fix: allow valid tabs in lineinfile nested in blocks (#4719)

Author: Jkhall81

examples/playbooks/rule-no-tabs-block-pass.yml

@@ -0,0 +1,11 @@
+---
+- name: Example playbook
+  hosts: localhost
+  tasks:
+    - name: Example block
+      block:
+        - name: This should now pass linting
+          ansible.builtin.lineinfile:
+            path: some.txt
+            regexp: "^\t$"  # Tab inside allowed key
+            line: "string with \t inside"

src/ansiblelint/rules/args.py

@@ -2,13 +2,16 @@
 
 from __future__ import annotations
 
+import atexit
 import contextlib
 import importlib.util
 import io
 import json
 import logging
 import re
+import shutil
 import sys
+import tempfile
 from typing import TYPE_CHECKING, Any
 
 # pylint: disable=preferred-module
@@ -60,9 +63,19 @@
     # https://github.com/ansible/ansible-lint/issues/3152
     "ansible.posix.synchronize": ["use_ssh_args"],
 }
+_SAFE_ASYNC_DIR = tempfile.mkdtemp(prefix="ansible-lint-async-")
+
+
+def _cleanup_async_dir() -> None:
+    """Safely remove the temp directory and all its contents."""
+    shutil.rmtree(_SAFE_ASYNC_DIR, ignore_errors=True)
+
+
+atexit.register(_cleanup_async_dir)
+
 workarounds_inject_map = {
     # https://github.com/ansible/ansible-lint/issues/2824
-    "ansible.builtin.async_status": {"_async_dir": "/tmp/ansible-async"},
+    "ansible.builtin.async_status": {"_async_dir": _SAFE_ASYNC_DIR},
 }
 workarounds_mutex_args_map = {
     # https://github.com/ansible/ansible-lint/issues/4623

src/ansiblelint/rules/no_tabs.py

@@ -54,8 +54,9 @@ def matchtask(
         file: Lintable | None = None,
     ) -> list[MatchError]:
         result = []
-        action = task["action"]["__ansible_module__"]
-        for k, v, _ in nested_items_path(task):
+        # Check the key/value pairs found by the nested pathing
+        for k, v, _path in nested_items_path(task):
+            # Check if the Key itself has a tab (almost never allowed)
             if isinstance(k, str) and "\t" in k and not has_jinja(k):
                 result.append(
                     self.create_matcherror(
@@ -64,19 +65,20 @@ def matchtask(
                         filename=file,
                     )
                 )
-            if (
-                isinstance(v, str)
-                and "\t" in v
-                and (action, k) not in self.allow_list
-                and not has_jinja(v)
-            ):
-                result.append(
-                    self.create_matcherror(
-                        message=self.shortdesc,
-                        data=v,
-                        filename=file,
+
+            # Check if the Value has a tab
+            if isinstance(v, str) and "\t" in v and not has_jinja(v):
+                # We check if 'k' is in our allow_list for ANY of the modules
+                is_allowed = any(k == allowed_key for _, allowed_key in self.allow_list)
+
+                if not is_allowed:
+                    result.append(
+                        self.create_matcherror(
+                            message=self.shortdesc,
+                            data=v,
+                            filename=file,
+                        )
                     )
-                )
         return result
 
 
@@ -102,3 +104,12 @@ def test_no_tabs_rule(default_rules_collection: RulesCollection) -> None:
         # 2.19 has more precise line:columns numbers so the effective result
         # is different.
         assert lines == [10, 13] or lines == [12, 15, 15], lines
+
+    @pytest.mark.libyaml
+    def test_no_tabs_block_pass(default_rules_collection: RulesCollection) -> None:
+        """Verify that tabs are allowed in lineinfile even inside blocks."""
+        results = Runner(
+            "examples/playbooks/rule-no-tabs-block-pass.yml",
+            rules=default_rules_collection,
+        ).run()
+        assert len(results) == 0