-
Notifications
You must be signed in to change notification settings - Fork 281
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatically ignore ansible vault files #478
base: master
Are you sure you want to change the base?
Automatically ignore ansible vault files #478
Conversation
Hello Jérôme, thanks for this proposal. Yamllint is dedicated to general-purpose YAML, it is not meant to adapt to specificities of Ansible, Symfony, GitHub Actions, Cloud-init, or any other third-party project. For this reason, this change is not acceptable. As an Ansible user myself, I can suggest either:
|
Too bad, because IMHO this prevents one from mass batch linting .yml files which might be foreign to the user wanting to lint them. So maybe another option, more generic, would be for yamllint to automatically skip files that can't be YAML, like vault files, or jpeg images for examples (where there's a traceback currently), or whatever file format that can't be YAML. |
But then how do you make the difference between a broken YAML file and a file that is not a YAML file? This is a linter for YAML files. If you run the linter on files that are not YAML files (even if they use |
maybe @tamere-allo-peter's suggestion (automatically skip files that seemingly can't be YAML) should be a configurable options to ignore unparsable files rather than error on them. The problem with that is that in the Ansible vault example, the file is treated as a valid YAML file unless we add special detection logic like the PR does, and that means we still have to commit to maintaining that. I'm not sure that every time there is a disagreement about changing behavior we should just reimagine it as a non-default option, but I do think it might make sense here. |
@DimitriPapadopoulos I agree! @andrewimeson your proposal for a new option makes sense, but if the user needs to opt-in for this new option, it might be even simpler to use the already-existing configuration ignore: |
my-vaults/*.yaml |
@adrienverge the problem with the ignore approach is that they need to know based on filename what to ignore. In all of my use cases, that has been easy. I suspect that there are use cases driving this request where users can't predict the names of the files. |
The Ansible Vault example parses as valid YAML with a single empty key(?). That does make more general approaches to skipping-on-error, or skipping on >0 bytes (and not python3 -c \
'import sys, yaml; yaml.dump(yaml.safe_load(sys.stdin), sys.stdout)' << 'EOF'
$ANSIBLE_VAULT;1.1;AES256
1643039736532396535663733313030306436333431313465653962333739613331
EOF |
Ansible vaults are YAML files which are not parsable because they are encrypted with a password.
An example Ansible vault look like this :
When launching yamllint on this file we've got :
Unfortunately adding the document start marker to such files would render the vault file unreadable by the
ansible-vault
command :So the attached commit makes yamllint ignore Ansible vault files :
As an alternative, such files could be decrypted on the fly before being linted, but this would be much more complex.