From 66785690fa4edf9927e1ed9fd9af6792ca7b9335 Mon Sep 17 00:00:00 2001
From: Markus Linnala <Markus.Linnala@knowit.fi>
Date: Sat, 5 Aug 2023 13:01:19 +0300
Subject: [PATCH] Support inject_facts_as_vars = false

Use facts via ansible_facts only.

Made using:
  git ls-files -z|grep -z yml|xargs -0r sed --follow-symlinks -Ei \
    "s/ansible_(virtualization_type|os_family|distribution\w*)/ansible_facts['\1']/g"
---
 handlers/main.yml                | 10 +++++-----
 tasks/find_ports.yml             |  2 +-
 tasks/install.yml                |  4 ++--
 tasks/install_service.yml        |  6 +++---
 tasks/variables.yml              | 18 +++++++++---------
 tests/tasks/restore.yml          |  4 ++--
 tests/tests_firewall_selinux.yml |  4 ++--
 7 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/handlers/main.yml b/handlers/main.yml
index 1f63c612..8e4633ba 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -6,10 +6,10 @@
     state: reloaded
   when:
     - sshd_allow_reload|bool
-    - ansible_virtualization_type|default(None) not in __sshd_skip_virt_env
+    - ansible_facts['virtualization_type']|default(None) not in __sshd_skip_virt_env
     - ansible_connection != 'chroot'
-    - ansible_os_family != 'AIX'
-    - ansible_os_family != 'OpenWrt'
+    - ansible_facts['os_family'] != 'AIX'
+    - ansible_facts['os_family'] != 'OpenWrt'
   listen: reload_sshd
 
 # sshd on AIX cannot be 'reloaded', it must be Stopped+Started.
@@ -29,7 +29,7 @@
   changed_when: false
   when:
     - sshd_allow_reload|bool
-    - ansible_os_family == 'AIX'
+    - ansible_facts['os_family'] == 'AIX'
 
 # sshd on OpenWrt does not support reloading a service, it has to be restarted instead
 - name: Reload the SSH service (OpenWrt)
@@ -38,5 +38,5 @@
     state: restarted
   when:
     - sshd_allow_reload|bool
-    - ansible_os_family == 'OpenWrt'
+    - ansible_facts['os_family'] == 'OpenWrt'
   listen: reload_sshd
diff --git a/tasks/find_ports.yml b/tasks/find_ports.yml
index 413cdfc5..e243e449 100644
--- a/tasks/find_ports.yml
+++ b/tasks/find_ports.yml
@@ -23,4 +23,4 @@
   when:
     - sshd_manage_firewall | bool or sshd_manage_selinux | bool
     - ansible_facts['os_family'] == 'RedHat'
-    - ansible_virtualization_type|default(None) not in __sshd_skip_virt_env
+    - ansible_facts['virtualization_type']|default(None) not in __sshd_skip_virt_env
diff --git a/tasks/install.yml b/tasks/install.yml
index 22da7174..2012f036 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -130,14 +130,14 @@
         - sshd_manage_firewall | bool
         - ansible_facts['os_family'] == 'RedHat'
         - ansible_facts['distribution_version'] is version('7', '>=')
-        - ansible_virtualization_type|default(None) not in __sshd_skip_virt_env
+        - ansible_facts['virtualization_type']|default(None) not in __sshd_skip_virt_env
 
     - name: Configure selinux
       ansible.builtin.include_tasks: selinux.yml
       when:
         - sshd_manage_selinux | bool
         - ansible_facts['os_family'] == 'RedHat'
-        - ansible_virtualization_type|default(None) not in __sshd_skip_virt_env
+        - ansible_facts['virtualization_type']|default(None) not in __sshd_skip_virt_env
 
     - name: Create the complete configuration file
       ansible.builtin.include_tasks: install_config.yml
diff --git a/tasks/install_service.yml b/tasks/install_service.yml
index caef1a98..310d525a 100644
--- a/tasks/install_service.yml
+++ b/tasks/install_service.yml
@@ -34,7 +34,7 @@
     state: started
   when:
     - sshd_manage_service|bool
-    - ansible_virtualization_type|default(None) not in __sshd_skip_virt_env
+    - ansible_facts['virtualization_type']|default(None) not in __sshd_skip_virt_env
     - ansible_connection != 'chroot'
 
