Ansible 2.x - Address deprecation warning of bare variables

Ansible 2.2 will not allow "bare" variable references in with_* loops. See https://docs.ansible.com/ansible/porting_guide_2.0.html#deprecated for details. Change-Id: I0e14d913a069fa25b90cfd8daf922ae093056203
2016-04-22 10:07:37 -04:00 · 2016-04-22 10:07:37 -04:00 · d208029342
parent 86a545d7c5
commit d208029342
14 changed files with 36 additions and 34 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -227,6 +227,7 @@ keystone_recreate_keys: False
 ## Federation

 # Enable the following section on the Keystone IdP
+keystone_idp: {}
 #keystone_idp:
 #  certfile: "/etc/keystone/ssl/idp_signing_cert.pem"
 #  keyfile: "/etc/keystone/ssl/idp_signing_key.pem"
@ -253,6 +254,7 @@ keystone_recreate_keys: False
 # Enable the following section in order to install and configure
 # Keystone as a Resource Service Provider (SP) and to configure
 # trusts with specific Identity Providers (IdP).
+keystone_sp: {}
 #keystone_sp:
 #  cert_duration_years: 5
 #  trusted_dashboard_list:
--- a/tasks/keystone_apache.yml
+++ b/tasks/keystone_apache.yml
@ -74,7 +74,7 @@
 - name: Enable/disable mod_shib2 for apache2
  apache2_module:
    name: shib2
-    state: "{{ ( keystone_sp is defined ) | ternary('present', 'absent') }}"
+    state: "{{ ( keystone_sp != {} ) | ternary('present', 'absent') }}"
  ignore_errors: yes
  notify:
    - Restart Apache
--- a/tasks/keystone_federation_sp_idp_setup.yml
+++ b/tasks/keystone_federation_sp_idp_setup.yml
@ -32,7 +32,7 @@
    endpoint: "{{ keystone_service_adminurl }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
  when: item.domain is defined
-  with_items: keystone_federated_identities
+  with_items: "{{ keystone_federated_identities | default([]) }}"

 - name: Ensure project which remote IDP users are mapped onto exists
  keystone:
@ -45,7 +45,7 @@
    endpoint: "{{ keystone_service_adminurl }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
  when: item.project is defined
-  with_items: keystone_federated_identities
+  with_items: "{{ keystone_federated_identities | default([]) }}"

 - name: Ensure user which remote IDP users are mapped onto exists
  keystone:
@ -63,7 +63,7 @@
    item.user is defined and
    item.password is defined and
    item.project is defined
-  with_items: keystone_federated_identities
+  with_items: "{{ keystone_federated_identities | default([]) }}"

 - name: Ensure Group for external IDP users exists
  keystone:
@ -76,7 +76,7 @@
    endpoint: "{{ keystone_service_adminurl }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
  when: item.group is defined
-  with_items: keystone_federated_identities
+  with_items: "{{ keystone_federated_identities | default([]) }}"

 - name: Ensure Role for external IDP users exists
  keystone:
@ -90,7 +90,7 @@
  when: >
    item.group is defined and
    item.project is defined
-  with_items: keystone_federated_identities
+  with_items: "{{ keystone_federated_identities | default([]) }}"

 - name: Ensure Group/Project/Role mapping exists
  keystone:
@ -106,7 +106,7 @@
  when: >
    item.group is defined and
    item.project is defined
-  with_items: keystone_federated_identities
+  with_items: "{{ keystone_federated_identities | default([]) }}"

 - name: Ensure mapping for external IDP attributes exists
  keystone:
@ -119,7 +119,7 @@
    endpoint: "{{ keystone_service_adminurl }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
  when: item.protocol.mapping.name is defined
-  with_items: keystone_federated_protocols
+  with_items: "{{ keystone_federated_protocols | default([]) }}"

