From ab3a070a89e2b4c16391ba1fee326d2e92ef555e Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Tue, 21 Jan 2020 16:40:11 -0500
Subject: [PATCH] Update 0-init/tasks/validate_vars.yml

---
 roles/0-init/tasks/validate_vars.yml | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml
index 7605dd8b7..c914a5a90 100644
--- a/roles/0-init/tasks/validate_vars.yml
+++ b/roles/0-init/tasks/validate_vars.yml
@@ -1,15 +1,17 @@
 # 2020-01-21: Ansible Input Validation (basic sanity checking for now) to check
-# that /etc/iiab/local_vars.yml *_install and *_enabled variables appear
-# coherent (i.e. defined, have type boolean & with plausible values!)  Stricter
-# validation is needed when roles/playbooks/tasks are later invoked.  Risks
-# abound, but Ansible's inverting logic when boolean vars are accidentally
-# declared as strings is especially dangerous, so it's the main focus below.
+# that *_install and *_enabled variables (as set in places like
+# /etc/iiab/local_vars.yml) appear coherent i.e. (1) are confirmed defined, (2)
+# have type boolean (Ansible often inverts logic when boolean vars are
+# accidentally declared as strings, see below!) and (3) have plausible values.
 
-# "Ansible 2.8+ ADVISORY: avoid warnings by using 'when: var | bool' for
+# Stricter validation is needed later, when roles/playbooks/tasks are invoked
+# by various scripts, possibly bypassing 0-init?  Either way, risks abound :/
+
+# 1. "Ansible 2.8+ ADVISORY: avoid warnings by using 'when: var | bool' for
 # top-level BARE vars (in case they're strings, instead of boolean)"
 # https://github.com/iiab/iiab/issues/1632
 
-# "How Exactly Does Ansible Parse Boolean Variables?"
+# 2. "How Exactly Does Ansible Parse Boolean Variables?"
 # https://stackoverflow.com/questions/47877464/how-exactly-does-ansible-parse-boolean-variables/47877502#47877502
 # ...is very helpful but has it slightly wrong, as Ansible implements only ~18
 # of YAML's 22 definitions of boolean (https://yaml.org/type/bool.html).
@@ -26,7 +28,7 @@
 # casting strings to boolean later on...can make the situation worse!)
 # https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.8.html#bare-variables-in-conditionals
 
-# "How do i fail a task in Ansible if the variable contains a boolean value?
+# 3. "How do i fail a task in Ansible if the variable contains a boolean value?
 # I want to perform input validation for Ansible playbooks"
 # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499