New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new rule that detects use of blind ignore_errors: true #1540
Conversation
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am ok with it but I am sure this will be controversial, so I so want extra eyes on it before we add it.
Is good that is added as experimental, which means it will not fail the linting, only acting as a warning, at least for the moment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did not look at the code too closely, but adding this rule is OK with me.
We do use ignore_error: true
a lot in our integration tests because we often expect tasks to fail there. And while it would be possible to use failed_when
in those cases, it would considerably decrease readability (example of such playbook: https://github.com/sensu/sensu-go-ansible/blob/c000b1f016955047976028805d8ef021773c244e/tests/integration/molecule/module_filter/converge.yml#L8-L19). If we would use ansible-lint on those playbooks, we would need to add a lot of ignores to our playbooks. But luckily we do not ;)
Like @tadeboro mentioned, there are use cases where it is relevant and desired to actually display a failure that was ignored. I think the feature would be useful but I'm not sure I would impose it as a default. |
The "correct" version if this is To me |
To me, |
I think that everyone involved in this discussion known the pros and cons of ignore errors. The question is if we can find a way to lower the number of false-positives from this rule?
No need to be afraid about this rule breaking existing code because is added as experimental (warning) only. As @tadeboro said, we can assume some false-positives with any rule but it would be essential for the number of false positives to be very low as nobody likes polluting the code with ignores. |
Please don't make rules dependent on external factors such as other files/folders existing. Having a "it makes sense in these use cases" exception might be a good hint that this is not a good universal rule to begin with. Why should There might be an argument for different rule sets for roles and test playbooks or some "strict mode" that ensures some certain parameters like "no failing tasks get skipped", but that would be a bigger discussion. |
Something that some of you may not know is that ignore_errors does ignore errors even if the called ansible module is crashing! I seen multiple cases where modules were called with invalid parameters for months and nobody observed due to use of ignore_errors. Ignore errors is more like a |
Co-authored-by: MarkusTeufelberger <mteufelberger@mgit.at>
This basically sums up the reasoning for this rule, and it's labeled as experimental which shouldn't cause any issues in existing pipelines. Ignoring the rule if |
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
The Ansible docs recommend using |
Make a pr to do that, it makes sense and it should be really easy to do so. |
This PR adds a new rule name
ignore-errors
that will trigger ifignore_errors: true
is used.The reasoning behind this is that instead of ignoring all errors, the use of
failed_when:
and specified acceptable error codes to reduce the risk of ignoring important failures is recommended.Signed-off-by: Thomas Sjögren konstruktoid@users.noreply.github.com