Changes that make ansible-lint happy. nosec on the subprocess commands
This commit is contained in:
parent
9532462535
commit
4cdc78915f
GPG key ID:
59B3F0C24135C6A9
5 changed files with 23 additions and 11 deletions
|
|
@ -146,7 +146,7 @@ def collect_non_system_users() -> List[UserRecord]:
|
||||||
gid=gid,
|
gid=gid,
|
||||||
gecos=gecos,
|
gecos=gecos,
|
||||||
home=home,
|
home=home,
|
||||||
shell=shell, # nosec
|
shell=shell, # nosec
|
||||||
primary_group=primary_group,
|
primary_group=primary_group,
|
||||||
supplementary_groups=supp,
|
supplementary_groups=supp,
|
||||||
ssh_files=ssh_files,
|
ssh_files=ssh_files,
|
||||||
|
|
|
||||||
|
|
@ -3,19 +3,19 @@ from __future__ import annotations
|
||||||
import glob
|
import glob
|
||||||
import hashlib
|
import hashlib
|
||||||
import os
|
import os
|
||||||
import subprocess # nosec
|
import subprocess # nosec
|
||||||
from typing import Dict, List, Optional, Set, Tuple
|
from typing import Dict, List, Optional, Set, Tuple
|
||||||
|
|
||||||
|
|
||||||
def _run(cmd: list[str]) -> str:
|
def _run(cmd: list[str]) -> str:
|
||||||
p = subprocess.run(cmd, check=False, text=True, capture_output=True) # nosec
|
p = subprocess.run(cmd, check=False, text=True, capture_output=True) # nosec
|
||||||
if p.returncode != 0:
|
if p.returncode != 0:
|
||||||
raise RuntimeError(f"Command failed: {cmd}\n{p.stderr}")
|
raise RuntimeError(f"Command failed: {cmd}\n{p.stderr}")
|
||||||
return p.stdout
|
return p.stdout
|
||||||
|
|
||||||
|
|
||||||
def dpkg_owner(path: str) -> Optional[str]:
|
def dpkg_owner(path: str) -> Optional[str]:
|
||||||
p = subprocess.run(["dpkg", "-S", path], text=True, capture_output=True) #nosec
|
p = subprocess.run(["dpkg", "-S", path], text=True, capture_output=True) # nosec
|
||||||
if p.returncode != 0:
|
if p.returncode != 0:
|
||||||
return None
|
return None
|
||||||
left = p.stdout.split(":", 1)[0].strip()
|
left = p.stdout.split(":", 1)[0].strip()
|
||||||
|
|
@ -25,7 +25,9 @@ def dpkg_owner(path: str) -> Optional[str]:
|
||||||
|
|
||||||
def list_manual_packages() -> List[str]:
|
def list_manual_packages() -> List[str]:
|
||||||
"""Return packages marked as manually installed (apt-mark showmanual)."""
|
"""Return packages marked as manually installed (apt-mark showmanual)."""
