Comprehensive linter warning fixes

2025-04-05 10:20:27 -07:00 · 2024-04-17 15:45:11 +02:00 · 2024-04-17 15:45:11 +02:00 · 1f910bd400
commit 1f910bd400
parent d17c364257
17 changed files with 62 additions and 41 deletions
--- a/galaxy.yml
+++ b/galaxy.yml
@ -35,7 +35,6 @@ issues: https://github.com/ansible-middleware/keycloak/issues
 build_ignore:
  - .gitignore
  - .github
-  - .ansible-lint
  - .yamllint
  - '*.tar.gz'
  - '*.zip'
--- a/molecule/prepare.yml
+++ b/molecule/prepare.yml
@ -25,7 +25,7 @@
    fail_msg: "sudo is not installed on target system"

 - name: "Install iproute"
-  become: yes
+  become: true
  ansible.builtin.yum:
    name:
      - iproute
@ -33,7 +33,7 @@

 - name: "Retrieve assets server from env"
  ansible.builtin.set_fact:
-    assets_server: "{{ lookup('env','MIDDLEWARE_DOWNLOAD_RELEASE_SERVER_URL') }}"
+    assets_server: "{{ lookup('env', 'MIDDLEWARE_DOWNLOAD_RELEASE_SERVER_URL') }}"

 - name: "Download artefacts only if assets_server is set"
  when:
@ -51,6 +51,7 @@
        url: "{{ asset }}"
        dest: "{{ lookup('env', 'PWD') }}"
        validate_certs: no
+        mode: '0644'
      delegate_to: localhost
      loop: "{{ assets }}"
      loop_control:
--- a/roles/keycloak_quarkus/defaults/main.yml
+++ b/roles/keycloak_quarkus/defaults/main.yml
@ -86,7 +86,8 @@ keycloak_quarkus_proxy_mode: edge
 # disable xa transactions
 keycloak_quarkus_transaction_xa_enabled: true

-# If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies and we rely on the session affinity capabilities from reverse proxy
+# If the route should be attached to cookies to reflect the node that owns a particular session.
+# If false, route is not attached to cookies and we rely on the session affinity capabilities from reverse proxy
 keycloak_quarkus_spi_sticky_session_encoder_infinispan_should_attach_route: true