 - name: Ensure external IDP
  keystone:
@ -133,7 +133,7 @@
    endpoint: "{{ keystone_service_adminurl }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
  when: item.name is defined
-  with_items: keystone_sp.trusted_idp_list
+  with_items: "{{ keystone_sp.trusted_idp_list | default([]) }}"

 - name: Ensure federation protocol exists
  keystone:
@ -147,4 +147,4 @@
    endpoint: "{{ keystone_service_adminurl }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
  when: item.protocol.name is defined
-  with_items: keystone_federated_protocols
+  with_items: "{{ keystone_federated_protocols | default([]) }}"
--- a/tasks/keystone_fernet_keys_distribute.yml
+++ b/tasks/keystone_fernet_keys_distribute.yml
@ -22,4 +22,4 @@
          {{ keystone_system_user_name }}@{{ hostvars[item]['ansible_ssh_host'] }}:{{ keystone_fernet_tokens_key_repository }}/
  become: yes
  become_user: "{{ keystone_system_user_name }}"
-  with_items: groups['keystone_all'][1:]
+  with_items: "{{ groups['keystone_all'][1:] }}"
--- a/tasks/keystone_idp_metadata.yml
+++ b/tasks/keystone_idp_metadata.yml
@ -18,6 +18,6 @@
    {{ keystone_bin }}/keystone-manage saml_idp_metadata > {{ keystone_idp.idp_metadata_path }}
  become: yes
  become_user: "{{ keystone_system_user_name }}"
-  when: keystone_idp is defined
+  when: keystone_idp != {}
  notify:
-    - Restart Apache
+    - Restart Apache
--- a/tasks/keystone_idp_sp_setup.yml
+++ b/tasks/keystone_idp_sp_setup.yml
@ -23,7 +23,7 @@
    sp_name: "{{ item.id }}"
    sp_url: "{{ item.sp_url }}"
    sp_auth_url: "{{ item.auth_url }}"
-  with_items: keystone_idp.service_providers
+  with_items: "{{ keystone_idp.service_providers | default([]) }}"
  register: add_service_providers
  until: add_service_providers|success
  retries: 5
--- a/tasks/keystone_install.yml
+++ b/tasks/keystone_install.yml
@ -58,7 +58,7 @@
  until: install_packages|success
  retries: 5
  delay: 2
-  with_items: keystone_requires_pip_packages
+  with_items: "{{ keystone_requires_pip_packages }}"

 - name: Get local venv checksum
  stat:
@ -134,7 +134,7 @@
  until: install_packages|success
  retries: 5
  delay: 2
-  with_items: keystone_pip_packages
+  with_items: "{{ keystone_pip_packages }}"
  when:
    - keystone_get_venv | failed or keystone_developer_mode | bool
  notify:
--- a/tasks/keystone_install_apt.yml
+++ b/tasks/keystone_install_apt.yml
@ -30,7 +30,7 @@
  until: install_packages|success
  retries: 5
  delay: 2
-  with_items: keystone_apt_packages
+  with_items: "{{ keystone_apt_packages }}"

 - name: Install IdP apt packages
  apt:
@ -40,8 +40,8 @@
  until: install_packages|success
  retries: 5
  delay: 2
-  with_items: keystone_idp_apt_packages
-  when: keystone_idp is defined
+  with_items: "{{ keystone_idp_apt_packages }}"
+  when: keystone_idp != {}

 - name: Install SP apt packages
  apt:
@ -51,8 +51,8 @@
  until: install_packages|success
  retries: 5
  delay: 2
-  with_items: keystone_sp_apt_packages
-  when: keystone_sp is defined
+  with_items: "{{ keystone_sp_apt_packages }}"
+  when: keystone_sp != {}

