refactor(validation): deduplicate hypervisor combine and collapse schema checks

roles/global_defaults/tasks/hypervisor.yml

@@ -14,7 +14,9 @@
     quiet: true
 
 - name: Normalize hypervisor configuration
+  vars:
+    merged: "{{ hypervisor_defaults | combine(hypervisor, recursive=True) }}"
   ansible.builtin.set_fact:
-    hypervisor_cfg: "{{ hypervisor_defaults | combine(hypervisor, recursive=True) }}"
+    hypervisor_cfg: "{{ merged }}"
-    hypervisor_type: "{{ (hypervisor_defaults | combine(hypervisor, recursive=True)).type | string | lower }}"
+    hypervisor_type: "{{ merged.type | string | lower }}"
   changed_when: false

roles/global_defaults/tasks/validation.yml

@@ -63,60 +63,22 @@
     fail_msg: "system.{{ item }} must be a dictionary."
     quiet: true
 
-- name: Validate system.dns schema
+- name: Validate system sub-dict schemas
+  loop:
+    - dns
+    - user
+    - root
+    - luks
+  loop_control:
+    label: "system.{{ item }}"
   vars:
-    dns_allowed_keys: "{{ system_defaults.dns | dict2items | map(attribute='key') | list }}"
+    sub_input: "{{ (system[item] | default({})) | dict2items | map(attribute='key') | list }}"
-    dns_unknown: >-
+    sub_allowed: "{{ system_defaults[item] | dict2items | map(attribute='key') | list }}"
-      {{
+    sub_unknown: "{{ sub_input | difference(sub_allowed) }}"
-        ((system.dns | default({})) | dict2items | map(attribute='key') | list)
-        | difference(dns_allowed_keys)
-      }}
   ansible.builtin.assert:
     that:
-      - dns_unknown | length == 0
+      - sub_unknown | length == 0
-    fail_msg: "Unsupported system.dns keys: {{ dns_unknown | join(', ') }}"
+    fail_msg: "Unsupported system.{{ item }} keys: {{ sub_unknown | join(', ') }}"
-    quiet: true
-
-- name: Validate system.user schema
-  vars:
-    user_allowed_keys: "{{ system_defaults.user | dict2items | map(attribute='key') | list }}"
-    user_unknown: >-
-      {{
-        ((system.user | default({})) | dict2items | map(attribute='key') | list)
-        | difference(user_allowed_keys)
-      }}
-  ansible.builtin.assert:
-    that:
-      - user_unknown | length == 0
-    fail_msg: "Unsupported system.user keys: {{ user_unknown | join(', ') }}"
-    quiet: true
-
-- name: Validate system.root schema
-  vars:
-    root_allowed_keys: "{{ system_defaults.root | dict2items | map(attribute='key') | list }}"
-    root_unknown: >-
-      {{
-        ((system.root | default({})) | dict2items | map(attribute='key') | list)
-        | difference(root_allowed_keys)
-      }}
-  ansible.builtin.assert:
-    that:
-      - root_unknown | length == 0
-    fail_msg: "Unsupported system.root keys: {{ root_unknown | join(', ') }}"
-    quiet: true
-
-- name: Validate system.luks schema
-  vars:
-    luks_allowed_keys: "{{ system_defaults.luks | dict2items | map(attribute='key') | list }}"
-    luks_unknown: >-
-      {{
-        ((system.luks | default({})) | dict2items | map(attribute='key') | list)
-        | difference(luks_allowed_keys)
-      }}
-  ansible.builtin.assert:
-    that:
-      - luks_unknown | length == 0
-    fail_msg: "Unsupported system.luks keys: {{ luks_unknown | join(', ') }}"
     quiet: true
 
 - name: Validate system.luks.tpm2 schema