diff --git a/roles/global_defaults/tasks/validation.yml b/roles/global_defaults/tasks/validation.yml index 86fea0d..04f114f 100644 --- a/roles/global_defaults/tasks/validation.yml +++ b/roles/global_defaults/tasks/validation.yml @@ -79,6 +79,62 @@ fail_msg: "Unsupported system keys: {{ system_unknown_keys | join(', ') }}" quiet: true +- name: Reject deprecated top-level input keys + vars: + deprecated_input_keys: + - install_type + - vm_ip + - vm_id + - vm_name + - vm_cpus + - memory_mb + - balloon_mb + - dns_servers + - dns_search + - extra_packages + - user_name + - user_password + - user_public_key + - root_password + - luks_enabled + - luks_passphrase + - luks_mapper_name + - luks_auto_decrypt + - luks_auto_decrypt_method + - luks_tpm2_device + - luks_tpm2_pcrs + - luks_keyfile_size + - firewall_enabled + - firewall_backend + - firewall_toolkit + - ssh_enabled + - cis + - selinux_enabled + - zstd_enabled + - swap_enabled + - motd_enabled + - sudo_banner_enabled + - chroot_tool + - hypervisor_url + - hypervisor_username + - hypervisor_password + - hypervisor_node + - hypervisor_storage + - hypervisor_datacenter + - hypervisor_cluster + - hypervisor_validate_certs + - hypervisor_ssh + - hypervisor_path + top_level_input_keys: "{{ (hostvars[inventory_hostname] | dict2items | map(attribute='key') | list) }}" + deprecated_input_keys_present: "{{ top_level_input_keys | intersect(deprecated_input_keys) }}" + ansible.builtin.assert: + that: + - deprecated_input_keys_present | length == 0 + fail_msg: >- + Unsupported top-level keys found: {{ deprecated_input_keys_present | join(', ') }}. + Use only the `system` and `hypervisor` dictionaries for runtime configuration. + quiet: true + - name: Validate nested system schema vars: dns_allowed_keys: [servers, search]