ansible-lint icon indicating copy to clipboard operation
ansible-lint copied to clipboard

Published 20 hours ago verified publisher icon ansible

"File permissions unset or incorrect" cannot ignore unset modes

Open kees-closed opened this issue 2 years ago • 0 comments

Summary

I sometimes don't set the mode because it's a file managed by my distribution. I'm not going to check if all those file modes still make sense years later. It's best to leave as is and just modify the content if there is not dot folder to load custom configs.

Issue Type
  • Bug Report
Ansible and Ansible Lint details
ansible [core 2.12.9]
  config file = /home/user/git/ansible/ansible.cfg
  configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.10/site-packages/ansible
  ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.6 (main, Aug  2 2022, 00:00:00) [GCC 12.1.1 20220507 (Red Hat 12.1.1-1)]
  jinja version = 3.0.3
  libyaml = True
  • ansible installation method: OS package
  • ansible-lint installation method: OS package
OS / ENVIRONMENT

Fedora 36

STEPS TO REPRODUCE

I do the following.

$ git commit
Ansible Lint.............................................................Failed
- hook id: ansible-lint
- exit code: 2

WARNING  Loading custom .yamllint.yml config file, this extends our internal yamllint config.
WARNING  Listing 4 violation(s) that are fatal
risky-file-permissions: File permissions unset or incorrect
roles/common/tasks/main.yml:302 Task/Handler: customize hardware configuration

Which should be fixed by adding this to line 302 of roles/common/tasks/main.yml:

    - name: customize hardware configuration # noqa risky-file-permissions
      ini_file:
        dest: /boot/config.txt
        section: "{{ item.section }}"
        option: "{{ item.option }}"
        value: "{{ item.value }}"
        no_extra_spaces: true
      loop:
        - section: all
          option: dtoverlay
          value: disable-bt,disable-wifi
        - section: all
          option: gpu_mem
          value: 128
        - section: all
          option: start_x
          value: 0
      notify: rfkill unblock wlan
      when:
        - groups.researchproject is defined
        - ansible_hostname in groups.researchproject
    tags: hardware

But still, the error persists. What am I doing wrong?

Desired Behavior

I want the error gone for when the mode is not set. I don't want to disable the QA check globally, because it is useful. But just not in all conditions.

Actual Behavior

At the moment ansible-lint fails, which limits my pre-commit setting for pushing a change.

kees-closed avatar Sep 22 '22 08:09 kees-closed