 keycloak_quarkus_metrics_enabled: false
@ -120,7 +121,8 @@ keycloak_quarkus_default_jdbc:
  mssql:
    url: 'jdbc:sqlserver://localhost:1433;databaseName=keycloak;'
    version: 12.2.0
-    driver_jar_url: "https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/12.2.0.jre11/mssql-jdbc-12.2.0.jre11.jar" # cf. https://access.redhat.com/documentation/en-us/red_hat_build_of_keycloak/22.0/html/server_guide/db-#db-installing-the-microsoft-sql-server-driver
+    driver_jar_url: "https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/12.2.0.jre11/mssql-jdbc-12.2.0.jre11.jar"
+    # cf. https://access.redhat.com/documentation/en-us/red_hat_build_of_keycloak/22.0/html/server_guide/db-#db-installing-the-microsoft-sql-server-driver
 ### logging configuration
 keycloak_quarkus_log: file
 keycloak_quarkus_log_level: info
--- a/roles/keycloak_quarkus/meta/argument_specs.yml
+++ b/roles/keycloak_quarkus/meta/argument_specs.yml
@ -161,7 +161,10 @@ argument_specs:
                description: "Heap memory JVM setting"
                type: "str"
            keycloak_quarkus_java_jvm_opts:
-                default: "-XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Dfile.encoding=UTF-8 -Dsun.stdout.encoding=UTF-8 -Dsun.err.encoding=UTF-8 -Dstdout.encoding=UTF-8 -Dstderr.encoding=UTF-8 -XX:+ExitOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -XX:+UseParallelGC -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:FlightRecorderOptions=stackdepth=512"
+                default: >
+                  -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Dfile.encoding=UTF-8 -Dsun.stdout.encoding=UTF-8 -Dsun.err.encoding=UTF-8
+                  -Dstdout.encoding=UTF-8 -Dstderr.encoding=UTF-8 -XX:+ExitOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -XX:+UseParallelGC
+                  -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:FlightRecorderOptions=stackdepth=512
                description: "Other JVM settings"
                type: "str"
            keycloak_quarkus_java_opts:
@ -272,7 +275,9 @@ argument_specs:
            keycloak_quarkus_log_max_file_size:
                default: 10M
                type: "str"
-                description: "Set the maximum log file size before a log rotation happens; A size configuration option recognises string in this format (shown as a regular expression): [0-9]+[KkMmGgTtPpEeZzYy]?. If no suffix is given, assume bytes."
+                description: >
+                  Set the maximum log file size before a log rotation happens; A size configuration option recognises string in this format (shown as a regular
+                  expression): [0-9]+[KkMmGgTtPpEeZzYy]?. If no suffix is given, assume bytes.
            keycloak_quarkus_log_max_backup_index:
                default: 10
                type: "str"
@ -280,7 +285,9 @@ argument_specs:
            keycloak_quarkus_log_file_suffix:
                default: '.yyyy-MM-dd.zip'
                type: "str"
-                description: "Set the log file handler rotation file suffix. When used, the file will be rotated based on its suffix; Note: If the suffix ends with .zip or .gz, the rotation file will also be compressed."
+                description: >
+                  Set the log file handler rotation file suffix. When used, the file will be rotated based on its suffix. Note: If the suffix ends
+                  with .zip or .gz, the rotation file will also be compressed.
            keycloak_quarkus_proxy_mode:
                default: 'edge'
                type: "str"
@ -300,15 +307,21 @@ argument_specs:
            keycloak_quarkus_hostname_strict:
                default: true
                type: "bool"
-                description: "Disables dynamically resolving the hostname from request headers. Should always be set to true in production, unless proxy verifies the Host header."
+                description: >
+                  Disables dynamically resolving the hostname from request headers. Should always be set to true in production, unless
+                  proxy verifies the Host header.
            keycloak_quarkus_hostname_strict_backchannel:
                default: false
                type: "bool"
-                description: "By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications. If all applications use the public URL this option should be enabled."
+                description: >
+                  By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications. If all
+                  applications use the public URL this option should be enabled.
            keycloak_quarkus_spi_sticky_session_encoder_infinispan_should_attach_route:
                default: true
                type: "bool"
-                description: "If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies and we rely on the session affinity capabilities from reverse proxy"
+                description: >
+                  If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies
+                  and we rely on the session affinity capabilities from reverse proxy
    downstream:
        options:
            rhbk_version:
--- a/roles/keycloak_quarkus/tasks/fastpackages.yml
+++ b/roles/keycloak_quarkus/tasks/fastpackages.yml
@ -8,7 +8,8 @@

 - name: "Add missing packages to the yum install list"
  ansible.builtin.set_fact:
-    packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}"
+    packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | \
+                             map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}"
  when: ansible_facts.os_family == "RedHat"

 - name: "Install packages: {{ packages_to_install }}"
--- a/roles/keycloak_quarkus/tasks/install.yml
+++ b/roles/keycloak_quarkus/tasks/install.yml
@ -132,7 +132,7 @@
  register: path_to_workdir
  become: true

- name: "Extract Keycloak archive on target"
+- name: "Extract Keycloak archive on target" # noqa no-handler need to run this here
  ansible.builtin.unarchive:
    remote_src: true
    src: "{{ archive }}"
--- a/roles/keycloak_quarkus/tasks/jdbc_driver.yml
+++ b/roles/keycloak_quarkus/tasks/jdbc_driver.yml
@ -1,5 +1,4 @@
 ---
-
 - name: "Retrieve JDBC Driver from {{ keycloak_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url }}"
  ansible.builtin.get_url:
    url: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url }}"
--- a/roles/keycloak_quarkus/tasks/prereqs.yml
+++ b/roles/keycloak_quarkus/tasks/prereqs.yml
@ -4,7 +4,7 @@
    that:
      - keycloak_quarkus_admin_pass | length > 12
    quiet: true
-    fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_quarkus_admin_pass variable to a 12+ char long string"
+    fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_quarkus_admin_pass to a 12+ char long string"
    success_msg: "{{ 'Console administrator password OK' }}"

