Skip to content

Tag usage to target resources should prevent argument spec validation for other configurations #1351

Description

@zjleblanc

Is your feature request related to a problem? Please describe.
I often use tags to run ad-hoc configuration application or limit the scope of my job run. I recently encountered a scenario where I used a tag, but any resource with variables defined were triggering argument spec validation. While this does not have a functional impact on the job, it creates unnecessary work and could impact performance when a significant volume of configuration exists. The approach of tags usage is not limited to ad-hoc runs - it can also be a part of pipelines that apply incremental configuration changes.

Describe the solution you'd like
If I apply resource tag(s), then I would expect other roles to be completely skipped (including argument spec validation). The reverse logic should apply when using skip_tags. The current implementation has a dependency on ansible-core which naively does the validation on include_role whilst not caring about applied tags which ultimately skip all tasks in the role. I believe the most elegant fix would happen on the ansible-core side, but it's possible that the collection could overcome existing limitations and implement a fix to prevent the undesirable validations.

Describe alternatives you've considered

  • Structuring repositories / process to enable excluding variables in addition to apply tags (this adds complexity and reduces the value of tags)
  • removing argument spec validation or using ansible.cfg to "turn it off" (not a desirable solution)

Additional context
I had a brief discussion with @djdanielsson about this and understand that it may require work in ansible-core, but wanted to started a discussion with the config-as-code community.

Steps to reproduce

  1. Invoke the dispatch role with a resource tag applied (e.g. --tags credential_types) and ensure the context has other resource variables defined (e.g. controller_credentials: [...])
  2. Observe the argument spec validation task runs for controller_credentials (unexpected)
  3. All tasks in controller_credentials are skipped (expected)
  4. credential_types are applied (expected)

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions