Ansible-lint changes to satisfy certificate requirements #551
+17,682
−16,797
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sivakasi-cisco
force-pushed
the
lint_changes
branch
12 times, most recently
from
e2f2b08 to
5cb44ab
Compare
Collaborator
Author
|
This is for the initial set of review. All ansible-lint errors are resolved with this changes. There are some to-dos
|
- Fixed galaxy.yml license format (string to array) - Replaced deprecated include with include_tasks - Removed trailing spaces from all YAML files - Converted truthy values (yes/no to true/false) - Added space after # in comments - Fixed sanity ignore files (removed invalid patterns) - Added missing task names (179 files) - Added FQCN prefix to builtin modules - Fixed free-form set_fact statements - Applied automated YAML formatting fixes
…th proper YAML format
1. Schema Violations
- Replaced deprecated include with ansible.builtin.include_tasks
- Fixed old-style include directives
2. Naming Violations
- Capitalized task names that started with lowercase letters
- Added names to plays and tasks that were missing them
- Fixed naming issues
3. YAML Truthy Violations
- Converted True/False to lowercase true/false
4. Indentation Violations
- Corrected wrong indentation
- Fixed expected vs found indentation mismatches
5. YAML Formatting Issues
- Fixed trailing spaces
- Removed excessive empty lines
- Corrected colon spacing
- Fixed bracket spacing
6. FQCN Violations
- Added ansible.builtin prefix to core module calls
- Applied to include_tasks, set_fact, debug, etc.
7. Module Docstring YAML Errors
- Fixed syntax errors
- Removed excess blank lines in documentation strings
- Corrected YAML formatting in EXAMPLES sections
8. Miscellaneous Fixes
- Fixed no-free-form violations in set_fact calls
- Corrected var-naming pattern
- Fixed jinja2 spacing
- Fixed playbooks/roles/dcnm_inventory/dcnm_tests.yml (duplicate name key) - Fixed dcnm_bootflash tests (filepath list indentation, set_fact indentation, assert indentation) - Fixed dcnm_image_policy_query.yaml (assert that: block indentation) Reduced load-failure errors from 127 to 122.
- Fixed playbooks/roles/dcnm_inventory/dcnm_tests.yml (duplicate name key, list format) - Fixed dcnm_bootflash tests (3 files: filepath indentation, set_fact indentation, assert blocks) - Fixed dcnm_image_policy_query.yaml (partial: assert that: block indentation) - Restored dcnm_service_node/tasks/main.yaml (45 lines of version detection logic) Reduced load-failure errors from 127 to 122.
…nment, config structures - reduced errors 122→111
…ert blocks, and duplicate asserts - Fixed GitHub workflow indentation (7 errors) - Fixed 31 files with list item indentation issues - Fixed 72 files with inline 'that:' after 'assert:' - Fixed 39 files with malformed assert blocks - Fixed 39 files with duplicate assert declarations - Fixed 41 files with tasks wrongly nested under assert blocks - Manually fixed 7 files (dcnm_image_upgrade, dcnm_inventory, dcnm_links) - Created 6 automation scripts for systematic fixes - Progress: Fixed ~200+ errors out of 361 total
- Fixed 22 files with inconsistent assert condition list indentation - Created fix_assert_condition_indent.py script - Conditions in assert blocks now have consistent indentation throughout - Fixes 'did not find expected key' errors in dcnm_vrf, dcnm_service_node, and module_integration tests - Progress: dcnm_vrf errors reduced from 6 to 2
mikewiebe
reviewed
Dec 4, 2025
tests/integration/targets/dcnm_fabric/tests/dcnm_fabric_deleted_basic.yaml
Outdated
