From 37317a6e5fc7f9f9b6b6e22813a6c9b1fe39d0ff Mon Sep 17 00:00:00 2001
From: Bruce Becker <brucellino@protonmail.ch>
Date: Thu, 21 Mar 2024 06:36:57 +0100
Subject: [PATCH] style(shibboleth-sp): fix all linting errors in role

WIP #270

WIP #267

Signed-off-by: Bruce Becker <brucellino@protonmail.ch>
---
 roles/shibboleth-sp/defaults/main.yml         |  2 +-
 roles/shibboleth-sp/handlers/main.yml         |  6 +-
 .../shibboleth-sp/tasks/configure-common.yml  | 64 ++++++++++---------
 roles/shibboleth-sp/tasks/install-Debian.yml  |  9 ++-
 roles/shibboleth-sp/tasks/install-common.yml  |  5 +-
 roles/shibboleth-sp/tasks/main.yml            |  4 +-
 roles/shibboleth-sp/vars/Debian-buster.yml    |  8 +--
 roles/shibboleth-sp/vars/Debian-jessie.yml    |  8 +--
 roles/shibboleth-sp/vars/Debian-stretch.yml   |  8 +--
 9 files changed, 59 insertions(+), 55 deletions(-)

diff --git a/roles/shibboleth-sp/defaults/main.yml b/roles/shibboleth-sp/defaults/main.yml
index 6bc31a22..9173a863 100644
--- a/roles/shibboleth-sp/defaults/main.yml
+++ b/roles/shibboleth-sp/defaults/main.yml
@@ -107,7 +107,7 @@ shibboleth_sp_session:
   # "none" is the default and does no limiting
   # N.B. Consider carefully before using this option as it can allow malicious
   # use of your SP as an open redirect
-  #redirect_limit: "none"
+  # redirect_limit: "none"
 
 # SSO settings. To allow for >1 IdP, remove entity_id property and adjust
 # discovery_url to point to discovery service.
diff --git a/roles/shibboleth-sp/handlers/main.yml b/roles/shibboleth-sp/handlers/main.yml
index 8450c9c7..efca5382 100644
--- a/roles/shibboleth-sp/handlers/main.yml
+++ b/roles/shibboleth-sp/handlers/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Restart Shibboleth SP
-  service:
+  ansible.builtin.service:
     name: "{{ shibboleth_sp_service }}"
-    state: "restarted"
-  become: yes
+    state: restarted
+  become: true
diff --git a/roles/shibboleth-sp/tasks/configure-common.yml b/roles/shibboleth-sp/tasks/configure-common.yml
index 19c08d67..aacb7f35 100644
--- a/roles/shibboleth-sp/tasks/configure-common.yml
+++ b/roles/shibboleth-sp/tasks/configure-common.yml
@@ -1,8 +1,7 @@
 ---
-
 - name: Ensure Shibboleth SP SSL certificate is copied
-  copy:
-    content: '{{ item.content }}'
+  ansible.builtin.copy:
+    content: "{{ item.content }}"
     dest: "{{ item.dest }}"
     owner: "{{ shibboleth_sp_user }}"
     group: "{{ shibboleth_sp_group }}"
@@ -14,24 +13,29 @@
     - content: "{{ shibboleth_sp_ssl_cert_key }}"
       dest: "{{ shibboleth_sp_conf_path }}/cert/sp-key.pem"
       mode: "0600"
-  when: shibboleth_sp_ssl_cert_generate|bool == False
-  become: yes
-  no_log: yes
+  when: not (shibboleth_sp_ssl_cert_generate|bool)
+  become: true
+  no_log: true
   notify:
     - Restart Shibboleth SP
 
