Transform objects to strings before conducting Jinja2 operations (#191)

Author: alessfg

CHANGELOG.md

@@ -6,6 +6,9 @@ BUG FIXES:
 
 * Dictionaries are a sequence per Jinja2 contrary to Python's defaults (dictionaries are not a sequence in Python). The template conditionals assumed the latter.
 * NAP DoS monitor directive would fail if some variables were commented out.
+* NGINX listen `so_keepalive` parameter was not working as intended when setting specific values.
+* Make sure all template objects are properly transformed into strings before doing Jinja2 operations.
+* Remove unnecessary parentheses.
 
 ## 0.4.1 (October 25, 2021)
 

molecule/default/converge.yml

@@ -513,10 +513,15 @@
                         port: 443
                         default_server: true
                         ssl: false
+                        so_keepalive:
+                          keepidle: 30m
+                          keepintvl: 5
+                          keepcnt: 10
                       - address: "[::]"
                         port: 80
                         default_server: true
                         ssl: false
+                    open_file_cache: false
                     server_name: localhost
                     try_files:
                       files: $uri

templates/http/auth.j2

@@ -45,7 +45,7 @@ auth_request_set {{ auth_request['set']['variable'] }} {{ auth_request['set']['v
 {# NGINX HTTP Auth JWT -- ngx_http_auth_jwt_module #}
 {% macro auth_jwt(auth_jwt) %}
 {% if auth_jwt['enable'] is defined %}
-auth_jwt {{ 'off' if not auth_jwt['enable'] }}{{ auth_jwt['enable']['realm'] if auth_jwt['enable']['realm'] is defined }}{{ (' token=' + auth_jwt['enable']['token'] if auth_jwt['enable']['token'] is defined) }};
+auth_jwt {{ 'off' if not auth_jwt['enable'] }}{{ auth_jwt['enable']['realm'] if auth_jwt['enable']['realm'] is defined }}{{ (' token=' + auth_jwt['enable']['token'] | string) if auth_jwt['enable']['token'] is defined }};
 {% endif %}
 {% if auth_jwt['claim_set'] is defined %}{# 'claim_set' is only available in the 'http' context #}
 {% for claim in auth_jwt['claim_set'] if (auth_jwt['claim_set'] is not mapping and auth_jwt['claim_set'] is not string) %}

