Convert Firewall Template to Variables Pattern (Complete Vertical Slice)

[josecelano]

Parent Epic: #19 - Refactor Ansible Templates to Variables Pattern
Depends On: #105 - Create Variables Template Infrastructure

Overview

Convert the configure-firewall.yml.tera template to a static configure-firewall.yml playbook that loads variables from the centralized variables.yml file. This is a complete vertical slice that includes implementation, cleanup of old code, documentation updates, and full validation.

Goals

• Template Conversion: Convert .tera template to static .yml playbook
• Variables Integration: Add vars_files: [variables.yml] to load centralized variables
• Static Registration: Register playbook in copy_static_templates() method
• AnsibleClient Enhancement: Make generic to accept optional extra arguments
• Call Site Updates: Update all AnsibleClient call sites for new signature
• Cleanup: Remove old firewall renderer/wrapper code (~500 lines)
• Documentation: Update architecture docs, contributing guide, templates README
• Validation: Full test suite, build verification, E2E preparation

🏗️ Architecture Requirements

DDD Layer: Infrastructure (template system) + Adapters (AnsibleClient)

Pattern: Static template copying + Ansible vars_files

Time Estimate

4.5 days - Complete vertical slice (11 phases):

• Phases 1-8: Template conversion and API updates (2.75 days)
• Phase 9: Clean up old architecture (2-3 hours)
• Phase 10: Update documentation (1-2 hours)
• Phase 11: Final integration validation (0.5-1 hour)

Documentation

Full implementation details: docs/issues/19.2-convert-firewall-template-to-static.md

Acceptance Criteria

Template Conversion

• configure-firewall.yml is static (no .tera extension)
• Playbook contains vars_files: [variables.yml]
• Old .tera template deleted

API Updates

• AnsibleClient::run_playbook() accepts extra_args parameter
• All call sites updated to new signature
• Firewall step passes &["-e", "@variables.yml"]

Cleanup (~500 lines removed)

• firewall_playbook.rs renderer deleted (~350 lines)
• wrappers/firewall_playbook/ directory deleted (~150 lines)
• Module exports removed
• No remaining references in codebase

Documentation

• Template system architecture updated
• Contributing templates guide updated
• Templates README updated
• Examples for future developers

Testing & Validation

• Unit tests pass: cargo test
• Config tests pass: cargo run --bin e2e-config-tests
• Linters pass: cargo run --bin linter all
• Build directory structure verified
• Template contents verified

Related

• Parent Epic: EPIC: Refactor Ansible Templates to Variables Pattern #19
• Previous Task: Create Variables Template Infrastructure #105 (must complete first)
• Ansible vars_files Documentation