From 4540a7482bbab9af8060f4db651f8a54a443e6bf Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Fri, 20 Mar 2026 13:10:11 -0600
Subject: [PATCH] test: ensure role gathers the facts it uses by having test
 clear_facts before include_role

The role gathers the facts it uses.  For example, if the user uses
`ANSIBLE_GATHERING=explicit`, the role uses the `setup` module with the
facts and subsets it requires.

This change allows us to test this.  Before every role invocation, the test
will use `meta: clear_facts` so that the role starts with no facts.

Create a task file tests/tasks/run_role_with_clear_facts.yml to do the tasks
to clear the facts and run the role.  Note that this means we don't need to
use `gather_facts` for the tests.

Some vars defined using `ansible_facts` have been changed to be defined with
`set_fact` instead.  This is because of the fact that `vars` are lazily
evaluated - the var might be referenced when the facts have been cleared, and
will issue an error like `ansible_facts["distribution"] is undefined`.  This is
typically done for blocks that have a `when` condition that uses `ansible_facts`
and the block has a role invocation using run_role_with_clear_facts.yml
These have been rewritten to define the `when` condition using `set_fact`.  This
is because the `when` condition is evaluated every time a task is invoked in the
block, and if the facts are cleared, this will raise an undefined variable error.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
---
 README.md                                     |  7 ++--
 examples/simple.yml                           |  8 ++--
 .../defaults                                  |  0
 .../handlers                                  |  0
 .../meta                                      |  0
 .../tasks                                     |  0
 .../templates                                 |  0
 .../vars                                      |  0
 tests/setup-snapshot.yml                      |  4 +-
 tests/tasks/run_role_with_clear_facts.yml     | 37 +++++++++++++++++++
 tests/tests_default.yml                       |  6 +--
 tests/tests_include_vars_from_parent.yml      |  3 +-
 12 files changed, 50 insertions(+), 15 deletions(-)
 rename tests/roles/{linux-system-roles.template => linux-system-roles.trustee_attestation_server}/defaults (100%)
 rename tests/roles/{linux-system-roles.template => linux-system-roles.trustee_attestation_server}/handlers (100%)
 rename tests/roles/{linux-system-roles.template => linux-system-roles.trustee_attestation_server}/meta (100%)
 rename tests/roles/{linux-system-roles.template => linux-system-roles.trustee_attestation_server}/tasks (100%)
 rename tests/roles/{linux-system-roles.template => linux-system-roles.trustee_attestation_server}/templates (100%)
 rename tests/roles/{linux-system-roles.template => linux-system-roles.trustee_attestation_server}/vars (100%)
 create mode 100644 tests/tasks/run_role_with_clear_facts.yml

diff --git a/README.md b/README.md
index 0e7803c..2d5d2c6 100644
--- a/README.md
+++ b/README.md
@@ -1,11 +1,10 @@
-# Role Name
+# trustee_attestation_server
 
 [![ansible-lint.yml](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/ansible-lint.yml) [![ansible-test.yml](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/ansible-test.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/ansible-test.yml) [![codespell.yml](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/codespell.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/codespell.yml) [![markdownlint.yml](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/markdownlint.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/markdownlint.yml) [![qemu-kvm-integration-tests.yml](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/qemu-kvm-integration-tests.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/qemu-kvm-integration-tests.yml) [![shellcheck.yml](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/shellcheck.yml) [![tft.yml](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/tft.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/tft.yml) [![tft_citest_bad.yml](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/tft_citest_bad.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/tft_citest_bad.yml) [![woke.yml](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/woke.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_server/actions/workflows/woke.yml)
 
-![template](https://github.com/linux-system-roles/template/workflows/tox/badge.svg)
+![trustee_attestation_server](https://github.com/linux-system-roles/trustee_attestation_server/workflows/tox/badge.svg)
 
-A template for an ansible role that configures some GNU/Linux subsystem or
-service. A brief description of the role goes here.
+An Ansible role that manages trustee attestation servers.
 
