ArgsRule KeyError 'default' when linting community.general.ufw (policy parameter) #4843
Description
Summary
When linting tasks that use the community.general.ufw module with a policy argument, ansible-lint emits an internal warning:
WARNING Ignored exception from ArgsRule.<bound method AnsibleLintRule.matchtasks ...> while processing playbooks/roles/configure_firewall/tasks/main.yml (tasks): 'default'
The playbook itself runs fine with ansible-playbook.
This appears to be a bug in the ArgsRule where it assumes that every argument in a module’s arg spec defines a "default" field.
Issue Type
- Bug Report
OS / ENVIRONMENT
ansible-lint 25.11.0
ansible-core 2.16.3
community.general 10.3.0
Python 3.x
OS: Debian 13 (Trixie)- ansible installation method: pipx (Ansible core)
- ansible-lint installation method: pipx
STEPS TO REPRODUCE
---
- hosts: localhost
gather_facts: false
tasks:
- name: Set incoming policy
community.general.ufw:
direction: incoming
policy: "{{ 'allow' }}"
- name: Set outgoing policy
community.general.ufw:
direction: outgoing
policy: "{{ 'allow' }}"Run:
ansible-lint test.ymlDesired Behavior
ansible-lint should validate the task cleanly without producing an internal exception or warning.
Actual Behavior
WARNING Ignored exception from ArgsRule.<bound method AnsibleLintRule.matchtasks ...> while processing test.yml (tasks): 'default'The warning disappears if these community.general.ufw tasks are commented out, indicating the problem lies in how ArgsRule processes that module’s arguments.
It seems the rule crashes on a missing "default" key in the module’s argument spec for the policy parameter.
The same two tasks, when placed inside a role tasks file (e.g. roles/myrole/tasks/main.yml) or a tasks-only YAML file without a - hosts: block, do not trigger the warning.
The issue only occurs when the same content is part of a full playbook (with a - hosts: and tasks: section).