fix linting errors

Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
2024-11-14 02:47:06 +00:00 · 2020-08-23 13:18:24 +02:00 · 2020-08-23 13:18:24 +02:00 · 0757a3d1c3
commit 0757a3d1c3
parent bbe5ad4707
9 changed files with 102 additions and 101 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -1,6 +1,7 @@
+---
 name: New release

-on:
+on:  # yamllint disable-line rule:truthy
  push:
    branches:
      - master
@ -59,7 +60,7 @@ jobs:
        id: create_release
        uses: actions/create-release@v1
        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # This token is provided by Actions, you do not need to create your own token
        with:
          release_name: ${{ steps.version.outputs.next-version }}
          tag_name: ${{ steps.version.outputs.next-version }}
--- a/.kitchen.vagrant.yml
+++ b/.kitchen.vagrant.yml
@ -19,33 +19,33 @@ transport:
  max_ssh_sessions: 5

 platforms:
- name: ubuntu-16.04
-  driver_config:
-    box: bento/ubuntu-16.04
- name: ubuntu-18.04
-  driver_config:
-    box: bento/ubuntu-18.04
- name: centos-6
-  driver_config:
-    box: bento/centos-6
- name: centos-7
-  driver_config:
-    box: bento/centos-7
- name: oracle-6
-  driver_config:
-    box: bento/oracle-6
- name: oracle-7
-  driver_config:
-    box: bento/oracle-7
- name: debian-9
-  driver_config:
-    box: bento/debian-9
- name: debian-10
-  driver_config:
-    box: bento/debian-10
- name: amazon
-  driver_config:
-    box: bento/amazonlinux-2
+  - name: ubuntu-16.04
+    driver_config:
+      box: bento/ubuntu-16.04
+  - name: ubuntu-18.04
+    driver_config:
+      box: bento/ubuntu-18.04
+  - name: centos-6
+    driver_config:
+      box: bento/centos-6
+  - name: centos-7
+    driver_config:
+      box: bento/centos-7
+  - name: oracle-6
+    driver_config:
+      box: bento/oracle-6
+  - name: oracle-7
+    driver_config:
+      box: bento/oracle-7
+  - name: debian-9
+    driver_config:
+      box: bento/debian-9
+  - name: debian-10
+    driver_config:
+      box: bento/debian-10
+  - name: amazon
+    driver_config:
+      box: bento/amazonlinux-2

 verifier:
  name: inspec
@ -54,4 +54,4 @@ verifier:
    - https://github.com/dev-sec/mysql-baseline/

 suites:
- name: mysql
+  - name: mysql
--- a/.kitchen.yml
+++ b/.kitchen.yml
@ -27,66 +27,64 @@ provisioner:
  galaxy_ignore_certs: true

 platforms:
- name: centos6-ansible-latest
-  driver:
-    image: rndmh3ro/docker-centos6-ansible:latest
-    platform: centos
- name: centos7-ansible-latest
-  driver:
-    image: rndmh3ro/docker-centos7-ansible:latest
-    platform: centos
-    run_command: /sbin/init
-    provision_command:
-      - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
-      - systemctl enable sshd.service
- name: oracle6-ansible-latest
-  driver:
-    image: rndmh3ro/docker-oracle6-ansible:latest
-    platform: centos
- name: oracle7-ansible-latest
-  driver:
-    image: rndmh3ro/docker-oracle7-ansible:latest
-    run_command: /sbin/init
-    platform: centos
-    run_command: /sbin/init
-    provision_command:
-      - systemctl enable ssh.service
- name: ubuntu1804-ansible-latest
-  driver:
-    image: rndmh3ro/docker-ubuntu1804-ansible:latest
-    platform: ubuntu
-    provision_command:
-      - systemctl enable ssh.service
- name: debian9-ansible-latest
-  driver:
-    image: rndmh3ro/docker-debian9-ansible:latest
-    platform: debian
-    run_command: /sbin/init
-    provision_command:
-      - apt install -y systemd-sysv
-      - systemctl enable ssh.service
- name: debian10-ansible-latest
-  driver:
-    image: rndmh3ro/docker-debian10-ansible:latest
-    platform: debian
-    run_command: /sbin/init
-    provision_command:
-      - apt install -y systemd-sysv
-      - systemctl enable ssh.service
- name: amazon-ansible-latest
-  driver:
-    image: rndmh3ro/docker-amazon-ansible:latest
-    platform: centos
-    run_command: /sbin/init
-    provision_command:
-      - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
-      - systemctl enable sshd.service
+  - name: centos6-ansible-latest
+    driver:
+      image: rndmh3ro/docker-centos6-ansible:latest
+      platform: centos
+  - name: centos7-ansible-latest
+    driver:
+      image: rndmh3ro/docker-centos7-ansible:latest
+      platform: centos
+      run_command: /sbin/init
+      provision_command:
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - systemctl enable sshd.service
+  - name: oracle6-ansible-latest
+    driver:
+      image: rndmh3ro/docker-oracle6-ansible:latest
+      platform: centos
+  - name: oracle7-ansible-latest
+    driver:
+      image: rndmh3ro/docker-oracle7-ansible:latest
+      run_command: /sbin/init
+      platform: centos
+      provision_command:
+        - systemctl enable ssh.service
+  - name: ubuntu1804-ansible-latest
+    driver:
+      image: rndmh3ro/docker-ubuntu1804-ansible:latest
+      platform: ubuntu
+      provision_command:
+        - systemctl enable ssh.service
+  - name: debian9-ansible-latest
+    driver:
+      image: rndmh3ro/docker-debian9-ansible:latest
+      platform: debian
+      run_command: /sbin/init
+      provision_command:
+        - apt install -y systemd-sysv
+        - systemctl enable ssh.service
+  - name: debian10-ansible-latest
+    driver:
+      image: rndmh3ro/docker-debian10-ansible:latest
+      platform: debian
+      run_command: /sbin/init
+      provision_command:
+        - apt install -y systemd-sysv
+        - systemctl enable ssh.service
+  - name: amazon-ansible-latest
+    driver:
+      image: rndmh3ro/docker-amazon-ansible:latest
+      platform: centos
+      run_command: /sbin/init
+      provision_command:
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - systemctl enable sshd.service
 verifier:
  name: inspec
  sudo: true
  inspec_tests:
-     - ../mysql-baseline
-#    - https://github.com/dev-sec/mysql-baseline
+    - https://github.com/dev-sec/mysql-baseline

