refactor(validation): deduplicate hypervisor combine and collapse schema checks

2026-02-11 07:43:19 +01:00
parent 70475f4082
commit fc8f43a25a
2 changed files with 17 additions and 53 deletions
--- a/roles/global_defaults/tasks/hypervisor.yml
+++ b/roles/global_defaults/tasks/hypervisor.yml
@@ -14,7 +14,9 @@
    quiet: true

 - name: Normalize hypervisor configuration
+  vars:
+    merged: "{{ hypervisor_defaults | combine(hypervisor, recursive=True) }}"
  ansible.builtin.set_fact:
-    hypervisor_cfg: "{{ hypervisor_defaults | combine(hypervisor, recursive=True) }}"
-    hypervisor_type: "{{ (hypervisor_defaults | combine(hypervisor, recursive=True)).type | string | lower }}"
+    hypervisor_cfg: "{{ merged }}"
+    hypervisor_type: "{{ merged.type | string | lower }}"
  changed_when: false
--- a/roles/global_defaults/tasks/validation.yml
+++ b/roles/global_defaults/tasks/validation.yml
@@ -63,60 +63,22 @@
    fail_msg: "system.{{ item }} must be a dictionary."
    quiet: true

- name: Validate system.dns schema
+- name: Validate system sub-dict schemas
+  loop:
+    - dns
+    - user
+    - root
+    - luks
+  loop_control:
+    label: "system.{{ item }}"
  vars:
-    dns_allowed_keys: "{{ system_defaults.dns | dict2items | map(attribute='key') | list }}"
-    dns_unknown: >-
-      {{
-        ((system.dns | default({})) | dict2items | map(attribute='key') | list)
-        | difference(dns_allowed_keys)
-      }}
+    sub_input: "{{ (system[item] | default({})) | dict2items | map(attribute='key') | list }}"
+    sub_allowed: "{{ system_defaults[item] | dict2items | map(attribute='key') | list }}"
+    sub_unknown: "{{ sub_input | difference(sub_allowed) }}"
  ansible.builtin.assert:
    that:
-      - dns_unknown | length == 0
-    fail_msg: "Unsupported system.dns keys: {{ dns_unknown | join(', ') }}"
-    quiet: true
-
- name: Validate system.user schema
-  vars:
-    user_allowed_keys: "{{ system_defaults.user | dict2items | map(attribute='key') | list }}"
-    user_unknown: >-
-      {{
-        ((system.user | default({})) | dict2items | map(attribute='key') | list)
-        | difference(user_allowed_keys)
-      }}
-  ansible.builtin.assert:
-    that:
-      - user_unknown | length == 0
-    fail_msg: "Unsupported system.user keys: {{ user_unknown | join(', ') }}"
-    quiet: true
-
- name: Validate system.root schema
-  vars:
-    root_allowed_keys: "{{ system_defaults.root | dict2items | map(attribute='key') | list }}"
-    root_unknown: >-
-      {{
-        ((system.root | default({})) | dict2items | map(attribute='key') | list)
-        | difference(root_allowed_keys)
-      }}
-  ansible.builtin.assert:
-    that:
-      - root_unknown | length == 0
-    fail_msg: "Unsupported system.root keys: {{ root_unknown | join(', ') }}"
-    quiet: true
-
- name: Validate system.luks schema
-  vars:
-    luks_allowed_keys: "{{ system_defaults.luks | dict2items | map(attribute='key') | list }}"
-    luks_unknown: >-
-      {{
-        ((system.luks | default({})) | dict2items | map(attribute='key') | list)
-        | difference(luks_allowed_keys)
-      }}
-  ansible.builtin.assert:
-    that:
-      - luks_unknown | length == 0
-    fail_msg: "Unsupported system.luks keys: {{ luks_unknown | join(', ') }}"
+      - sub_unknown | length == 0
+    fail_msg: "Unsupported system.{{ item }} keys: {{ sub_unknown | join(', ') }}"
    quiet: true

 - name: Validate system.luks.tpm2 schema