ci: Use supported ansible-lint action; run ansible-lint against the c…

…ollection

The old ansible-community ansible-lint is deprecated.  There is a
new ansible-lint github action.  The new ansible-lint has several checks
related to ansible-test and the ignore files.  Many of our ignore settings
are not allowed any more and are required to be fixed or addressed in the
Ansible preferred way.

The module documentation must comply with the Ansible standards.

The result of this is that the .sanity files can be reduced to the
bare minimum which will greatly reduce the maintenance burden of
those files, make it easier to support newer versions of Ansible,
and make it easier to import the system roles collection into Galaxy
and Automation Hub.

The latest Ansible repo gating tests run ansible-lint against
the collection format instead of against individual roles.
We have to convert the role to collection format before running
ansible-test.

Role developers can run this locally using
`tox -e collection,ansible-lint-collection`
See linux-system-roles/tox-lsr#125

Add `---` doc start to .markdownlint.yaml

Signed-off-by: Rich Megginson <rmeggins@redhat.com>

.markdownlint.yaml

@@ -1,3 +1,4 @@
+---
 # Default state for all rules
 default: true
 

.sanity-ansible-ignore-2.12.txt

@@ -1,5 +1,2 @@
 plugins/modules/firewall_lib.py validate-modules:missing-gplv3-license
 plugins/modules/firewall_lib_facts.py validate-modules:missing-gplv3-license
-plugins/modules/firewall_lib.py validate-modules:missing-examples
-roles/firewall/files/get_files_checksums.sh shebang!skip
-tests/firewall/files/test_ping.sh shebang!skip

.sanity-ansible-ignore-2.13.txt

@@ -1,5 +1,2 @@
 plugins/modules/firewall_lib.py validate-modules:missing-gplv3-license
 plugins/modules/firewall_lib_facts.py validate-modules:missing-gplv3-license
-plugins/modules/firewall_lib.py validate-modules:missing-examples
-roles/firewall/files/get_files_checksums.sh shebang!skip
-tests/firewall/files/test_ping.sh shebang!skip

.sanity-ansible-ignore-2.14.txt

@@ -1,5 +1,2 @@
 plugins/modules/firewall_lib.py validate-modules:missing-gplv3-license
 plugins/modules/firewall_lib_facts.py validate-modules:missing-gplv3-license
-plugins/modules/firewall_lib.py validate-modules:missing-examples
-roles/firewall/files/get_files_checksums.sh shebang!skip
-tests/firewall/files/test_ping.sh shebang!skip

.sanity-ansible-ignore-2.15.txt

@@ -1,5 +1,2 @@
 plugins/modules/firewall_lib.py validate-modules:missing-gplv3-license
 plugins/modules/firewall_lib_facts.py validate-modules:missing-gplv3-license
-plugins/modules/firewall_lib.py validate-modules:missing-examples
-roles/firewall/files/get_files_checksums.sh shebang!skip
-tests/firewall/files/test_ping.sh shebang!skip

.sanity-ansible-ignore-2.9.txt

@@ -1,5 +1,2 @@
 plugins/modules/firewall_lib.py validate-modules:missing-gplv3-license
 plugins/modules/firewall_lib_facts.py validate-modules:missing-gplv3-license
-plugins/modules/firewall_lib.py validate-modules:missing-examples
-roles/firewall/files/get_files_checksums.sh shebang!skip
-tests/firewall/files/test_ping.sh shebang!skip

files/get_files_checksums.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -euo pipefail
 

library/firewall_lib.py

@@ -59,20 +59,23 @@
     required: false
     type: list
     elements: str
+    default: []
   port:
     description:
       List of ports or port range strings.
       The format of a port needs to be port=<port>[-<port>]/<protocol>.
     required: false
     type: list
     elements: str
+    default: []
   source_port:
     description:
       List of source port or port range strings.
       The format of a source port needs to be port=<port>[-<port>]/<protocol>.
     required: false
     type: list
     elements: str
+    default: []
   forward_port:
     description:
       List of forward port strings or dicts,
@@ -82,6 +85,7 @@
     aliases: ["port_forward"]
     required: false
     type: raw
+    default: []
   masquerade:
     description:
       The masquerade bool setting.
@@ -94,6 +98,7 @@
     required: false
     type: list
     elements: str
+    default: []
   source:
     description:
       List of source address, address range strings, or ipsets
@@ -104,26 +109,30 @@
     required: false
     type: list
     elements: str
+    default: []
   interface:
     description:
       List of interface name strings.
     required: false
     type: list
     elements: str
+    default: []
   interface_pci_id:
     description:
       List of inteface PCI device ID strings.
       PCI device ID needs to correspond to a named network interface.
     required: false
     type: list
     elements: str
+    default: []
   icmp_block:
     description:
       List of ICMP type strings to block.
       The ICMP type names needs to be defined in firewalld configuration.
     required: false
     type: list
     elements: str
+    default: []
   icmp_block_inversion:
     description:
       ICMP block inversion bool setting.
@@ -178,6 +187,7 @@
     required: false
     type: list
     elements: str
+    default: []
   permanent:
     description:
       The permanent bool flag.
@@ -222,12 +232,14 @@
     required: false
     type: list
     elements: str
+    default: []
   helper_module:
     description:
       List of netfiler kernel helper module names
     required: false
     type: list
     elements: str
+    default: []
   destination:
     description:
       List of IPv4/IPv6 addresses with optional mask
@@ -237,6 +249,7 @@
     required: false
     type: list
     elements: str
+    default: []
   __report_changed:
     description:
       If false, do not report changed true even if changed.
@@ -245,6 +258,11 @@
     default: true
 """
 
+EXAMPLES = """
+firewall:
+  - port: ['443/tcp', '443/udp']
+"""
+
 from ansible.module_utils.basic import AnsibleModule
 import re
 import os

tests/files/test_ping.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Author - Brennan Paciorek <bpaciore@redhat.com>
 # Description - Benchmark firewalld downtime while reloading and while restarting
 # by measuring how many packets are dropped while firewalld is restarting/reloading