Complete linting of SLS files. (#276)

* finalize linting of all sls files * lint all files every run * silence warning in GHA for linter * echo files being linted to stdoutc
python · Aug 3, 2022 · beaf3ad · beaf3ad
1 parent f7edae8
commit beaf3ad
Show file tree

Hide file tree

Showing 26 changed files with 66 additions and 69 deletions.
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -25,11 +25,5 @@ jobs:
     - name: Install tox and any other packages
       run: pip install tox
 
-    - id: files
-      name: Determine changed files
-      uses: jitterbit/get-changed-files@v1
-      with:
-        format: json
-
     - name: Run Linter
-      run: tox -e lint -- $(jq -r '.[] | select(. | endswith(".sls"))' <<< '${{ steps.files.outputs.added_modified }}' | xargs)
+      run: tox -e lint
diff --git a/salt/base/harden/limits.sls b/salt/base/harden/limits.sls
@@ -3,4 +3,4 @@
     - source: salt://base/harden/config/limits.conf
     - user: root
     - group: root
-    - mode: 440
+    - mode: "0440"
diff --git a/salt/base/harden/login_defs.sls b/salt/base/harden/login_defs.sls
@@ -4,4 +4,4 @@
     - template: jinja
     - user: root
     - group: root
-    - mode: 444
+    - mode: "0444"
diff --git a/salt/base/harden/minimize_access.sls b/salt/base/harden/minimize_access.sls
@@ -13,7 +13,7 @@
   file.managed:
     - user: root
     - group: root
-    - mode: 600
+    - mode: "0600"
     - replace: False
 
 
@@ -22,5 +22,5 @@
   file.managed:
     - user: root
     - group: root
-    - mode: 750
+    - mode: "0750"
     - replace: False
diff --git a/salt/base/harden/pam.sls b/salt/base/harden/pam.sls
@@ -19,7 +19,7 @@ libpam-passwdqc:
     - source: salt://base/harden/config/pam_passwdqc
     - user: root
     - group: root
-    - mode: 640
+    - mode: "0640"
     - require:
       - pkg: libpam-passwdqc
 

diff --git a/salt/base/harden/profile.sls b/salt/base/harden/profile.sls
@@ -3,4 +3,4 @@
     - source: salt://base/harden/config/profile.sh
     - user: root
     - group: root
-    - mode: 755
+    - mode: "0755"
diff --git a/salt/base/mail.sls b/salt/base/mail.sls
@@ -16,7 +16,7 @@ mail-pkgs:
         smtp: {{ smtp }}
     - user: root
     - group: root
-    - mode: 640
+    - mode: "0640"
     - show_diff: False
     - require:
       - pkg: mail-pkgs

diff --git a/salt/base/repo.sls b/salt/base/repo.sls
@@ -2,8 +2,8 @@
   file.directory:
     - user: root
     - group: root
-    - dir_mode: 755
-    - file_mode: 644
+    - dir_mode: "0755"
+    - file_mode: "0644"
 
 psf:
   pkgrepo.managed:
@@ -14,7 +14,7 @@ psf:
 # Make source list globally readable.
 /etc/apt/sources.list.d/psf.list:
   file.managed:
-    - mode: 644
+    - mode: "0644"
     - replace: False
     - require:
       - pkgrepo: psf
diff --git a/salt/base/salt.sls b/salt/base/salt.sls
@@ -46,7 +46,7 @@ salt-master-pkg:
     - template: jinja
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
     - order: last
 
 salt-master:
@@ -62,7 +62,7 @@ salt-master:
     - source: salt://base/config/letsencrypt-well-known-nginx.conf
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
     - require:
       - file: /etc/nginx/sites.d/
       - sls: tls.lego
@@ -76,7 +76,7 @@ salt-master:
         port: 9000
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
     - require:
       - pkg: consul-pkgs
 
@@ -86,15 +86,15 @@ salt-master:
     - template: jinja
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
 
 /srv/salt-server-list.rst:
   file.managed:
     - source: salt://base/config/salt-server-list.rst.jinja
     - template: jinja
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
 {% endif %}
 
 salt-minion-pkg:
@@ -106,7 +106,7 @@ salt-minion-pkg:
     - contents: "mine_interval: 5"
     - user: root
     - group: root
-    - mode: 640
+    - mode: "0640"
 
 salt-minion:
   service.running:

diff --git a/salt/base/sanity.sls b/salt/base/sanity.sls
@@ -36,7 +36,7 @@ root-cron-path:
     - template: jinja
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
     - order: 2
 
   module.wait:

diff --git a/salt/datadog/init.sls b/salt/datadog/init.sls
@@ -33,7 +33,7 @@ datadog-agent:
   file.managed:
     - user: root
     - group: root
-    - mode: 0644
+    - mode: "0644"
     - template: jinja
     - source: salt://datadog/config/datadog.yaml.jinja
     - context:

diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
@@ -39,7 +39,7 @@ elasticsearch:
         port: 9200
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
     - require:
       - service: elasticsearch
       - pkg: consul-pkgs
diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
@@ -2,14 +2,14 @@
   file.directory:
     - user: root
     - group: root
-    - mode: 755
+    - mode: "0755"
 
