test: ensure role gathers the facts it uses by having test clear_facts before include_role

The role gathers the facts it uses.  For example, if the user uses
`ANSIBLE_GATHERING=explicit`, the role uses the `setup` module with the
facts and subsets it requires.

This change allows us to test this.  Before every role invocation, the test
will use `meta: clear_facts` so that the role starts with no facts.

Create a task file tests/tasks/run_role_with_clear_facts.yml to do the tasks
to clear the facts and run the role.  Note that this means we don't need to
use `gather_facts` for the tests.

Some vars defined using `ansible_facts` have been changed to be defined with
`set_fact` instead.  This is because of the fact that `vars` are lazily
evaluated - the var might be referenced when the facts have been cleared, and
will issue an error like `ansible_facts["distribution"] is undefined`.  This is
typically done for blocks that have a `when` condition that uses `ansible_facts`
and the block has a role invocation using run_role_with_clear_facts.yml
These have been rewritten to define the `when` condition using `set_fact`.  This
is because the `when` condition is evaluated every time a task is invoked in the
block, and if the facts are cleared, this will raise an undefined variable error.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>

Author: richm

tests/tasks/run_role_with_clear_facts.yml

@@ -0,0 +1,37 @@
+---
+# Task file: clear_facts, run linux-system-roles.sudo.
+# Include this with include_tasks or import_tasks
+# Input:
+# - __sr_tasks_from: tasks_from to run - same as tasks_from in include_role
+# - __sr_public: export private vars from role - same as public in include_role
+# - __sr_failed_when: set to false to ignore role errors - same as failed_when in include_role
+- name: Clear facts
+  meta: clear_facts
+
+# note that you can use failed_when with import_role but not with include_role
+# so this simulates the __sr_failed_when false case
+# Q: Why do we need a separate task to run the role normally?  Why not just
+# run the role in the block and rethrow the error in the rescue block?
+# A: Because you cannot rethrow the error in exactly the same way as the role does.
+# It might be possible to exactly reconstruct ansible_failed_result but it's not worth the effort.
+- name: Run the role with __sr_failed_when false
+  when:
+    - __sr_failed_when is defined
+    - not __sr_failed_when
+  block:
+    - name: Run the role
+      include_role:
+        name: linux-system-roles.sudo
+        tasks_from: "{{ __sr_tasks_from | default('main') }}"
+        public: "{{ __sr_public | default(false) }}"
+  rescue:
+    - name: Ignore the failure when __sr_failed_when is false
+      debug:
+        msg: Ignoring failure when __sr_failed_when is false
+
+- name: Run the role normally
+  include_role:
+    name: linux-system-roles.sudo
+    tasks_from: "{{ __sr_tasks_from | default('main') }}"
+    public: "{{ __sr_public | default(false) }}"
+  when: __sr_failed_when | d(true)

tests/tests_check_if_configured.yml

@@ -2,7 +2,6 @@
 ---
 - name: Ensure that the role runs with default parameters
   hosts: all
-  gather_facts: false  # test that role works in this case
   tasks:
     - name: Run tests
       block:
@@ -32,8 +31,7 @@
           changed_when: true
 
         - name: Run the role
-          include_role:
-            name: linux-system-roles.sudo
+          include_tasks: tasks/run_role_with_clear_facts.yml
           vars:
             sudo_check_if_configured: true
 

tests/tests_default.yml

@@ -2,7 +2,6 @@
 ---
 - name: Ensure that the role runs with default parameters
   hosts: all
-  gather_facts: false  # test that role works in this case
   tasks:
     - name: Run tests
       block:
@@ -11,8 +10,7 @@
           when: not __bootc_validation | d(false)
 
         - name: Run the role
-          include_role:
-            name: linux-system-roles.sudo
+          include_tasks: tasks/run_role_with_clear_facts.yml
           vars:
             sudo_check_if_configured: false
           when: not __bootc_validation | d(false)

tests/tests_include_vars_from_parent.yml

@@ -1,7 +1,6 @@
 ---
 - name: Test role include variable override
   hosts: all
-  gather_facts: true
   tasks:
     - name: Run tests
       block:

tests/tests_large_configuration.yml

@@ -8,8 +8,7 @@
           include_tasks: tasks/setup.yml
 
         - name: Run the role
-          include_role:
-            name: linux-system-roles.sudo
+          include_tasks: tasks/run_role_with_clear_facts.yml
           vars:
             sudo_rewrite_default_sudoers_file: true
             sudo_remove_unauthorized_included_files: true

tests/tests_multiple_sudoers.yml

@@ -8,8 +8,7 @@
           include_tasks: tasks/setup.yml
 
         - name: Run the role
-          include_role:
-            name: linux-system-roles.sudo
+          include_tasks: tasks/run_role_with_clear_facts.yml
           vars:
             sudo_rewrite_default_sudoers_file: true
             sudo_remove_unauthorized_included_files: true

tests/tests_role_applied.yml

@@ -8,8 +8,7 @@
           include_tasks: tasks/setup.yml
 
         - name: Run the role
-          include_role:
-            name: linux-system-roles.sudo
+          include_tasks: tasks/run_role_with_clear_facts.yml
           vars:
             sudo_rewrite_default_sudoers_file: true
             sudo_remove_unauthorized_included_files: true

tests/tests_scan_sudoers.yml

@@ -2,7 +2,6 @@
 ---
 - name: Ensure that the role can parse existing sudoers
   hosts: all
-  gather_facts: false  # test that role works in this case
   vars:
     alias_values:
       Cmnd_Alias:
@@ -55,8 +54,7 @@
             mode: preserve
 
         - name: Run the role
-          include_role:
-            name: linux-system-roles.sudo
+          include_tasks: tasks/run_role_with_clear_facts.yml
           vars:
             sudo_rewrite_default_sudoers_file: true
             sudo_remove_unauthorized_included_files: true

tests/unit/test_scan_sudoers.py

@@ -5,7 +5,6 @@
 #
 """Unit tests for the scan_sudoers module"""
 
-
 from __future__ import absolute_import, division, print_function
 
 __metaclass__ = type