refactor: handle INJECT_FACTS_AS_VARS=false by using ansible_facts instead

Ansible 2.20 has deprecated the use of Ansible facts as variables.  For
example, `ansible_distribution` is now deprecated in favor of
`ansible_facts["distribution"]`.  This is due to making the default
setting `INJECT_FACTS_AS_VARS=false`.  For now, this will create WARNING
messages, but in Ansible 2.24 it will be an error.

Add the role facts to __firewall_required_facts and __firewall_no_subsets_facts as needed.

See https://docs.ansible.com/projects/ansible/latest/porting_guides/porting_guide_core_2.20.html#inject-facts-as-vars

Signed-off-by: Rich Megginson <rmeggins@redhat.com>

Author: richm

tasks/main.yml

@@ -40,7 +40,7 @@
       selectattr('previous', 'match', '^replaced$') |
       list | length > 0 }}"
     __firewall_python_cmd: "{{ ansible_python_interpreter |
-      d(discovered_interpreter_python) }}"
+      d(ansible_facts['discovered_interpreter_python']) }}"
     __firewall_report_changed: true
 
 - name: Handle previous replaced

tests/tests_ansible.yml

@@ -614,8 +614,8 @@
           register: result
           failed_when: result is failed or result is not changed
           when:
-            - ansible_distribution in ["RedHat", "CentOS", "Fedora"]
-            - ansible_distribution_major_version is version("8", ">=")
+            - ansible_facts["distribution"] in ["RedHat", "CentOS", "Fedora"]
+            - ansible_facts["distribution_major_version"] is version("8", ">=")
 
         - name: Add includes again to check idempotence
           firewall_lib:
@@ -629,8 +629,8 @@
           register: result
           failed_when: result is failed or result is changed
           when:
-            - ansible_distribution in ["RedHat", "CentOS", "Fedora"]
-            - ansible_distribution_major_version is version("8", ">=")
+            - ansible_facts["distribution"] in ["RedHat", "CentOS", "Fedora"]
+            - ansible_facts["distribution_major_version"] is version("8", ">=")
 
         - name: Delete custom service
           firewall_lib:
@@ -665,12 +665,12 @@
               - "aaaa:aaaa:aaaa:aaa:aaaa:aaaa:aaaa::"
             # these two don't exist yet in RHEL 7
             helper_module: "{{ 'nf_conntrack_ftp'
-              if ansible_distribution in ['RedHat', 'CentOS', 'Fedora']
-              and ansible_distribution_major_version is version('8', '>=')
+              if ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Fedora']
+              and ansible_facts['distribution_major_version'] is version('8', '>=')
               else omit }}"
             includes: "{{ ['https', 'ldaps']
-              if ansible_distribution in ['RedHat', 'CentOS', 'Fedora']
-              and ansible_distribution_major_version is version('8', '>=')
+              if ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Fedora']
+              and ansible_facts['distribution_major_version'] is version('8', '>=')
               else omit }}"
             online: "{{ __firewall_is_booted }}"
           register: result
@@ -693,8 +693,8 @@
             that:
               - '"includes: https ldaps" in info.stdout'
               - '"helpers: nf_conntrack_ftp" in info.stdout'
-          when: ansible_distribution in ['RedHat', 'CentOS', 'Fedora']
-                and ansible_distribution_major_version is version('8', '>=')
+          when: ansible_facts["distribution"] in ['RedHat', 'CentOS', 'Fedora']
+                and ansible_facts["distribution_major_version"] is version('8', '>=')
 
         - name: Add helper module that already is on customservice
           firewall_lib:
@@ -705,8 +705,8 @@
             online: "{{ __firewall_is_booted }}"
           register: result
           failed_when: result is failed or result is changed
-          when: ansible_distribution in ['RedHat', 'CentOS', 'Fedora']
-                and ansible_distribution_major_version is version('8', '>=')
+          when: ansible_facts["distribution"] in ['RedHat', 'CentOS', 'Fedora']
+                and ansible_facts["distribution_major_version"] is version('8', '>=')
 
