fix: jinja2 linting

.ansible-lint

@@ -3,6 +3,7 @@
 skip_list:
   - '106'  # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern`
   - 'fqcn-builtins'  # For ansible 2.7 - 2.9 compatibility
+  - 'fqcn'  # For ansible 2.7 - 2.9 compatibility
 
 exclude_paths:
   - molecule/_tests/

defaults/main.yml

@@ -6,19 +6,19 @@
 # ---------------------------------------------------------------------------
 
 # Package variables
-vault_version: "{{ lookup('env','VAULT_VERSION') | default('1.5.5', true) }}{{'+prem' if vault_enterprise_premium else '' }}{{'.hsm' if vault_enterprise_premium_hsm else '' }}"
+vault_version: "{{ lookup('env', 'VAULT_VERSION') | default('1.5.5', true) }}{{ '+prem' if vault_enterprise_premium else '' }}{{ '.hsm' if vault_enterprise_premium_hsm else '' }}"
 vault_architecture_map:
   # this first entry seems... redundant (but it's required for reasons)
   amd64: amd64
   x86_64: amd64
   armv7l: arm
   aarch64: arm64
 vault_architecture: "{{ vault_architecture_map[ansible_architecture] }}"
-vault_os: "{{ ansible_system|lower }}"
+vault_os: "{{ ansible_system | lower }}"
 vault_pkg: "vault_{{ vault_version }}_{{ vault_os }}_{{ vault_architecture }}.zip"
 vault_shasums: "vault_{{ vault_version }}_SHA256SUMS"
 vault_zip_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_{{ vault_os }}_{{ vault_architecture }}.zip"
-vault_checksum_file_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version}}_SHA256SUMS"
+vault_checksum_file_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_SHA256SUMS"
 vault_repository_url: "{{ _vault_repository_url | default() }}"
 vault_repository_key_url: "{{ _vault_repository_key_url | default() }}"
 vault_rhsm_subscription_name:
@@ -69,9 +69,9 @@ vault_service_reload: false
 
 vault_cluster_name: dc1
 vault_datacenter: dc1
-vault_log_level: "{{ lookup('env','VAULT_LOG_LEVEL') | default('info', true) }}"
-vault_iface: "{{ lookup('env','VAULT_IFACE') | default(ansible_default_ipv4.interface, true) }}"
-vault_address: "{{ hostvars[inventory_hostname]['ansible_'+vault_iface]['ipv4']['address'] }}"
+vault_log_level: "{{ lookup('env', 'VAULT_LOG_LEVEL') | default('info', true) }}"
+vault_iface: "{{ lookup('env', 'VAULT_IFACE') | default(ansible_default_ipv4.interface, true) }}"
+vault_address: "{{ hostvars[inventory_hostname]['ansible_' + vault_iface]['ipv4']['address'] }}"
 vault_ui: "{{ lookup('env', 'VAULT_UI') | default(true, true) }}"
 vault_port: 8200
 
@@ -124,9 +124,9 @@ vault_backend_mysql: vault_backend_mysql.j2
 vault_backend_gcs: vault_backend_gcs.j2
 
 vault_cluster_disable: false
-vault_cluster_address: "{{ hostvars[inventory_hostname]['ansible_'+vault_iface]['ipv4']['address'] }}:{{ (vault_port | int) + 1}}"
+vault_cluster_address: "{{ hostvars[inventory_hostname]['ansible_' + vault_iface]['ipv4']['address'] }}:{{ (vault_port | int) + 1 }}"
 vault_cluster_addr: "{{ vault_protocol }}://{{ vault_cluster_address }}"
-vault_api_addr: "{{ vault_protocol }}://{{ vault_redirect_address | default(hostvars[inventory_hostname]['ansible_'+vault_iface]['ipv4']['address']) }}:{{ vault_port }}"
+vault_api_addr: "{{ vault_protocol }}://{{ vault_redirect_address | default(hostvars[inventory_hostname]['ansible_' + vault_iface]['ipv4']['address']) }}:{{ vault_port }}"
 vault_disable_api_health_check: false
 
