From 303dd1cbc16620ff666f111e59add9d3965a449d Mon Sep 17 00:00:00 2001
From: Ali Afsharzadeh <afsharzadeh8@gmail.com>
Date: Thu, 21 Aug 2025 11:17:07 +0330
Subject: [PATCH] Enable reserved variable name checks and fix violations
 (#12463)

* Enable reserved variable name checks and fix violations

Updated .ansible-lint configuration to skip only var-naming[pattern]
and var-naming[no-role-prefix] instead of skipping the entire var-naming rule.
This enables the check for reserved variable names.

Renamed variables that used reserved names to avoid conflicts.
Updated all references in tasks, variables, and templates.

Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com>

* Rename namespace variable inside tasks instead of deleting it

Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com>

* Change hosts variable to vm_hosts

Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com>

* Use k8s_namespace instead of dashboard_namespace in dashboard.yml.j2 template

Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com>

---------

Signed-off-by: Ali Afsharzadeh <afsharzadeh8@gmail.com>
---
 .ansible-lint                                        |  6 ++++--
 roles/kubernetes-apps/ansible/tasks/main.yml         |  4 ++--
 .../ansible/templates/dashboard.yml.j2               | 12 ++++++------
 roles/kubernetes-apps/defaults/main.yml              |  2 +-
 roles/kubernetes-apps/vars/main.yml                  |  2 +-
 roles/network_plugin/multus/tasks/main.yml           |  4 ++--
 tests/cloud_playbooks/roles/packet-ci/tasks/main.yml |  6 +++---
 7 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/.ansible-lint b/.ansible-lint
index 8f2c5e808..002466d62 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -12,10 +12,12 @@ skip_list:
   # (Disabled in June 2021)
   - 'role-name'
 
-  # [var-naming] "defaults/main.yml" File defines variable 'apiVersion' that violates variable naming standards
+  # [var-naming]
   # In Kubespray we use variables that use camelCase to match their k8s counterparts
   # (Disabled in June 2021)
-  - 'var-naming'
+  - 'var-naming[pattern]'
+  # Variables names from within roles in kubespray don't need role name as a prefix
+  - 'var-naming[no-role-prefix]'
 
   # [fqcn-builtins]
   # Roles in kubespray don't need fully qualified collection names
diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml
index 5b24d11c9..a7c434884 100644
--- a/roles/kubernetes-apps/ansible/tasks/main.yml
+++ b/roles/kubernetes-apps/ansible/tasks/main.yml
@@ -95,7 +95,7 @@
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
   run_once: true
   vars:
-    namespace: "{{ netcheck_namespace }}"
+    k8s_namespace: "{{ netcheck_namespace }}"
   when: deploy_netchecker
   tags:
     - netchecker
@@ -117,7 +117,7 @@
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
   run_once: true
   vars:
-    namespace: "{{ dashboard_namespace }}"
+    k8s_namespace: "{{ dashboard_namespace }}"
   when: dashboard_enabled
   tags:
     - dashboard
diff --git a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
index 3a88010d1..0bfa3b173 100644
--- a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
@@ -17,14 +17,14 @@
 #
 # Example usage: kubectl create -f <this_file>
 
-{% if namespace != 'kube-system' %}
+{% if k8s_namespace != 'kube-system' %}
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: {{ namespace }}
+  name: {{ k8s_namespace }}
   labels:
-    name: {{ namespace }}
+    name: {{ k8s_namespace }}
 {% endif %}
 ---
 # ------------------- Dashboard Secrets ------------------- #
@@ -118,7 +118,7 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: kubernetes-dashboard
-    namespace: {{ namespace }}
+    namespace: {{ k8s_namespace }}
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -132,7 +132,7 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: kubernetes-dashboard
-    namespace: {{ namespace }}
+    namespace: {{ k8s_namespace }}
 
 ---
 # ------------------- Dashboard Deployment ------------------- #
@@ -173,7 +173,7 @@ spec:
             - containerPort: 8443
               protocol: TCP
           args:
-            - --namespace={{ namespace }}
+            - --namespace={{ k8s_namespace }}
 {% if dashboard_use_custom_certs %}
             - --tls-key-file={{ dashboard_tls_key_file }}
             - --tls-cert-file={{ dashboard_tls_cert_file }}
diff --git a/roles/kubernetes-apps/defaults/main.yml b/roles/kubernetes-apps/defaults/main.yml
index b794a98f4..bc918c9cf 100644
--- a/roles/kubernetes-apps/defaults/main.yml
+++ b/roles/kubernetes-apps/defaults/main.yml
@@ -1,2 +1,2 @@
 ---
-namespace: kube-system
+k8s_namespace: kube-system
diff --git a/roles/kubernetes-apps/vars/main.yml b/roles/kubernetes-apps/vars/main.yml
index 88f4a3068..b3c6c5bc6 100644
--- a/roles/kubernetes-apps/vars/main.yml
+++ b/roles/kubernetes-apps/vars/main.yml
@@ -1,2 +1,2 @@
 ---
-kubectl_apply_stdin: "{{ kubectl }} apply -f - -n {{ namespace }}"
+kubectl_apply_stdin: "{{ kubectl }} apply -f - -n {{ k8s_namespace }}"
diff --git a/roles/network_plugin/multus/tasks/main.yml b/roles/network_plugin/multus/tasks/main.yml
index 0869da7b5..6586e5576 100644
--- a/roles/network_plugin/multus/tasks/main.yml
+++ b/roles/network_plugin/multus/tasks/main.yml
@@ -27,8 +27,8 @@
     - {name: multus-daemonset-crio, file: multus-daemonset-crio.yml, type: daemonset, engine: crio }
   register: multus_manifest_2
   vars:
-    query: "*|[?container_manager=='{{ container_manager }}']|[0].inventory_hostname"
-    vars_from_node: "{{ hostvars | json_query(query) }}"
+    host_query: "*|[?container_manager=='{{ container_manager }}']|[0].inventory_hostname"
+    vars_from_node: "{{ hostvars | json_query(host_query) }}"
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
   when:
     - item.engine in container_manager_types
diff --git a/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml b/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml
index 0a41cc534..6d879103e 100644
--- a/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml
+++ b/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml
@@ -32,14 +32,14 @@
     ips: "{{ vmis.resources | map(attribute='status.interfaces.0.ipAddress') }}"
     names: "{{ vmis.resources | map(attribute='metadata.annotations.inventory_name') }}"
     _groups: "{{ (vmis.resources | map(attribute='metadata.annotations.ansible_groups') | map('split', ','))}}"
-    hosts: "{{ ips | zip(_groups, names)
+    vm_hosts: "{{ ips | zip(_groups, names)
                 | map('zip', ['ansible_host', 'ansible_groups', 'inventory_name'])
                 | map('map', 'reverse') | map('community.general.dict') }}"
-  loop: "{{ hosts | map(attribute='ansible_groups') | flatten | unique }}"
+  loop: "{{ vm_hosts | map(attribute='ansible_groups') | flatten | unique }}"
   set_fact:
     ci_inventory: "{{ ci_inventory|d({}) | combine({
                     item: {
-                      'hosts': hosts | selectattr('ansible_groups', 'contains', item)
+                      'hosts': vm_hosts | selectattr('ansible_groups', 'contains', item)
                                      | rekey_on_member('inventory_name')
                       }
                     })