From e1e62d3f571acd8402d457edf3493a346896a194 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
Date: Thu, 13 Feb 2025 09:27:29 +0100
Subject: [PATCH] Auto-fix yaml rules

In order to reduce divergance with ansible-lint rules, we apply
auto-fixing of violations.

In current patch we replace all kind of truthy variables with
`true` or `false` values to align with recommendations along with
alignment of used quotes.

Change-Id: I4a3107ce91b0eed15f3ab9aea4a1e6c4f967d0e0
---
 .gitignore                        |  1 +
 defaults/main.yml                 | 23 +++++++++++------------
 examples/playbook.yml             |  2 +-
 handlers/main.yml                 |  8 ++++----
 tasks/haproxy_install.yml         |  4 ++--
 tasks/haproxy_post_install.yml    | 12 ++++++------
 tasks/haproxy_pre_install.yml     |  2 +-
 tasks/haproxy_service_config.yml  | 23 +++++++++++------------
 tasks/haproxy_ssl_letsencrypt.yml |  4 ++--
 9 files changed, 39 insertions(+), 40 deletions(-)

diff --git a/.gitignore b/.gitignore
index 3a77206..c46a9ec 100644
--- a/.gitignore
+++ b/.gitignore
@@ -45,6 +45,7 @@ logs/*
 # OS generated files #
 ######################
 ._*
+.ansible
 .tox
 *.egg-info
 .eggs
diff --git a/defaults/main.yml b/defaults/main.yml
index b1c9eef..c8aa61d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -15,7 +15,7 @@
 
 # Validate Certificates when downloading hatop. May be set to "no" when proxy server
 # is intercepting the certificates.
-haproxy_hatop_download_validate_certs: yes
+haproxy_hatop_download_validate_certs: true
 
 # Set the package install state for distribution packages
 # Options are 'present' and 'latest'
@@ -27,7 +27,7 @@ haproxy_fall: 3
 haproxy_interval: 12000
 
 ## Haproxy Stats
-haproxy_stats_enabled: False
+haproxy_stats_enabled: false
 haproxy_stats_bind_address: 127.0.0.1
 haproxy_stats_port: 1936
 haproxy_stats_ssl: "{{ haproxy_ssl }}"
@@ -38,7 +38,7 @@ haproxy_stats_password: secrete
 haproxy_stats_refresh_interval: 60
 # Prometheus stats are supported from HAProxy v2
 # Stats must be enabled above before this can be used
-haproxy_stats_prometheus_enabled: False
+haproxy_stats_prometheus_enabled: false
 
 # Default haproxy backup nodes to empty list so this doesn't have to be
 # defined for each service.
@@ -51,8 +51,8 @@ haproxy_frontend_redirect_extra_raw: "{{ haproxy_frontend_extra_raw }}"
 # Default values for enabling HTTP/2 support
 # Note, that while HTTP/2 will be enabled on frontends that are covered with TLS,
 # backends can be configured to use HTTP/2 regardless of TLS.
-haproxy_frontend_h2: True
-haproxy_backend_h2: False
+haproxy_frontend_h2: true
+haproxy_backend_h2: false
 
 haproxy_service_configs: []
 # Example:
@@ -134,7 +134,7 @@ haproxy_service_configs: []
 #    /api/bar 40
 
 galera_monitoring_user: monitoring
-haproxy_bind_on_non_local: False
+haproxy_bind_on_non_local: false
 
 ## haproxy SSL
 haproxy_ssl: true
@@ -159,7 +159,7 @@ haproxy_pki_setup_host: "{{ openstack_pki_setup_host | default('localhost') }}"
 
 # Create a certificate authority if one does not already exist
 haproxy_pki_create_ca: "{{ openstack_pki_authorities is not defined | bool }}"
-haproxy_pki_regen_ca: ''
+haproxy_pki_regen_ca: ""
 haproxy_pki_authorities:
   - name: "HAProxyRoot"
     country: "GB"
@@ -200,7 +200,7 @@ haproxy_pki_certs_path: "{{ haproxy_pki_dir ~ '/certs/certs/' }}"
 haproxy_pki_intermediate_cert_name: "{{ openstack_pki_service_intermediate_cert_name | default('HAProxyIntermediate') }}"
 haproxy_pki_intermediate_cert_path: >-
   {{ haproxy_pki_dir ~ '/roots/' ~ haproxy_pki_intermediate_cert_name ~ '/certs/' ~ haproxy_pki_intermediate_cert_name ~ '.crt' }}
-haproxy_pki_regen_cert: ''
+haproxy_pki_regen_cert: ""
 haproxy_pki_certificates: "{{ _haproxy_pki_certificates }}"
 