Show resolved
Hide resolved
mikewiebe
reviewed
Dec 4, 2025
sivakasi-cisco
force-pushed
the
lint_changes
branch
2 times, most recently
from
a867a8d to
6b12e22
Compare
sivakasi-cisco
force-pushed
the
lint_changes
branch
from
6b12e22 to
fa2f0d2
Compare
sivakasi-cisco
force-pushed
the
lint_changes
branch
from
04f5009 to
726e008
Compare
sivakasi-cisco
force-pushed
the
lint_changes
branch
from
8e90ae5 to
9dda0b0
Compare
sivakasi-cisco
commented
Dec 5, 2025
tests/integration/targets/dcnm_image_policy/tests/dcnm_image_policy_deleted.yaml
Show resolved
Hide resolved
mikewiebe
reviewed
Dec 5, 2025
tests/integration/targets/dcnm_fabric/tests/dcnm_fabric_replaced_save_deploy.yaml
Outdated
Show resolved
Hide resolved
mikewiebe
reviewed
Dec 5, 2025
tests/integration/targets/dcnm_fabric/tests/dcnm_fabric_replaced_save_deploy.yaml
Outdated
Show resolved
Hide resolved
mikewiebe
reviewed
Dec 5, 2025
tests/integration/targets/dcnm_fabric/tests/dcnm_fabric_replaced_save_deploy.yaml
Outdated
Show resolved
Hide resolved
mikewiebe
reviewed
Dec 5, 2025
tests/integration/targets/dcnm_image_upgrade/tests/deleted.yaml
Outdated
Show resolved
Hide resolved
mikewiebe
reviewed
Dec 5, 2025
tests/integration/targets/dcnm_image_upgrade/tests/deleted.yaml
Outdated
Show resolved
Hide resolved
mikewiebe
reviewed
Dec 5, 2025
| state: overridden # only choose form [merged, replaced, deleted, overridden, query] | ||
| register: result | ||
| state: overridden # only choose from [merged, replaced, deleted, overridden, query] | ||
| register: initial_override |
Collaborator
There was a problem hiding this comment.
The variables in this file changed in some cases. For instance, this line result changes to initial_override. Are these fixes you made for this test?
Collaborator
There was a problem hiding this comment.
Looks like all of the dcnm_aa_fex* tests changed in a similar way
Collaborator
Author
There was a problem hiding this comment.
As it was executed through a generated script, it had been changed from repetitive variable called 'result' to a different one for different responses. Would you like this to be addressed and move to the original?
mikewiebe
reviewed
Dec 5, 2025
tests/integration/targets/dcnm_bootflash/tests/dcnm_bootflash_deleted_wildcard.yaml
Outdated
Show resolved
Hide resolved
mikewiebe
reviewed
Dec 5, 2025
| # "policyNames": [ | ||
| # "KR5M" | ||
| # ], | ||
| # ], |
Collaborator
There was a problem hiding this comment.
For the record, I am fine with these kinds of changes because it's removing extraneous whitespace.
Collaborator
Author
There was a problem hiding this comment.
Shall include this in our conversation
mikewiebe
reviewed
Dec 5, 2025
| state: overridden # only choose form [merged, replaced, deleted, overridden, query] | ||
| register: result | ||
| state: overridden | ||
| register: setup_result |
Collaborator
There was a problem hiding this comment.
More changes to variable names here. Just trying to understand the background on why this was needed.
mikewiebe
reviewed
Dec 5, 2025
| src: "{{ test_data_interfaces[item ~ '_conf_template'] }}" | ||
| dest: "{{ test_data_interfaces[item ~ '_conf_file'] }}" | ||
| with_items: | ||
| loop: |
Collaborator
There was a problem hiding this comment.
Just double checking but I would feel better if we run one of the test files where you changed to using the loop construct to make sure it works as intended.
mikewiebe
reviewed
Dec 5, 2025
| @@ -343,13 +343,13 @@ | |||
| register: result | |||
| ignore_errors: yes | |||
Collaborator
There was a problem hiding this comment.
