no-shorthand: Avoid false positive with raw (ansible#2541)

Fixes: ansible#2537
ssbarnea · Oct 4, 2022 · 5b696a5 · 5b696a5
1 parent 5f2cc74
commit 5b696a5
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 1 deletion.
diff --git a/src/ansiblelint/_internal/warning.md b/src/ansiblelint/_internal/warning.md
@@ -5,3 +5,5 @@ runtime warnings found during execution. As stated by its name, they are
 not counted as errors, so they do not influence the final outcome.
 
 - `warning[empty-playbook]` is raised when a playbook file has no content.
+- `warning[raw-non-string]` indicates that you are using `[raw](http://docs.ansible.com/ansible/latest/collections/ansible/builtin/raw_module.html#ansible-collections-ansible-builtin-raw-module)` module with
+  non-string arguments, which is not supported by Ansible.
diff --git a/src/ansiblelint/rules/no_shorthand.md b/src/ansiblelint/rules/no_shorthand.md
@@ -14,6 +14,10 @@ syntax. Be sure you pass a dictionary to the module, so the short-hand parsing
 is never triggered.
 ```
 
+As `raw` module only accepts free-form, we trigger `no-shorthand[raw]` only if
+we detect the presence of `executable=` inside raw calls. We advice the
+explicit use of `args:` dictionary for configuring the executable to be run.
+
 ## Problematic code
 
 ```yaml

diff --git a/src/ansiblelint/rules/no_shorthand.py b/src/ansiblelint/rules/no_shorthand.py
@@ -4,6 +4,7 @@
 import sys
 from typing import TYPE_CHECKING, Any
 
+from ansiblelint._internal.rules import WarningRule
 from ansiblelint.constants import INCLUSION_ACTION_NAMES, LINE_NUMBER_KEY
 from ansiblelint.errors import MatchError
 from ansiblelint.rules import AnsibleLintRule
@@ -32,7 +33,27 @@ def matchtask(
             return results
 
         action_value = task["__raw_task__"].get(action, None)
-        if isinstance(action_value, str) and "=" in action_value:
+        if task["action"].get("__ansible_module__", None) == "raw":
+            if isinstance(action_value, str) and "executable=" in action_value:
+                results.append(
+                    self.create_matcherror(
+                        message="Avoid embedding `executable=` inside raw calls, use explicit args dictionary instead.",
+                        linenumber=task[LINE_NUMBER_KEY],
+                        filename=file,
+                        tag=f"{self.id}[raw]",
+                    )
+                )
+            else:
+                results.append(
+                    MatchError(
+                        message="Passing a non string value to `raw` module is neither document nor supported.",
+                        linenumber=task[LINE_NUMBER_KEY],
+                        filename=file,
+                        tag="warning[raw-non-string]",
+                        rule=WarningRule(),
+                    )
+                )
+        elif isinstance(action_value, str) and "=" in action_value:
             results.append(
                 self.create_matcherror(
                     message=f"Avoid using shorthand (free-form) when calling module actions. ({action})",