From 37d24d85333a17f68fe35be674510a7163ed7b0c Mon Sep 17 00:00:00 2001
From: AnsibleGuy <guy@ansibleguy.net>
Date: Fri, 27 Dec 2024 17:11:47 +0100
Subject: [PATCH] lint fixes

---
 README.md                | 10 +++++++++-
 handlers/main.yml        | 10 +++++-----
 tasks/debian/app.yml     |  8 +++++---
 tasks/debian/install.yml |  4 ++--
 tasks/debian/logging.yml |  4 ++--
 tasks/debian/main.yml    |  2 +-
 6 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index d3fe6f6..e36339b 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,10 @@ waf:
 
     - name: 'be_app1'
       block: true
+
+    - name: 'be_app2'
+      block: true
+      response_check: true
 ```
 
 Then you will need to include the SPOE-backend: `/etc/haproxy/waf-coraza.cfg`
@@ -76,7 +80,6 @@ And target the SPOE-agents in your HAProxy config: (or use the role [ansibleguy/
 
 ### Result
 
-**Config-Directory**:
 ```bash
 tree /etc/coraza-spoa -L 4
 > /etc/coraza-spoa
@@ -86,6 +89,11 @@ tree /etc/coraza-spoa -L 4
 > │   │       ├── @crs-setup.conf
 > │   │       ├── main.conf
 > │   │       └── @owasp_crs
+> │   ├── be_app2
+> │   │   └── v4.7.0
+> │   │       ├── @crs-setup.conf
+> │   │       ├── main.conf
+> │   │       └── @owasp_crs
 > │   ├── default
 > │   │   └── v4.7.0
 > │   │       ├── @crs-setup.conf
diff --git a/handlers/main.yml b/handlers/main.yml
index e2075c5..16c33a1 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,25 +1,25 @@
 ---
 
-- name: daemon-reload
+- name: Daemon-reload
   ansible.builtin.systemd:
     daemon_reload: true
 
-- name: waf-restart
+- name: WAF-restart
   ansible.builtin.systemd:
     name: 'coraza-spoa.service'
     state: restarted
 
-- name: rsyslog-restart
+- name: Rsyslog-restart
   ansible.builtin.systemd:
     name: 'rsyslog.service'
     state: restarted
 
-- name: logrotate-restart
+- name: Logrotate-restart
   ansible.builtin.systemd:
     name: 'logrotate.service'
     state: restarted
 
-- name: check-failed
+- name: Check-failed
   ansible.builtin.command: 'systemctl is-failed coraza-spoa.service'
   register: svc_check
   failed_when: not svc_check.failed
diff --git a/tasks/debian/app.yml b/tasks/debian/app.yml
index 0e2f0c8..c8499f8 100644
--- a/tasks/debian/app.yml
+++ b/tasks/debian/app.yml
@@ -4,6 +4,7 @@
   ansible.builtin.file:
     path: "{{ waf_app_rules_default_dir }}"
     state: directory
+    mode: 0750
   register: waf_crs_dir
 
 - name: "HAProxy WAF | Apps | {{ waf_app_name }} | Download Core-Ruleset {{ waf_app.ruleset_version }}"
@@ -30,7 +31,8 @@
     creates: "{{ crs_dir }}"
   vars:
     crs_dir: "{{ waf_app_rules_dir }}/@owasp_crs"
-  notify: ['waf-restart', 'check-failed']
+  notify: ['WAF-restart', 'Check-failed']
+  tags: skip_ansible_lint  # command-instead-of-module
 
 # todo: rule-overrides
 
@@ -41,7 +43,7 @@
     owner: 'root'
     group: "{{ WAF_HC.user }}"
     mode: 0640
-  notify: ['waf-restart', 'check-failed']
+  notify: ['WAF-restart', 'Check-failed']
   tags: [rules]
 
 - name: "HAProxy WAF | Apps | {{ waf_app_name }} | Create rule-setup config"
@@ -51,5 +53,5 @@
     owner: 'root'
     group: "{{ WAF_HC.user }}"
     mode: 0640
-  notify: ['waf-restart', 'check-failed']
+  notify: ['WAF-restart', 'Check-failed']
   tags: [rules]
diff --git a/tasks/debian/install.yml b/tasks/debian/install.yml
index 5c54f41..c42c1f8 100644
--- a/tasks/debian/install.yml
+++ b/tasks/debian/install.yml
@@ -57,14 +57,14 @@
     src: 'templates/etc/systemd/system/coraza-spoa.service.d/override.conf.j2'
     dest: '/etc/systemd/system/coraza-spoa.service.d/override.conf'
     mode: 0644
-  notify: ['daemon-reload', 'waf-restart', 'check-failed']
+  notify: ['Daemon-reload', 'WAF-restart', 'Check-failed']
 
 - name: HAProxy WAF | Create service
   ansible.builtin.get_url:
     url: "{{ WAF_HC.url.service }}"
     dest: '/etc/systemd/system/coraza-spoa.service'
     mode: 0644
-  notify: ['daemon-reload', 'waf-restart', 'check-failed']
+  notify: ['Daemon-reload', 'WAF-restart', 'Check-failed']
 
 - name: HAProxy WAF | Start & Enable Service
   ansible.builtin.systemd:
diff --git a/tasks/debian/logging.yml b/tasks/debian/logging.yml
index d4f332a..3496565 100644
--- a/tasks/debian/logging.yml
+++ b/tasks/debian/logging.yml
@@ -19,7 +19,7 @@
     src: "templates/etc/rsyslog.d/coraza-spoa.conf.j2"
     dest: '/etc/rsyslog.d/coraza-spoa.conf'
     mode: 0644
-  notify: ['rsyslog-restart']
+  notify: ['Rsyslog-restart']
   tags: ['apps']
 
 - name: HAProxy WAF | Logging | Logrotate Config
@@ -27,4 +27,4 @@
     src: "templates/etc/logrotate.d/coraza-spoa.j2"
     dest: '/etc/logrotate.d/coraza-spoa'
     mode: 0644
-  notify: ['logrotate-restart']
+  notify: ['Logrotate-restart']
diff --git a/tasks/debian/main.yml b/tasks/debian/main.yml
index 35d1650..958b093 100644
--- a/tasks/debian/main.yml
+++ b/tasks/debian/main.yml
@@ -34,7 +34,7 @@
     mode: 0640
     owner: 'root'
     group: "{{ WAF_HC.user }}"
-  notify: ['waf-restart', 'check-failed']
+  notify: ['WAF-restart', 'Check-failed']
   tags: [config, apps]
 
 - name: HAProxy WAF | Apps