From ac11734cf9c67dfee75e280ad935f2d25502b948 Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Wed, 4 Mar 2020 13:29:03 +1100
Subject: [PATCH] ansible-lint : disable 503

This has got me a number of times; I think we can tell in review if a
task firing in response to a "changed" is best in a handler or not.

Remove existing noqa flags

Change-Id: I80ad631f978eeeb9903abe230a95f23f5709d20e
---
 playbooks/roles/backup-server/tasks/user.yaml               | 2 +-
 playbooks/roles/backup/tasks/main.yaml                      | 2 +-
 playbooks/roles/letsencrypt-acme-sh-install/tasks/main.yaml | 2 +-
 tox.ini                                                     | 6 +++++-
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/playbooks/roles/backup-server/tasks/user.yaml b/playbooks/roles/backup-server/tasks/user.yaml
index 24af08b211..36b3f18ee6 100644
--- a/playbooks/roles/backup-server/tasks/user.yaml
+++ b/playbooks/roles/backup-server/tasks/user.yaml
@@ -24,7 +24,7 @@
 # ansible-lint wants this in a handler, it should be done here and
 # now; this isn't like a service restart where multiple things might
 # call it.
-- name: Initalise bup  # noqa 503
+- name: Initalise bup
   shell: |
     BUP_DIR=/opt/backups/{{ user_name }}/.bup bup init
   become: yes
diff --git a/playbooks/roles/backup/tasks/main.yaml b/playbooks/roles/backup/tasks/main.yaml
index 2c3bee1c2a..65f823b103 100644
--- a/playbooks/roles/backup/tasks/main.yaml
+++ b/playbooks/roles/backup/tasks/main.yaml
@@ -18,7 +18,7 @@
     type: ed25519
   register: bup_keypair
 
-- name: Initalise bup # noqa 503
+- name: Initalise bup
   command: bup init
   when: bup_keypair.changed
 
diff --git a/playbooks/roles/letsencrypt-acme-sh-install/tasks/main.yaml b/playbooks/roles/letsencrypt-acme-sh-install/tasks/main.yaml
index d4ce9796e1..350e7a6cda 100644
--- a/playbooks/roles/letsencrypt-acme-sh-install/tasks/main.yaml
+++ b/playbooks/roles/letsencrypt-acme-sh-install/tasks/main.yaml
@@ -84,7 +84,7 @@
     - /root/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.json
   register: existing_accounts
 
-- name: Run account update # noqa 503
+- name: Run account update
   shell: |
     /opt/acme.sh/acme.sh --debug --updateaccount
   when: account_email.changed and (existing_accounts.results | selectattr('stat.exists') | map(attribute='item') | list | length > 0)
diff --git a/tox.ini b/tox.ini
index 2f7ba31934..0178429ba9 100644
--- a/tox.ini
+++ b/tox.ini
@@ -41,10 +41,14 @@ commands =
   #  This requires running the shell as /bin/bash.  There is a small
   #  possibility to hide errors, but we can rely on
   #  developers to decide when to explicitly check for failures.
+  #
+  # 503: tasks that run when "changed" should likely be handlers
+  #  We can trust reviewers to decide if something should be a
+  #  generic handler or not.
   bash -c "find roles playbooks -type f -regex '.*.y[a]?ml' -print0 | xargs -t -n1 -0 \
     ansible-lint -x ANSIBLE0004 -x ANSIBLE0006 -x ANSIBLE0007 -x ANSIBLE0010 \
                  -x ANSIBLE0011 -x ANSIBLE0012 -x ANSIBLE0013 -x ANSIBLE0015 \
-                 -x 204 -x 206 -x 304 -x 306"
+                 -x 204 -x 206 -x 304 -x 306 -x 503"
 
 [testenv:venv]
 commands = {posargs}