Skip to content

Convert firewall template to centralized variables pattern #110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Nov 3, 2025
Merged

Convert firewall template to centralized variables pattern #110

merged 7 commits into from
Nov 3, 2025

Conversation

Copy link
Contributor

Copilot AI commented Nov 3, 2025
edited
Loading

✅ Complete Vertical Slice: Convert Firewall Template to Variables Pattern

This PR successfully implements a complete vertical slice to convert the configure-firewall.yml.tera template to use the centralized variables pattern, following issue #106 specification.

🎯 All Phases Complete

  • Phase 1: Convert template file to static with vars_files
  • Phase 2: Register static template in copy_static_templates()
  • Phase 3: Update AnsibleClient signature to accept extra_args
  • Phase 4: Update all AnsibleClient call sites
  • Phase 5: Update ConfigureFirewallStep to use variables file
  • Phase 6: Remove old firewall template rendering
  • Phase 7: Delete old .tera template file
  • Phase 8: Clean up firewall renderer/wrapper code (~675 lines removed)
  • Phase 9: Update documentation
  • Phase 10: Final validation (tests, linters, build verification)
  • Fix doctest failure

📋 Changes Summary

Template Conversion

  • ✅ Created static configure-firewall.yml (no .tera extension)
  • ✅ Added vars_files: [variables.yml] directive to playbook
  • ✅ Fixed variable syntax: {{ssh_port}}{{ ssh_port }} (proper spacing)
  • ✅ Deleted old configure-firewall.yml.tera

API Updates

  • ✅ Updated AnsibleClient::run_playbook() signature to accept extra_args: &[&str]
  • ✅ Updated all 5 call sites for backward compatibility
  • ✅ Added comprehensive rustdoc with examples
  • ✅ Fixed doctest to use no_run attribute (prevents ansible-playbook requirement in CI)

Static Registration

  • ✅ Added configure-firewall.yml to static playbooks list in copy_static_templates()
  • ✅ Updated file count in debug log: 6 → 7

Rendering Cleanup

  • ✅ Removed firewall_playbook_renderer field from AnsibleTemplateRenderer
  • ✅ Removed renderer initialization in constructor
  • ✅ Removed firewall rendering call from render() method
  • ✅ Removed create_firewall_context() helper method
  • ✅ Removed FirewallPlaybookRenderingFailed error variant
  • ✅ Removed FirewallPlaybookTemplateRenderer from public exports

Code Cleanup (~675 lines removed)

  • ✅ Deleted src/infrastructure/external_tools/ansible/template/renderer/firewall_playbook.rs (347 lines)
  • ✅ Deleted src/infrastructure/external_tools/ansible/template/wrappers/firewall_playbook/ directory (328 lines)
  • ✅ Removed module exports from wrappers/mod.rs
  • ✅ Removed module exports from renderer/mod.rs
  • ✅ Verified zero remaining references in codebase

Documentation Updates

  • ✅ Updated docs/technical/template-system-architecture.md
  • ✅ Updated docs/contributing/templates.md
  • ✅ Updated templates/ansible/README.md

✅ Validation Complete

Tests:

  • ✅ All unit tests pass: cargo test (1065 tests, 0 failures)
  • ✅ All doc tests pass: cargo test --doc (233 tests, 0 failures)
  • ✅ Build succeeds: cargo build --release

Linters:

  • ✅ All linters pass: cargo run --bin linter all
  • ✅ No unused dependencies: cargo machete

Template Verification:

  • ✅ Static configure-firewall.yml copied to build directory
  • ✅ Playbook contains vars_files: [variables.yml]
  • variables.yml generated with correct SSH port

📊 Impact

  • Net change: +184 insertions, -765 deletions
  • Complexity reduced: No per-playbook renderer/wrapper/context needed
  • Pattern established: Future playbooks can follow this simpler approach
  • Maintainability improved: Centralized variable management
Original prompt

This section details on the original issue you should resolve

<issue_title>Convert Firewall Template to Variables Pattern (Complete Vertical Slice)</issue_title>
<issue_description>Parent Epic: #19 - Refactor Ansible Templates to Variables Pattern
Depends On: #105 - Create Variables Template Infrastructure

Overview

Convert the configure-firewall.yml.tera template to a static configure-firewall.yml playbook that loads variables from the centralized variables.yml file. This is a complete vertical slice that includes implementation, cleanup of old code, documentation updates, and full validation.

