fix linting issues

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2024-11-22 23:51:57 +01:00 · 2020-08-24 10:36:58 +02:00 · 2020-08-24 10:36:58 +02:00 · 7484f233d5
commit 7484f233d5
parent cb407267c0
9 changed files with 116 additions and 127 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -1,6 +1,7 @@
 ---
 name: New release
-on:
+on:  # yamllint disable-line rule:truthy
  push:
    branches:
      - master
@ -59,7 +60,7 @@ jobs:
        id: create_release
        uses: actions/create-release@v1
        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # This token is provided by Actions, you do not need to create your own token
        with:
          release_name: ${{ steps.version.outputs.next-version }}
          tag_name: ${{ steps.version.outputs.next-version }}
--- a/.kitchen.vagrant.yml
+++ b/.kitchen.vagrant.yml
@ -25,33 +25,33 @@ transport:
  max_ssh_sessions: 5
 platforms:
- name: ubuntu-16.04
+  - name: ubuntu-16.04
-  driver_config:
+    driver_config:
-    box: bento/ubuntu-16.04
+      box: bento/ubuntu-16.04
- name: ubuntu-18.04
+  - name: ubuntu-18.04
-  driver_config:
+    driver_config:
-    box: bento/ubuntu-18.04
+      box: bento/ubuntu-18.04
- name: centos-6
+  - name: centos-6
-  driver_config:
+    driver_config:
-    box: bento/centos-6
+      box: bento/centos-6
- name: centos-7
+  - name: centos-7
-  driver_config:
+    driver_config:
-    box: bento/centos-7
+      box: bento/centos-7
- name: oracle-6
+  - name: oracle-6
-  driver_config:
+    driver_config:
-    box: bento/oracle-6
+      box: bento/oracle-6
- name: oracle-7
+  - name: oracle-7
-  driver_config:
+    driver_config:
-    box: bento/oracle-7
+      box: bento/oracle-7
- name: debian-9
+  - name: debian-9
-  driver_config:
+    driver_config:
-    box: bento/debian-9
+      box: bento/debian-9
- name: debian-10
+  - name: debian-10
-  driver_config:
+    driver_config:
-    box: bento/debian-10
+      box: bento/debian-10
- name: amazon
+  - name: amazon
-  driver_config:
+    driver_config:
-    box: bento/amazonlinux-2
+      box: bento/amazonlinux-2
 verifier:
  name: inspec
@ -60,4 +60,4 @@ verifier:
    - https://github.com/dev-sec/nginx-baseline/
 suites:
- name: nginx
+  - name: nginx
--- a/.kitchen.yml
+++ b/.kitchen.yml
@ -26,75 +26,74 @@ provisioner:
  galaxy_ignore_certs: true
 platforms:
- name: centos6-ansible-latest
+  - name: centos6-ansible-latest
-  driver:
+    driver:
-    image: rndmh3ro/docker-centos6-ansible:latest
+      image: rndmh3ro/docker-centos6-ansible:latest
-    platform: centos
+      platform: centos
- name: centos7-ansible-latest
+  - name: centos7-ansible-latest
-  driver:
+    driver:
-    image: rndmh3ro/docker-centos7-ansible:latest
+      image: rndmh3ro/docker-centos7-ansible:latest
-    platform: centos
+      platform: centos
-    run_command: /sbin/init
+      run_command: /sbin/init
-    provision_command:
+      provision_command:
-      - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
-      - systemctl enable sshd.service
+        - systemctl enable sshd.service
- name: oracle6-ansible-latest
+  - name: oracle6-ansible-latest
-  driver:
+    driver:
-    image: rndmh3ro/docker-oracle6-ansible:latest
+      image: rndmh3ro/docker-oracle6-ansible:latest
-    platform: centos
+      platform: centos
- name: oracle7-ansible-latest
+  - name: oracle7-ansible-latest
-  driver:
+    driver:
-    image: rndmh3ro/docker-oracle7-ansible:latest
+      image: rndmh3ro/docker-oracle7-ansible:latest
-    run_command: /sbin/init
+      run_command: /sbin/init
-    platform: centos
+      platform: centos
-    provision_command:
+      provision_command:
-      - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
-      - systemctl enable sshd.service
+        - systemctl enable sshd.service
- name: ubuntu1604-ansible-latest
+  - name: ubuntu1604-ansible-latest
-  driver:
+    driver:
-    image: rndmh3ro/docker-ubuntu1604-ansible:latest
+      image: rndmh3ro/docker-ubuntu1604-ansible:latest
-    platform: ubuntu
+      platform: ubuntu
-    run_command: /sbin/init
+      run_command: /sbin/init
-    provision_command:
+      provision_command:
-      - systemctl enable ssh.service
+        - systemctl enable ssh.service
- name: ubuntu1804-ansible-latest
+  - name: ubuntu1804-ansible-latest
-  driver:
+    driver:
-    image: rndmh3ro/docker-ubuntu1804-ansible:latest
+      image: rndmh3ro/docker-ubuntu1804-ansible:latest
-    platform: ubuntu
+      platform: ubuntu
-    run_command: /sbin/init
+      run_command: /sbin/init
-    provision_command:
+      provision_command:
-      - systemctl enable ssh.service
+        - systemctl enable ssh.service
- name: debian9-ansible-latest
+  - name: debian9-ansible-latest
-  driver:
+    driver:
-    image: rndmh3ro/docker-debian9-ansible:latest
+      image: rndmh3ro/docker-debian9-ansible:latest