 vault_max_lease_ttl: "768h"
@@ -176,11 +176,11 @@ vault_dynamodb: "{{ lookup('env', 'AWS_DYNAMODB_ENDPOINT') | default('', false)
 vault_dynamodb_table: "{{ lookup('env', 'AWS_DYNAMODB_TABLE') | default('vault-dynamodb-backend', false) }}"
 vault_dynamodb_ha_enabled: "{{ lookup('env', 'DYNAMODB_HA_ENABLED') | default('false', false) }}"
 vault_dynamodb_max_parallel: "128"
-vault_dynamodb_region: "{{ lookup('env','AWS_DEFAULT_REGION') | default('us-east-1', false) }}"
+vault_dynamodb_region: "{{ lookup('env', 'AWS_DEFAULT_REGION') | default('us-east-1', false) }}"
 vault_dynamodb_read_capacity: "{{ lookup('env', 'AWS_DYNAMODB_READ_CAPACITY') | default('5', false) }}"
 vault_dynamodb_write_capacity: "{{ lookup('env', 'AWS_DYNAMODB_WRITE_CAPACITY') | default('5', false) }}"
-vault_dynamodb_access_key: "{{ lookup('env','AWS_ACCESS_KEY_ID') | default('', false) }}"
-vault_dynamodb_secret_key: "{{ lookup('env','AWS_SECRET_ACCESS_KEY') | default('', false) }}"
+vault_dynamodb_access_key: "{{ lookup('env', 'AWS_ACCESS_KEY_ID') | default('', false) }}"
+vault_dynamodb_secret_key: "{{ lookup('env', 'AWS_SECRET_ACCESS_KEY') | default('', false) }}"
 vault_dynamodb_session_token: "{{ lookup('env', 'AWS_SESSION_TOKEN') | default('', false) }}"
 
 # mysql storage settings
@@ -201,7 +201,7 @@ vault_gcs_chunk_size: "8192"
 vault_gcs_max_parallel: "128"
 vault_gcs_copy_sa: false
 vault_gcs_credentials_src_file: ""
-vault_gcs_credentials_dst_file: "{{ vault_home }}/{{ vault_gcs_credentials_src_file | basename}}"
+vault_gcs_credentials_dst_file: "{{ vault_home }}/{{ vault_gcs_credentials_src_file | basename }}"
 
 # raft storage settings
 vault_backend: raft
@@ -217,8 +217,8 @@ vault_raft_cluster_members: |
   {% endfor %}
   ]
 
-vault_raft_data_path: "{{ lookup('env', 'VAULT_RAFT_DATA_PATH') | default(vault_data_path, true) }}"
-vault_raft_node_id: "{{ lookup('env', 'VAULT_RAFT_NODE_ID') | default(inventory_hostname_short, true) }}"
+vault_raft_data_path: "{{ lookup('env', 'VAULT_RAFT_DATA_PATH') | default(vault_data_path, true) }}"
+vault_raft_node_id: "{{ lookup('env', 'VAULT_RAFT_NODE_ID') | default(inventory_hostname_short, true) }}"
 # vault_raft_leader_tls_servername
 # vault_raft_performance_multiplier:
 # vault_raft_trailing_logs:
@@ -279,21 +279,21 @@ vault_systemd_unit_path: /lib/systemd/system
 # self-signed certificates you might need to change the following to false
 validate_certs_during_api_reachable_check: true
 
-vault_tls_config_path: "{{ lookup('env','VAULT_TLS_DIR') | default(('/opt/vault/tls' if (vault_install_hashi_repo) else '/etc/vault/tls'), true) }}"
-vault_tls_src_files: "{{ lookup('env','VAULT_TLS_SRC_FILES') | default(role_path+'/files', true) }}"
+vault_tls_config_path: "{{ lookup('env', 'VAULT_TLS_DIR') | default(('/opt/vault/tls' if (vault_install_hashi_repo) else '/etc/vault/tls'), true) }}"
+vault_tls_src_files: "{{ lookup('env', 'VAULT_TLS_SRC_FILES') | default(role_path + '/files', true) }}"
 
-vault_tls_disable: "{{ lookup('env','VAULT_TLS_DISABLE') | default(1, true) }}"
-vault_tls_gossip: "{{ lookup('env','VAULT_TLS_GOSSIP') | default(0, true) }}"
+vault_tls_disable: "{{ lookup('env', 'VAULT_TLS_DISABLE') | default(1, true) }}"
+vault_tls_gossip: "{{ lookup('env', 'VAULT_TLS_GOSSIP') | default(0, true) }}"
 
