Feature agent default vars depth reduction

[neonmei]

Similar to #101 which is for the manager, apply a depth reduction on default vars. See #483 for more information

[neonmei]

As an implementation note, to be able to divide wazuh_agent_config into smaller chunks without breaking backwards compatibility for cases that rely on partial configuration (that is, define just a part of the dict and let hash_behaviour do a merge, so you can partially define wazuh_agent_config), an explicit merge is required.

I opted for taking dictionaries out of the variable and template them into a sort-of wazuh_agent_config called wazuh_agent_config_defaults[0], then I build the old wazuh_agent_config nesting the dicts inside that, like so:

# wazuh_agent_config
wazuh_agent_config_defaults:
  repo: '{{ wazuh_agent_repo }}'
  active_response: '{{ wazuh_agent_active_response }}'
  log_format: '{{ wazuh_agent_log_format }}'
  client_buffer: '{{ wazuh_agent_client_buffer }}'
  syscheck: '{{ wazuh_agent_syscheck }}'

  rootcheck: '{{ wazuh_agent_rootcheck }}'
  openscap: '{{ wazuh_agent_openscap }}'

  osquery: '{{ wazuh_agent_osquery }}'
  syscollector: '{{ wazuh_agent_syscollector }}'
  sca: '{{ wazuh_agent_sca }}'
  cis_cat: '{{ wazuh_agent_cis_cat }}'
  localfiles: '{{ wazuh_agent_localfiles }}'

  labels: '{{ wazuh_agent_labels }}'
  enrollment: '{{ wazuh_agent_enrollment }}'

But, this doesn't work with hash_behaviour=merge, which is deprecated and regarding that documentation states[0]

We generally recommend not using this setting unless you think you have an absolute need for it, and playbooks in the official examples repos do not use this setting In version 2.0 a combine filter was added to allow doing this for a particular variable (described in Filters).

So, to not break our distributed ansible.cfg in a minor or patch release of Wazuh, I workarounded it by doing the merge at runtime in a task by merging defaults with the content of wazuh_agent_config (which if absent defaults are taken), and redefine wazuh_agent_config with set_fact .

The note would be that if we happen to actually override wazuh_agent_config entirely, we could skip this merge behaviour entirely by setting wazuh_agent_config_overlay to false. All this is basically taking hash_behaviour out of ansible.cfg into a runtime behaviour with variables, but defaulting to that behaviour which we ship on the repo.

[0]: preserves precedence -> https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable
[1]: see: https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-hash-behaviour