openstack/kolla-ansible
Code Issues Proposed changes

CI: add block support to validate-all-file.py

Browse Source 
This change also refactors code a bit to allow additional checks
in the same os.walk loop

Change-Id: Ib40af3ee309c773afba4776183d162327a9a0e1c
This commit is contained in:
Michal Nasiadka 2023-09-07 12:02:11 +02:00
parent e38f5e0c23
commit 49cb1ce4b0
2 changed files with 46 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
tools/validate-all-file.py
View File

@ -148,16 +148,14 @@ def check_json_j2():
return return_code
def check_docker_become():
def check_task_contents():
"""All tasks that use Docker should have 'become: true'."""
includes = r'|'.join([fnmatch.translate(x)
for x in YAML_INCLUDE_PATTERNS])
excludes = r'|'.join([fnmatch.translate(x)
for x in YAML_EXCLUDE_PATTERNS])
ce_modules = ('kolla_docker', 'kolla_container_facts', 'kolla_toolbox')
cmd_modules = ('command', 'shell')
return_code = 0
roles_path = os.path.join(PROJECT_ROOT, 'ansible', 'roles')
return_code = 0
for root, dirs, files in os.walk(roles_path):
dirs[:] = [d for d in dirs if not re.match(excludes, d)]
for filename in files:
@ -168,38 +166,58 @@ def check_docker_become():
tasks = yaml.safe_load(fp)
tasks = tasks or []
for task in tasks:
for module in ce_modules:
if module in task and not task.get('become'):
return_code = 1
LOG.error("Use of %s module without become in "
"task %s in %s",
module, task['name'], fullpath)
for module in cmd_modules:
ce_without_become = False
if (module in task and not task.get('become')):
if (isinstance(task[module], str) and
((task[module]).startswith('docker') or
(task[module]).startswith('podman'))):
ce_without_become = True
if (isinstance(task[module], dict) and
(task[module]['cmd'].startswith('docker') or
task[module]['cmd'].startswith('podman'))):
ce_without_become = True
if ce_without_become:
if task.get('block'):
block = task
for task in task['block']:
if check_docker_become(fullpath, task, block):
return_code = 1
LOG.error("Use of container engine in %s "
"module without "
"become in task %s in %s",
module, task['name'], fullpath)
else:
if check_docker_become(fullpath, task):
return_code = 1
return return_code
def check_docker_become(fullpath, task, block=''):
ce_modules = ('kolla_docker', 'kolla_container_facts', 'kolla_toolbox')
cmd_modules = ('command', 'shell')
return_code = 0
for module in ce_modules:
if (module in task and not task.get('become') and
not block.get('become')):
return_code = 1
LOG.error("Use of %s module without become in "
"task %s in %s",
module, task['name'], fullpath)
for module in cmd_modules:
ce_without_become = False
if (module in task and not task.get('become')):
if (isinstance(task[module], str) and
(task[module].startswith('docker') or
task[module].startswith('podman')) and
not block.get('become')):
ce_without_become = True
if (isinstance(task[module], dict) and
(task[module]['cmd'].startswith('docker') or
task[module]['cmd'].startswith('podman')) and
not block.get('become')):
ce_without_become = True
if ce_without_become:
return_code = 1
LOG.error("Use of container engine in %s "
"module without "
"become in task %s in %s block %s",
module, task['name'], fullpath, block)
return return_code
def main():
checks = (
check_newline_eof,
check_json_j2,
check_docker_become,
check_task_contents,
)
return sum([check() for check in checks])

1
zuul.d/base.yaml
View File

@ -25,6 +25,7 @@
- ^contrib/
- ^specs/
- ^kolla_ansible/tests/
- ^tools/validate-.*$
- ^zuul\.d/
vars:
previous_release: "2023.1"