• Stars
    star
    225
  • Rank 177,187 (Top 4 %)
  • Language
    Python
  • License
    MIT License
  • Created over 8 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Setup

Using pip

pip install ansible-review

From source

# Install dependency https://github.com/willthames/ansible-lint
git clone https://github.com/willthames/ansible-review
export PYTHONPATH=$PYTHONPATH:`pwd`/ansible-review/lib
export PATH=$PATH:`pwd`/ansible-review/bin

Fedora/RHEL

ansible-review can be found: under standard Fedora repos, or under EPEL. To install ansible-review, use yum or dnf accordingly.

yum install ansible-review

Usage

ansible-review FILES

Where FILES is a space delimited list of files to review. ansible-review is not recursive and won't descend into child folders; it just processes the list of files you give it.

Passing a folder in with the list of files will elicit a warning:

WARN: Couldn't classify file ./foldername

ansible-review will review inventory files, role files, python code (modules, plugins) and playbooks.

  • The goal is that each file that changes in a changeset should be reviewable simply by passing those files as the arguments to ansible-review.
  • Roles are slightly harder, and sub-roles are yet harder still (currently just using -R to process roles works very well, but doesn't examine the structure of the role)
  • Using {{ playbook_dir }} in sub roles is so far very hard.
  • This should work against various repository styles
    • per-role repository
    • roles with sub-roles
    • per-playbook repository
  • It should work with roles requirement files and with local roles

Typical approaches

Git repositories

  • git ls-files | xargs ansible-review works well in a roles repo to review the whole role. But it will review the whole of other repos too.
  • git diff branch_to_compare | ansible-review will review only the changes between the branches and surrounding context.

Without git

  • find . -type f | xargs ansible-review will review all files in the current folder (and all subfolders), even if they're not checked into git

Reviews

Reviews are nothing without some standards or checklists against which to review.

ansible-review comes with a couple of built-in checks, such as a playbook syntax checker and a hook to ansible-lint. You define your own standards.

Configuration

If your standards (and optionally inhouse lint rules) are set up, create a configuration file in the appropriate location (this will depend on your operating system)

The location can be found by using ansible-review with no arguments.

You can override the configuration file location with the -c flag.

[rules]
lint = /path/to/your/ansible/lint/rules
standards = /path/to/your/standards/rules

The standards directory can be overridden with the -d argument, and the lint rules directory can be overwritten with the -r argument.

Standards file

A standards file comprises a list of standards, and optionally some methods to check those standards.

Create a file called standards.py (this can import other modules)

from ansiblereview include Standard, Result

use_modules_instead_of_command = Standard(dict(
    name = "Use modules instead of commands",
    version = "0.2",
    check = ansiblelint('ANSIBLE0005,ANSIBLE0006'),
    types = ['playbook', 'task'],
))

standards = [
  use_modules_instead_of_command,
  packages_should_not_be_latest,
]

When you add new standards, you should increment the version of your standards. Your playbooks and roles should declare what version of standards you are using, otherwise ansible-review assumes you're using the latest. The declaration is done by adding standards version as first line in the file. e.g.

# Standards: 1.2

To add standards that are advisory, don't set the version. These will cause a message to be displayed but won't constitute a failure.

When a standard version is higher than declared version, a message will be displayed 'WARN: Future standard' and won't constitute a failure.

An example standards file is available at lib/ansiblereview/examples/standards.py

If you only want to check one or two standards quickly (perhaps you want to review your entire code base for deprecated bare words), you can use the -s flag with the name of your standard. You can pass -s multiple times.

git ls-files | xargs ansible-review -s "bare words are deprecated for with_items"

You can see the name of the standards being checked for each different file by running ansible-review with the -v option.

Standards checks

A typical standards check will look like:

def check_playbook_for_something(candidate, settings):
    result = Result(candidate.path) # empty result is a success with no output
    with open(candidate.path, 'r') as f:
        for (lineno, line) in enumerate(f):
            if line is dodgy:
                # enumerate is 0-based so add 1 to lineno
                result.errors.append(Error(lineno+1, "Line is dodgy: reasons"))
    return result

All standards check take a candidate object, which has a path attribute. The type can be inferred from the class name (i.e. type(candidate).__name__)

They return a Result object, which contains a possibly empty list of Error objects. Error objects are formed of a line number and a message. If the error applies to the whole file being reviewed, set the line number to None. Line numbers are important as ansible-review can review just ranges of files to only review changes (e.g. through piping the output of git diff to ansible-review)

The ansible-lint check is ready out of the box, and just takes a list of IDs or tags to check. You can point to your own ansible-lint rules using the configuration file or -d /path/to/ansible/lint/rules

Pre-commit

To use ansible-review with pre-commit, just add the following to your local repo's .pre-commit-config.yaml file. Make sure to change sha: to be either a git commit SHA or tag of ansible-review containing hooks.yaml.

