Force FDW defaults to use undef for things that need inputs

[evgeni]

Why are you introducing these changes? (Problem description, related links)

Don't rely on a doc string, fail if no input was given.

What are the changes introduced in this pull request?

• Updated defaults

How to test this pull request

Steps to reproduce:

• CI will ensure the deployment still works, the change just ensures the defaults are never used verbatim

Checklist

• Tests added/updated (if applicable)
• Documentation updated (if applicable)

[evgeni]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Walkthrough

This PR updates src/roles/iop_fdw/defaults/main.yaml to enforce mandatory FDW configuration by replacing empty-string defaults with Jinja2 undef(hint='...') template placeholders. Six variables—local and remote FDW database name, user, and password—now require explicit values during template evaluation, failing fast with user-friendly hint messages if omitted. Optional host and port defaults remain unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: updating FDW defaults to use undef() for mandatory inputs instead of empty strings.
Description check	✅ Passed	The description explains the motivation (fail if no input given), describes the changes (updated defaults), and provides testing approach, all related to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fdw-defaults

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/roles/iop_fdw/defaults/main.yaml`:
- Line 5: The default variable iop_fdw_database_password in the iop_fdw role is
defined but never used; either remove this unused default or wire it into the
role's FDW/user creation tasks/templates. To fix: search the iop_fdw role for
places that create FDW users or SQL templates (tasks, templates, handlers) and
either (a) add usage of iop_fdw_database_password when creating the FDW DB
user/password in the relevant task/template, or (b) delete the
iop_fdw_database_password entry from defaults/main.yaml and, if needed, any
references in role docs/vars so there’s no undefined/unused var. Ensure the
chosen fix updates any related variable names (e.g., FDW user creation task,
template that renders user/password) and tests/playbooks that expect the
variable.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: bdd53ffc-25ee-4f4d-8825-f6726cef097d

📥 Commits

Reviewing files that changed from the base of the PR and between 8561643 and 5288f9d.

📒 Files selected for processing (1)

• src/roles/iop_fdw/defaults/main.yaml

[ehelms]

This feels like a pattern we should enforce? I wonder if an Ansible lint rule is possible.

[evgeni]

What would the rule be? "There are no role defaults that are empty strings or null (foo_bar: )

[ehelms]

What would the rule be? "There are no role defaults that are empty strings or null (foo_bar: )

Yea. And use that hint technique you are applying. Sounds like a good practice?

[evgeni]

What would the rule be? "There are no role defaults that are empty strings or null (foo_bar: )

Yea. And use that hint technique you are applying. Sounds like a good practice?

#526