templates/http/core.j2

@@ -7,7 +7,7 @@ absolute_redirect {{ core['absolute_redirect'] | ternary('on', 'off') }};
 {% endif %}
 {% if core['aio'] is defined %}
 aio {{ (core['aio'] | ternary('on', 'off')) if core['aio'] is boolean -}}
-    {{- ('threads' if core['aio']['threads'] is defined and not core['aio']['threads'] is sameas false) -}}
+    {{- 'threads' if core['aio']['threads'] is defined and not core['aio']['threads'] is sameas false -}}
     {{- ('=' + core['aio']['threads'] | string) if core['aio']['threads'] is not boolean }};
 {% endif %}
 {% if core['aio_write'] is defined and core['aio_write'] is boolean %}
@@ -62,8 +62,8 @@ directio {{ 'off' if not core['directio'] else core['directio'] }};
 directio_alignment {{ core['directio_alignment'] }};
 {% endif %}
 {% if core['disable_symlinks'] is defined %}
-disable_symlinks {{ (core['disable_symlinks'] | ternary('on', 'off')) if core['disable_symlinks'] is boolean else 'if_not_owner' if core['disable_symlinks'] == 'if_not_owner' -}}
-                 {{- core['disable_symlinks']['check'] if core['disable_symlinks']['check'] is defined and core['disable_symlinks']['check'] in ['on', 'if_not_owner'] }}{{ (' from=' + core['disable_symlinks']['from']) if core['disable_symlinks']['from'] is defined }};
+disable_symlinks {{ core['disable_symlinks'] | ternary('on', 'off') if core['disable_symlinks'] is boolean else 'if_not_owner' if core['disable_symlinks'] == 'if_not_owner' -}}
+                 {{- core['disable_symlinks']['check'] if core['disable_symlinks']['check'] is defined and core['disable_symlinks']['check'] in ['on', 'if_not_owner'] }}{{ (' from=' + core['disable_symlinks']['from'] | string) if core['disable_symlinks']['from'] is defined }};
 {% endif %}
 {% if core['error_page'] is defined and core['error_page'] is not string %}
 {% for page in core['error_page'] if core['error_page'] is not mapping %}
@@ -138,22 +138,23 @@ lingering_timeout {{ core['lingering_timeout'] }};
 {% endif %}
 {% if core['listen'] is defined %}{# 'listen' directive is only available in the 'server' context #}
 {% for listen in core['listen'] %}
-listen {{ listen['address'] if listen['address'] is defined }}{{ ':' if (listen['address'] is defined and listen['port'] is defined) }}{{ listen['port'] if listen['port'] is defined -}}
+listen {{ listen['address'] if listen['address'] is defined }}{{ ':' if listen['address'] is defined and listen['port'] is defined }}{{ listen['port'] if listen['port'] is defined -}}
 {{- ' default_server' if listen['default_server'] is defined and listen['default_server'] is boolean and listen['default_server'] | bool -}}
 {{- ' ssl' if listen['ssl'] is defined and listen['ssl'] is boolean and listen['ssl'] | bool -}}
-{{- ' http2' if (listen['http2'] is defined and listen['http2'] is boolean and listen['http2'] | bool) else ' spdy' if (listen['spdy'] is defined and listen['spdy'] is boolean and listen['spdy'] | bool) -}}
-{{- ' proxy_protocol' if (listen['proxy_protocol'] is defined and listen['proxy_protocol'] is boolean and listen['proxy_protocol'] | bool) -}}
+{{- ' http2' if listen['http2'] is defined and listen['http2'] is boolean and listen['http2'] | bool else ' spdy' if listen['spdy'] is defined and listen['spdy'] is boolean and listen['spdy'] | bool -}}
+{{- ' proxy_protocol' if listen['proxy_protocol'] is defined and listen['proxy_protocol'] is boolean and listen['proxy_protocol'] | bool -}}
