False positive and bad auto --fix for command-instead-of-shell

[wimglenn]

Summary

In this task, if there was a pre-existing crontab it is considered a (non-fatal) failure mode:

- name: Get pre-existing crontab (if any)
  ansible.builtin.shell: "! crontab -l"
  changed_when: false
  register: missing_crontab
  ignore_errors: true # don't stop the rest of the playbook

We invert the return code (i.e. we want rc=0 when there is no existing crontab) using POSIX shell ! operator.

ansible-lint is unhappy and wants the task to use ansible.builtin.command instead of shell:

command-instead-of-shell: Use shell only when shell functionality is required.

The auto-fixer makes a suggestion which doesn't actually work:

- name: Get pre-existing crontab (if any)
  ansible.builtin.command: "! crontab -l"
  changed_when: false
  register: missing_crontab
  ignore_errors: true # don't stop the rest of the playbook

This "fixed" task fails, it appears to be trying to run a program called literally "!":

TASK [Get pre-existing crontab (if any)] ***********************
fatal: [examplehost]: FAILED! => changed=false 
  cmd: '''!'' crontab -l'
  msg: '[Errno 2] No such file or directory: b''!'': b''!'''
  rc: 2
  stderr: ''
  stderr_lines: <omitted>
  stdout: ''
  stdout_lines: <omitted>
...ignoring

Workaround: use ansible.builtin.command: bash -c "! crontab -l"

Issue Type

• Bug Report

OS / ENVIRONMENT

$ ansible-lint --version
ansible-lint 24.9.2 using ansible-core:2.16.11 ansible-compat:24.9.1 ruamel-yaml:0.18.6 ruamel-yaml-clib:0.2.8

• ansible installation method: pip
• ansible-lint installation method: pip

[audgirka]

@wimglenn Thanks for the bug, a PR would be welcome.

[wimglenn]

Added #4403. It failed because it doesn't have a label, but I don't seem to have permission to add labels.