 /etc/iptables/rules.v4:
   file.managed:
     - source: salt://firewall/config/iptables.jinja
     - user: root
     - group: root
-    - mode: 600
+    - mode: "0600"
     - template: jinja
     - require:
       - pkg: iptables-persistent
@@ -21,7 +21,7 @@
     - template: jinja
     - user: root
     - group: root
-    - mode: 600
+    - mode: "0600"
     - require:
       - pkg: iptables-persistent
 

diff --git a/salt/haproxy/init.sls b/salt/haproxy/init.sls
@@ -7,7 +7,7 @@ include:
   file.managed:
     - user: root
     - group: root
-    - mode: 755
+    - mode: "0755"
     - contents: |
          #!/bin/bash
          exit 101
@@ -40,7 +40,7 @@ haproxy:
     - contents_pillar: fastly:token
     - user: root
     - group: root
-    - mode: 640
+    - mode: "0640"
     - show_diff: False
     - require:
       - pkg: haproxy
@@ -51,7 +51,7 @@ haproxy:
     - template: jinja
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
     - require:
       - pkg: haproxy
 
@@ -62,7 +62,7 @@ haproxy:
     - template: jinja
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
     - require:
       - pkg: consul-pkgs
 
@@ -77,7 +77,7 @@ haproxy:
         command: service haproxy reload
     - user: root
     - group: root
-    - mode: 640
+    - mode: "0640"
     - require:
       - pkg: consul-pkgs
 
@@ -88,7 +88,7 @@ haproxy:
     - source: salt://haproxy/bin/haproxy-ocsp
     - user: root
     - group: root
-    - mode: 755
+    - mode: "0755"
   {% else %}
   file.absent
   {% endif %}
@@ -131,7 +131,7 @@ haproxy-ocsp:
     - template: jinja
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
     - require:
       - file: /etc/nginx/sites.d/
 
@@ -142,6 +142,6 @@ haproxy-ocsp:
     - template: jinja
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
     - require:
       - file: /etc/nginx/sites.d/
diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls
@@ -42,7 +42,7 @@ nginx:
     - template: jinja
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
     - require:
       - pkg: nginx
 
@@ -53,7 +53,7 @@ nginx:
     - template: jinja
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
     - require:
       - pkg: nginx
 
@@ -63,7 +63,7 @@ nginx:
     - contents:
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
     - replace: False
     - require:
       - pkg: nginx
@@ -73,7 +73,7 @@ nginx:
   file.directory:
     - user: root
     - group: root
-    - mode: 755
+    - mode: "0755"
     - require:
       - pkg: nginx
 
@@ -83,7 +83,7 @@ nginx:
     - source: salt://nginx/config/nginx.logrotate
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
     - require:
       - pkg: nginx
 
@@ -92,7 +92,7 @@ nginx:
   file.directory:
     - user: nginx
     - group: root
-    - mode: 0755
+    - mode: "0755"
     - require:
       - pkg: nginx
       - user: nginx

diff --git a/salt/pgbouncer/init.sls b/salt/pgbouncer/init.sls
@@ -10,7 +10,7 @@ pgbouncer-pkg:
     - template: jinja
     - user: postgres
     - group: postgres
-    - mode: 600
+    - mode: "0600"
     - show_changes: False
     - require:
       - pkg: pgbouncer-pkg
@@ -21,7 +21,7 @@ pgbouncer-pkg:
     - template: jinja
     - user: postgres
     - group: postgres
-    - mode: 600
+    - mode: "0600"
     - show_changes: False
     - require:
       - pkg: pgbouncer-pkg

diff --git a/salt/pypy-web/init.sls b/salt/pypy-web/init.sls
@@ -11,7 +11,7 @@ pypy-web-deps:
   file.directory:
     - user: nginx
     - group: nginx
-    - mode: 755
+    - mode: "0755"
     - makedirs: True
 
 /etc/nginx/sites.d/pypy-web.conf:
@@ -44,6 +44,6 @@ pypy-web-clone:
         port: 9000
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
     - require:
       - pkg: consul-pkgs
diff --git a/salt/pythontest/init.sls b/salt/pythontest/init.sls
@@ -77,7 +77,7 @@ chmod-ftpdata:
     - template: jinja
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
     - require:
        - file: /etc/nginx/sites.d/
        - git: testdata-repo
@@ -87,11 +87,11 @@ chmod-ftpdata:
     - source: salt://pythontest/config/vsftpd.conf
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
 
 /etc/news/inn.conf:
   file.managed:
     - source: salt://pythontest/config/inn.conf
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
diff --git a/salt/ssh/init.sls b/salt/ssh/init.sls
@@ -18,7 +18,7 @@ ssh:
     - template: jinja
     - user: root
     - group: root
-    - mode: 644
+    - mode: "0644"
 
 
 # If we have defined host keys for this server, then we want to drop them here
@@ -30,9 +30,9 @@ ssh:
     - owner: root
     - group: root
   {% if fn.endswith('.pub') %}
-    - mode: 644
+    - mode: "0644"
   {% else %}
-    - mode: 600
+    - mode: "0600"
     - show_diff: False
   {% endif %}
 {% endfor %}