Add extra controls for frontend redirects

This patch adds two new variables for a service:

* haproxy_redirect_scheme

This variable allows a custom string to be specified to override
the default condition used to redirect http to https.

* haproxy_frontend_acls

This variable works in the same way as haproxy_acls except it applies
the acl to the frontend rather than the backend configuration. This
can be required when some paths are not redirected to https but must
instead be handled by a specific backend.

Change-Id: I6b13375ba738d7659681ca773297d0b6b0fd7efb

defaults/main.yml

@@ -57,6 +57,11 @@ haproxy_service_configs: []
 #         white_list:
 #           rule: "src 127.0.0.1/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
 #           backend_name: "mybackend"
+#      haproxy_frontend_acls:
+#          letsencrypt-acl:
+#            rule: "path_beg /.well-known/acme-challenge/"
+#            backend_name: letsencrypt
+
 galera_monitoring_user: monitoring
 haproxy_bind_on_non_local: False
 

templates/service.j2

@@ -36,7 +36,11 @@
 frontend {{ item.service.haproxy_service_name }}-redirect-front-{{ loop.index }}
 bind {{ vip_bind }}:{{ item.service.haproxy_redirect_http_port }}
     mode http
-    redirect scheme https if !{ ssl_fc }
+    redirect scheme {{ item.service.haproxy_redirect_scheme  | default('https if !{ ssl_fc }') }}
+{%   for key, value in item.service.haproxy_frontend_acls.items() %}
+    acl {{ key }} {{ value.rule }}
+    use_backend {{ value.backend_name | default(item.service.haproxy_service_name) }}-back if {{ key }}
+{%   endfor %}
 {% endif %}
 {% endif %}