Fix false positive reports in is_handler function #4170

MalKeshar · 2024-05-16T14:06:45Z

Found in the process of writing and checking custom rules.

The "is_handler" function considers all tasks from the file to be handlers if the file name contains the substring "handlers".

Therefore, all tasks in the check_handlers_playbook.yaml playbook were accepted as handlers.

I'm not sure if it's worth relying on the filename or path at all. But if we do, then maybe it makes sense to look for the full string, not just a part of it.

Found in the process of writing and checking custom rules. The "is_handler" function considers all tasks from the file to be handlers if the file name contains the substring "handlers". Therefore, all tasks in the check_handlers_playbook.yaml playbook were accepted as handlers. I'm not sure if it's worth relying on the filename or path at all. But if we do, then maybe it makes sense to look for the full string, not just a part of it.

MalKeshar · 2024-05-16T14:36:11Z

Actually there is one more issue with detecting handlers. It is triggers in role handlers and not in plain playbook

This task will be detected as handler

- name: Reload sysctl (good handler)
  ansible.builtin.shell:
    cmd: "sysctl --system -p"
  changed_when: false

because it's object has attribute __file__

DEBUG    file_name: roles/xservice/handlers/main.yaml
DEBUG    self.position: .[3]
DEBUG    Running rule task-has-tag
DEBUG    Debug: task: Reload sysctl (good handler), args: {'cmd': 'sysctl --system -p'}, action: {'__ansible_module__': 'shell', '__ansible_module_original__': 'ansible.builtin.shell', 'cmd': 'sysctl --system -p', '__line__': 3, '__file__': PosixPath('roles/xservice/handlers/main.yaml')}

This task won't be detected as handler

- name: Reload sysctl ( bad handler)
  ansible.builtin.shell: "sysctl --system -p"
  changed_when: false

because it's object hasn't attribute __file__

DEBUG    file_name: roles/xservice/handlers/main.yaml
DEBUG    self.position: .[0]
DEBUG    Debug: task: Reload sysctl (bad handler), args: {'_raw_params': 'sysctl --system -p'}, action: {'__ansible_module__': 'shell', '__ansible_module_original__': 'ansible.builtin.shell', '_raw_params': 'sysctl --system -p'}

Both "self.position" don't have "handlers" word in it.

This function probably requires some redesign. Unfortunally python is not my lang, so I'm not gonna dig it dipper by myself.

env:

OS: ubuntu 22.04
Python: 3.10.12
ansible                   8.7.0
ansible-compat            24.5.1
ansible-core              2.15.11
ansible-lint              24.5.0

MalKeshar requested a review from a team as a code owner May 16, 2024 14:06

MalKeshar requested review from Qalthos and shatakshiiii and removed request for a team May 16, 2024 14:06

MalKeshar had a problem deploying to ack May 16, 2024 14:06 — with GitHub Actions Failure

MalKeshar temporarily deployed to test May 16, 2024 14:07 — with GitHub Actions Inactive

ssbarnea approved these changes Jun 1, 2024

View reviewed changes

ssbarnea added the bug label Jun 1, 2024

ssbarnea temporarily deployed to ack June 1, 2024 10:44 — with GitHub Actions Inactive

ssbarnea merged commit 6db675d into ansible:main Jun 1, 2024
25 of 26 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix false positive reports in is_handler function #4170

Fix false positive reports in is_handler function #4170

MalKeshar commented May 16, 2024

MalKeshar commented May 16, 2024 •

edited

Fix false positive reports in is_handler function #4170

Fix false positive reports in is_handler function #4170

Conversation

MalKeshar commented May 16, 2024

MalKeshar commented May 16, 2024 • edited

MalKeshar commented May 16, 2024 •

edited