|
||||||
p = subprocess.run(["apt-mark", "showmanual"], text=True, capture_output=True) #nosec
|
p = subprocess.run(
|
||||||
|
["apt-mark", "showmanual"], text=True, capture_output=True
|
||||||
|
) # nosec
|
||||||
if p.returncode != 0:
|
if p.returncode != 0:
|
||||||
return []
|
return []
|
||||||
pkgs: List[str] = []
|
pkgs: List[str] = []
|
||||||
|
|
@ -154,7 +156,7 @@ def read_pkg_md5sums(pkg: str) -> Dict[str, str]:
|
||||||
|
|
||||||
|
|
||||||
def file_md5(path: str) -> str:
|
def file_md5(path: str) -> str:
|
||||||
h = hashlib.md5() # nosec
|
h = hashlib.md5() # nosec
|
||||||
with open(path, "rb") as f:
|
with open(path, "rb") as f:
|
||||||
for chunk in iter(lambda: f.read(1024 * 1024), b""):
|
for chunk in iter(lambda: f.read(1024 * 1024), b""):
|
||||||
h.update(chunk)
|
h.update(chunk)
|
||||||
|
|
|
||||||
|
|
@ -142,6 +142,7 @@ def _role_id(raw: str) -> str:
|
||||||
s = "r_" + s
|
s = "r_" + s
|
||||||
return s
|
return s
|
||||||
|
|
||||||
|
|
||||||
def _role_name_from_unit(unit: str) -> str:
|
def _role_name_from_unit(unit: str) -> str:
|
||||||
base = _role_id(unit.removesuffix(".service"))
|
base = _role_id(unit.removesuffix(".service"))
|
||||||
return _safe_name(base)
|
return _safe_name(base)
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,13 @@ def _write_role_scaffold(role_dir: str) -> None:
|
||||||
|
|
||||||
|
|
||||||
def _write_playbook(path: str, roles: List[str]) -> None:
|
def _write_playbook(path: str, roles: List[str]) -> None:
|
||||||
pb_lines = ["---", "- name: Apply all roles on host", " hosts: all", " become: true", " roles:"]
|
pb_lines = [
|
||||||
|
"---",
|
||||||
|
"- name: Apply all roles on host",
|
||||||
|
" hosts: all",
|
||||||
|
" become: true",
|
||||||
|
" roles:",
|
||||||
|
]
|
||||||
for r in roles:
|
for r in roles:
|
||||||
pb_lines.append(f" - {r}")
|
pb_lines.append(f" - {r}")
|
||||||
with open(path, "w", encoding="utf-8") as f:
|
with open(path, "w", encoding="utf-8") as f:
|
||||||
|
|
@ -528,5 +534,8 @@ Generated for manual package `{pkg}`.
|
||||||
# Playbooks
|
# Playbooks
|
||||||
_write_playbook(
|
_write_playbook(
|
||||||
os.path.join(out_dir, "playbook.yml"),
|
os.path.join(out_dir, "playbook.yml"),
|
||||||
manifested_users_roles + manifested_etc_custom_roles + manifested_pkg_roles + manifested_service_roles,
|
manifested_users_roles
|
||||||
|
+ manifested_etc_custom_roles
|
||||||
|
+ manifested_pkg_roles
|
||||||
|
+ manifested_service_roles,
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
from __future__ import annotations
|
from __future__ import annotations
|
||||||
|
|
||||||
import re
|
import re
|
||||||
import subprocess # nosec
|
import subprocess # nosec
|
||||||
from dataclasses import dataclass
|
from dataclasses import dataclass
|
||||||
from typing import List, Optional
|
from typing import List, Optional
|
||||||
|
|
||||||
|
|
@ -27,7 +27,7 @@ class UnitQueryError(RuntimeError):
|
||||||
|
|
||||||
|
|
||||||
def _run(cmd: list[str]) -> str:
|
def _run(cmd: list[str]) -> str:
|
||||||
p = subprocess.run(cmd, check=False, text=True, capture_output=True) # nosec
|
p = subprocess.run(cmd, check=False, text=True, capture_output=True) # nosec
|
||||||
if p.returncode != 0:
|
if p.returncode != 0:
|
||||||
raise RuntimeError(f"Command failed: {cmd}\n{p.stderr}")
|
raise RuntimeError(f"Command failed: {cmd}\n{p.stderr}")
|
||||||
return p.stdout
|
return p.stdout
|
||||||
|
|
@ -81,7 +81,7 @@ def get_unit_info(unit: str) -> UnitInfo:
|
||||||
"-p",
|
"-p",
|
||||||
"ConditionResult",
|
"ConditionResult",
|
||||||
"--no-page",
|
"--no-page",
|
||||||
], # nosec
|
], # nosec
|
||||||
check=False,
|
check=False,
|
||||||
text=True,
|
text=True,
|
||||||
capture_output=True,
|
capture_output=True,
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue