Check for 'become' in tasks that use Docker in pep8

We should use become: true for all tasks that use Docker. Change-Id: I5ce06cc6f2c7403a1c36aadf9e55068c780f05ac

Check for 'become' in tasks that use Docker in pep8
e474c6ca · Mark Goddard · b123bf66 · e474c6ca
Commit e474c6ca authored 6 years ago by Mark Goddard
--- a/tools/validate-all-file.py
+++ b/tools/validate-all-file.py
@@ -21,6 +21,7 @@ import re
 import sys
 import jinja2
+import yaml
 PROJECT_ROOT = os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))
@@ -32,6 +33,10 @@ NEWLINE_EOF_EXCLUDE_PATTERNS = ['.tox', '.testrepository', '.git']
 JSON_J2_INCLUDE_PATTERNS = ['*.json.j2', '*.json']
 JSON_J2_EXCLUDE_PATTERNS = ['.tox', '.testrepository', '.git']
+YAML_INCLUDE_PATTERNS = ['*.yml']
+YAML_EXCLUDE_PATTERNS = ['.tox', '.testrepository', '.git',
+                         'defaults', 'templates', 'vars']
 logging.basicConfig()
 LOG = logging.getLogger(__name__)
@@ -111,10 +116,50 @@ def check_json_j2():
    return return_code
+def check_docker_become():
+    """All tasks that use Docker should have 'become: true'."""
+    includes = r'|'.join([fnmatch.translate(x)
+                          for x in YAML_INCLUDE_PATTERNS])
+    excludes = r'|'.join([fnmatch.translate(x)
+                          for x in YAML_EXCLUDE_PATTERNS])
+    docker_modules = ('kolla_docker', 'kolla_ceph_keyring',
+                      'kolla_container_facts', 'kolla_toolbox')
+    cmd_modules = ('command', 'shell')
+    return_code = 0
+    roles_path = os.path.join(PROJECT_ROOT, 'ansible', 'roles')
+    for root, dirs, files in os.walk(roles_path):
+        dirs[:] = [d for d in dirs if not re.match(excludes, d)]
+        for filename in files:
+            if not re.match(excludes, filename) and \
+                    re.match(includes, filename):
+                fullpath = os.path.join(root, filename)
+                with open(fullpath) as fp:
+                    tasks = yaml.safe_load(fp)
+                tasks = tasks or []
+                for task in tasks:
+                    for module in docker_modules:
+                        if module in task and not task.get('become'):
+                            return_code = 1
+                            LOG.error("Use of %s module without become in "
+                                      "task %s in %s",
+                                      module, task['name'], fullpath)
+                    for module in cmd_modules:
+                        if (module in task and
+                                task[module].startswith('docker') and
+                                not task.get('become')):
+                            return_code = 1
+                            LOG.error("Use of docker in %s module without "
+                                      "become in task %s in %s",
+                                      module, task['name'], fullpath)
+    return return_code
 def main():
    checks = (
        check_newline_eof,
-        check_json_j2
+        check_json_j2,
+        check_docker_become,
    )
    return sum([check() for check in checks])