Ansible-lint not resolve properly collections from meta/main.yml role file

[Eugen1987]

Summary

We have a playbook that import a role called: azure-sql. The role is very simple and have one task:

   - name: Retrieve dba password
      azure_rm_keyvaultsecret_info:
        name: "{{ secret }}"
        vault_uri: "{{ uri }}"
      register: _secret

In that role we have a main.yml meta file with collection we want to use.

collections:
  - azure.azcollection

when we launch the playbook all work ok. When we launch ansible-lint, it fails with the following error:

CRITICAL Couldn't parse task at /Users/topi/roles/azure-sql/tasks/user.yml:23 (couldn't resolve module/action 'azure_rm_keyvaultsecret_info'. This often indicates a misspelling, missing collection, or incorrect module path.)
{ 'azure_rm_keyvaultsecret_info': { '__file__': '/Users/topi/roles/azure-sql/tasks/user.yml,
                                    '__line__': 25,
                                    'name': '{{ secret }}',
                                    'vault_uri': '{{ uri }}',
  'name': 'Retrieve dba password',
  'no_log': True,
  'register': '_dbapw'}

If we add azure.azcollection to the module name like this:

   - name: Retrieve dba password
      azure.azcollection.azure_rm_keyvaultsecret_info:
        name: "{{ secret }}"
        vault_uri: "{{ uri }}"
      register: _secret

ansible-lint work fine.

Issue Type

• Bug Report

Ansible and Ansible Lint details

ansible --version
ansible 2.10.3
  config file = /Users/topi/workplace/dap-platform-ops/ansible.cfg
  configured module search path = ['/Users/topi/workplace/dap-platform-ops/library']
  ansible python module location = /Users/topi/workplace/demo/lib/python3.8/site-packages/ansible
  executable location = /Users/topi/workplace/demo/bin/ansible
  python version = 3.8.1 (v3.8.1:1b293b6006, Dec 18 2019, 14:08:53) [Clang 6.0 (clang-600.0.57)]

ansible-lint --version
ansible-lint 4.3.7
>  >

• ansible installation method: pip
• ansible-lint installation method: pip

OS / ENVIRONMENT

Darwin topi 19.4.0 Darwin Kernel Version 19.4.0: Wed Mar 4 22:28:40 PST 2020; root:xnu-6153.101.6~15/RELEASE_X86_64 x86_64

STEPS TO REPRODUCE

create a playbook called test with the following content:

    - name: Sql secret
      include_role:
        name: azure-sql
      vars:
        secret: "{{ sql_secret }}"
        uri: "{{ sql_keyvault_uri }}

create a role called azure-sql with the following content:

   - name: Retrieve dba password
      azure_rm_keyvaultsecret_info:
        name: "{{ secret }}"
        vault_uri: "{{ uri }}"
      register: _secret

In that role in meta/main.yml file set the collection of wich the module azure_rm_keyvaultsecret_info belong.

collections:
  - azure.azcollection

Desired Behaviour

When we launch ansible-lint it must pass.

Actual Behaviour

When we launch ansible-lint, it fails with the following error:

CRITICAL Couldn't parse task at /Users/topi/roles/azure-sql/tasks/user.yml:23 (couldn't resolve module/action 'azure_rm_keyvaultsecret_info'. This often indicates a misspelling, missing collection, or incorrect module path.)
{ 'azure_rm_keyvaultsecret_info': { '__file__': '/Users/topi/roles/azure-sql/tasks/user.yml,
                                    '__line__': 25,
                                    'name': '{{ secret }}',
                                    'vault_uri': '{{ uri }}',
  'name': 'Retrieve dba password',
  'no_log': True,
  'register': '_dbapw'}

[ssbarnea]

There is very long list of bugs, but unless someone propose PR, they may end-up lingering here. We need PRs now more than anything else.

[americanwookie]

Is this related to #538? There's a proposed fix in #1046, does that fix work for you @Eugen1987?

[Eugen1987]

Thank you very much for answering so quickly. It is partially related to #538. But in my case the error only occurs when I indicate the collection in the meta/main.yml file. If I indicate the collection in the name of the module everything works correctly.

The solution proposed in #1046 seems very interesting to me because it is not necessary to check whether the modules belonging to the collections are valid or not.

Thank you.

[MarkusTeufelberger]

For me with 4.3.7 ansible-lint breaks on the first module name it encounters that's not builtin in ansible-base:

[WARNING]: errors were encountered during the plugin load for
ansible.posix.authorized_key: ['relative resource paths not supported']

My ansible.cfg contains

# Only use vendored collections, nothing else
collections_path = ./collections

and collections are managed by me, not the ansible pip-package to prevent issues with modules getting updated/changed upstream. Putting an absolute path in there doesn't work either by the way. This is a regression between 4.3.5 and 4.3.7, I can try to bisect if it helps (might be the version of ansible-base that ansible-lint depends on when running pre-commit though?).

Maybe this is a separate issue, especially since adding the full FQCN into the task doesn't fix it. Where should I best start looking for clues/issues around this, so I can propose a fix? I guess you know the code base and some gotchas better than me...

[MarkusTeufelberger]

My current suspicion is #1074 and especially this line:

https://github.com/ansible-community/ansible-lint/blob/f9eff807acf9625386b7f415432c0caa042b3e49/lib/ansiblelint/utils.py#L183