diff --git a/tools/validate-all-file.py b/tools/validate-all-file.py index 33d3032bff..0b60070535 100755 --- a/tools/validate-all-file.py +++ b/tools/validate-all-file.py @@ -148,16 +148,14 @@ def check_json_j2(): return return_code -def check_docker_become(): +def check_task_contents(): """All tasks that use Docker should have 'become: true'.""" includes = r'|'.join([fnmatch.translate(x) for x in YAML_INCLUDE_PATTERNS]) excludes = r'|'.join([fnmatch.translate(x) for x in YAML_EXCLUDE_PATTERNS]) - ce_modules = ('kolla_docker', 'kolla_container_facts', 'kolla_toolbox') - cmd_modules = ('command', 'shell') - return_code = 0 roles_path = os.path.join(PROJECT_ROOT, 'ansible', 'roles') + return_code = 0 for root, dirs, files in os.walk(roles_path): dirs[:] = [d for d in dirs if not re.match(excludes, d)] for filename in files: @@ -168,38 +166,58 @@ def check_docker_become(): tasks = yaml.safe_load(fp) tasks = tasks or [] for task in tasks: - for module in ce_modules: - if module in task and not task.get('become'): - return_code = 1 - LOG.error("Use of %s module without become in " - "task %s in %s", - module, task['name'], fullpath) - for module in cmd_modules: - ce_without_become = False - if (module in task and not task.get('become')): - if (isinstance(task[module], str) and - ((task[module]).startswith('docker') or - (task[module]).startswith('podman'))): - ce_without_become = True - if (isinstance(task[module], dict) and - (task[module]['cmd'].startswith('docker') or - task[module]['cmd'].startswith('podman'))): - ce_without_become = True - if ce_without_become: + if task.get('block'): + block = task + for task in task['block']: + if check_docker_become(fullpath, task, block): return_code = 1 - LOG.error("Use of container engine in %s " - "module without " - "become in task %s in %s", - module, task['name'], fullpath) + else: + if check_docker_become(fullpath, task): + return_code = 1 return return_code +def check_docker_become(fullpath, task, block=''): + + ce_modules = ('kolla_docker', 'kolla_container_facts', 'kolla_toolbox') + cmd_modules = ('command', 'shell') + return_code = 0 + + for module in ce_modules: + if (module in task and not task.get('become') and + not block.get('become')): + return_code = 1 + LOG.error("Use of %s module without become in " + "task %s in %s", + module, task['name'], fullpath) + for module in cmd_modules: + ce_without_become = False + if (module in task and not task.get('become')): + if (isinstance(task[module], str) and + (task[module].startswith('docker') or + task[module].startswith('podman')) and + not block.get('become')): + ce_without_become = True + if (isinstance(task[module], dict) and + (task[module]['cmd'].startswith('docker') or + task[module]['cmd'].startswith('podman')) and + not block.get('become')): + ce_without_become = True + if ce_without_become: + return_code = 1 + LOG.error("Use of container engine in %s " + "module without " + "become in task %s in %s block %s", + module, task['name'], fullpath, block) + return return_code + + def main(): checks = ( check_newline_eof, check_json_j2, - check_docker_become, + check_task_contents, ) return sum([check() for check in checks]) diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml index 878f4e0b4d..5d2869b273 100644 --- a/zuul.d/base.yaml +++ b/zuul.d/base.yaml @@ -25,6 +25,7 @@ - ^contrib/ - ^specs/ - ^kolla_ansible/tests/ + - ^tools/validate-.*$ - ^zuul\.d/ vars: previous_release: "2023.1"