Goals

  • Template Conversion: Convert .tera template to static .yml playbook
  • Variables Integration: Add vars_files: [variables.yml] to load centralized variables
  • Static Registration: Register playbook in copy_static_templates() method
  • AnsibleClient Enhancement: Make generic to accept optional extra arguments
  • Call Site Updates: Update all AnsibleClient call sites for new signature
  • Cleanup: Remove old firewall renderer/wrapper code (~500 lines)
  • Documentation: Update architecture docs, contributing guide, templates README
  • Validation: Full test suite, build verification, E2E preparation

🏗️ Architecture Requirements

DDD Layer: Infrastructure (template system) + Adapters (AnsibleClient)

Pattern: Static template copying + Ansible vars_files

Time Estimate

4.5 days - Complete vertical slice (11 phases):

  • Phases 1-8: Template conversion and API updates (2.75 days)
  • Phase 9: Clean up old architecture (2-3 hours)
  • Phase 10: Update documentation (1-2 hours)
  • Phase 11: Final integration validation (0.5-1 hour)

Documentation

Full implementation details: docs/issues/19.2-convert-firewall-template-to-static.md

Acceptance Criteria

Template Conversion

  • configure-firewall.yml is static (no .tera extension)
  • Playbook contains vars_files: [variables.yml]
  • Old .tera template deleted

API Updates

  • AnsibleClient::run_playbook() accepts extra_args parameter
  • All call sites updated to new signature
  • Firewall step passes &["-e", "@variables.yml"]

Cleanup (~500 lines removed)

  • firewall_playbook.rs renderer deleted (~350 lines)
  • wrappers/firewall_playbook/ directory deleted (~150 lines)
  • Module exports removed
  • No remaining references in codebase

Documentation

  • Template system architecture updated
  • Contributing templates guide updated
  • Templates README updated
  • Examples for future developers

Testing & Validation

  • Unit tests pass: cargo test
  • Config tests pass: cargo run --bin e2e-config-tests
  • Linters pass: cargo run --bin linter all
  • Build directory structure verified
  • Template contents verified

Related

Comments on the Issue (you are @copilot in this section)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI changed the title [WIP] Convert Firewall Template to Variables Pattern (Complete Vertical Slice) Convert firewall template to centralized variables pattern Nov 3, 2025
Copilot AI requested a review from josecelano November 3, 2025 10:48
Copilot finished work on behalf of josecelano November 3, 2025 10:48
josecelano
josecelano requested changes Nov 3, 2025
View reviewed changes
Copy link
Member

@josecelano josecelano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot, the "testing" workflow is failing:

test src/testing/mock_clock.rs - testing::mock_clock::MockClock::set_time (line 122) ... ok

failures:

---- src/adapters/ansible/mod.rs - adapters::ansible::AnsibleClient::run_playbook (line 69) stdout ----
Test executable failed (exit status: 101).

stderr:

thread 'main' (2653) panicked at src/adapters/ansible/mod.rs:8:44:
called `Result::unwrap()` on an `Err` value: StartupFailed { command: "ansible-playbook -v install-docker.yml", source: Os { code: 2, kind: NotFound, message: "No such file or directory" } }
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace



failures:
    src/adapters/ansible/mod.rs - adapters::ansible::AnsibleClient::run_playbook (line 69)

test result: FAILED. 232 passed; 1 failed; 5 ignored; 0 measured; 0 filtered out; finished in 51.23s

error: doctest failed, to rerun pass `-p torrust-tracker-deployer --doc`
Error: Process completed with exit code 101.

Some doc test are failing, tun doc tests with and fix them

cargo test --doc --workspace

Copy link
Contributor Author

Copilot AI commented Nov 3, 2025

@copilot, the "testing" workflow is failing:

Fixed in commit 73845dc. The doctest example in AnsibleClient::run_playbook() was calling .unwrap() which failed when ansible-playbook is not installed in the CI environment. Added no_run attribute to the doctest to prevent it from executing while still validating the code compiles.

All doc tests now pass:

cargo test --doc --workspace
test result: ok. 233 passed; 0 failed; 5 ignored

Copilot finished work on behalf of josecelano November 3, 2025 12:30
Copilot AI requested a review from josecelano November 3, 2025 12:30
josecelano
josecelano approved these changes Nov 3, 2025
View reviewed changes
Copy link
Member

@josecelano josecelano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 73845dc

@josecelano josecelano merged commit d059cc9 into main Nov 3, 2025
51 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@josecelano josecelano josecelano approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@josecelano josecelano

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Convert Firewall Template to Variables Pattern (Complete Vertical Slice)

2 participants

@josecelano