 - name: Install developer mode apt packages
  apt:
@ -62,6 +62,6 @@
  until: install_packages|success
  retries: 5
  delay: 2
-  with_items: keystone_developer_apt_packages
+  with_items: "{{ keystone_developer_apt_packages }}"
  when:
    - keystone_developer_mode | bool
--- a/tasks/keystone_key_distribute.yml
+++ b/tasks/keystone_key_distribute.yml
@ -17,5 +17,5 @@
  authorized_key:
    user: "{{ keystone_system_user_name }}"
    key: "{{ hostvars[item]['keystone_pubkey'] | b64decode }}"
-  with_items: groups['keystone_all']
+  with_items: "{{ groups['keystone_all'] }}"
  when: hostvars[item]['keystone_pubkey'] is defined
--- a/tasks/keystone_ldap_setup.yml
+++ b/tasks/keystone_ldap_setup.yml
@ -23,7 +23,7 @@
    login_project_name: "{{ keystone_admin_tenant_name }}"
    endpoint: "{{ keystone_service_adminurl }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
-  with_dict: keystone_ldap
+  with_dict: "{{ keystone_ldap }}"
  run_once: true

 - name: Create Keystone LDAP domain configs
@ -33,7 +33,7 @@
    owner: "{{ keystone_system_user_name }}"
    group: "{{ keystone_system_group_name }}"
    mode: "0644"
-  with_dict: keystone_ldap
+  with_dict: "{{ keystone_ldap }}"
  notify:
    - Restart Apache

--- a/tasks/keystone_pre_install.yml
+++ b/tasks/keystone_pre_install.yml
@ -24,7 +24,7 @@
    name: "{{ item }}"
    state: "present"
    system: "yes"
-  with_items: keystone_system_additional_groups
+  with_items: "{{ keystone_system_additional_groups }}"

 - name: Remove old key file(s) if found
  file:
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -17,7 +17,7 @@
  fail:
    msg: "Please set the {{ item }} variable prior to applying this role."
  when: (item is undefined) or (item is none)
-  with_items: keystone_required_secrets
+  with_items: "{{ keystone_required_secrets }}"
  tags:
    - always

@ -62,7 +62,7 @@
    - keystone-install
    - keystone-config
  when:
-    - keystone_sp is defined
+    - keystone_sp != {}

 - include: keystone_db_setup.yml
  tags:
@ -108,7 +108,7 @@
    - keystone-config
  when:
    - keystone_service_setup | bool
-    - keystone_sp is defined
+    - keystone_sp != {}
    - inventory_hostname == groups['keystone_all'][0]

 - name: Flush handlers
@ -119,4 +119,4 @@
    - keystone-install
    - keystone-config
  when:
-    - keystone_idp is defined
+    - keystone_idp != {}
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@ -31,7 +31,7 @@
    SSLOptions +StdEnvVars +ExportCertData
    {% endif %}

-    {% if keystone_sp is defined -%}
+    {% if keystone_sp != {} -%}
    ShibURLScheme {{ keystone_service_publicuri_proto }}

    <Location /Shibboleth.sso>
--- a/templates/keystone.conf.j2
+++ b/templates/keystone.conf.j2
@ -45,7 +45,7 @@ cache_time = {{ keystone_revocation_cache_time }}


 [auth]
-{% if keystone_sp is defined %}
+{% if keystone_sp != {} %}
 methods = {{ keystone_auth_methods }},saml2
 saml2 = keystone.auth.plugins.mapped.Mapped
 {% else %}
@ -106,7 +106,7 @@ driver = {{ keystone_token_driver }}
 [catalog]
 caching = false

-{% if keystone_idp is defined %}
+{% if keystone_idp != {} %}
 [saml]
 certfile = "{{ keystone_idp.certfile }}"
 keyfile = "{{ keystone_idp.keyfile }}"
@ -157,7 +157,7 @@ rabbit_hosts = {{ keystone_rabbitmq_servers }}
 rabbit_use_ssl = {{ keystone_rabbitmq_use_ssl }}
 {% endif %}

-{% if keystone_sp is defined %}
+{% if keystone_sp != {} %}
 [federation]
 remote_id_attribute = Shib-Identity-Provider
 {% if keystone_sp.trusted_dashboard_list is defined %}