+- name: "Extract Keycloak archive on target" # noqa no-handler need to run this here
   ansible.builtin.unarchive:
     remote_src: true
     src: "{{ archive }}"

roles/keycloak_quarkus/tasks/jdbc_driver.yml

@@ -1,5 +1,4 @@
 ---
-
 - name: "Retrieve JDBC Driver from {{ keycloak_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url }}"
   ansible.builtin.get_url:
     url: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url }}"

roles/keycloak_quarkus/tasks/prereqs.yml

@@ -4,7 +4,7 @@
     that:
       - keycloak_quarkus_admin_pass | length > 12
     quiet: true
-    fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_quarkus_admin_pass variable to a 12+ char long string"
+    fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_quarkus_admin_pass to a 12+ char long string"
     success_msg: "{{ 'Console administrator password OK' }}"
 
 - name: Validate relative path
@@ -12,15 +12,17 @@
     that:
       - keycloak_quarkus_http_relative_path is regex('^/.*')
     quiet: true
-    fail_msg: "the relative path must begin with /"
+    fail_msg: "The relative path for keycloak_quarkus_http_relative_path must begin with /"
-    success_msg: "{{ 'relative path OK' }}"
+    success_msg: "{{ 'Relative path OK' }}"
 
 - name: Validate configuration
   ansible.builtin.assert:
     that:
-      - (keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or (not keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or (not keycloak_quarkus_ha_enabled and not keycloak_quarkus_db_enabled)
+      - (keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or
+        (not keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or
+        (not keycloak_quarkus_ha_enabled and not keycloak_quarkus_db_enabled)
     quiet: true
-    fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled"
+    fail_msg: "HA setup requires a backend database service. Check keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled"
     success_msg: "{{ 'Configuring HA' if keycloak_quarkus_ha_enabled else 'Configuring standalone' }}"
 
 - name: Validate OS family

roles/keycloak_quarkus/tasks/systemd.yml

@@ -8,7 +8,7 @@
     group: root
     mode: '0640'
   vars:
-    keycloak_pkg_java_home: "{{ keycloak_quarkus_pkg_java_home }}"
+    keycloak_sys_pkg_java_home: "{{ keycloak_quarkus_pkg_java_home }}"
   notify:
     - restart keycloak
 

roles/keycloak_quarkus/templates/keycloak-sysconfig.j2

@@ -1,6 +1,6 @@
 {{ ansible_managed | comment }}
 KEYCLOAK_ADMIN={{ keycloak_quarkus_admin_user }}
 KEYCLOAK_ADMIN_PASSWORD='{{ keycloak_quarkus_admin_pass }}'
-PATH={{ keycloak_quarkus_java_home | default(keycloak_pkg_java_home, true) }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+PATH={{ keycloak_quarkus_java_home | default(keycloak_sys_pkg_java_home, true) }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-JAVA_HOME={{ keycloak_quarkus_java_home | default(keycloak_pkg_java_home, true) }}
+JAVA_HOME={{ keycloak_quarkus_java_home | default(keycloak_sys_pkg_java_home, true) }}
 JAVA_OPTS={{ keycloak_quarkus_java_opts }}

roles/keycloak_quarkus/vars/debian.yml

@@ -1,7 +1,7 @@
 ---
 keycloak_quarkus_varjvm_package: "{{ keycloak_quarkus_jvm_package | default('openjdk-17-jdk-headless') }}"
 keycloak_quarkus_prereq_package_list:
-      - "{{ keycloak_quarkus_varjvm_package  }}"
+      - "{{ keycloak_quarkus_varjvm_package }}"
       - unzip
       - procps
       - apt

roles/keycloak_realm/defaults/main.yml

@@ -26,14 +26,14 @@ keycloak_admin_password: ''
 # and users is a list of account, see below for the format definition
 # an empty name will skip the creation of the client
 #
-#keycloak_clients:
+# keycloak_clients:
-#  - name: ''
+#   - name: ''
-#    roles: "{{ keycloak_client_default_roles }}"
+#     roles: "{{ keycloak_client_default_roles }}"
-#    realm: "{{ keycloak_realm }}"
+#     realm: "{{ keycloak_realm }}"
-#    public_client: "{{ keycloak_client_public }}"
+#     public_client: "{{ keycloak_client_public }}"
-#    web_origins: "{{ keycloak_client_web_origins }}"
+#     web_origins: "{{ keycloak_client_web_origins }}"
-#    redirect_uris: "{{ keycloak_client_redirect_uris }}"
+#     redirect_uris: "{{ keycloak_client_redirect_uris }}"
-#    users: "{{ keycloak_client_users }}"
+#     users: "{{ keycloak_client_users }}"
 keycloak_clients: []
 
 # list of roles to create in the client

roles/keycloak_realm/meta/argument_specs.yml

@@ -10,7 +10,7 @@ argument_specs:
                 # line 5 of keycloak_realm/defaults/main.yml
                 default: "/auth"
                 description: "Context path for rest calls"
-                type: "str"                
+                type: "str"
             keycloak_http_port:
                 # line 4 of keycloak_realm/defaults/main.yml
                 default: 8080

roles/keycloak_realm/tasks/manage_client_users.yml

@@ -10,4 +10,4 @@
   loop: "{{ client.users | flatten }}"
   loop_control:
     loop_var: user
-  when: "'client_roles' in user"
+  when: "'client_roles' in user"

roles/keycloak_realm/tasks/manage_user_client_roles.yml

@@ -12,7 +12,9 @@
 
 - name: Check if Mapping is available
   ansible.builtin.uri:
-    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm | default(keycloak_realm) }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}/available"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm | \
+          default(keycloak_realm) }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | \
+          selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}/available"
     method: GET
     status_code:
       - 200
@@ -23,7 +25,9 @@
 
 - name: "Create Role Mapping"
   ansible.builtin.uri:
-    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm | default(keycloak_realm) }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm | \
+          default(keycloak_realm) }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | \
+          selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}"
     method: POST
     body:
       - id: "{{ item.id }}"