 - name: Validate relative path
@ -12,15 +12,17 @@
    that:
      - keycloak_quarkus_http_relative_path is regex('^/.*')
    quiet: true
-    fail_msg: "the relative path must begin with /"
-    success_msg: "{{ 'relative path OK' }}"
+    fail_msg: "The relative path for keycloak_quarkus_http_relative_path must begin with /"
+    success_msg: "{{ 'Relative path OK' }}"

 - name: Validate configuration
  ansible.builtin.assert:
    that:
-      - (keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or (not keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or (not keycloak_quarkus_ha_enabled and not keycloak_quarkus_db_enabled)
+      - (keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or
+        (not keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or
+        (not keycloak_quarkus_ha_enabled and not keycloak_quarkus_db_enabled)
    quiet: true
-    fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled"
+    fail_msg: "HA setup requires a backend database service. Check keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled"
    success_msg: "{{ 'Configuring HA' if keycloak_quarkus_ha_enabled else 'Configuring standalone' }}"

 - name: Validate OS family
--- a/roles/keycloak_quarkus/tasks/systemd.yml
+++ b/roles/keycloak_quarkus/tasks/systemd.yml
@ -8,7 +8,7 @@
    group: root
    mode: '0640'
  vars:
-    keycloak_pkg_java_home: "{{ keycloak_quarkus_pkg_java_home }}"
+    keycloak_sys_pkg_java_home: "{{ keycloak_quarkus_pkg_java_home }}"
  notify:
    - restart keycloak

--- a/roles/keycloak_quarkus/templates/keycloak-sysconfig.j2
+++ b/roles/keycloak_quarkus/templates/keycloak-sysconfig.j2
@ -1,6 +1,6 @@
 {{ ansible_managed | comment }}
 KEYCLOAK_ADMIN={{ keycloak_quarkus_admin_user }}
 KEYCLOAK_ADMIN_PASSWORD='{{ keycloak_quarkus_admin_pass }}'
-PATH={{ keycloak_quarkus_java_home | default(keycloak_pkg_java_home, true) }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-JAVA_HOME={{ keycloak_quarkus_java_home | default(keycloak_pkg_java_home, true) }}
+PATH={{ keycloak_quarkus_java_home | default(keycloak_sys_pkg_java_home, true) }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+JAVA_HOME={{ keycloak_quarkus_java_home | default(keycloak_sys_pkg_java_home, true) }}
 JAVA_OPTS={{ keycloak_quarkus_java_opts }}
--- a/roles/keycloak_realm/defaults/main.yml
+++ b/roles/keycloak_realm/defaults/main.yml
@ -26,7 +26,7 @@ keycloak_admin_password: ''
 # and users is a list of account, see below for the format definition
 # an empty name will skip the creation of the client
 #
-#keycloak_clients:
+# keycloak_clients:
 #   - name: ''
 #     roles: "{{ keycloak_client_default_roles }}"
 #     realm: "{{ keycloak_realm }}"
--- a/roles/keycloak_realm/tasks/manage_user_client_roles.yml
+++ b/roles/keycloak_realm/tasks/manage_user_client_roles.yml
@ -12,7 +12,9 @@

 - name: Check if Mapping is available
  ansible.builtin.uri:
-    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm | default(keycloak_realm) }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}/available"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm | \
+          default(keycloak_realm) }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | \
+          selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}/available"
    method: GET
    status_code:
      - 200
@ -23,7 +25,9 @@

 - name: "Create Role Mapping"
  ansible.builtin.uri:
-    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm | default(keycloak_realm) }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm | \
+          default(keycloak_realm) }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | \
+          selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}"
    method: POST
    body:
      - id: "{{ item.id }}"