Fix dict object key error when haproxy interfaces not defined

The ternary options appear to be getting evaluated whether they
are used or not, so item['interface'] is always accessed.

This patch aims to check for the key's presence before performing
ternary operations, or use Ansible variables to postpone evaluation
until absolutely necessary.

Change-Id: Ib1462c04d1a0820a37998f989e2ed16566f71f54

handlers/main.yml

@@ -18,7 +18,8 @@
     cat {{ item_base_path ~ '.crt' }} $(test -f {{ item_base_path  ~ '-ca.crt' }} && echo {{ item_base_path  ~ '-ca.crt' }}) {{ item_base_path  ~ '.key' }} > {{ item_base_path  ~ '.pem' }}
   notify: Reload haproxy
   vars:
-    item_name: "{{ ('interface' in item and item['interface'] is truthy) | ternary(item['address'] ~ '-' ~ item['interface'], item['address']) }}"
+    item_interface: "{{ item['interface'] }}"
+    item_name: "{{ ('interface' in item and item['interface'] is truthy) | ternary(item['address'] ~ '-' ~ item_interface, item['address']) }}"
     item_base_path: "{{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ item_name }}"
   with_items: "{{ haproxy_tls_vip_binds }}"
   listen:

templates/service.j2

@@ -22,7 +22,7 @@
 {% for vip_bind in vip_binds %}
 {%   if vip_bind is not string and vip_bind is mapping %}
 {%     set vip_address = vip_bind['address'] %}
-{%     set vip_interface = vip_bind['interface'] %}
+{%     set vip_interface = vip_bind['interface'] | default('') %}
 {%   else %}
 {%     set vip_address = vip_bind %}
 {%     set vip_interface = '' %}

vars/main.yml

@@ -26,9 +26,10 @@ _haproxy_tls_vip_binds: |
 _haproxy_pki_certificates: |
   {% set _pki_certs = [] %}
   {% for vip in haproxy_tls_vip_binds %}
+  {% set _vip_interface = vip['interface'] | default('') %}
   {% set _ = _pki_certs.append(
       {
-        'name': 'haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ ('interface' in vip and vip['interface'] is truthy) | ternary(vip['address'] ~ '-' ~ vip['interface'], vip['address']),
+        'name': 'haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ (_vip_interface is truthy) | ternary(vip['address'] ~ '-' ~ _vip_interface, vip['address']),
         'provider': 'ownca',
         'cn': ansible_facts['hostname'],
         'san': 'DNS:' ~ ansible_facts['hostname'] ~  ',DNS:' ~ ansible_facts['fqdn'] ~ ',' ~ (vip['address'] | ansible.utils.ipaddr) | ternary('IP:', 'DNS:') ~ vip['address'],
@@ -41,7 +42,8 @@ _haproxy_pki_certificates: |
 _haproxy_pki_install_certificates: |
   {% set _pki_install = [] %}
   {% for vip in haproxy_tls_vip_binds %}
-  {% set _cert_basename = '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ ('interface' in vip and vip['interface'] is truthy) | ternary(vip['address'] ~ '-' ~ vip['interface'], vip['address']) %}
+  {% set _vip_interface = vip['interface'] | default('') %}
+  {% set _cert_basename = '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ (_vip_interface is truthy) | ternary(vip['address'] ~ '-' ~ _vip_interface, vip['address']) %}
   {% set _ = _pki_install.append(
       {
         'src': haproxy_user_ssl_cert | default(haproxy_pki_certs_path ~ _cert_basename ~ '.crt'),