 vault_tls_copy_keys: "{{ false if (vault_install_hashi_repo) else true }}"
 vault_protocol: "{% if vault_tls_disable %}http{% else %}https{% endif %}"
-vault_tls_cert_file: "{{ lookup('env','VAULT_TLS_CERT_FILE') | default(('tls.crt' if (vault_install_hashi_repo) else 'server.crt'), true) }}"
-vault_tls_key_file: "{{ lookup('env','VAULT_TLS_KEY_FILE') | default(('tls.key' if (vault_install_hashi_repo) else 'server.key'), true) }}"
-vault_tls_ca_file: "{{ lookup('env','VAULT_TLS_CA_CRT') | default('ca.crt', true) }}"
+vault_tls_cert_file: "{{ lookup('env', 'VAULT_TLS_CERT_FILE') | default(('tls.crt' if (vault_install_hashi_repo) else 'server.crt'), true) }}"
+vault_tls_key_file: "{{ lookup('env', 'VAULT_TLS_KEY_FILE') | default(('tls.key' if (vault_install_hashi_repo) else 'server.key'), true) }}"
+vault_tls_ca_file: "{{ lookup('env', 'VAULT_TLS_CA_CRT') | default('ca.crt', true) }}"
 
-vault_tls_min_version: "{{ lookup('env','VAULT_TLS_MIN_VERSION') | default('tls12', true) }}"
+vault_tls_min_version: "{{ lookup('env', 'VAULT_TLS_MIN_VERSION') | default('tls12', true) }}"
 vault_tls_cipher_suites: ""
-vault_tls_prefer_server_cipher_suites: "{{ lookup('env','VAULT_TLS_PREFER_SERVER_CIPHER_SUITES') | default('false', true) }}"
+vault_tls_prefer_server_cipher_suites: "{{ lookup('env', 'VAULT_TLS_PREFER_SERVER_CIPHER_SUITES') | default('false', true) }}"
 vault_tls_files_remote_src: false
 vault_tls_require_and_verify_client_cert: false
 vault_tls_disable_client_certs: false
@@ -322,11 +322,11 @@ vault_transit_tls_skip_verify: "{{ lookup('env', 'VAULT_SKIP_VERIFY') | default(
 vault_awskms: false
 vault_awskms_config: "{{ vault_config_path }}/vault_awskms.hcl"
 vault_awskms_backend: vault_seal_awskms.j2
-vault_awskms_region: "{{ lookup('env','AWS_DEFAULT_REGION') | default('us-east-1', false) }}"
-vault_awskms_access_key: "{{ lookup('env','AWS_ACCESS_KEY_ID') | default('', false) }}"
-vault_awskms_secret_key: "{{ lookup('env','AWS_SECRET_ACCESS_KEY') | default('', false) }}"
-vault_awskms_key_id: "{{ lookup('env','VAULT_AWSKMS_SEAL_KEY_ID') | default('', false) }}"
-vault_awskms_endpoint: "{{ lookup('env','AWS_KMS_ENDPOINT') | default('', false) }}"
+vault_awskms_region: "{{ lookup('env', 'AWS_DEFAULT_REGION') | default('us-east-1', false) }}"
+vault_awskms_access_key: "{{ lookup('env', 'AWS_ACCESS_KEY_ID') | default('', false) }}"
+vault_awskms_secret_key: "{{ lookup('env', 'AWS_SECRET_ACCESS_KEY') | default('', false) }}"
+vault_awskms_key_id: "{{ lookup('env', 'VAULT_AWSKMS_SEAL_KEY_ID') | default('', false) }}"
+vault_awskms_endpoint: "{{ lookup('env', 'AWS_KMS_ENDPOINT') | default('', false) }}"
 
 # azurekeyvault seal
 vault_azurekeyvault: false
@@ -368,7 +368,7 @@ vault_entropy_seal: false
 # Enterprise related variables
 # ---------------------------------------------------------------------------
 
-vault_enterprise: "{{ lookup('env','VAULT_ENTERPRISE') | default(false, true) }}"
+vault_enterprise: "{{ lookup('env', 'VAULT_ENTERPRISE') | default(false, true) }}"
 vault_enterprise_pkg: "vault-enterprise_{{ vault_version }}_{{ vault_os }}_{{ vault_architecture }}.zip"
 vault_enterprise_shasums: "vault-enterprise_{{ vault_version }}_SHA256SUMS"
 vault_enterprise_premium: false

meta/main.yml

@@ -2,18 +2,18 @@
 # File: main.yml - Meta main
 
 galaxy_info:
+  namespace: community
   author: Brian Shumate
   description: HashiCorp Vault server role
   company: Brian Shumate
   license: BSD
-  min_ansible_version: 2.7
+  min_ansible_version: '2.7'
 
   platforms:
     - name: EL
       versions:
-        - 6
-        - 7
-        - 8
+        - '7'
+        - '8'
     - name: Ubuntu
       versions:
         - xenial

tasks/install_enterprise.yml

@@ -8,7 +8,7 @@
     state: present
   tags: installation
 
-- name: "[Enterprise] Check {{ role_path }}/files/{{ vault_enterprise_shasums }} (local)"
+- name: "[Enterprise] Check vault_enterprise_shasums (local)"
   stat:
     path: "{{ role_path }}/files/{{ vault_enterprise_shasums }}"
   become: false
@@ -30,15 +30,15 @@
     - skip_ansible_lint
   delegate_to: 127.0.0.1
 
