[WIP] Excluded certain include_role and include_tasks attributes from post_validate

[egmar]

SUMMARY

Fixes #75240.

This PR makes some of IncludeRole and IncludeTasks attributes to be exempt from post_validate based on value of always_post_validate property and aims to remove unnecessary template validation at include_role or include_tasks task level (not their content). E.g.: when using include_role with a role which has only one task, and if remote_user is templated, then it should not be validated at include_role level, but validated on the tasks inside the included role.

I'm not fully sure this is a complete fix though, hence the WIP/Draft status, as I'm looking for feedback.

ISSUE TYPE

• Bugfix Pull Request

COMPONENT NAME

lib/ansible/playbook/base.py
lib/ansible/playbook/play_context.py

ADDITIONAL INFORMATION

Example playbook/role: https://github.com/egmar/include_role_example/blob/main/validate.yml

Before fix:

/Users/egor/Projects/Development/Github.Public/ansible/venv/bin/python /Users/egor/Projects/Development/Github.Public/ansible/bin/ansible-playbook -i inventories/inventory.yaml -l server1 validate.yml
[WARNING]: You are running the development version of Ansible. You should only
run Ansible from "devel" if you are modifying the Ansible engine, or trying out
features under development. This is a rapidly changing source of code and can
become unstable at any point.

PLAY [test] ********************************************************************

TASK [test] ********************************************************************
fatal: [server1]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'url'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden. Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden"}

TASK [1.1. Error handler] ******************************************************
fatal: [server1]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'url'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden. Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden"}

PLAY RECAP *********************************************************************
server1                    : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=1    ignored=0   


Process finished with exit code 2

After fix:

/Users/egor/Projects/Development/Github.Public/ansible/venv/bin/python /Users/egor/Projects/Development/Github.Public/ansible/bin/ansible-playbook -i inventories/inventory.yaml -l server1 validate.yml
[WARNING]: You are running the development version of Ansible. You should only
run Ansible from "devel" if you are modifying the Ansible engine, or trying out
features under development. This is a rapidly changing source of code and can
become unstable at any point.

PLAY [test] ********************************************************************

TASK [test] ********************************************************************
fatal: [server1]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'url'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden. Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden"}

TASK [1.1. Error handler] ******************************************************

TASK [sample_role : 1.1. Error handler] ****************************************
ok: [server1 -> localhost] => {
    "msg": [
        "Task: test",
        "Ansible Action: setup",
        "Error Message: An unhandled exception occurred while running the lookup plugin 'url'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden. Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden"
    ]
}

TASK [sample_role : 1.2. Run a command on remote to prove post_validate still works here] ***
fatal: [server1]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'url'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden. Received HTTP error for https://ip-ranges.amazonaws.com/ip-ranges.json2 : HTTP Error 403: Forbidden"}

PLAY RECAP *********************************************************************
server1                    : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=1    ignored=0   

[egmar]

After having a look at #75715 I think the correct way to handle this is to use always_post_validate property of each FieldAttribute in PlayContext. Since always_post_validate is defaulting to False in FieldAttribute, it may require explicit definition as in the case of LoopControl in #75715.