         - name: Forward port 40 to 0.0.0.0:8080 (string)
           firewall_lib:

tests/tests_interface_pci.yml

@@ -15,8 +15,8 @@
       set_fact:
         nftables_backend:
           "{{ true
-            if ansible_distribution in ['RedHat', 'CentOS', 'Fedora']
-            and ansible_distribution_major_version is version('8', '>=')
+            if ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Fedora']
+            and ansible_facts['distribution_major_version'] is version('8', '>=')
             else false }}"
 
     - name: Find ethernet interface

tests/tests_reload_on_reset.yml

@@ -9,8 +9,8 @@
     - name: Test not supported on EL7
       meta: end_host
       when:
-        - ansible_distribution in ['RedHat', 'CentOS']
-        - ansible_distribution_major_version | int < 8
+        - ansible_facts["distribution"] in ['RedHat', 'CentOS']
+        - ansible_facts["distribution_major_version"] | int < 8
   tasks:
     - name: Determine if system is ostree and set flag
       when: not __firewall_is_ostree is defined

tests/tests_service.yml

@@ -70,8 +70,8 @@
                   - 1.1.1.1
                   - 1::1
                 includes: "{{ ['ssh', 'ldaps']
-                  if ansible_distribution in ['RedHat', 'CentOS', 'Fedora']
-                  and ansible_distribution_major_version is version('8', '>=')
+                  if ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Fedora']
+                  and ansible_facts['distribution_major_version'] is version('8', '>=')
                   else [] }}"
                 permanent: true
                 state: present
@@ -93,8 +93,8 @@
                   - 1.1.1.1
                   - 1::1
                 includes: "{{ ['ssh', 'ldaps']
-                  if ansible_distribution in ['RedHat', 'CentOS', 'Fedora']
-                  and ansible_distribution_major_version is version('8', '>=')
+                  if ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Fedora']
+                  and ansible_facts['distribution_major_version'] is version('8', '>=')
                   else [] }}"
                 permanent: true
                 state: present
@@ -127,12 +127,12 @@
                 protocol: icmp
                 # these two don't exist yet in RHEL 7
                 helper_module: "{{ 'ftp'
-                  if ansible_distribution in ['RedHat', 'CentOS', 'Fedora']
-                  and ansible_distribution_major_version is version('8', '>=')
+                  if ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Fedora']
+                  and ansible_facts['distribution_major_version'] is version('8', '>=')
                   else omit }}"
                 includes: "{{ ['ssh', 'ldaps']
-                  if ansible_distribution in ['RedHat', 'CentOS', 'Fedora']
-                  and ansible_distribution_major_version is version('8', '>=')
+                  if ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Fedora']
+                  and ansible_facts['distribution_major_version'] is version('8', '>=')
                   else [] }}"
                 permanent: true
                 state: present
@@ -175,12 +175,12 @@
                 protocol: icmp
                 # these two don't exist yet in RHEL 7
                 helper_module: "{{ 'ftp'
-                  if ansible_distribution in ['RedHat', 'CentOS', 'Fedora']
-                  and ansible_distribution_major_version is version('8', '>=')
+                  if ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Fedora']
+                  and ansible_facts['distribution_major_version'] is version('8', '>=')
                   else omit }}"
                 includes: "{{ ['ssh', 'ldaps']
-                  if ansible_distribution in ['RedHat', 'CentOS', 'Fedora']
-                  and ansible_distribution_major_version is version('8', '>=')
+                  if ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Fedora']
+                  and ansible_facts['distribution_major_version'] is version('8', '>=')
                   else [] }}"
                 permanent: true
                 state: present
@@ -257,12 +257,12 @@
                   - 1::1
                 protocol: icmp
                 helper_module: "{{ 'ftp'
-                  if ansible_distribution in ['RedHat', 'CentOS', 'Fedora']
-                  and ansible_distribution_major_version is version('8', '>=')
+                  if ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Fedora']
+                  and ansible_facts['distribution_major_version'] is version('8', '>=')
                   else omit }}"
                 includes: "{{ ['ssh', 'ldaps']
-                  if ansible_distribution in ['RedHat', 'CentOS', 'Fedora']
-                  and ansible_distribution_major_version is version('8', '>=')
+                  if ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Fedora']
+                  and ansible_facts['distribution_major_version'] is version('8', '>=')
                   else [] }}"
                 permanent: true
                 state: absent
@@ -287,12 +287,12 @@
                   - 1::1
                 protocol: icmp
                 helper_module: "{{ 'ftp'
-                  if ansible_distribution in ['RedHat', 'CentOS', 'Fedora']
-                  and ansible_distribution_major_version is version('8', '>=')
+                  if ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Fedora']
+                  and ansible_facts['distribution_major_version'] is version('8', '>=')
                   else omit }}"
                 includes: "{{ ['ssh', 'ldaps']
-                  if ansible_distribution in ['RedHat', 'CentOS', 'Fedora']
-                  and ansible_distribution_major_version is version('8', '>=')
+                  if ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Fedora']
+                  and ansible_facts['distribution_major_version'] is version('8', '>=')
                   else [] }}"
                 permanent: true
                 state: absent