 - name: Ensure Shibboleth SP self-signed certificate is generated
-  command: openssl req -newkey rsa:2048 -new -x509 -days 3652 -subj "{{ shibboleth_sp_ssl_cert_subj }}" -nodes -out sp-crt.pem -keyout sp-key.pem
+  # This should probably use one of the modules from community.crypto
+  ansible.builtin.command: |-
+    openssl req \
+      -newkey rsa:2048 -new -x509 -days 3652 \
+      -subj "{{ shibboleth_sp_ssl_cert_subj }}" \
+      -nodes -out sp-crt.pem -keyout sp-key.pem
   args:
     chdir: "{{ shibboleth_sp_conf_path }}/cert"
     creates: "{{ shibboleth_sp_conf_path }}/cert/sp-key.pem"
-  when: shibboleth_sp_ssl_cert_generate|bool == True
-  become: yes
+  when: shibboleth_sp_ssl_cert_generate|bool
+  become: true
   notify:
     - Restart Shibboleth SP
 
 - name: Ensure Shibboleth SP certificate is installed
-  file:
+  ansible.builtin.file:
     state: file
     path: "{{ item.path }}"
     owner: "{{ shibboleth_sp_user }}"
@@ -42,42 +46,42 @@
       mode: "0644"
     - path: "{{ shibboleth_sp_conf_path }}/cert/sp-key.pem"
       mode: "0600"
-  become: yes
+  become: true
 
 - name: Configure Shibboleth SP main settings
-  template:
-    src: "shibboleth2.xml.j2"
+  ansible.builtin.template:
+    src: shibboleth2.xml.j2
     dest: "{{ shibboleth_sp_conf_path }}/shibboleth2.xml"
-    owner: "root"
-    group: "root"
-    mode: 0644
-    backup: yes
-  become: yes
+    owner: root
+    group: root
+    mode: "0644"
+    backup: true
+  become: true
   notify:
     - Restart Shibboleth SP
 
 - name: Configure Shibboleth SP attribute mappings
-  copy:
+  ansible.builtin.copy:
     src: "{{ shibboleth_sp_attribute_map_file }}"
     dest: "{{ shibboleth_sp_conf_path }}/attribute-map.xml"
-    owner: "root"
-    group: "root"
-    mode: 0644
-    backup: yes
+    owner: root
+    group: root
+    mode: "0644"
+    backup: true
   when: shibboleth_sp_attribute_map_file is defined
-  become: yes
+  become: true
   notify:
     - Restart Shibboleth SP
 
 - name: Configure Shibboleth SP attribute policies
-  copy:
+  ansible.builtin.copy:
     src: "{{ shibboleth_sp_attribute_policy_file }}"
     dest: "{{ shibboleth_sp_conf_path }}/attribute-policy.xml"
-    owner: "root"
-    group: "root"
-    mode: 0644
-    backup: yes
+    owner: root
+    group: root
+    mode: "0644"
+    backup: true
   when: shibboleth_sp_attribute_policy_file is defined
-  become: yes
+  become: true
   notify:
     - Restart Shibboleth SP
diff --git a/roles/shibboleth-sp/tasks/install-Debian.yml b/roles/shibboleth-sp/tasks/install-Debian.yml
index 11c992e9..08f33583 100644
--- a/roles/shibboleth-sp/tasks/install-Debian.yml
+++ b/roles/shibboleth-sp/tasks/install-Debian.yml
@@ -1,9 +1,8 @@
 ---
-
 - name: Ensure Shibboleth SP Apache module is installed (Debian)
-  apt:
+  ansible.builtin.apt:
     name: libapache2-mod-shib2
     state: present
-    update_cache: yes
-    install_recommends: no
-  become: yes
+    update_cache: true
+    install_recommends: false
+  become: true
diff --git a/roles/shibboleth-sp/tasks/install-common.yml b/roles/shibboleth-sp/tasks/install-common.yml
index f48109a9..b845fe9e 100644
--- a/roles/shibboleth-sp/tasks/install-common.yml
+++ b/roles/shibboleth-sp/tasks/install-common.yml
@@ -1,11 +1,12 @@
 ---
 - name: Ensure required Shibboleth SP dirs exist
-  file: 
+  ansible.builtin.file:
     path: "{{ shibboleth_sp_conf_path }}/{{ item }}"
     state: directory
     owner: "{{ shibboleth_sp_user }}"
     group: "{{ shibboleth_sp_group }}"
+    mode: "0755"
   with_items:
     - metadata
     - cert
-  become: yes
+  become: true
diff --git a/roles/shibboleth-sp/tasks/main.yml b/roles/shibboleth-sp/tasks/main.yml
index 63ccc461..6318464b 100644
--- a/roles/shibboleth-sp/tasks/main.yml
+++ b/roles/shibboleth-sp/tasks/main.yml
@@ -50,8 +50,8 @@
 - name: Include Debian Install Tasks
   ansible.builtin.include_tasks: install-Debian.yml
   when: ansible_os_family == 'Debian'
-#- include: install-CentOS.yml
-#  when: ansible_os_family == 'CentOS
+# - include: install-CentOS.yml
+#   when: ansible_os_family == 'CentOS
 
