Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new rule that detects use of blind ignore_errors: true #1540

Merged
merged 5 commits into from May 3, 2021
Merged

Add new rule that detects use of blind ignore_errors: true #1540

Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
2ae93d7
add new rule ignore-errors
konstruktoid Apr 29, 2021
d70899d
Merge branch 'master' into ignoreerrors
ssbarnea Apr 30, 2021
b59e3e8
Update src/ansiblelint/rules/IgnoreErrorsRule.py
konstruktoid Apr 30, 2021
6d0bd21
allow ignore_errors: if register: is used
konstruktoid May 1, 2021
2b6a615
Correct number of rules in test
ssbarnea May 2, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
92 changes: 92 additions & 0 deletions src/ansiblelint/rules/IgnoreErrorsRule.py
View file
Open in desktop
@@ -0,0 +1,92 @@
"""IgnoreErrorsRule used with ansible-lint."""
import sys
from typing import TYPE_CHECKING, Any, Dict, Union

from ansiblelint.rules import AnsibleLintRule

if TYPE_CHECKING:
from typing import Optional

from ansiblelint.file_utils import Lintable


class IgnoreErrorsRule(AnsibleLintRule):
"""Describe and test the IgnoreErrorsRule."""

id = "ignore-errors"
shortdesc = 'Use failed_when and specify error codes instead of ignore_errors'
konstruktoid marked this conversation as resolved.
Show resolved Hide resolved
description = (
'Instead of ignoring all errors, use ``failed_when:`` '
'and specify acceptable error codes '
'to reduce the risk of ignoring important failures'
)
severity = 'LOW'
tags = ['unpredictability', 'experimental']
version_added = 'v5.0.7'

def matchtask(
self, task: Dict[str, Any], file: 'Optional[Lintable]' = None
) -> Union[bool, str]:

if task.get("ignore_errors"):
return True

return False


if "pytest" in sys.modules:
import pytest

IGNORE_ERRORS_TRUE = '''
- hosts: all
tasks:
- name: run apt-get update
command: apt-get update
ignore_errors: true
'''

IGNORE_ERRORS_FALSE = '''
- hosts: all
tasks:
- name: run apt-get update
command: apt-get update
ignore_errors: false
konstruktoid marked this conversation as resolved.
Show resolved Hide resolved
'''

FAILED_WHEN = '''
- hosts: all
tasks:
- name: disable apport
become: 'yes'
lineinfile:
line: "enabled=0"
dest: /etc/default/apport
mode: 0644
state: present
register: default_apport
failed_when: default_apport.rc !=0 and not default_apport.rc == 257
'''

@pytest.mark.parametrize(
'rule_runner', (IgnoreErrorsRule,), indirect=['rule_runner']
)
def test_ignore_errors_true(rule_runner: Any) -> None:
"""The task uses ignore_errors."""
results = rule_runner.run_playbook(IGNORE_ERRORS_TRUE)
assert len(results) == 1

@pytest.mark.parametrize(
'rule_runner', (IgnoreErrorsRule,), indirect=['rule_runner']
)
def test_ignore_errors_false(rule_runner: Any) -> None:
"""The task uses ignore_errors: false, oddly enough."""
results = rule_runner.run_playbook(IGNORE_ERRORS_FALSE)
assert len(results) == 0

@pytest.mark.parametrize(
'rule_runner', (IgnoreErrorsRule,), indirect=['rule_runner']
)
def test_failed_when(rule_runner: Any) -> None:
"""Instead of ignore_errors, this task uses failed_when."""
results = rule_runner.run_playbook(FAILED_WHEN)
assert len(results) == 0