Useability is not good

Posted Dec 18, 2025 12:09 UTC (Thu) by mbunkus (subscriber, #87248)
In reply to: Useability is not good by taladar
Parent article: Conill: Rethinking sudo with object capabilities

100% agree. I really hated that back when I was still using SaltStack. In SaltStack, unlike Ansible, the templating happens on the "whole file" level of the YAML rules/roles, meaning it'll be interleaved with regular YAML stuff — often completely breaking formatting, linting etc., as you said.

For example, in SaltStack you could do something like this to distribute two files:

{% set file_list = [ 'vimrc', 'bashrc' ] %}
{% for item in file_list %}
/etc/{{ item }}:
  file.managed:
    - source: salt://{{ item }}
{% endfor %}

In Ansible templating can only be used in YAML values, though, meaning they're always part of a YAML string. In order to provide basic loops & conditions Ansible itself has special hash keys it recognizes, evaluating the template code in the corresponding values & making the decision based on it. For example:

- ansible.builtin.file:
    src: "files/{{ item }}"
    dest: "/etc/
  loop: "{{ file_list }}"
  vars:
    file_list: [ 'vimrc', 'bashrc' ]

Whole-file is obviously much more powerful as you have a Turing-complete templating language at your disposal, but dealing with all but the simplest cases becomes a real pain.