mig5/enroll
1
0
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity Actions

Changes that make ansible-lint happy. nosec on the subprocess commands

Browse source
This commit is contained in:
Miguel Jacq 2025-12-15 11:29:08 +11:00
parent 9532462535
commit 4cdc78915f
Signed by: mig5
GPG key ID: 59B3F0C24135C6A9
5 changed files with 23 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

6
enroll/debian.py
View file

@ -15,7 +15,7 @@ def _run(cmd: list[str]) -> str:
def dpkg_owner(path: str) -> Optional[str]: def dpkg_owner(path: str) -> Optional[str]:
p = subprocess.run(["dpkg", "-S", path], text=True, capture_output=True) #nosec p = subprocess.run(["dpkg", "-S", path], text=True, capture_output=True) # nosec
if p.returncode != 0: if p.returncode != 0:
return None return None
left = p.stdout.split(":", 1)[0].strip() left = p.stdout.split(":", 1)[0].strip()
@ -25,7 +25,9 @@ def dpkg_owner(path: str) -> Optional[str]:
def list_manual_packages() -> List[str]: def list_manual_packages() -> List[str]:
"""Return packages marked as manually installed (apt-mark showmanual).""" """Return packages marked as manually installed (apt-mark showmanual)."""
p = subprocess.run(["apt-mark", "showmanual"], text=True, capture_output=True) #nosec p = subprocess.run(
["apt-mark", "showmanual"], text=True, capture_output=True
) # nosec
if p.returncode != 0: if p.returncode != 0:
return [] return []
pkgs: List[str] = [] pkgs: List[str] = []

1
enroll/harvest.py
View file

@ -142,6 +142,7 @@ def _role_id(raw: str) -> str:
s = "r_" + s s = "r_" + s
return s return s
def _role_name_from_unit(unit: str) -> str: def _role_name_from_unit(unit: str) -> str:
base = _role_id(unit.removesuffix(".service")) base = _role_id(unit.removesuffix(".service"))
return _safe_name(base) return _safe_name(base)

13
enroll/manifest.py
View file

@ -35,7 +35,13 @@ def _write_role_scaffold(role_dir: str) -> None:
def _write_playbook(path: str, roles: List[str]) -> None: def _write_playbook(path: str, roles: List[str]) -> None:
pb_lines = ["---", "- name: Apply all roles on host", " hosts: all", " become: true", " roles:"] pb_lines = [
"---",
"- name: Apply all roles on host",
" hosts: all",
" become: true",
" roles:",
]
for r in roles: for r in roles:
pb_lines.append(f" - {r}") pb_lines.append(f" - {r}")
with open(path, "w", encoding="utf-8") as f: with open(path, "w", encoding="utf-8") as f:
@ -528,5 +534,8 @@ Generated for manual package `{pkg}`.
# Playbooks # Playbooks
_write_playbook( _write_playbook(
os.path.join(out_dir, "playbook.yml"), os.path.join(out_dir, "playbook.yml"),
manifested_users_roles + manifested_etc_custom_roles + manifested_pkg_roles + manifested_service_roles, manifested_users_roles
+ manifested_etc_custom_roles
+ manifested_pkg_roles
+ manifested_service_roles,
) )