1
0
Fork 0

♻refactor: Command ansible module across the repo for better security

Shell module is not needed here.

According to various sources (https://www.youtube.com/watch?v=57gAqKvAKck or https://stackoverflow.com/questions/56663332/difference-between-shell-and-command-in-ansible) it is not useful to use shell ansible module when not working with operands. Therefore I have decided to switch every actions to command module, more secure. Ansible-lint says "Shell should only be used when piping, redirecting or chaining commands"
This commit is contained in:
Arthur BOUDREAULT 2021-10-12 14:00:56 +00:00 committed by Christophe Chaudier
parent f6c6f1d144
commit c23177170e
4 changed files with 17 additions and 17 deletions

View file

@ -1,6 +1,6 @@
--- ---
- name: List currently installed apps - name: List currently installed apps
ansible.builtin.shell: yunohost app map --output-as json ansible.builtin.command: yunohost app map --output-as json
register: ynh_installed_apps_raw register: ynh_installed_apps_raw
changed_when: False changed_when: False
@ -8,7 +8,7 @@
ansible.builtin.set_fact: ynh_installed_apps="{{ ynh_installed_apps_raw.stdout | from_json }}" ansible.builtin.set_fact: ynh_installed_apps="{{ ynh_installed_apps_raw.stdout | from_json }}"
- name: Install yunohost apps - name: Install yunohost apps
ansible.builtin.shell: yunohost app install {{ item.link }} \ ansible.builtin.command: yunohost app install {{ item.link }} \
--label "{{ item.label }}" \ --label "{{ item.label }}" \
--args "{% for key, value in item.args.items() %}{{ key }}={{ value --args "{% for key, value in item.args.items() %}{{ key }}={{ value
}}{% if not loop.last %}&{% endif %}{% endfor %}" }}{% if not loop.last %}&{% endif %}{% endfor %}"

View file

@ -1,6 +1,6 @@
--- ---
- name: List currently installed domains - name: List currently installed domains
ansible.builtin.shell: yunohost domain list --output-as json ansible.builtin.command: yunohost domain list --output-as json
register: ynh_installed_domains_raw register: ynh_installed_domains_raw
changed_when: False changed_when: False
@ -8,6 +8,6 @@
ansible.builtin.set_fact: ynh_installed_domains="{{ ynh_installed_domains_raw.stdout | from_json }}" ansible.builtin.set_fact: ynh_installed_domains="{{ ynh_installed_domains_raw.stdout | from_json }}"
- name: Create domains - name: Create domains
ansible.builtin.shell: yunohost domain add {{ item }} ansible.builtin.command: yunohost domain add {{ item }}
with_items: "{{ ynh_extra_domains }}" with_items: "{{ ynh_extra_domains }}"
when: item not in ynh_installed_domains.domains when: item not in ynh_installed_domains.domains

View file

@ -22,11 +22,11 @@
when: ynh_file_install.stat.exists == False when: ynh_file_install.stat.exists == False
- name: Launch Yunohost postinstall - name: Launch Yunohost postinstall
ansible.builtin.shell: " ansible.builtin.command:
yunohost tools postinstall \ yunohost tools postinstall \
--domain {{ ynh_main_domain }} \ --domain "{{ ynh_main_domain }}" \
--password {{ ynh_admin_password }} \ --password "{{ ynh_admin_password }}" \
{% if ynh_ignore_dyndns_server == True %} --ignore-dyndns {% endif %}" {% if ynh_ignore_dyndns_server == True %} --ignore-dyndns {% endif %}
when: ynh_file_install.stat.exists == False when: ynh_file_install.stat.exists == False
- name: Create extra domains - name: Create extra domains
@ -34,10 +34,10 @@
when: ynh_extra_domains when: ynh_extra_domains
- name: Run first Yunohost diagnosis - name: Run first Yunohost diagnosis
ansible.builtin.shell: yunohost diagnosis run ansible.builtin.command: yunohost diagnosis run
- name: Install domain certificates - name: Install domain certificates
ansible.builtin.shell: yunohost domain cert-install ansible.builtin.command: yunohost domain cert-install
changed_when: False changed_when: False
- name: Add Yunohost users - name: Add Yunohost users

View file

@ -1,6 +1,6 @@
--- ---
- name: List users - name: List users
ansible.builtin.shell: yunohost user list --output-as json ansible.builtin.command: yunohost user list --output-as json
register: ynh_registered_users_raw register: ynh_registered_users_raw
changed_when: False changed_when: False
@ -8,11 +8,11 @@
ansible.builtin.set_fact: ynh_registered_users="{{ ynh_registered_users_raw.stdout | from_json }}" ansible.builtin.set_fact: ynh_registered_users="{{ ynh_registered_users_raw.stdout | from_json }}"
- name: Create missing Yunohost users - name: Create missing Yunohost users
ansible.builtin.shell: | ansible.builtin.command:
yunohost user create {{ item.name }} \ yunohost user create "{{ item.name }}" \
-f {{ item.firstname }} \ -f "{{ item.firstname }}" \
-l {{ item.lastname }} \ -l "{{ item.lastname }}" \
-d {{ item.mail_domain }} \ -d "{{ item.mail_domain }}" \
-p {{ item.pass }} -p "{{ item.pass }}"
loop: "{{ ynh_users }}" loop: "{{ ynh_users }}"
when: item.name not in ynh_registered_users.users.keys() when: item.name not in ynh_registered_users.users.keys()