Changes that make ansible-lint happy. nosec on the subprocess commands

enroll/accounts.py

@@ -146,7 +146,7 @@ def collect_non_system_users() -> List[UserRecord]:
                 gid=gid,
                 gecos=gecos,
                 home=home,
-                shell=shell, # nosec
+                shell=shell,  # nosec
                 primary_group=primary_group,
                 supplementary_groups=supp,
                 ssh_files=ssh_files,

enroll/debian.py

@@ -3,19 +3,19 @@ from __future__ import annotations
 import glob
 import hashlib
 import os
-import subprocess # nosec
+import subprocess  # nosec
 from typing import Dict, List, Optional, Set, Tuple
 
 
 def _run(cmd: list[str]) -> str:
-    p = subprocess.run(cmd, check=False, text=True, capture_output=True) # nosec
+    p = subprocess.run(cmd, check=False, text=True, capture_output=True)  # nosec
     if p.returncode != 0:
         raise RuntimeError(f"Command failed: {cmd}\n{p.stderr}")
     return p.stdout
 
 
 def dpkg_owner(path: str) -> Optional[str]:
-    p = subprocess.run(["dpkg", "-S", path], text=True, capture_output=True) #nosec
+    p = subprocess.run(["dpkg", "-S", path], text=True, capture_output=True)  # nosec
     if p.returncode != 0:
         return None
     left = p.stdout.split(":", 1)[0].strip()
@@ -25,7 +25,9 @@ def dpkg_owner(path: str) -> Optional[str]:
 
 def list_manual_packages() -> List[str]:
     """Return packages marked as manually installed (apt-mark showmanual)."""
-    p = subprocess.run(["apt-mark", "showmanual"], text=True, capture_output=True) #nosec
+    p = subprocess.run(
+        ["apt-mark", "showmanual"], text=True, capture_output=True
+    )  # nosec
     if p.returncode != 0:
         return []
     pkgs: List[str] = []
@@ -154,7 +156,7 @@ def read_pkg_md5sums(pkg: str) -> Dict[str, str]:
 
 
 def file_md5(path: str) -> str:
-    h = hashlib.md5() # nosec
+    h = hashlib.md5()  # nosec
     with open(path, "rb") as f:
         for chunk in iter(lambda: f.read(1024 * 1024), b""):
             h.update(chunk)

enroll/harvest.py

@@ -142,6 +142,7 @@ def _role_id(raw: str) -> str:
         s = "r_" + s
     return s
 
+
 def _role_name_from_unit(unit: str) -> str:
     base = _role_id(unit.removesuffix(".service"))
     return _safe_name(base)

enroll/manifest.py

@@ -35,7 +35,13 @@ def _write_role_scaffold(role_dir: str) -> None:
 
 
 def _write_playbook(path: str, roles: List[str]) -> None:
-    pb_lines = ["---", "- name: Apply all roles on host", "  hosts: all", "  become: true", "  roles:"]
+    pb_lines = [
+        "---",
+        "- name: Apply all roles on host",
+        "  hosts: all",
+        "  become: true",
+        "  roles:",
+    ]
     for r in roles:
         pb_lines.append(f"    - {r}")
     with open(path, "w", encoding="utf-8") as f:
@@ -528,5 +534,8 @@ Generated for manual package `{pkg}`.
     # Playbooks
     _write_playbook(
         os.path.join(out_dir, "playbook.yml"),
-        manifested_users_roles + manifested_etc_custom_roles + manifested_pkg_roles + manifested_service_roles,
+        manifested_users_roles
+        + manifested_etc_custom_roles
+        + manifested_pkg_roles
+        + manifested_service_roles,
     )

enroll/systemd.py

@@ -1,7 +1,7 @@
 from __future__ import annotations
 
 import re
-import subprocess # nosec
+import subprocess  # nosec
 from dataclasses import dataclass
 from typing import List, Optional
 
@@ -27,7 +27,7 @@ class UnitQueryError(RuntimeError):
 
 
 def _run(cmd: list[str]) -> str:
-    p = subprocess.run(cmd, check=False, text=True, capture_output=True) # nosec
+    p = subprocess.run(cmd, check=False, text=True, capture_output=True)  # nosec
     if p.returncode != 0:
         raise RuntimeError(f"Command failed: {cmd}\n{p.stderr}")
     return p.stdout
@@ -81,7 +81,7 @@ def get_unit_info(unit: str) -> UnitInfo:
             "-p",
             "ConditionResult",
             "--no-page",
-        ], # nosec
+        ],  # nosec
         check=False,
         text=True,
         capture_output=True,