fix: ignore complex changed when checks in rule CheckChangedInWhen (#628)

This commit is contained in:
Robert Kaussow 2023-06-28 15:57:40 +02:00 committed by GitHub
parent a38a9aa11b
commit 26ce453fc4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -36,7 +36,7 @@ class CheckChangedInWhen(StandardBase):
for task in tasks: for task in tasks:
when = None when = None
if task["__ansible_action_type__"] == "task": if task["__ansible_action_type__"] in ["task", "meta"]:
when = task.get("when") when = task.get("when")
if isinstance(when, str): if isinstance(when, str):
@ -54,6 +54,15 @@ class CheckChangedInWhen(StandardBase):
if not isinstance(item, str): if not isinstance(item, str):
return False return False
if not {"and", "or", "not"}.isdisjoint(item.split()):
return False
return any( return any(
changed in item for changed in [".changed", "|changed", '["changed"]', "['changed']"] changed in item for changed in [
".changed",
"|changed",
'["changed"]',
"['changed']",
"is changed",
]
) )