argsplat warning for add users task

[sjpb]

TASK [Add users] **************************************************************************************************************************************************************************************
[WARNING]: Using a variable for a task's 'args' is unsafe in some situations (see https://docs.ansible.com/ansible/devel/reference_appendices/faq.html#argsplat-unsafe)
[WARNING]: Using a variable for a task's 'args' is unsafe in some situations (see https://docs.ansible.com/ansible/devel/reference_appendices/faq.html#argsplat-unsafe)
[WARNING]: Using a variable for a task's 'args' is unsafe in some situations (see https://docs.ansible.com/ansible/devel/reference_appendices/faq.html#argsplat-unsafe)
[WARNING]: Using a variable for a task's 'args' is unsafe in some situations (see https://docs.ansible.com/ansible/devel/reference_appendices/faq.html#argsplat-unsafe)
ok: [nrel-compute-1] => (item={'name': 'podman', 'comment': 'Used for running all containers', 'home': '/var/lib/podman'})
ok: [nrel-login-0] => (item={'name': 'podman', 'comment': 'Used for running all containers', 'home': '/var/lib/podman'})
ok: [nrel-compute-0] => (item={'name': 'podman', 'comment': 'Used for running all containers', 'home': '/var/lib/podman'})
ok: [nrel-control] => (item={'name': 'podman', 'comment': 'Used for running all containers', 'home': '/var/lib/podman'})

[jovial]

I think this is safe as we aren't using ansible_facts which can be overridden by a malicious host. If this is true for the dictionary, it would also be true for individual module arguments, so a refactoring like:

module:
   arg1: "{{ my_arg1 | default(omit) }}"

is not really much better.

Might be nice to disable injecting facts (which seems like it is asking for trouble) and just always use them via ansible_facts. You can do this with: INJECT_FACTS_AS_VARS=false.

See: https://github.com/ansible/ansible/pull/41295#issuecomment-409923210