From e765160dc4f48c5e0787bde35db3167abbf52012 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
Date: Sun, 10 Nov 2024 14:31:24 +0100
Subject: [PATCH] Do not add vip['address'] so SAN if haproxy is binded to
 interface

In a usecase, where HAProxy is binded to interface, *_lb_vip_address
might be set to a wildcard.

We should not be generating a SAN with a wildcard in it.

Change-Id: I45261b8fd572a68f1fc5a72f94653ffd2d302420
---
 vars/main.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/vars/main.yml b/vars/main.yml
index a621287..477149b 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -28,8 +28,10 @@ _haproxy_pki_certificates: |
   {% set _pki_certs = [] %}
   {% for vip in haproxy_tls_vip_binds %}
   {% set _vip_interface = vip['interface'] | default('') %}
-  {% set san = 'DNS:' ~ ansible_facts['hostname'] ~  ',DNS:' ~ ansible_facts['fqdn'] ~ ',' ~ (
-                vip['address'] | ansible.utils.ipaddr) | ternary('IP:', 'DNS:') ~ vip['address'] %}
+  {% set san = 'DNS:' ~ ansible_facts['hostname'] ~  ',DNS:' ~ ansible_facts['fqdn'] %}
+  {% if vip['address'] != '*' %}
+  {%   set san = san ~ (vip['address'] | ansible.utils.ipaddr) | ternary(',IP:', ',DNS:') ~ vip['address'] %}
+  {% endif %}
   {% if vip['address'] == haproxy_bind_internal_lb_vip_address %}
   {%   set san = san ~ (internal_lb_vip_address | ansible.utils.ipaddr) | ternary('', ',DNS:' ~ internal_lb_vip_address) %}
   {% endif %}