feat(ansible): allow excluding VM images by regex

[Molter73]

Description

This is useful for creating exclusions for images that might change underneath us like RHCOS.

Checklist

• Investigated and inspected CI test results
• Updated documentation accordingly

Automated testing

• Added unit tests
• Added integration tests
• Added regression tests

If any of these don't apply, please comment below.

Testing Performed

Tested on stackrox/fact#925

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 27447793-93ee-48d8-9132-c8b558ef0918

📥 Commits

Reviewing files that changed from the base of the PR and between e65b365 and dcbd837.

📒 Files selected for processing (2)

• ansible/group_vars/all.yml
• ansible/roles/create-vm/tasks/main.yml

💤 Files with no reviewable changes (1)

• ansible/group_vars/all.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• ansible/roles/create-vm/tasks/main.yml

---

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Added support for excluding VM images using pattern-based matching.
  • Introduced a new configuration option for defining image exclusion rules.

• Bug Fixes

  • Improved exclusion handling so image checks now rely on consistent matching logic.
  • Clarified configuration guidance for excluding specific VM images and platforms.

Walkthrough

The VM exclusion guidance adds excluded_images, and the create-vm task now checks vm_image against regex patterns instead of exact list membership.

Changes

Regex-based VM exclusions

Layer / File(s)	Summary
Regex exclusion check ansible/group_vars/all.yml, ansible/roles/create-vm/tasks/main.yml	excluded_images is added to the group vars guidance, and the create-vm task now uses regex matching for vm_image exclusions with the updated task condition.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: allowing VM image exclusions by regex.
Description check	✅ Passed	The PR description matches the template sections and includes a testing note, though the change explanation is brief.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch mauro/ansible/exclude-by-regex

---

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ansible/roles/create-vm/tasks/main.yml`:
- Around line 14-15: The VM exclusion check in the create-vm task is treating
every entry in excluded_vms as an unanchored regex, which can broaden matches
unexpectedly for vm_image. Update the expression used in the task’s excluded
flag so image exclusions either match the full image name exactly with anchored
regex boundaries or come from a separate excluded_images list, and keep the
logic in the when condition aligned with that stricter match behavior.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: b212743b-19cb-4ef5-b018-e35da0999dd6

📥 Commits

Reviewing files that changed from the base of the PR and between d0c3061 and 735d31a.

📒 Files selected for processing (2)

• ansible/group_vars/all.yml
• ansible/roles/create-vm/tasks/main.yml

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 27.34%. Comparing base (454af3b) to head (dcbd837).
⚠️ Report is 6 commits behind head on master.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #3527   +/-   ##
=======================================
  Coverage   27.34%   27.34%           
=======================================
  Files          95       95           
  Lines        5420     5420           
  Branches     2545     2545           
=======================================
  Hits         1482     1482           
  Misses       3211     3211           
  Partials      727      727           

Flag	Coverage Δ
collector-unit-tests	27.34% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ansible/roles/create-vm/tasks/main.yml`:
- Around line 17-20: The regex-based exclusion check in the create-vm tasks
should be skipped when excluded_images is empty, because joining an empty list
produces an empty pattern that matches every vm_image. Update the set_fact task
named Check image excluded (regex) to guard on excluded_images being defined and
non-empty before calling regex_search, while keeping the existing vm_image and
not excluded conditions intact.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 1684bcc0-b7ec-4793-93b2-75f2cab374a4

📥 Commits

Reviewing files that changed from the base of the PR and between 735d31a and e65b365.

📒 Files selected for processing (2)

• ansible/group_vars/all.yml
• ansible/roles/create-vm/tasks/main.yml