I ran ansible lint locally and still see a few failures. For example it picked up this needing to be a truthy value. Here is the full list I see (not too many left) just a handful
WARNING Listing 20 violation(s) that are fatal
syntax-check[specific]: the role 'dcnm_bootflash' was not found in cisco.dcnm_collections:ansible.legacy:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_bootflash/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/.ansible/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm/tests/integration/targets:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_bootflash
playbooks/roles/dcnm_bootflash/dcnm_tests.yaml:38:7
syntax-check[specific]: the role 'dcnm_fabric' was not found in cisco.dcnm_collections:ansible.legacy:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_fabric/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/.ansible/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm/tests/integration/targets:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_fabric
playbooks/roles/dcnm_fabric/dcnm_tests.yaml:59:7
syntax-check[specific]: the role 'dcnm_image_policy' was not found in cisco.dcnm_collections:ansible.legacy:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_image_policy/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/.ansible/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm/tests/integration/targets:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_image_policy
playbooks/roles/dcnm_image_policy/dcnm_tests.yaml:41:7
syntax-check[specific]: the role 'dcnm_image_upgrade' was not found in cisco.dcnm_collections:ansible.legacy:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_image_upgrade/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/.ansible/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm/tests/integration/targets:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_image_upgrade
playbooks/roles/dcnm_image_upgrade/dcnm_tests.yaml:47:7
syntax-check[specific]: the role 'dcnm_interface' was not found in cisco.dcnm_collections:ansible.legacy:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_interface/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/.ansible/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm/tests/integration/targets:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_interface
playbooks/roles/dcnm_interface/dcnm_tests.yaml:56:7
syntax-check[specific]: the role 'dcnm_inventory' was not found in cisco.dcnm_collections:ansible.legacy:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_inventory/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/.ansible/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm/tests/integration/targets:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_inventory
playbooks/roles/dcnm_inventory/dcnm_tests.yml:17:7
syntax-check[specific]: the role 'dcnm_maintenance_mode' was not found in cisco.dcnm_collections:ansible.legacy:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_maintenance_mode/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/.ansible/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm/tests/integration/targets:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_maintenance_mode
playbooks/roles/dcnm_maintenance_mode/dcnm_tests.yaml:43:7
syntax-check[specific]: the role 'dcnm_network' was not found in cisco.dcnm_collections:ansible.legacy:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_network/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/.ansible/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm/tests/integration/targets:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_network
playbooks/roles/dcnm_network/dcnm_tests.yaml:78:7
syntax-check[specific]: the role 'dcnm_policy' was not found in cisco.dcnm_collections:ansible.legacy:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_policy/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/.ansible/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm/tests/integration/targets:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_policy
playbooks/roles/dcnm_policy/dcnm_tests.yaml:24:7
syntax-check[specific]: the role 'dcnm_vpc_pair' was not found in cisco.dcnm_collections:ansible.legacy:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_vpc_pair/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/.ansible/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm/tests/integration/targets:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_vpc_pair
playbooks/roles/dcnm_vpc_pair/dcnm_tests.yaml:29:7
syntax-check[specific]: the role 'dcnm_vrf' was not found in cisco.dcnm_collections:ansible.legacy:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_vrf/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/.ansible/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm/tests/integration/targets:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/dcnm_vrf
playbooks/roles/dcnm_vrf/dcnm_tests.yaml:52:7
syntax-check[specific]: the role 'ndfc_interface' was not found in cisco.dcnm_collections:ansible.legacy:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/ndfc_interface/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/.ansible/roles:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm/tests/integration/targets:/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/playbooks/roles/ndfc_interface
playbooks/roles/ndfc_interface/ndfc_tests.yaml:46:7
yaml[line-length]: Line too long (191 > 160 characters)
tests/integration/targets/dcnm_bootflash/tests/dcnm_bootflash_deleted_specific.yaml:175
yaml[line-length]: Line too long (191 > 160 characters)
tests/integration/targets/dcnm_bootflash/tests/dcnm_bootflash_deleted_wildcard.yaml:175
yaml[truthy]: Truthy value should be one of [false, true]
tests/integration/targets/dcnm_resource_manager/tests/dcnm/dcnm_res_manager_merge.yaml:249
yaml[truthy]: Truthy value should be one of [false, true]
tests/integration/targets/dcnm_resource_manager/tests/dcnm/dcnm_res_manager_merge.yaml:268
yaml[truthy]: Truthy value should be one of [false, true]
tests/integration/targets/dcnm_resource_manager/tests/dcnm/dcnm_res_manager_merge.yaml:287
yaml[truthy]: Truthy value should be one of [false, true]
tests/integration/targets/dcnm_resource_manager/tests/dcnm/dcnm_res_manager_merge.yaml:306
yaml[truthy]: Truthy value should be one of [false, true]
tests/integration/targets/dcnm_resource_manager/tests/dcnm/dcnm_res_manager_merge.yaml:325
yaml[truthy]: Truthy value should be one of [false, true]
tests/integration/targets/dcnm_resource_manager/tests/dcnm/dcnm_res_manager_merge.yaml:344
Read documentation for instructions on how to ignore specific rule violations.