 {{- (' setfib=' + listen['setfib'] | string) if listen['setfib'] is defined -}}
 {{- (' fastopen=' + listen['fastopen'] | string) if listen['fastopen'] is defined and listen['fastopen'] is number -}}
 {{- (' backlog=' + listen['backlog'] | string) if listen['backlog'] is defined and listen['backlog'] is number -}}
 {{- (' rcvbuf=' + listen['rcvbuf'] | string) if listen['rcvbuf'] is defined -}}
 {{- (' sndbuf=' + listen['sndbuf'] | string) if listen['sndbuf'] is defined -}}
 {{- (' accept_filter=' + listen['accept_filter'] | string) if listen['accept_filter'] is defined -}}
-{{- ' deferred' if (listen['deferred'] is defined and listen['deferred'] is boolean and listen['deferred'] | bool) -}}
-{{- ' bind' if (listen['bind'] is defined and listen['bind'] is boolean and listen['bind'] | bool) -}}
-{{- (' ipv6only=' + listen['ipv6only'] | ternary('on', 'off')) if listen['ipv6only'] is defined -}}
+{{- ' deferred' if listen['deferred'] is defined and listen['deferred'] is boolean and listen['deferred'] | bool -}}
+{{- ' bind' if listen['bind'] is defined and listen['bind'] is boolean and listen['bind'] | bool -}}
+{{- (' ipv6only=' + listen['ipv6only'] | ternary('on', 'off')) if listen['ipv6only'] is defined and listen['ipv6only'] is boolean -}}
 {{- ' reuseport' if (listen['reuseport'] is defined and listen['reuseport'] is boolean and listen['reuseport'] | bool) -}}
-{{- (' so_keepalive=' + (listen['so_keepalive'] | ternary('on', 'off')) if listen['so_keepalive'] is defined and listen['so_keepalive'] is boolean else ((listen['so_keepalive']['keepidle'] if listen['so_keepalive']['keepidle'] is defined else '') + ':' + (listen['so_keepalive']['keepintvl'] if listen['so_keepalive']['keepintvl'] is defined else '') + ':' + listen['so_keepalive']['keepcnt'] if listen['so_keepalive']['keepcnt'] is defined else '')) }};
+{{- (' so_keepalive=' + listen['so_keepalive'] | ternary('on', 'off')) if listen['so_keepalive'] is defined and listen['so_keepalive'] is boolean -}}
+{{- (' so_keepalive=' + (listen['so_keepalive']['keepidle'] | string if listen['so_keepalive']['keepidle'] is defined) + ':' + (listen['so_keepalive']['keepintvl'] | string if listen['so_keepalive']['keepintvl'] is defined) + ':' + (listen['so_keepalive']['keepcnt'] | string if listen['so_keepalive']['keepcnt'] is defined)) if listen['so_keepalive'] is defined and listen['so_keepalive'] is mapping }};
 {% endfor %}
 {% endif %}
 {% if core['log_not_found'] is defined and core['log_not_found'] is boolean %}
@@ -210,7 +211,7 @@ reset_timedout_connection {{ core['reset_timedout_connection'] | ternary('on', '
 {% if core['resolver']['address'] is defined %}
 resolver {{ core['resolver']['address'] if core['resolver']['address'] is string else core['resolver']['address'] | join(' ') -}}
 {{- (' valid=' + core['resolver']['valid'] | string) if core['resolver']['valid'] is defined -}}
-{{- (' ipv6=' + (core['resolver']['ipv6'] | ternary('on', 'off'))) if core['resolver']['ipv6'] is defined and core['resolver']['ipv6'] is boolean -}}
+{{- (' ipv6=' + core['resolver']['ipv6'] | ternary('on', 'off')) if core['resolver']['ipv6'] is defined and core['resolver']['ipv6'] is boolean -}}
 {{- (' status_zone=' + core['resolver']['status_zone'] | string) if core['resolver']['status_zone'] is defined }};
 {% endif %}
 {% if core['resolver_timeout'] is defined %}

