From fc8f43a25ae4df8c3b12787f41a88b645e090644 Mon Sep 17 00:00:00 2001 From: Sandwich Date: Wed, 11 Feb 2026 07:43:19 +0100 Subject: [PATCH] refactor(validation): deduplicate hypervisor combine and collapse schema checks --- roles/global_defaults/tasks/hypervisor.yml | 6 +- roles/global_defaults/tasks/validation.yml | 64 +++++----------------- 2 files changed, 17 insertions(+), 53 deletions(-) diff --git a/roles/global_defaults/tasks/hypervisor.yml b/roles/global_defaults/tasks/hypervisor.yml index d1214b2..1c65108 100644 --- a/roles/global_defaults/tasks/hypervisor.yml +++ b/roles/global_defaults/tasks/hypervisor.yml @@ -14,7 +14,9 @@ quiet: true - name: Normalize hypervisor configuration + vars: + merged: "{{ hypervisor_defaults | combine(hypervisor, recursive=True) }}" ansible.builtin.set_fact: - hypervisor_cfg: "{{ hypervisor_defaults | combine(hypervisor, recursive=True) }}" - hypervisor_type: "{{ (hypervisor_defaults | combine(hypervisor, recursive=True)).type | string | lower }}" + hypervisor_cfg: "{{ merged }}" + hypervisor_type: "{{ merged.type | string | lower }}" changed_when: false diff --git a/roles/global_defaults/tasks/validation.yml b/roles/global_defaults/tasks/validation.yml index 7ce7385..802b00c 100644 --- a/roles/global_defaults/tasks/validation.yml +++ b/roles/global_defaults/tasks/validation.yml @@ -63,60 +63,22 @@ fail_msg: "system.{{ item }} must be a dictionary." quiet: true -- name: Validate system.dns schema +- name: Validate system sub-dict schemas + loop: + - dns + - user + - root + - luks + loop_control: + label: "system.{{ item }}" vars: - dns_allowed_keys: "{{ system_defaults.dns | dict2items | map(attribute='key') | list }}" - dns_unknown: >- - {{ - ((system.dns | default({})) | dict2items | map(attribute='key') | list) - | difference(dns_allowed_keys) - }} + sub_input: "{{ (system[item] | default({})) | dict2items | map(attribute='key') | list }}" + sub_allowed: "{{ system_defaults[item] | dict2items | map(attribute='key') | list }}" + sub_unknown: "{{ sub_input | difference(sub_allowed) }}" ansible.builtin.assert: that: - - dns_unknown | length == 0 - fail_msg: "Unsupported system.dns keys: {{ dns_unknown | join(', ') }}" - quiet: true - -- name: Validate system.user schema - vars: - user_allowed_keys: "{{ system_defaults.user | dict2items | map(attribute='key') | list }}" - user_unknown: >- - {{ - ((system.user | default({})) | dict2items | map(attribute='key') | list) - | difference(user_allowed_keys) - }} - ansible.builtin.assert: - that: - - user_unknown | length == 0 - fail_msg: "Unsupported system.user keys: {{ user_unknown | join(', ') }}" - quiet: true - -- name: Validate system.root schema - vars: - root_allowed_keys: "{{ system_defaults.root | dict2items | map(attribute='key') | list }}" - root_unknown: >- - {{ - ((system.root | default({})) | dict2items | map(attribute='key') | list) - | difference(root_allowed_keys) - }} - ansible.builtin.assert: - that: - - root_unknown | length == 0 - fail_msg: "Unsupported system.root keys: {{ root_unknown | join(', ') }}" - quiet: true - -- name: Validate system.luks schema - vars: - luks_allowed_keys: "{{ system_defaults.luks | dict2items | map(attribute='key') | list }}" - luks_unknown: >- - {{ - ((system.luks | default({})) | dict2items | map(attribute='key') | list) - | difference(luks_allowed_keys) - }} - ansible.builtin.assert: - that: - - luks_unknown | length == 0 - fail_msg: "Unsupported system.luks keys: {{ luks_unknown | join(', ') }}" + - sub_unknown | length == 0 + fail_msg: "Unsupported system.{{ item }} keys: {{ sub_unknown | join(', ') }}" quiet: true - name: Validate system.luks.tpm2 schema