 suites:
- name: mysql
+  - name: mysql
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,7 +1,8 @@
+---
 # switcher to enable/disable role
-mysql_hardening_enabled: yes
+mysql_hardening_enabled: true

-mysql_daemon_enabled: yes
+mysql_daemon_enabled: true

 # general configuration
 mysql_cnf_owner: 'root' # owner of /etc/mysql/*.cnf files
--- a/requirements.yml
+++ b/requirements.yml
@ -1 +1,2 @@
+---
 - src: geerlingguy.mysql
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@ -6,7 +6,7 @@
    mode: 0400
    owner: '{{ mysql_cnf_owner }}'
    group: '{{ mysql_cnf_owner }}'
-    follow: yes
+    follow: true
    state: file

 - name: ensure permissions on mysql-datadir are correct
@ -29,7 +29,7 @@
    state: directory
    owner: '{{ mysql_hardening_user }}'
    group: '{{ mysql_hardening_group }}'
-    mode: "0570"
+    mode: '0570'

 - name: check include-dir directive is present in my.cnf
  lineinfile:
@ -37,7 +37,7 @@
    line: '!includedir {{ mysql_hardening_mysql_confd_dir }}'
    insertafter: 'EOF'
    state: present
-    backup: yes
+    backup: true
  notify: restart mysql

 - name: apply hardening configuration
@ -46,7 +46,7 @@
    dest: '{{ mysql_hardening_mysql_hardening_conf_file }}'
    owner: '{{ mysql_cnf_owner }}'
    group: '{{ mysql_cnf_group }}'
-    mode: "0460"
+    mode: '0460'
  notify: restart mysql

 - name: enable mysql
--- a/tasks/mysql_secure_installation.yml
+++ b/tasks/mysql_secure_installation.yml
@ -1,11 +1,11 @@
 ---
 - name: Install mysqld python libary for Ansible
  package:
-    name: "{{ mysql_python_package }}"
+    name: '{{ mysql_python_package }}'
    state: present

 - debug:
-    msg: "WARNING - you have to change default mysql_root_password"
+    msg: 'WARNING - you have to change default mysql_root_password'
  when: mysql_root_password == '-----====>SetR00tPa$$wordH3r3!!!<====-----'

 - name: root password is present
@ -32,7 +32,7 @@
  mysql_user:
    name: ''
    state: absent
-    host_all: yes
+    host_all: true
  when: mysql_remove_anonymous_users

 - name: copy mysql_remove_remote_root
--- a/tests/test.yml
+++ b/tests/test.yml
@ -1,11 +1,10 @@
 ---
-
 - name: wrapper playbook for kitchen testing "ansible-mysql-hardening"
  hosts: localhost
  pre_tasks:
    - name: Run the equivalent of "apt-get update" as a separate step
      apt:
-        update_cache: yes
+        update_cache: true
      when: ansible_os_family == 'Debian'
    - file:
        path: "/etc/mysql"
@ -14,7 +13,7 @@
      apt:
        name: procps
        state: installed
-        update_cache: yes
+        update_cache: true
      when: ansible_distribution == 'Debian'
    - name: set logfile according to OS
      set_fact:
@ -25,11 +24,11 @@
        mysql_log_error: "/var/log/mysqld.log"
      when: ansible_os_family == "RedHat"
  vars:
-    overwrite_global_mycnf: no
+    overwrite_global_mycnf: false
    mysql_root_password: iloverandompasswordsbutthiswilldo
    mysql_user_password: iloverandompasswordsbutthiswilldo
    mysql_config_file: /etc/mysql/mariadb.cnf
-    mysql_root_password_update: yes
+    mysql_root_password_update: true
  roles:
    - geerlingguy.mysql
    - ansible-mysql-hardening
--- a/vars/Fedora.yml
+++ b/vars/Fedora.yml
@ -1,3 +1,4 @@
+---
 mysql_daemon: mysqld
 mysql_hardening_mysql_conf_file: '/etc/my.cnf'
 mysql_hardening_mysql_confd_dir: '/etc/my.cnf.d'