external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Update 0-init/tasks/validate_vars.yml

Browse source
This commit is contained in:
A Holt 2020-01-21 16:40:11 -05:00 committed by GitHub
parent 94b465d467
commit ab3a070a89
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

18
roles/0-init/tasks/validate_vars.yml
View file

@ -1,15 +1,17 @@
# 2020-01-21: Ansible Input Validation (basic sanity checking for now) to check
# that /etc/iiab/local_vars.yml *_install and *_enabled variables appear
# coherent (i.e. defined, have type boolean & with plausible values!) Stricter
# validation is needed when roles/playbooks/tasks are later invoked. Risks
# abound, but Ansible's inverting logic when boolean vars are accidentally
# declared as strings is especially dangerous, so it's the main focus below.
# that *_install and *_enabled variables (as set in places like
# /etc/iiab/local_vars.yml) appear coherent i.e. (1) are confirmed defined, (2)
# have type boolean (Ansible often inverts logic when boolean vars are
# accidentally declared as strings, see below!) and (3) have plausible values.
# "Ansible 2.8+ ADVISORY: avoid warnings by using 'when: var | bool' for
# Stricter validation is needed later, when roles/playbooks/tasks are invoked
# by various scripts, possibly bypassing 0-init? Either way, risks abound :/
# 1. "Ansible 2.8+ ADVISORY: avoid warnings by using 'when: var | bool' for
# top-level BARE vars (in case they're strings, instead of boolean)"
# https://github.com/iiab/iiab/issues/1632
# "How Exactly Does Ansible Parse Boolean Variables?"
# 2. "How Exactly Does Ansible Parse Boolean Variables?"
# https://stackoverflow.com/questions/47877464/how-exactly-does-ansible-parse-boolean-variables/47877502#47877502
# ...is very helpful but has it slightly wrong, as Ansible implements only ~18
# of YAML's 22 definitions of boolean (https://yaml.org/type/bool.html).
@ -26,7 +28,7 @@
# casting strings to boolean later on...can make the situation worse!)
# https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.8.html#bare-variables-in-conditionals
# "How do i fail a task in Ansible if the variable contains a boolean value?
# 3. "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499