 # SSL certificate creation
@@ -211,7 +211,7 @@ haproxy_pki_install_certificates: "{{ _haproxy_pki_install_certificates }}"
 
 # activate letsencrypt option
 haproxy_ssl_letsencrypt_enable: false
-haproxy_ssl_letsencrypt_certbot_binary: 'certbot'
+haproxy_ssl_letsencrypt_certbot_binary: "certbot"
 haproxy_ssl_letsencrypt_certbot_backend_port: 8888
 haproxy_ssl_letsencrypt_pre_hook_timeout: 5
 haproxy_ssl_letsencrypt_certbot_bind_address: "{{ ansible_host }}"
@@ -252,8 +252,7 @@ haproxy_server_timeout: "50s"
 # Set the HTTP keepalive mode to use
 # Disable persistent connections by default because they can cause issues when the server side closes the connection
 # at the same time a request is sent.
-haproxy_keepalive_mode: 'httpclose'
-
+haproxy_keepalive_mode: "httpclose"
 
 ## haproxy tuning params
 haproxy_maxconn: 4096
@@ -318,7 +317,7 @@ haproxy_security_txt_headers: |
   Connection: close
   Content-Type: text/plain; charset=utf-8
 
-haproxy_security_txt_content: ''
+haproxy_security_txt_content: ""
 # haproxy_security_txt_content: |
 #   # Please see https://securitytxt.org/ for details of the specification of this file
 
diff --git a/examples/playbook.yml b/examples/playbook.yml
index 8ebfed6..8379974 100644
--- a/examples/playbook.yml
+++ b/examples/playbook.yml
@@ -18,4 +18,4 @@
           - "httpchk"
           - "httplog"
         haproxy_backend_arguments:
-          - 'http-check expect string OK'
+          - "http-check expect string OK"
diff --git a/handlers/main.yml b/handlers/main.yml
index aa844c2..0723744 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -56,8 +56,8 @@
   service:
     name: "rsyslog"
     state: "restarted"
-    enabled: yes
-    daemon_reload: yes
+    enabled: true
+    daemon_reload: true
   when:
     - "'rsyslog' in ansible_facts.packages"
 
@@ -65,8 +65,8 @@
   service:
     name: "haproxy"
     state: "reloaded"
-    enabled: yes
-    daemon_reload: yes
+    enabled: true
+    daemon_reload: true
   listen:
     - Regen pem
     - Regenerate maps
diff --git a/tasks/haproxy_install.yml b/tasks/haproxy_install.yml
index cc50471..6ee574b 100644
--- a/tasks/haproxy_install.yml
+++ b/tasks/haproxy_install.yml
@@ -48,7 +48,7 @@
       unarchive:
         src: "{{ haproxy_hatop_download_path }}/{{ haproxy_hatop_download_url | basename }}"
         dest: "{{ haproxy_hatop_download_path }}/{{ haproxy_hatop_download_url | basename | replace('.tar.gz', '') }}"
-        remote_src: yes
+        remote_src: true
         extra_opts:
           - --strip-components=1
 
@@ -57,5 +57,5 @@
         src: "{{ haproxy_hatop_download_path }}/{{ haproxy_hatop_download_url | basename | replace('.tar.gz', '') }}/bin/hatop"
         dest: /usr/local/bin/hatop
         mode: "0755"
-        remote_src: yes
+        remote_src: true
   when: haproxy_hatop_install | bool
diff --git a/tasks/haproxy_post_install.yml b/tasks/haproxy_post_install.yml
index b8b1d4b..f0581a3 100644
--- a/tasks/haproxy_post_install.yml
+++ b/tasks/haproxy_post_install.yml
@@ -17,7 +17,7 @@
   sysctl:
     name: "{{ item }}"
     value: 1
-    sysctl_set: yes
+    sysctl_set: true
     state: present
   when: haproxy_bind_on_non_local | bool
   with_items:
@@ -65,9 +65,9 @@
   file:
     path: "{{ haproxy_log_mount_point | dirname }}"
     state: directory
-    mode: '0755'
-    owner: 'haproxy'
-    group: 'haproxy'
+    mode: "0755"
+    owner: "haproxy"
+    group: "haproxy"
 
