Fix dict object key error when haproxy interfaces not defined

The ternary options appear to be getting evaluated whether they are used or not, so item['interface'] is always accessed. This patch aims to check for the key's presence before performing ternary operations, or use Ansible variables to postpone evaluation until absolutely necessary. Change-Id: Ib1462c04d1a0820a37998f989e2ed16566f71f54
2023-01-11 09:08:27 +00:00 · 2023-01-11 09:08:27 +00:00 · 445b15f9c3
parent a5daa83172
commit 445b15f9c3
3 changed files with 7 additions and 4 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -18,7 +18,8 @@
    cat {{ item_base_path ~ '.crt' }} $(test -f {{ item_base_path  ~ '-ca.crt' }} && echo {{ item_base_path  ~ '-ca.crt' }}) {{ item_base_path  ~ '.key' }} > {{ item_base_path  ~ '.pem' }}
  notify: Reload haproxy
  vars:
-    item_name: "{{ ('interface' in item and item['interface'] is truthy) | ternary(item['address'] ~ '-' ~ item['interface'], item['address']) }}"
+    item_interface: "{{ item['interface'] }}"
+    item_name: "{{ ('interface' in item and item['interface'] is truthy) | ternary(item['address'] ~ '-' ~ item_interface, item['address']) }}"
    item_base_path: "{{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item_name }}"
  with_items: "{{ haproxy_tls_vip_binds }}"
  listen:
--- a/templates/service.j2
+++ b/templates/service.j2
@ -22,7 +22,7 @@
 {% for vip_bind in vip_binds %}
 {%   if vip_bind is not string and vip_bind is mapping %}
 {%     set vip_address = vip_bind['address'] %}
-{%     set vip_interface = vip_bind['interface'] %}
+{%     set vip_interface = vip_bind['interface'] | default('') %}
 {%   else %}
 {%     set vip_address = vip_bind %}
 {%     set vip_interface = '' %}
--- a/vars/main.yml
+++ b/vars/main.yml
@ -26,9 +26,10 @@ _haproxy_tls_vip_binds: |
 _haproxy_pki_certificates: |
  {% set _pki_certs = [] %}
  {% for vip in haproxy_tls_vip_binds %}
+  {% set _vip_interface = vip['interface'] | default('') %}
  {% set _ = _pki_certs.append(
      {
-        'name': 'haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ ('interface' in vip and vip['interface'] is truthy) | ternary(vip['address'] ~ '-' ~ vip['interface'], vip['address']),
+        'name': 'haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ (_vip_interface is truthy) | ternary(vip['address'] ~ '-' ~ _vip_interface, vip['address']),
        'provider': 'ownca',
        'cn': ansible_facts['hostname'],
        'san': 'DNS:' ~ ansible_facts['hostname'] ~  ',DNS:' ~ ansible_facts['fqdn'] ~ ',' ~ (vip['address'] | ansible.utils.ipaddr) | ternary('IP:', 'DNS:') ~ vip['address'],
@ -41,7 +42,8 @@ _haproxy_pki_certificates: |
 _haproxy_pki_install_certificates: |
  {% set _pki_install = [] %}
  {% for vip in haproxy_tls_vip_binds %}
-  {% set _cert_basename = '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ ('interface' in vip and vip['interface'] is truthy) | ternary(vip['address'] ~ '-' ~ vip['interface'], vip['address']) %}
+  {% set _vip_interface = vip['interface'] | default('') %}
+  {% set _cert_basename = '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ (_vip_interface is truthy) | ternary(vip['address'] ~ '-' ~ _vip_interface, vip['address']) %}
  {% set _ = _pki_install.append(
      {
        'src': haproxy_user_ssl_cert | default(haproxy_pki_certs_path ~ _cert_basename ~ '.crt'),