# Rule Violation Summary
12 syntax-check profile:min tags:core,unskippable
2 yaml profile:min tags:formatting,yaml
6 yaml profile:min tags:formatting,yaml
Failed: 20 failure(s), 0 warning(s) in 843 files processed of 1031 encountered. Profile 'production' was required.
A new release of ansible-lint is available: 25.9.2 → 25.12.0[/] Upgrade by running: pip install --upgrade ansible-lint
Collaborator
There was a problem hiding this comment.
BTW, all of the syntax-check[specific]: the role 'dcnm_fabric' was not found go away if you set the ANSIBLE_ROLES_PATH environment variable properly.
For example, I set it to
export ANSIBLE_ROLES_PATH=/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/tests/integration/targets
And the tests pass.
We can probably set the environment variable in github actions so it finds the roles properly
My run after setting the env var:
WARNING Listing 8 violation(s) that are fatal
yaml[line-length]: Line too long (191 > 160 characters)
tests/integration/targets/dcnm_bootflash/tests/dcnm_bootflash_deleted_specific.yaml:175
yaml[line-length]: Line too long (191 > 160 characters)
tests/integration/targets/dcnm_bootflash/tests/dcnm_bootflash_deleted_wildcard.yaml:175
yaml[truthy]: Truthy value should be one of [false, true]
tests/integration/targets/dcnm_resource_manager/tests/dcnm/dcnm_res_manager_merge.yaml:249
yaml[truthy]: Truthy value should be one of [false, true]
tests/integration/targets/dcnm_resource_manager/tests/dcnm/dcnm_res_manager_merge.yaml:268
yaml[truthy]: Truthy value should be one of [false, true]
tests/integration/targets/dcnm_resource_manager/tests/dcnm/dcnm_res_manager_merge.yaml:287
yaml[truthy]: Truthy value should be one of [false, true]
tests/integration/targets/dcnm_resource_manager/tests/dcnm/dcnm_res_manager_merge.yaml:306
yaml[truthy]: Truthy value should be one of [false, true]
tests/integration/targets/dcnm_resource_manager/tests/dcnm/dcnm_res_manager_merge.yaml:325
yaml[truthy]: Truthy value should be one of [false, true]
tests/integration/targets/dcnm_resource_manager/tests/dcnm/dcnm_res_manager_merge.yaml:344
Read documentation for instructions on how to ignore specific rule violations.
# Rule Violation Summary
2 yaml profile:basic tags:formatting,yaml
6 yaml profile:basic tags:formatting,yaml
Failed: 8 failure(s), 0 warning(s) in 843 files processed of 1031 encountered. Profile 'production' was required, but 'min' profile passed.
A new release of ansible-lint is available: 25.9.2 → 25.12.0[/] Upgrade by running: pip install --upgrade ansible-lint
➜ dcnm_siva git:(lint_changes) ✗ export ANSIBLE_ROLES_PATH=/Users/mwiebe/Projects/Ansible/nac-vxlan/collections/ansible_collections/cisco/dcnm_collections/dcnm_siva/tests/integration/targets
Collaborator
Author
There was a problem hiding this comment.
I was surprised to notice this as I had checked all the files but missed this boolean value. It was not flagged probably as you pointed because of the env variable setting. I shall address them.
Collaborator
Author
There was a problem hiding this comment.
Resolved the boolean requirements with ignore_errors across all files.
Collaborator
Author
There was a problem hiding this comment.
I have added a seperate commit on this. And added git action to export the env variable
Collaborator
|
@sivakasi-cisco there are conflicts again that need to be resolved in .github/workflows/main.yml |
sivakasi-cisco
force-pushed
the
lint_changes
branch
from
8e9f848 to
d0693ed
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.