How to validate variables contents in Ansible?

Question

ansible-lint only checks the tasks/handlers and doesn't iterate over the variables (e.g. if you're using with_items, it won't iterate over all the items) and yamllint only checks cosmetic issues and is hard to customized with custom rules.

Is there a tool that can validate the actual data in the variables in YAML files before they are fed into Ansible?

Examples:

A given variable cannot contain a specific string
Variable user_ssh_key fed to authorized_keys cannot have a comment
Variable ssh_enabled fed to service module cannot be True
and so on...

Henrik Pingel · Answer 1 · 2022-05-23T06:53:19.287

4

You can use assert and testing-strings to achieve that.

Like so:

- hosts: localhost
  vars:
    variable: 'green'
  tasks:
    - assert:
        that: variable is match("green")
        success_msg: "Variable is green"
        fail_msg: "Variable is not green"

You can

match strings against a substring or a regular expression, use the match, search or regex tests

edited May 23 '22 at 06:53

answered May 19 '22 at 14:25

Henrik Pingel

9,380
2
28
39

1

@Zeitounator Thanks, that is a valid concern. Fixed it and used a non boolean in the example – Henrik Pingel May 23 '22 at 06:54

How to validate variables contents in Ansible?

1 Answers1