Changes that make ansible-lint happy. nosec on the subprocess commands

2025-12-15 11:29:08 +11:00 · 2025-12-15 11:29:08 +11:00 · 4cdc78915f
commit 4cdc78915f
parent 9532462535
5 changed files with 23 additions and 11 deletions
--- a/enroll/debian.py
+++ b/enroll/debian.py
@ -15,7 +15,7 @@ def _run(cmd: list[str]) -> str:


 def dpkg_owner(path: str) -> Optional[str]:
-    p = subprocess.run(["dpkg", "-S", path], text=True, capture_output=True) #nosec
+    p = subprocess.run(["dpkg", "-S", path], text=True, capture_output=True)  # nosec
    if p.returncode != 0:
        return None
    left = p.stdout.split(":", 1)[0].strip()
@ -25,7 +25,9 @@ def dpkg_owner(path: str) -> Optional[str]:

 def list_manual_packages() -> List[str]:
    """Return packages marked as manually installed (apt-mark showmanual)."""
-    p = subprocess.run(["apt-mark", "showmanual"], text=True, capture_output=True) #nosec
+    p = subprocess.run(
+        ["apt-mark", "showmanual"], text=True, capture_output=True
+    )  # nosec
    if p.returncode != 0:
        return []
    pkgs: List[str] = []
--- a/enroll/harvest.py
+++ b/enroll/harvest.py
@ -142,6 +142,7 @@ def _role_id(raw: str) -> str:
        s = "r_" + s
    return s

+
 def _role_name_from_unit(unit: str) -> str:
    base = _role_id(unit.removesuffix(".service"))
    return _safe_name(base)
--- a/enroll/manifest.py
+++ b/enroll/manifest.py
@ -35,7 +35,13 @@ def _write_role_scaffold(role_dir: str) -> None:


 def _write_playbook(path: str, roles: List[str]) -> None:
-    pb_lines = ["---", "- name: Apply all roles on host", "  hosts: all", "  become: true", "  roles:"]
+    pb_lines = [
+        "---",
+        "- name: Apply all roles on host",
+        "  hosts: all",
+        "  become: true",
+        "  roles:",
+    ]
    for r in roles:
        pb_lines.append(f"    - {r}")
    with open(path, "w", encoding="utf-8") as f:
@ -528,5 +534,8 @@ Generated for manual package `{pkg}`.
    # Playbooks
    _write_playbook(
        os.path.join(out_dir, "playbook.yml"),
-        manifested_users_roles + manifested_etc_custom_roles + manifested_pkg_roles + manifested_service_roles,
+        manifested_users_roles
+        + manifested_etc_custom_roles
+        + manifested_pkg_roles
+        + manifested_service_roles,
    )