- repo: https://github.com/willthames/ansible-review
  sha: bd2e8b6863dc20d8619418e6817d5793c7ebc687
  hooks:
    - id: ansible-review

Notice, that this is currently in testing phase.

More Repositories

1

ansible-inventory-grapher

Python
411
star
2

kubernetes-validate

Python
45
star
3

ansible-ec2-example

29
star
4

ansible-testing

Python
20
star
5

ansible-role-kube-resource

Manage Kubernetes resources through Ansible
HTML
19
star
6

devops-singapore-2016

Ruby
17
star
7

python-logging-proxy

Logging proxy
Python
17
star
8

ansiblefest2018

Python
13
star
9

aws-inkscape-symbols

Python
10
star
10

photodeck.lrdevplugin

PhotoDeck publishing plugin for Lightroom
Lua
6
star
11

explain.depesz.com

Fork of https://gitlab.com/depesz/explain.depesz.com
Perl
6
star
12

willthames.github.io

CSS
4
star
13

dotfiles

CSS
4
star
14

ansible-role-aws-lambda

Python
4
star
15

chef-on-rails

Rails-based dashboard for chef
Ruby
3
star
16

application-controller

Rust
3
star
17

role-versioning-example

3
star
18

playbook-versioning-example

3
star
19

ansible-hooks

Shell
3
star
20

devops-bris-ansible

Ruby
3
star
21

devopsweeklyindex

scripts for indexing devops weekly archive
Python
3
star
22

whatisdevops

HTML
2
star
23

listcircles

app to explore html5 and twitter api integration
Ruby
2
star
24

kubernetes-the-ansible-way

Python
2
star
25

ansible-brisbane-june-2017

HTML
2
star
26

wordle-guesses

Python
2
star
27

docker-debug-ts

TypeScript
2
star
28

firefox-ssl-research

2
star
29

docker-debug

Python
1
star
30

fakates

Python
1
star
31

mysql_setup

1
star
32

terraform-kubernetes-module-namespaces

HCL
1
star
33

jmx-perms

Java
1
star
34

postgresql-role

1
star
35

terraform-kubernetes-module-fluent-bit

HCL
1
star
36

terraform-willtham.es

HCL
1
star
37

devopsdays2014

JavaScript
1
star
38

client_9.4_setup

1
star
39

ansible-demo-docker-debug

1
star
40

terraform-civo-kubernetes

HCL
1
star
41

db_testing

Python
1
star
42

ansible-demo-common

1
star
43

pg_setup

1
star
44

copy_with_null_items

1
star
45

terraform-kubernetes-module-cilium

HCL
1
star
46

pgpool

Shell
1
star
47

ansible-jenkins-ci

Python
1
star
48

training

Python
1
star
49

ansible-brisbane-07-2016

CSS
1
star
50

badmeta

1
star
51

terraform-kubernetes-module-docker-debug

HCL
1
star
52

git-another-dep

1
star
53

willtham.es

CSS
1
star
54

terraform-kubernetes-module-ingress-nginx

HCL
1
star
55

geekforum-2014-01

JavaScript
1
star
56

env_dashboard

Python
1
star
57

clojure-books

fiddling around with clojure
Clojure
1
star
58

terraform-kubernetes-module-grafana

HCL
1
star
59

strava_activities

Python
1
star
60

dynamic_include_test

1
star
61

common_setup

Perl
1
star
62

aws-hipaa

1
star
63

filesrepo

Python
1
star
64

terraform-kubernetes-module-prometheus

HCL
1
star
65

opentelemetry-exporter-honeycomb

TypeScript
1
star
66

ansible-bris-nov-2017

HTML
1
star
67

ansible-bris-oct-2016

HTML
1
star
68

terraform-module-bug-test

1
star
69

terraform-kubernetes-module-civo-external-dns

HCL
1
star
70

weather

Python
1
star
71

adventofcode

Rust
1
star
72

application-operator-example

Python
1
star
73

opentracing-processor

Go
1
star
74

otre

Opentracing Rules Engine
Go
1
star
75

terraform-kubernetes-module-otel-collector

HCL
1
star
76

opentelemetry-tests

JavaScript
1
star
77

terraform-kubernetes-module-civo-cert-manager

HCL
1
star
78

devops-bris-ignite

HTML
1
star
79

urllib_kerberos

Python
1
star
80

ansible-role-vpc

1
star
81

d3

d3
JavaScript
1
star
82

ansible-demo-kuard

1
star
83

terraform-civo

HCL
1
star