2020-01-14 23:15:13 +00:00
---
2024-01-25 20:09:05 +00:00
title: Write a rule
2020-01-14 23:15:13 +00:00
---
2024-01-25 20:09:05 +00:00
A typical rule check will look like:
2020-01-14 23:15:13 +00:00
2020-06-03 14:23:46 +00:00
<!-- prettier - ignore - start -->
2020-06-07 14:39:14 +00:00
<!-- spellchecker - disable -->
2020-01-14 23:15:13 +00:00
{{< highlight Python " linenos = table" > }}
2024-01-25 20:09:05 +00:00
class CheckBecomeUser(RuleBase):
2021-01-30 15:52:48 +00:00
sid = "ANSIBLE0015"
description = "Become should be combined with become_user"
helptext = "the task has `become` enabled but `become_user` is missing"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):
tasks, errors = self.get_normalized_tasks(candidate, settings)
true_value = [True, "true", "True", "TRUE", "yes", "Yes", "YES"]
if not errors:
gen = (task for task in tasks if "become" in task)
for task in gen:
if task["become"] in true_value and "become_user" not in task.keys():
errors.append(self.Error(task["__line__"], self.helptext))
return self.Result(candidate.path, errors)
2020-01-14 23:15:13 +00:00
{{< / highlight > }}
2020-06-07 14:39:14 +00:00
<!-- spellchecker - enable -->
2020-06-03 14:23:46 +00:00
<!-- prettier - ignore - end -->
2020-01-14 23:15:13 +00:00
2021-01-30 15:52:48 +00:00
They return a `Result` object, which contains a possibly empty list of `Error` objects. `Error` objects are formed of a line number and a message. If the error applies to the whole file being reviewed, set the line number to `None` .