Lazy evaluation of certfile dicts in `step_acme_cert` fails if no path is specified

Question

Lazy evaluation of certfile dicts in `step_acme_cert` fails if no path is specified

Closed this issue 3 years ago · 0 comments

#82 introduced lazy evaluation for the step_acme_cert_certfile/keyfile variables so that users would not have to specify all dictionary keys whenever they wanted to change a single parameter. Unfortunately, this fails if the user supplies a dictionary without a path in it:

step_acme_cert_certfile:
  owner: max
  group: root

Result:

TASK [maxhoesel.smallstep.step_acme_cert : Look for existing certificate] *******************************************
fatal: [netbox-main.mngmt.maxhoesel.de]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'path'\n\nThe error appears to be in '/home/max/.ansible/collections/ansible_collections/maxhoesel/smallstep/roles/step_acme_cert/tasks/main.yml': line 5, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Look for existing certificate\n  ^ here\n"}

step_acme_cert needs the access the certificate path to check for its validity, but this fails if the user does not provide a path. To resolve this, I suggest that we explicitly combine the defaults and user-provided dicts in a task at the beginning of the role:

# tasks file for step_acme_cert
- include: check.yml

- name: Update cert/keyfile dicts with defaults
  set_fact:
    step_acme_cert_keyfile: "{{ step_acme_cert_keyfile_defaults | combine(step_acme_cert_keyfile) }}"
    step_acme_cert_certfile: "{{ step_acme_cert_certfile_defaults | combine(step_acme_cert_certfile) }}"

- name: Look for existing certificate
  stat:
    path: "{{ step_acme_cert_certfile.path }}"
  register: step_acme_cert_current_cert
....