templates/http/grpc.j2

@@ -3,7 +3,7 @@
 {# NGINX HTTP GRPC template -- ngx_http_grpc_module #}
 {% macro grpc(grpc) %}
 {% if grpc['bind'] is defined %}
-grpc_bind {{ 'off' if not grpc['bind'] }}{{ (grpc['bind']['address']) if grpc['bind']['address'] is defined }}{{' transparent' if (grpc['bind']['transparent'] is defined and grpc['bind']['transparent'] is boolean and grpc['bind']['transparent'] | bool) }};
+grpc_bind {{ 'off' if not grpc['bind'] }}{{ grpc['bind']['address'] if grpc['bind']['address'] is defined }}{{' transparent' if grpc['bind']['transparent'] is defined and grpc['bind']['transparent'] is boolean and grpc['bind']['transparent'] | bool }};
 {% endif %}
 {% if grpc['buffer_size'] is defined %}
 grpc_buffer_size {{ grpc['buffer_size'] }};

templates/http/modules.j2

@@ -98,14 +98,14 @@ expires {{ 'off' if not headers['expires'] else (headers['expires'] if headers['
 {% for health_check in health_check['health_checks'] %}
 health_check{{ (' interval=' + health_check['interval'] | string) if health_check['interval'] is defined -}}
 {{- (' jitter=' + health_check['jitter'] | string) if health_check['jitter'] is defined -}}
-{{- (' fails=' + health_check['fails'] | string) if (health_check['fails'] is defined and health_check['fails'] is number) -}}
-{{- (' passes=' + health_check['passes'] | string) if (health_check['passes'] is defined and health_check['passes'] is number) -}}
+{{- (' fails=' + health_check['fails'] | string) if health_check['fails'] is defined and health_check['fails'] is number -}}
+{{- (' passes=' + health_check['passes'] | string) if health_check['passes'] is defined and health_check['passes'] is number -}}
 {{- (' uri=' + health_check['uri'] | string) if health_check['uri'] is defined -}}
-{{- ' mandatory' if (health_check['mandatory'] is defined and health_check['mandatory'] is boolean and health_check['mandatory'] | bool) -}}
-{{- ' persistent' if (health_check['persistent'] is defined and health_check['persistent'] is boolean and health_check['persistent'] | bool) -}}
+{{- ' mandatory' if health_check['mandatory'] is defined and health_check['mandatory'] is boolean and health_check['mandatory'] | bool -}}
+{{- ' persistent' if health_check['persistent'] is defined and health_check['persistent'] is boolean and health_check['persistent'] | bool -}}
 {{- (' match=' + health_check['match'] | string) if health_check['match'] is defined -}}
 {{- (' port=' + health_check['port'] | string) if health_check['port'] is defined -}}
-{{- ' type=grpc' if (health_check['grpc_service'] is defined or health_check['grpc_status'] is defined) -}}
+{{- ' type=grpc' if health_check['grpc_service'] is defined or health_check['grpc_status'] is defined -}}
 {{- (' grpc_service=' + health_check['grpc_service'] | string) if health_check['grpc_service'] is defined -}}
 {{- (' grpc_status=' + health_check['grpc_status'] | string) if health_check['grpc_status'] is defined }};
 {% endfor %}
@@ -127,12 +127,12 @@ match {{ match['name'] }} {
 {% macro keyval(keyval) %}
 {% if keyval['keyvals'] is defined %}{# 'keyval' directive is only available in the 'http' context #}
 {% for keyval in keyval['keyvals'] %}
-keyval {{ keyval['key'] }} {{ keyval['variable'] }} {{ 'zone=' + keyval['zone']}};
+keyval {{ keyval['key'] }} {{ keyval['variable'] }} {{ 'zone=' + keyval['zone'] | string }};
 {% endfor %}
 {% endif %}
 {% if keyval['zones'] is defined %}{# 'keyval_zone' directive is only available in the 'http' context #}
 {% for zone in keyval['zones'] %}
-keyval_zone {{ 'zone=' + zone['name'] + ':' + zone['size'] }}{{ (' state=' + zone['state'] | string) if zone['state'] is defined }}{{ (' timeout=' + zone['timeout'] | string) if zone['timeout'] is defined }}{{ (' type=' + zone['type'] | string) if (zone['type'] is defined and zone['type'] in ['string', 'ip', 'prefix']) }}{{ ' sync' if (zone['sync'] is defined and zone['sync'] is boolean and zone['sync'] | bool) }};
+keyval_zone {{ 'zone=' + zone['name'] | string + ':' + zone['size'] | string }}{{ (' state=' + zone['state'] | string) if zone['state'] is defined }}{{ (' timeout=' + zone['timeout'] | string) if zone['timeout'] is defined }}{{ (' type=' + zone['type'] | string) if zone['type'] is defined and zone['type'] in ['string', 'ip', 'prefix'] }}{{ ' sync' if zone['sync'] is defined and zone['sync'] is boolean and zone['sync'] | bool }};
 {% endfor %}
 {% endif %}
 
@@ -142,7 +142,7 @@ keyval_zone {{ 'zone=' + zone['name'] + ':' + zone['size'] }}{{ (' state=' + zon
 {% macro limit_req(limit_req) %}
 {% if limit_req['limit_reqs'] is defined %}
 {% for limit in limit_req['limit_reqs'] %}
-limit_req {{ 'zone=' + limit['zone'] }}{{ ' burst=' + limit['burst'] | string }}{{ (' nodelay' if not limit['delay'] else (' delay=' + limit['delay'] | string)) if limit['delay'] is defined }};
+limit_req {{ 'zone=' + limit['zone'] | string }}{{ ' burst=' + limit['burst'] | string }}{{ (' nodelay' if not limit['delay'] else (' delay=' + limit['delay'] | string)) if limit['delay'] is defined }};
 {% endfor %}
 {% endif %}
 {% if limit_req['dry_run'] is defined and limit_req['dry_run'] is boolean %}
@@ -156,7 +156,7 @@ limit_req_status {{ limit_req['status'] }};
 {% endif %}
 {% if limit_req['zones'] is defined %}{# 'limit_req_zone' directive is only available in the 'http' context #}
 {% for zone in limit_req['zones'] %}
-limit_req_zone {{ zone['key'] }} {{ 'zone=' + zone['name'] + ':' + zone['size'] }} {{ 'rate=' + zone['rate'] }}{{ ' sync' if zone['sync'] is defined and zone['sync'] is boolean and zone['sync'] | bool }};
+limit_req_zone {{ zone['key'] }} {{ 'zone=' + zone['name'] | string + ':' + zone['size'] | string }} {{ 'rate=' + zone['rate'] | string }}{{ ' sync' if zone['sync'] is defined and zone['sync'] is boolean and zone['sync'] | bool }};
 {% endfor %}
 {% endif %}
 
@@ -166,14 +166,14 @@ limit_req_zone {{ zone['key'] }} {{ 'zone=' + zone['name'] + ':' + zone['size']
 {% macro log(log) %}
 {% if log['format'] is defined %}{# 'log_format' directive is only available in the 'http' context #}
 {% for format in log['format'] %}
-log_format {{ format['name'] }}{{ (' escape=' + format['escape']) if format['escape'] is defined and format['escape'] in ['default', 'json', 'none'] }} {{ format['format'] }};
+log_format {{ format['name'] }}{{ (' escape=' + format['escape'] | string) if format['escape'] is defined and format['escape'] in ['default', 'json', 'none'] }} {{ format['format'] }};
 {% endfor %}
 {% endif %}
 {% if log['access'] is defined and log['access'] is boolean and not log['access'] | bool %}
 access_log {{ 'off' }};
 {% elif log['access'] is defined %}
 {% for log in log['access'] %}
-access_log {{ 'off' if not log else log['path'] if log['path'] is defined }}{{ (' ' + log['format']) if log['format'] is defined -}}
+access_log {{ 'off' if not log else log['path'] if log['path'] is defined }}{{ (' ' + log['format'] | string) if log['format'] is defined -}}
 {{- (' buffer=' + log['buffer'] | string) if log['buffer'] is defined -}}
 {{- ' gzip' if log['gzip'] is defined and log['access']['gzip'] is boolean and log['gzip'] | bool else (' gzip=' + log['gzip'] | string) if log['gzip'] is defined and log['gzip'] is string -}}
 {{- (' flush=' + log['flush'] | string) if log['flush'] is defined -}}
@@ -196,11 +196,11 @@ open_log_file_cache {{ 'off' if not log['open_log_file_cache'] else ('max=' + lo
 {# NGINX HTTP Rewrite -- ngx_http_rewrite_module #}
 {% macro rewrite(rewrite) %}
 {% if rewrite['return'] is defined %}{# 'return' directive is not available in the 'http' context #}
-return {{ rewrite['return'] if (rewrite['return'] is string or rewrite['return'] is number) }}{{ rewrite['return']['code'] if rewrite['return']['code'] is defined }}{{ (' ' + rewrite['return']['text'] | string) if rewrite['return']['text'] is defined }}{{ (' ' + rewrite['return']['url']) if rewrite['return']['url'] is defined }};
+return {{ rewrite['return'] if (rewrite['return'] is string or rewrite['return'] is number) }}{{ rewrite['return']['code'] if rewrite['return']['code'] is defined }}{{ (' ' + rewrite['return']['text'] | string) if rewrite['return']['text'] is defined }}{{ (' ' + rewrite['return']['url'] | string) if rewrite['return']['url'] is defined }};
 {% endif %}
 {% if rewrite['rewrites'] is defined %}{# 'rewrite' directive is not available in the 'http' context #}
 {% for rewrite in rewrite['rewrites'] if (rewrite['rewrites'] is sequence and rewrite['rewrites'] is not string) %}
-rewrite {{ rewrite['regex'] }} {{ rewrite['replacement'] }}{{ (' ' + rewrite['flag']) if (rewrite['flag'] is defined and rewrite['flag'] in ['last', 'break', 'redirect', 'permanent']) }};
+rewrite {{ rewrite['regex'] }} {{ rewrite['replacement'] }}{{ (' ' + rewrite['flag'] | string) if rewrite['flag'] is defined and rewrite['flag'] in ['last', 'break', 'redirect', 'permanent'] }};
 {% endfor %}
 {% endif %}
 {% if rewrite['log'] is defined and rewrite['log'] is boolean %}