From cd2b9dcf994da89b4d03de049f00be43723db418 Mon Sep 17 00:00:00 2001
From: mperochon <mperochon@polyconseil.fr>
Date: Tue, 6 Jun 2017 16:10:13 +0200
Subject: [PATCH] add modif vault

---
 roles/etcd/tasks/gen_certs_vault.yml              |  3 +++
 .../secrets/tasks/sync_kube_node_certs.yml        |  4 ++--
 roles/vault/tasks/shared/issue_cert.yml           | 15 ++-------------
 roles/vault/tasks/shared/sync.yml                 |  4 ++--
 roles/vault/tasks/shared/sync_file.yml            | 14 ++++----------
 5 files changed, 13 insertions(+), 27 deletions(-)

diff --git a/roles/etcd/tasks/gen_certs_vault.yml b/roles/etcd/tasks/gen_certs_vault.yml
index e45b2d02d..10e00a35a 100644
--- a/roles/etcd/tasks/gen_certs_vault.yml
+++ b/roles/etcd/tasks/gen_certs_vault.yml
@@ -37,6 +37,9 @@
         Accept: application/json
         Content-Type: application/json
         X-Vault-Token: "{{ hostvars[groups.etcd|first]['etcd_vault_login_result']['json']['auth']['client_token'] }}"
+  when:
+    - inventory_hostname == groups.etcd|first
+    - hostvars[groups.etcd|first].get('etcd_vault_login_result', {}).get('json', {}).get('auth', {}).get('client_token') != ""
 
 # Issue master certs to Etcd nodes
 - include: ../../vault/tasks/shared/issue_cert.yml
diff --git a/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml b/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml
index 9d6deb563..884f6c436 100644
--- a/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml
+++ b/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml
@@ -9,7 +9,7 @@
   vars: 
     sync_file: "{{ item }}"
     sync_file_dir: "{{ kube_cert_dir }}"
-    sync_file_group: "{{ kuber_cert_group }}"
+    sync_file_group: "{{ kube_cert_group }}"
     sync_file_hosts: "{{ groups['k8s-cluster'] }}"
     sync_file_is_cert: true
     sync_file_owner: kube
@@ -29,7 +29,7 @@
   vars: 
     sync_file: ca.pem
     sync_file_dir: "{{ kube_cert_dir }}"
-    sync_file_group: "{{ kuber_cert_group }}"
+    sync_file_group: "{{ kube_cert_group }}"
     sync_file_hosts: "{{ groups['k8s-cluster'] }}"
     sync_file_owner: kube
 
diff --git a/roles/vault/tasks/shared/issue_cert.yml b/roles/vault/tasks/shared/issue_cert.yml
index 786112d24..0733e86a0 100644
--- a/roles/vault/tasks/shared/issue_cert.yml
+++ b/roles/vault/tasks/shared/issue_cert.yml
@@ -38,9 +38,7 @@
       format: "{{ issue_cert_format | d('pem') }}"
       ip_sans: "{{ issue_cert_ip_sans | default([]) | join(',') }}"
   register: issue_cert_result
-  when:
-    - inventory_hostname in play_hosts
-    - inventory_hostname == issue_cert_hosts|first
+  when: inventory_hostname == issue_cert_hosts|first
 
 - name: issue_cert | Copy the cert to all hosts
   copy:
@@ -49,9 +47,6 @@
     group: "{{ issue_cert_file_group | d('root' )}}"
     mode: "{{ issue_cert_file_mode | d('0644') }}"
     owner: "{{ issue_cert_file_owner | d('root') }}"
-  when:
-    - inventory_hostname in play_hosts
-    - inventory_hostname == issue_cert_hosts|first
 
 - name: issue_cert | Copy the key to all hosts
   copy:
@@ -60,9 +55,6 @@
     group: "{{ issue_cert_file_group | d('root' )}}"
     mode: "{{ issue_cert_file_mode | d('0640') }}"
     owner: "{{ issue_cert_file_owner | d('root') }}"
-  when:
-    - inventory_hostname in play_hosts
-    - inventory_hostname == issue_cert_hosts|first
 
 - name: issue_cert | Copy issuing CA cert
   copy:
@@ -71,7 +63,4 @@
     group: "{{ issue_cert_file_group | d('root' )}}"
     mode: "{{ issue_cert_file_mode | d('0644') }}"
     owner: "{{ issue_cert_file_owner | d('root') }}"
-  when:
-    - inventory_hostname in play_hosts
-    - inventory_hostname == issue_cert_hosts|first
-    - issue_cert_copy_ca|default(false)
+  when: issue_cert_copy_ca|default(false)
diff --git a/roles/vault/tasks/shared/sync.yml b/roles/vault/tasks/shared/sync.yml
index 02818b5f1..bbfedbc4c 100644
--- a/roles/vault/tasks/shared/sync.yml
+++ b/roles/vault/tasks/shared/sync.yml
@@ -12,11 +12,11 @@
 
 - name: "sync_file | Set facts for file contents"
   set_fact:
-    sync_file_contents: "{{ hostvars[sync_file_srcs|first]['sync_file_cat']['stdout'] }}"
+    sync_file_contents: "{{ hostvars[sync_file_srcs|first].get('sync_file_cat', {}).get('stdout') }}"
 
 - name: "sync_file | Set fact for key contents"
   set_fact:
-    sync_file_key_contents: "{{ hostvars[sync_file_srcs|first]['sync_file_key_cat']['stdout'] }}"
+    sync_file_key_contents: "{{ hostvars[sync_file_srcs|first].get('sync_file_key_cat', {}).get('stdout') }}"
   when: sync_file_is_cert|d()
 
 - name: "sync_file | Ensure the directory exists"
diff --git a/roles/vault/tasks/shared/sync_file.yml b/roles/vault/tasks/shared/sync_file.yml
index a6da54144..2fffe07cc 100644
--- a/roles/vault/tasks/shared/sync_file.yml
+++ b/roles/vault/tasks/shared/sync_file.yml
@@ -36,9 +36,7 @@
   with_items: "{{ sync_file_hosts | unique }}"
   loop_control:
     loop_var: host_item
-  when:
-    - host_item in play_hosts
-    - hostvars[host_item]["sync_file_stat"]["stat"]["exists"]|bool
+  when: hostvars[host_item].get("sync_file_stat", {}).get("stat", {}).get("exists")
 
 - name: "sync_file | Combine all possible key file sync sources"
   set_fact:
@@ -46,28 +44,24 @@
   with_items: "{{ sync_file_hosts | unique }}"
   loop_control:
     loop_var: host_item
-  when:
-    - host_item in play_hosts
-    - sync_file_is_cert|d() and hostvars[host_item]["sync_file_key_stat"]["stat"]["exists"]|bool
+  when: sync_file_is_cert|d() and hostvars[host_item].get("sync_file_key_stat", {}).get("stat", {}).get("exists")
 
 - name: "sync_file | Remove sync sources with files that do not match sync_file_srcs|first"
   set_fact:
     _: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}"
   when:
-    - inventory_hostname in play_hosts
     - sync_file_srcs|d([])|length > 1
     - inventory_hostname != sync_file_srcs|first
-    - sync_file_stat.stat.get("checksum") != hostvars[sync_file_srcs|first]["sync_file_stat"]["stat"]["checksum"]
+    - sync_file_stat.stat.get("checksum") != hostvars[sync_file_srcs|first].get("sync_file_stat", {}).get("stat", {}).get("checksum")
 
 - name: "sync_file | Remove sync sources with keys that do not match sync_file_srcs|first"
   set_fact:
     _: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}"
   when:
-    - inventory_hostname in play_hosts
     - sync_file_is_cert|d()
     - sync_file_key_srcs|d([])|length > 1
     - inventory_hostname != sync_file_key_srcs|first
-    - sync_file_key_stat.stat.checksum != hostvars[sync_file_srcs|first]["sync_file_key_stat"]["stat"]["checksum"]
+    - sync_file_key_stat.stat.get("checksum") != hostvars[sync_file_srcs|first].get("sync_file_key_stat", {}).get("stat", {}).get("checksum")
 
 - name: "sync_file | Consolidate file and key sources"
   set_fact: