add new role check_become_user

2019-01-28 12:30:05 +01:00 · 2019-01-28 12:30:05 +01:00 · e77a651669
parent ddc00a2c90
commit e77a651669
3 changed files with 26 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -154,6 +154,7 @@ comes with a couple of built-in checks explained in the following table.
 | check_empty_string_compare      | ANSIBLE0012 | Don't compare to "" - use `when: var` or `when: not var`         |                                                                      |
 | check_compare_to_literal_bool   | ANSIBLE0013 | Don't compare to True/False - use `when: var` or `when: not var` |                                                                      |
 | check_literal_bool_format       | ANSIBLE0014 | Literal bools should be written as `True/False` or `yes/no`      | forbidden values are `true false TRUE FALSE Yes No YES NO`           |
+| check_become_user               | ANSIBLE0015 | `become` should be always used combined with `become_user`       |                                                                      |

 ### Build your own

--- a/ansiblelater/examples/standards.py
+++ b/ansiblelater/examples/standards.py
@ -22,6 +22,7 @@ from ansiblelater.rules.ansiblefiles import check_command_has_changes
 from ansiblelater.rules.ansiblefiles import check_empty_string_compare
 from ansiblelater.rules.ansiblefiles import check_compare_to_literal_bool
 from ansiblelater.rules.ansiblefiles import check_literal_bool_format
+from ansiblelater.rules.ansiblefiles import check_become_user


 tasks_should_be_separated = Standard(dict(
@ -132,6 +133,15 @@ literal_bool_should_be_formatted = Standard(dict(
    name="Literal bools should start with a capital letter",
    check=check_literal_bool_format,
    version="0.1",
+    types=[["playbook", "task", "handler", "rolevars",
+           "hostvars", "groupvars"]]
+))
+
+use_become_with_become_user = Standard(dict(
+    id="ANSIBLE0015",
+    name="become should be combined with become_user",
+    check=check_become_user,
+    version="0.1",
    types=["playbook", "task", "handler"]
 ))

@ -225,6 +235,7 @@ standards = [
    dont_compare_to_empty_string,
    dont_compare_to_literal_bool,
    literal_bool_should_be_formatted,
+    use_become_with_become_user,
    # Lint
    files_should_not_contain_unnecessarily_empty_lines,
    files_should_be_indented,
--- a/ansiblelater/rules/ansiblefiles.py
+++ b/ansiblelater/rules/ansiblefiles.py
@ -217,3 +217,17 @@ def check_literal_bool_format(candidate, settings):
                errors.append(Error(i, description))

    return Result(candidate.path, errors)
+
+
+def check_become_user(candidate, settings):
+    tasks, errors = get_normalized_tasks(candidate, settings)
+    description = "the task has 'become:' enabled but 'become_user:' is missing"
+    true_value = [True, 'true', 'True', 'TRUE', 'yes', 'Yes', 'YES']
+
+    if not errors:
+        gen = (task for task in tasks if 'become' in task)
+        for task in gen:
+            if task["become"] in true_value and 'become_user' not in task.keys():
+                errors.append(Error(task["__line__"], description))
+
+    return Result(candidate.path, errors)