convention for merging arrays

This commit is contained in:
Jérémy Lecour 2017-11-16 00:07:28 +01:00
parent 0af5ca03d4
commit c43c830005

View file

@ -216,6 +216,23 @@ When making a role or a task the necessary packages must be installed explicitly
For example for the "mysql" role we obviously need the MySQL packages, but we also need the "apg" package to generate new passwords. This package is installed by "evolinux-base" but the "mysql" role can be executed on a fresh server.
### merge arrays
Some roles need to have an array of values in a variable. For example, any roles use a list of trusted IP addresses (firewall, http auth, ssh whitelist…).
It this array needs to include some values from a late file inclusion (from var_files, cli argument…) it becomes impossible to merge with another variable.
The workaround is to have 2 different default variables (eg. `evolix_trusted_ips` and `additional_trusted_ips`), witha default value of `[]` and merge them into the final variable. One of the variables (typically `evolix_xxx`) can be "hardcoded" in a vault and the final array remains extensible.
Example from the minifirewall role (with a final default value) :
evolix_trusted_ips: []
additional_trusted_ips: []
# Let's merge evolix_trusted_ips with additional_trusted_ips
# and default to [''] if the result is still empty
minifirewall_trusted_ips: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique | default([''], true) }}"
## Caveats
### Unix permissions must be written as String values