 ## Requirements
 
diff --git a/examples/simple.yml b/examples/simple.yml
index 4f1456e..79d0610 100644
--- a/examples/simple.yml
+++ b/examples/simple.yml
@@ -1,9 +1,9 @@
 # SPDX-License-Identifier: MIT
 ---
-- name: Example template role invocation
+- name: Example trustee_attestation_server role invocation
   hosts: all
   vars:
-    template_foo: example variable value
-    template_bar: false
+    trustee_attestation_server_foo: example variable value
+    trustee_attestation_server_bar: false
   roles:
-    - linux-system-roles.template
+    - linux-system-roles.trustee_attestation_server
diff --git a/tests/roles/linux-system-roles.template/defaults b/tests/roles/linux-system-roles.trustee_attestation_server/defaults
similarity index 100%
rename from tests/roles/linux-system-roles.template/defaults
rename to tests/roles/linux-system-roles.trustee_attestation_server/defaults
diff --git a/tests/roles/linux-system-roles.template/handlers b/tests/roles/linux-system-roles.trustee_attestation_server/handlers
similarity index 100%
rename from tests/roles/linux-system-roles.template/handlers
rename to tests/roles/linux-system-roles.trustee_attestation_server/handlers
diff --git a/tests/roles/linux-system-roles.template/meta b/tests/roles/linux-system-roles.trustee_attestation_server/meta
similarity index 100%
rename from tests/roles/linux-system-roles.template/meta
rename to tests/roles/linux-system-roles.trustee_attestation_server/meta
diff --git a/tests/roles/linux-system-roles.template/tasks b/tests/roles/linux-system-roles.trustee_attestation_server/tasks
similarity index 100%
rename from tests/roles/linux-system-roles.template/tasks
rename to tests/roles/linux-system-roles.trustee_attestation_server/tasks
diff --git a/tests/roles/linux-system-roles.template/templates b/tests/roles/linux-system-roles.trustee_attestation_server/templates
similarity index 100%
rename from tests/roles/linux-system-roles.template/templates
rename to tests/roles/linux-system-roles.trustee_attestation_server/templates
diff --git a/tests/roles/linux-system-roles.template/vars b/tests/roles/linux-system-roles.trustee_attestation_server/vars
similarity index 100%
rename from tests/roles/linux-system-roles.template/vars
rename to tests/roles/linux-system-roles.trustee_attestation_server/vars
diff --git a/tests/setup-snapshot.yml b/tests/setup-snapshot.yml
index a7704df..c517c5f 100644
--- a/tests/setup-snapshot.yml
+++ b/tests/setup-snapshot.yml
@@ -4,11 +4,11 @@
   tasks:
     - name: Set platform/version specific variables
       include_role:
-        name: linux-system-roles.template
+        name: linux-system-roles.trustee_attestation_server
         tasks_from: set_vars.yml
         public: true
 
     - name: Install test packages
       package:
-        name: "{{ __template_packages }}"
+        name: "{{ __trustee_attestation_server_packages }}"
         state: present
diff --git a/tests/tasks/run_role_with_clear_facts.yml b/tests/tasks/run_role_with_clear_facts.yml
new file mode 100644
index 0000000..45b49e4
--- /dev/null
+++ b/tests/tasks/run_role_with_clear_facts.yml
@@ -0,0 +1,37 @@
+---
+# Task file: clear_facts, run linux-system-roles.trustee_attestation_server.
+# Include this with include_tasks or import_tasks
+# Input:
+# - __sr_tasks_from: tasks_from to run - same as tasks_from in include_role
+# - __sr_public: export private vars from role - same as public in include_role
+# - __sr_failed_when: set to false to ignore role errors - same as failed_when in include_role
+- name: Clear facts
+  meta: clear_facts
+
+# note that you can use failed_when with import_role but not with include_role
+# so this simulates the __sr_failed_when false case
+# Q: Why do we need a separate task to run the role normally?  Why not just
+# run the role in the block and rethrow the error in the rescue block?
+# A: Because you cannot rethrow the error in exactly the same way as the role does.
+# It might be possible to exactly reconstruct ansible_failed_result but it's not worth the effort.
+- name: Run the role with __sr_failed_when false
+  when:
+    - __sr_failed_when is defined
+    - not __sr_failed_when
+  block:
+    - name: Run the role
+      include_role:
+        name: linux-system-roles.trustee_attestation_server
+        tasks_from: "{{ __sr_tasks_from | default('main') }}"
+        public: "{{ __sr_public | default(false) }}"
+  rescue:
+    - name: Ignore the failure when __sr_failed_when is false
+      debug:
+        msg: Ignoring failure when __sr_failed_when is false
+
+- name: Run the role normally
+  include_role:
+    name: linux-system-roles.trustee_attestation_server
+    tasks_from: "{{ __sr_tasks_from | default('main') }}"
+    public: "{{ __sr_public | default(false) }}"
+  when: __sr_failed_when | d(true)
diff --git a/tests/tests_default.yml b/tests/tests_default.yml
index 4457422..433209a 100644
--- a/tests/tests_default.yml
+++ b/tests/tests_default.yml
@@ -2,10 +2,10 @@
 ---
 - name: Ensure that the role runs with default parameters
   hosts: all
-  gather_facts: false  # test that role works in this case
-  roles:
-    - linux-system-roles.template
   tasks:
+    - name: Run the role
+      include_tasks: tasks/run_role_with_clear_facts.yml
+
     - name: Check header for ansible_managed, fingerprint
       include_tasks: tasks/check_header.yml
       vars:
diff --git a/tests/tests_include_vars_from_parent.yml b/tests/tests_include_vars_from_parent.yml
index 02b7831..348fdce 100644
--- a/tests/tests_include_vars_from_parent.yml
+++ b/tests/tests_include_vars_from_parent.yml
@@ -1,7 +1,6 @@
 ---
 - name: Test role include variable override
   hosts: all
-  gather_facts: true
   tasks:
     - name: Create var file in caller that can override the one in called role
       delegate_to: localhost
@@ -44,7 +43,7 @@
       import_role:
         name: caller
       vars:
-        roletoinclude: linux-system-roles.template
+        roletoinclude: linux-system-roles.trustee_attestation_server
 
     - name: Cleanup
       file: