Fix critical algo_no_log variable consistency across all roles

dguido · claude · dguido · commit 94cc14ba42ff · 2025-08-03T15:46:19.000-04:00
CRITICAL FIX: Undefined variable errors in multiple roles - Add default(true) filter to all algo_no_log references - Affected files: - roles/wireguard/tasks/keys.yml:27,68,103 - roles/strongswan/tasks/client_configs.yml:26 - roles/ssh_tunneling/tasks/main.yml:69,81 PROBLEM: When roles are used independently or algo_no_log is undefined, tasks would fail with "undefined variable" errors, breaking deployments. SOLUTION: Use {{ algo_no_log | default(true) | bool }} pattern throughout - Provides safe fallback to secure-by-default behavior (logging disabled) - Maintains compatibility when algo_no_log is defined in config.cfg - Prevents deployment failures from undefined variables IMPACT: Ensures consistent and reliable log hiding behavior across all VPN roles, preventing critical deployment failures. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/roles/ssh_tunneling/tasks/main.yml b/roles/ssh_tunneling/tasks/main.yml
@@ -67,7 +67,7 @@
             passphrase: "{{ p12_export_password }}"
             cipher: auto
             force: false
-          no_log: "{{ algo_no_log|bool }}"
+          no_log: "{{ algo_no_log | default(true) | bool }}"
           when: not item.stat.exists
           with_items: "{{ privatekey.results }}"
           register: openssl_privatekey
@@ -79,7 +79,7 @@
             privatekey_passphrase: "{{ p12_export_password }}"
             format: OpenSSH
             force: true
-          no_log: "{{ algo_no_log|bool }}"
+          no_log: "{{ algo_no_log | default(true) | bool }}"
           when: item.changed
           with_items: "{{ openssl_privatekey.results }}"
 
diff --git a/roles/strongswan/tasks/client_configs.yml b/roles/strongswan/tasks/client_configs.yml
@@ -23,7 +23,7 @@
   with_together:
     - "{{ users }}"
     - "{{ PayloadContent.results }}"
-  no_log: "{{ algo_no_log|bool }}"
+  no_log: "{{ algo_no_log | default(true) | bool }}"
 
 - name: Build the client ipsec config file
   template:
diff --git a/roles/wireguard/tasks/keys.yml b/roles/wireguard/tasks/keys.yml
@@ -24,7 +24,7 @@
         dest: "{{ wireguard_pki_path }}/private/{{ item['item'] }}"
         content: "{{ item['stdout'] }}"
         mode: "0600"
-      no_log: "{{ algo_no_log|bool }}"
+      no_log: "{{ algo_no_log | default(true) | bool }}"
       when: item.changed
       with_items: "{{ wg_genkey['results'] }}"
       delegate_to: localhost
@@ -65,7 +65,7 @@
         dest: "{{ wireguard_pki_path }}/preshared/{{ item['item'] }}"
         content: "{{ item['stdout'] }}"
         mode: "0600"
-      no_log: "{{ algo_no_log|bool }}"
+      no_log: "{{ algo_no_log | default(true) | bool }}"
       when: item.changed
       with_items: "{{ wg_genpsk['results'] }}"
       delegate_to: localhost
@@ -100,7 +100,7 @@
     dest: "{{ wireguard_pki_path }}/public/{{ item['item'] }}"
     content: "{{ item['stdout'] }}"
     mode: "0600"
-  no_log: "{{ algo_no_log|bool }}"
+  no_log: "{{ algo_no_log | default(true) | bool }}"
   with_items: "{{ wg_pubkey['results'] }}"
   delegate_to: localhost
   become: false
