refactor(global_defaults): split system.yml into composable normalization stages
This commit is contained in:
57
roles/global_defaults/tasks/_validate_input.yml
Normal file
57
roles/global_defaults/tasks/_validate_input.yml
Normal file
@@ -0,0 +1,57 @@
|
||||
---
|
||||
- name: Ensure system input is a dictionary
|
||||
ansible.builtin.set_fact:
|
||||
system: "{{ system | default({}) }}"
|
||||
|
||||
- name: Validate system input types
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- system is mapping
|
||||
- system.network is not defined or system.network is mapping
|
||||
- system.users is not defined or (system.users is iterable and system.users is not string and system.users is not mapping)
|
||||
- system.root is not defined or system.root is mapping
|
||||
- system.luks is not defined or system.luks is mapping
|
||||
- system.features is not defined or system.features is mapping
|
||||
fail_msg: "system and its nested keys (network, root, luks, features) must be dictionaries; system.users must be a list."
|
||||
quiet: true
|
||||
|
||||
- name: Validate DNS lists (not strings)
|
||||
when: system.network is defined and system.network.dns is defined
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- system.network.dns.servers is not defined or (system.network.dns.servers is iterable and system.network.dns.servers is not string)
|
||||
- system.network.dns.search is not defined or (system.network.dns.search is iterable and system.network.dns.search is not string)
|
||||
fail_msg: "system.network.dns.servers and system.network.dns.search must be lists, not strings."
|
||||
quiet: true
|
||||
|
||||
- name: Validate system.users entries
|
||||
when: system.users is defined and system.users | length > 0
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- item is mapping
|
||||
- item.name is defined and (item.name | string | length) > 0
|
||||
- item['keys'] is not defined or (item['keys'] is iterable and item['keys'] is not string)
|
||||
fail_msg: "Each system.users[] entry must be a dict with 'name'; 'keys' must be a list."
|
||||
quiet: true
|
||||
loop: "{{ system.users }}"
|
||||
loop_control:
|
||||
label: "{{ item.name | default('(unnamed)') }}"
|
||||
|
||||
- name: Validate system features input types
|
||||
when: system.features is defined
|
||||
loop: "{{ system_defaults.features | dict2items | map(attribute='key') | list }}"
|
||||
loop_control:
|
||||
label: "system.features.{{ item }}"
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- (system.features[item] | default({})) is mapping
|
||||
fail_msg: "system.features.{{ item }} must be a dictionary."
|
||||
quiet: true
|
||||
|
||||
- name: Validate system LUKS TPM2 input type
|
||||
when: system.luks is defined and system.luks is mapping
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- system.luks.tpm2 is not defined or system.luks.tpm2 is mapping
|
||||
fail_msg: "system.luks.tpm2 must be a dictionary."
|
||||
quiet: true
|
||||
Reference in New Issue
Block a user