 # NOTE(jrosser) The next task fails on Centos without this,
 # an empty directory rather than a file is made and the bind mount fails
@@ -90,8 +90,8 @@
 - name: Prevent SELinux from preventing haproxy from binding to arbitrary ports
   seboolean:
     name: haproxy_connect_any
-    state: yes
-    persistent: yes
+    state: true
+    persistent: true
   tags:
     - haproxy-service-config
   notify:
diff --git a/tasks/haproxy_pre_install.yml b/tasks/haproxy_pre_install.yml
index c7ca5ea..be08f3e 100644
--- a/tasks/haproxy_pre_install.yml
+++ b/tasks/haproxy_pre_install.yml
@@ -64,4 +64,4 @@
   when:
     - (item.condition | default(True))
   loop: "{{ haproxy_static_files }}"
-  no_log: True
+  no_log: true
diff --git a/tasks/haproxy_service_config.yml b/tasks/haproxy_service_config.yml
index 747f644..4c82695 100644
--- a/tasks/haproxy_service_config.yml
+++ b/tasks/haproxy_service_config.yml
@@ -35,8 +35,8 @@
     owner: root
     group: haproxy
     mode: "0640"
-# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
-# with haproxy_service_configs in 2024.1.
+  # NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
+  # with haproxy_service_configs in 2024.1.
   loop: "{{ _haproxy_service_configs_simplified }}"
   loop_control:
     loop_var: service
@@ -55,14 +55,13 @@
     path: "/etc/haproxy/conf.d/{{ service.haproxy_service_name }}"
     state: absent
   notify: Regenerate haproxy configuration
-# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
-# with haproxy_service_configs in 2024.1.
+  # NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
+  # with haproxy_service_configs in 2024.1.
   loop: "{{ _haproxy_service_configs_simplified }}"
   loop_control:
     loop_var: service
   when:
-    - ((service.haproxy_service_enabled | default('True')) | bool) is falsy or
-      (service.state is defined and service.state == 'absent')
+    - ((service.haproxy_service_enabled | default('True')) | bool) is falsy or (service.state is defined and service.state == 'absent')
 
 ###########################################################################
 # Map files assembled from fragments from each service into <map-name>.map
@@ -75,8 +74,8 @@
     owner: root
     group: haproxy
     mode: "0750"
-# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
-# with haproxy_service_configs in 2024.1.
+  # NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
+  # with haproxy_service_configs in 2024.1.
   loop: >-
     {{
       _haproxy_service_configs_simplified | selectattr('haproxy_map_entries', 'defined') | map(attribute='haproxy_map_entries') | flatten |
@@ -93,8 +92,8 @@
     owner: root
     group: haproxy
     mode: "0640"
-# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
-# with haproxy_service_configs in 2024.1.
+  # NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
+  # with haproxy_service_configs in 2024.1.
   with_subelements:
     - "{{ _haproxy_service_configs_simplified | selectattr('haproxy_map_entries', 'defined') }}"
     - haproxy_map_entries
@@ -113,8 +112,8 @@
     - (item.0.haproxy_service_enabled | default('True')) | bool is falsy or
       (item.0.state is defined and item.0.state == 'absent') or
       (item.1.state | default('present') == 'absent')
-# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
-# with haproxy_service_configs in 2024.1.
+  # NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
+  # with haproxy_service_configs in 2024.1.
   with_subelements:
     - "{{ _haproxy_service_configs_simplified | selectattr('haproxy_map_entries', 'defined') }}"
     - haproxy_map_entries
diff --git a/tasks/haproxy_ssl_letsencrypt.yml b/tasks/haproxy_ssl_letsencrypt.yml
index b010a32..44f27bc 100644
--- a/tasks/haproxy_ssl_letsencrypt.yml
+++ b/tasks/haproxy_ssl_letsencrypt.yml
@@ -66,11 +66,11 @@
         haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ (item.get('interface')) | ternary(
           item.get('address') ~ '-' ~ item['interface'], item['address'])  ~ '.pem'
       }}
-    regexp: '(privkey|fullchain).pem$'
+    regexp: "(privkey|fullchain).pem$"
     owner: haproxy
     group: haproxy
     mode: "0640"
   with_items:
-    - "{{ haproxy_vip_binds | selectattr('type', 'defined') |  selectattr('type', 'eq', 'external') }}"
+    - "{{ haproxy_vip_binds | selectattr('type', 'defined') | selectattr('type', 'eq', 'external') }}"
   notify:
     - Reload haproxy