 # Due to ansible bug 21026, cannot use service module on RHEL 7
@@ -42,6 +42,6 @@
   ansible.builtin.command: systemctl enable {{ sshd_service }}  # noqa command-instead-of-module
   when:
     - ansible_connection == 'chroot'
-    - ansible_os_family == 'RedHat'
-    - ansible_distribution_major_version|int >= 7
+    - ansible_facts['os_family'] == 'RedHat'
+    - ansible_facts['distribution_major_version']|int >= 7
   changed_when: true
diff --git a/tasks/variables.yml b/tasks/variables.yml
index c4f597f7..3c263aa6 100644
--- a/tasks/variables.yml
+++ b/tasks/variables.yml
@@ -10,23 +10,23 @@
   vars:
     _distribution_lts_offset: >-
       {{
-        ansible_distribution_major_version | int % 2
-        if ansible_distribution == "Ubuntu"
+        ansible_facts['distribution_major_version'] | int % 2
+        if ansible_facts['distribution'] == "Ubuntu"
         else 0
       }}
     _distribution_lts_version: >-
       {{
-        ansible_distribution_major_version | int -
+        ansible_facts['distribution_major_version'] | int -
         _distribution_lts_offset | int
-        if ansible_distribution == "Ubuntu"
-        else ansible_distribution_version
+        if ansible_facts['distribution'] == "Ubuntu"
+        else ansible_facts['distribution_version']
       }}
     params:
       files:
-        - "{{ ansible_distribution }}_{{ _distribution_lts_version }}.yml"
-        - "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
-        - "{{ ansible_distribution }}.yml"
-        - "{{ ansible_os_family }}.yml"
+        - "{{ ansible_facts['distribution'] }}_{{ _distribution_lts_version }}.yml"
+        - "{{ ansible_facts['os_family'] }}_{{ ansible_facts['distribution_major_version'] }}.yml"
+        - "{{ ansible_facts['distribution'] }}.yml"
+        - "{{ ansible_facts['os_family'] }}.yml"
         - main.yml  # fallback, vars/main.yml is always loaded by Ansible
       paths:
         - "{{ role_path }}/vars"
diff --git a/tests/tasks/restore.yml b/tests/tasks/restore.yml
index 9129ad62..ff475b7f 100644
--- a/tests/tasks/restore.yml
+++ b/tests/tasks/restore.yml
@@ -38,6 +38,6 @@
   changed_when: false
   when:
     - __sshd_test_backup is defined
-    - ansible_virtualization_type|default(None) not in __sshd_skip_virt_env
+    - ansible_facts['virtualization_type']|default(None) not in __sshd_skip_virt_env
     - ansible_connection != 'chroot'
-    - ansible_os_family != 'AIX'
+    - ansible_facts['os_family'] != 'AIX'
diff --git a/tests/tests_firewall_selinux.yml b/tests/tests_firewall_selinux.yml
index f98d9499..850a2de5 100644
--- a/tests/tests_firewall_selinux.yml
+++ b/tests/tests_firewall_selinux.yml
@@ -22,10 +22,10 @@
         sshd_enable: true  # reset to true
         __sshd_test_firewall: "{{ ansible_facts['os_family'] == 'RedHat' and
           ansible_facts['distribution_version'] is version('7', '>=') and
-          ansible_virtualization_type | d(None) not in __sshd_skip_virt_env }}"
+          ansible_facts['virtualization_type'] | d(None) not in __sshd_skip_virt_env }}"
         __sshd_test_selinux: "{{ ansible_facts['os_family'] == 'RedHat' and
           ansible_facts['distribution_version'] is version('6', '>=') and
-          ansible_virtualization_type | d(None) not in __sshd_skip_virt_env }}"
+          ansible_facts['virtualization_type'] | d(None) not in __sshd_skip_virt_env }}"
 
     ##########
     # First test: default port