-    platform: debian
+      platform: debian
-    run_command: /sbin/init
+      run_command: /sbin/init
-    provision_command:
+      provision_command:
-      - apt install -y systemd-sysv
+        - apt install -y systemd-sysv
-      - systemctl enable ssh.service
+        - systemctl enable ssh.service
- name: debian10-ansible-latest
+  - name: debian10-ansible-latest
-  driver:
+    driver:
-    image: rndmh3ro/docker-debian10-ansible:latest
+      image: rndmh3ro/docker-debian10-ansible:latest
-    platform: debian
+      platform: debian
-    run_command: /sbin/init
+      run_command: /sbin/init
-    provision_command:
+      provision_command:
-      - apt install -y systemd-sysv
+        - apt install -y systemd-sysv
-      - systemctl enable ssh.service
+        - systemctl enable ssh.service
- name: amazon-ansible-latest
+  - name: amazon-ansible-latest
-  driver:
+    driver:
-    image: rndmh3ro/docker-amazon-ansible:latest
+      image: rndmh3ro/docker-amazon-ansible:latest
-    platform: centos
+      platform: centos
-    run_command: /sbin/init
+      run_command: /sbin/init
-    provision_command:
+      provision_command:
-      - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
-      - systemctl enable sshd.service
+        - systemctl enable sshd.service
 verifier:
  name: inspec
  sudo: true
  inspec_tests:
-    - ../nginx-baseline
+    - https://github.com/dev-sec/nginx-baseline
    #- https://github.com/dev-sec/nginx-baseline
  controls:
    - nginx-01
    - nginx-02
@ -113,4 +112,4 @@ verifier:
    - nginx-17
 suites:
- name: nginx
+  - name: nginx
--- a/.travis.yml
+++ b/.travis.yml
@ -42,17 +42,17 @@ env:
    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
    test_playbook: test.yml
-#  - distro: amazon
+  #  - distro: amazon
-#    init: /lib/systemd/systemd
+  #    init: /lib/systemd/systemd
-#    version: latest
+  #    version: latest
-#    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
+  #    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
-#    test_playbook: test.yml
+  #    test_playbook: test.yml
-#
+  #
-#  - distro: fedora
+  #  - distro: fedora
-#    init: /lib/systemd/systemd
+  #    init: /lib/systemd/systemd
-#    version: latest
+  #    version: latest
-#    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
+  #    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
-#    test_playbook: test.yml
+  #    test_playbook: test.yml
  - distro: centos6
    version: latest
@ -89,19 +89,6 @@ env:
    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
    test_playbook: official-nginx-role-debian.yml
 #  - distro: amazon
 #    init: /lib/systemd/systemd
 #    version: latest
 #    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
 #    test_playbook: official-nginx-role-debian.yml
 #
 #  - distro: fedora
 #    init: /lib/systemd/systemd
 #    version: latest
 #    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
 #    test_playbook: official-nginx-role-debian.yml
 before_install:
  # Pull container
  - 'docker pull rndmh3ro/docker-${distro}-ansible:${version}'
@ -116,7 +103,7 @@ script:
  # Install ansible galaxy requirements
  - 'docker exec "$(cat ${container_id})" ansible-galaxy -c install -r /etc/ansible/roles/ansible-nginx-hardening/requirements.yml -p /etc/ansible/roles/'
-  
+
  # Test role
  - 'docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/ansible-nginx-hardening/tests/"${test_playbook}" -vv'
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,3 +1,4 @@
 ---
 - name: restart nginx
  service:
    name: "nginx"
--- a/requirements.yml
+++ b/requirements.yml
@ -1,2 +1,3 @@
 ---
 - src: nginxinc.nginx
 - src: geerlingguy.nginx
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -5,7 +5,7 @@
    mode: "o-rw"
    owner: "root"
    group: "root"
-    recurse: yes
+    recurse: true
 - name: create additional configuration
  template:
@ -33,10 +33,10 @@
 - name: change ssl_prefer_server_ciphers in main nginx.conf
  lineinfile:
-     dest: "/etc/nginx/nginx.conf"
+    dest: "/etc/nginx/nginx.conf"
-     regexp: '^\s*ssl_prefer_server_ciphers'
+    regexp: '^\s*ssl_prefer_server_ciphers'
-     line: "    ssl_prefer_server_ciphers {{ nginx_ssl_prefer_server_ciphers }};"
+    line: "    ssl_prefer_server_ciphers {{ nginx_ssl_prefer_server_ciphers }};"
-     insertafter: "http {"
+    insertafter: "http {"
  notify: restart nginx
 - name: change client_max_body_size in main nginx.conf
--- a/tests/official-nginx-role-debian.yml
+++ b/tests/official-nginx-role-debian.yml
@ -37,4 +37,4 @@
      ignore_errors: true
  roles:
    - nginxinc.nginx
-    - ansible-nginx-hardening
+    - ansible-nginx-hardening
--- a/tests/official-nginx-role-redhat.yml
+++ b/tests/official-nginx-role-redhat.yml
@ -12,4 +12,4 @@
      ignore_errors: true
  roles:
    - nginxinc.nginx
-    - ansible-nginx-hardening
+    - ansible-nginx-hardening