tests/tests_zone.yml

@@ -5,9 +5,9 @@
   gather_facts: true
   tasks:
     - name: Test firewalld zones
-      when: ansible_distribution == "Fedora" or
-        ((ansible_distribution == "CentOS" or ansible_distribution == "RedHat")
-        and ansible_distribution_major_version | int >= 7)
+      when: ansible_facts["distribution"] == "Fedora" or
+        ((ansible_facts["distribution"] == "CentOS" or ansible_facts["distribution"] == "RedHat")
+        and ansible_facts["distribution_major_version"] | int >= 7)
       block:
 
         # INIT TEST

tests/vars/rh_distros_vars.yml

@@ -14,7 +14,7 @@ __firewall_rh_distros:
 __firewall_rh_distros_fedora: "{{ __firewall_rh_distros + ['Fedora'] }}"
 
 # Use this in conditionals to check if distro is Red Hat or clone
-__firewall_is_rh_distro: "{{ ansible_distribution in __firewall_rh_distros }}"
+__firewall_is_rh_distro: "{{ ansible_facts['distribution'] in __firewall_rh_distros }}"
 
 # Use this in conditionals to check if distro is Red Hat or clone, or Fedora
-__firewall_is_rh_distro_fedora: "{{ ansible_distribution in __firewall_rh_distros_fedora }}"
+__firewall_is_rh_distro_fedora: "{{ ansible_facts['distribution'] in __firewall_rh_distros_fedora }}"

vars/main.yml

@@ -5,14 +5,20 @@ __firewall_usr_lib_dir: /usr/lib/firewalld
 
 # ansible_facts required by the role
 __firewall_required_facts:
+  - discovered_interpreter_python
+  - distribution_major_version
+  - distribution
   - python_version
   - service_mgr
 
+__firewall_no_subsets_facts:
+  - discovered_interpreter_python
+
 # the subsets of ansible_facts that need to be gathered in case any of the
 # facts in required_facts is missing; see the documentation of
 # the 'gather_subset' parameter of the 'setup' module
 __firewall_required_facts_subsets: "{{ ['!all', '!min'] +
-  __firewall_required_facts }}"
+  __firewall_required_facts | difference(__firewall_no_subsets_facts) }}"
 
 __firewall_packages_base: [firewalld]
 
@@ -42,8 +48,8 @@ __firewall_rh_distros:
 __firewall_rh_distros_fedora: "{{ __firewall_rh_distros + ['Fedora'] }}"
 
 # Use this in conditionals to check if distro is Red Hat or clone
-__firewall_is_rh_distro: "{{ ansible_distribution in __firewall_rh_distros }}"
+__firewall_is_rh_distro: "{{ ansible_facts['distribution'] in __firewall_rh_distros }}"
 
 # Use this in conditionals to check if distro is Red Hat or clone, or Fedora
-__firewall_is_rh_distro_fedora: "{{ ansible_distribution in __firewall_rh_distros_fedora }}"
+__firewall_is_rh_distro_fedora: "{{ ansible_facts['distribution'] in __firewall_rh_distros_fedora }}"
 # END - DO NOT EDIT THIS BLOCK - rh distros variables