Generate PKI SAN as a list
This transforms generation process from concatenating strings to a list which is joined before passing to the PKI role. It improves code redability and is more error-prone as we don't need to pay close attention to presence of `,` separator while concatenating strings. It will also allow to pass only unique records to PKI role if we have a need for that in the future. Change-Id: I88f74c97592795704170b49bff56b23bc8145f5b
This commit is contained in:
Dmitriy Rabotyagov
@@ -27,26 +27,26 @@ _haproxy_tls_vip_binds: |
|
||||
_haproxy_pki_certificates: |
|
||||
{% set _pki_certs = [] %}
|
||||
{% for vip in haproxy_tls_vip_binds %}
|
||||
{% set _vip_interface = vip['interface'] | default('') %}
|
||||
{% set san = 'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['fqdn'] %}
|
||||
{% if vip['address'] != '*' %}
|
||||
{% set san = san ~ (vip['address'] | ansible.utils.ipaddr) | ternary(',IP:', ',DNS:') ~ vip['address'] %}
|
||||
{% endif %}
|
||||
{% if vip['address'] == haproxy_bind_internal_lb_vip_address %}
|
||||
{% set san = san ~ (internal_lb_vip_address | ansible.utils.ipaddr) | ternary('', ',DNS:' ~ internal_lb_vip_address) %}
|
||||
{% endif %}
|
||||
{% if vip['address'] == haproxy_bind_external_lb_vip_address %}
|
||||
{% set san = san ~ (external_lb_vip_address | ansible.utils.ipaddr) | ternary('', ',DNS:' ~ external_lb_vip_address) %}
|
||||
{% endif %}
|
||||
{% set _ = _pki_certs.append(
|
||||
{
|
||||
'name': 'haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ (_vip_interface is truthy) | ternary(vip['address'] ~ '-' ~ _vip_interface, vip['address']),
|
||||
'provider': 'ownca',
|
||||
'cn': ansible_facts['hostname'],
|
||||
'san': san,
|
||||
'signed_by': haproxy_pki_intermediate_cert_name,
|
||||
}
|
||||
) %}
|
||||
{% set _vip_interface = vip['interface'] | default('') %}
|
||||
{% set san = ['DNS:' ~ ansible_facts['hostname'], 'DNS:' ~ ansible_facts['fqdn']] %}
|
||||
{% if vip['address'] != '*' %}
|
||||
{% set _ = san.append((vip['address'] | ansible.utils.ipaddr) | ternary('IP:', 'DNS:') ~ vip['address']) %}
|
||||
{% endif %}
|
||||
{% if vip['address'] == haproxy_bind_internal_lb_vip_address and not (internal_lb_vip_address | ansible.utils.ipaddr) %}
|
||||
{% set _ = san.append('DNS:' ~ internal_lb_vip_address) %}
|
||||
{% endif %}
|
||||
{% if vip['address'] == haproxy_bind_external_lb_vip_address and not (external_lb_vip_address | ansible.utils.ipaddr) %}
|
||||
{% set _ = san.append('DNS:' ~ external_lb_vip_address) %}
|
||||
{% endif %}
|
||||
{% set _ = _pki_certs.append(
|
||||
{
|
||||
'name': 'haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ (_vip_interface is truthy) | ternary(vip['address'] ~ '-' ~ _vip_interface, vip['address']),
|
||||
'provider': 'ownca',
|
||||
'cn': ansible_facts['hostname'],
|
||||
'san': san | join(','),
|
||||
'signed_by': haproxy_pki_intermediate_cert_name,
|
||||
}
|
||||
) %}
|
||||
{% endfor %}
|
||||
{{ _pki_certs }}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user