 - name: Run OS-independent installation tasks
   ansible.builtin.include_tasks: install-common.yml
diff --git a/roles/shibboleth-sp/vars/Debian-buster.yml b/roles/shibboleth-sp/vars/Debian-buster.yml
index 2bf78f4a..080b33eb 100644
--- a/roles/shibboleth-sp/vars/Debian-buster.yml
+++ b/roles/shibboleth-sp/vars/Debian-buster.yml
@@ -3,7 +3,7 @@
 ---
 
 shibboleth_sp_default_version: "3.0"
-shibboleth_sp_default_service: "shibd"
-shibboleth_sp_default_conf_path: "/etc/shibboleth"
-shibboleth_sp_default_user: "_shibd"
-shibboleth_sp_default_group: "_shibd"
+shibboleth_sp_default_service: shibd
+shibboleth_sp_default_conf_path: /etc/shibboleth
+shibboleth_sp_default_user: _shibd
+shibboleth_sp_default_group: _shibd
diff --git a/roles/shibboleth-sp/vars/Debian-jessie.yml b/roles/shibboleth-sp/vars/Debian-jessie.yml
index 98c38454..3ef4e035 100644
--- a/roles/shibboleth-sp/vars/Debian-jessie.yml
+++ b/roles/shibboleth-sp/vars/Debian-jessie.yml
@@ -3,7 +3,7 @@
 ---
 
 shibboleth_sp_default_version: "2.5"
-shibboleth_sp_default_service: "shibd"
-shibboleth_sp_default_conf_path: "/etc/shibboleth"
-shibboleth_sp_default_user: "_shibd"
-shibboleth_sp_default_group: "_shibd"
+shibboleth_sp_default_service: shibd
+shibboleth_sp_default_conf_path: /etc/shibboleth
+shibboleth_sp_default_user: _shibd
+shibboleth_sp_default_group: _shibd
diff --git a/roles/shibboleth-sp/vars/Debian-stretch.yml b/roles/shibboleth-sp/vars/Debian-stretch.yml
index deafcfd5..69a26d78 100644
--- a/roles/shibboleth-sp/vars/Debian-stretch.yml
+++ b/roles/shibboleth-sp/vars/Debian-stretch.yml
@@ -3,7 +3,7 @@
 ---
 
 shibboleth_sp_default_version: "2.6"
-shibboleth_sp_default_service: "shibd"
-shibboleth_sp_default_conf_path: "/etc/shibboleth"
-shibboleth_sp_default_user: "_shibd"
-shibboleth_sp_default_group: "_shibd"
+shibboleth_sp_default_service: shibd
+shibboleth_sp_default_conf_path: /etc/shibboleth
+shibboleth_sp_default_user: _shibd
+shibboleth_sp_default_group: _shibd