fix #73: Fails late if no secrets defined

sjpb · sjpb · commit 82c1273ca643 · 2023-11-24T13:48:04.000Z
diff --git a/ansible/roles/passwords/tasks/validate.yml b/ansible/roles/passwords/tasks/validate.yml
@@ -0,0 +1,4 @@
+- name: Assert secrets created
+  assert:
+    that: (hostvars[inventory_hostname].keys() | select('contains', 'vault_') | length) > 1 # 1 as may have vault_testuser_password defined in dev
+    fail_msg: "No inventory variables 'vault_*' found: Has ansible/adhoc/generate-passwords.yml been run"
diff --git a/ansible/site.yml b/ansible/site.yml
@@ -9,7 +9,7 @@
   when: hook_path | exists
 
 - import_playbook: validate.yml
-  when: "{{ appliances_validate | default(true) }}"
+  when: appliances_validate | default(true)
 
 - import_playbook: bootstrap.yml
 
diff --git a/ansible/validate.yml b/ansible/validate.yml
@@ -2,6 +2,14 @@
 
 # Fail early if configuration is invalid
 
+- name: Validate secrets created
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - import_role:
+        name: passwords
+        tasks_from: validate.yml
+
 - name: Ensure control node is in inventory
   hosts: all
   gather_facts: false