-- name: "[Enterprise] Check {{ role_path }}/files/{{ vault_enterprise_pkg }} (local)"
+- name: "[Enterprise] Check vault_enterprise_pkg (local)"
   stat:
     path: "{{ role_path }}/files/{{ vault_enterprise_pkg }}"
   become: false
   run_once: true
   register: vault_package
   delegate_to: 127.0.0.1
 
-- name: "[Enterprise] Download vault version {{ vault_version }} (local)"
+- name: "[Enterprise] Download vault (local)"
   get_url:
     url: "{{ vault_zip_url }}/{{ vault_enterprise_pkg }}"
     dest: "{{ role_path }}/files/{{ vault_enterprise_pkg }}"
@@ -50,7 +50,7 @@
   when: not vault_package.stat.exists | bool
   delegate_to: 127.0.0.1
 
-- name: "[Enterprise] Unzip {{ role_path }}/files/{{ vault_enterprise_pkg }} (local)"
+- name: "[Enterprise] Unzip vault_enterprise_pkg (local)"
   unarchive:
     src: "{{ role_path }}/files/{{ vault_enterprise_pkg }}"
     dest: "{{ role_path }}/files/"
@@ -70,7 +70,7 @@
   notify: Restart vault
   tags: installation
 
-- name: "[Enterprise] Remove {{ role_path }}/files/vault"
+- name: "[Enterprise] Remove temporary vault installer files from role path"
   file:
     path: "{{ item }}"
     state: "absent"

tasks/main.yml

@@ -269,7 +269,7 @@
     - not ansible_os_family == "FreeBSD"
     - not ansible_os_family == "Solaris"
 
-- name: extract systemd version
+- name: Extract systemd version
   shell: |
     set -o pipefail
     systemctl --version systemd | head -n 1 | cut -d' ' -f2
@@ -284,7 +284,7 @@
     - not ansible_os_family == "Solaris"
   tags: skip_ansible_lint
 
-- name: systemd unit
+- name: Systemd unit
   become: true
   template:
     src: "{{ vault_systemd_template }}"
@@ -300,7 +300,7 @@
     - not ansible_os_family == "Solaris"
     - systemd_version is defined
 
-- name: reload systemd
+- name: Reload systemd
   become: true
   systemd:
     daemon-reload: true
@@ -320,7 +320,7 @@
     enabled: true
   register: start_vault
 
-- name: Pause for {{ vault_start_pause_seconds }} seconds to let Vault startup correctly
+- name: Pause to let Vault startup correctly
   pause:
     seconds: "{{ vault_start_pause_seconds }}"
   when:
@@ -395,7 +395,7 @@
 
 - name: Vault status
   debug:
-    msg: "Vault is {{ vault_http_status[check_result.status|string] }}"
+    msg: "Vault is {{ vault_http_status[check_result.status | string] }}"
   tags:
     - check_vault
   when:

vars/RedHat.yml

@@ -2,13 +2,13 @@
 # File: vars/RedHat.yml - Red Hat vars for Vault
 
 vault_os_packages:
-  - "{{ 'libselinux-python' if ansible_python_version is version('3', '<')  else 'python3-libselinux' }}"
+  - "{{ 'libselinux-python' if ansible_python_version is version('3', '<') else 'python3-libselinux' }}"
   - git
   - unzip
 
-_vault_repository_url: "{% if ( ansible_distribution | lower  == 'fedora') %}\
+_vault_repository_url: "{% if (ansible_distribution | lower == 'fedora') %}\
       https://rpm.releases.hashicorp.com/fedora/$releasever/$basearch/stable\
-    {% elif (ansible_distribution | lower  == 'amazon') %}\
+    {% elif (ansible_distribution | lower == 'amazon') %}\
       https://rpm.releases.hashicorp.com/AmazonLinux/$releasever/$basearch/stable
     {% else %}\
       https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/stable\