ignore duplicate apps

Author: ansibleguy

filter_plugins/util.py

@@ -6,8 +6,23 @@ class FilterModule(object):
     def filters(self):
         return {
             'safe_key': self.safe_key,
+            'unique_apps': self.unique_apps,
         }
 
     @staticmethod
     def safe_key(key: str) -> str:
         return regex_replace('[^0-9a-zA-Z_]+', '', key.replace(' ', '_'))
+
+    @staticmethod
+    def unique_apps(all_apps: list) -> list:
+        apps = []
+
+        for app in all_apps:
+            try:
+                if app['name'] not in apps:
+                    apps.append(app)
+
+            except KeyError:
+                pass
+
+        return apps

tasks/debian/main.yml

@@ -46,7 +46,7 @@
     waf_app_rules_default_dir: "{{ WAF_HC.path.cnf }}/{{ WAF_HC.path.dir.cnf_rules }}/_tmpl/{{ waf_app.ruleset_version }}"
   loop_control:
     loop_var: waf_app_user
-  loop: "{{ WAF_CONFIG.apps }}"
+  loop: "{{ WAF_CONFIG.apps | unique_apps }}"
   no_log: true
   tags: [config, rules, apps]
   args:
@@ -63,3 +63,5 @@
 - name: HAProxy WAF | Logging
   ansible.builtin.import_tasks: debian/logging.yml
   tags: [logs]
+
+# todo: cleanup non-existent/orphaned apps

templates/etc/coraza/spoa.yml.j2

@@ -9,7 +9,7 @@ log_level: '{{ WAF_CONFIG.log.level }}'
 log_format: '{{ WAF_CONFIG.log.format }}'
 
 applications:
-{% for user_app in WAF_CONFIG.apps %}
+{% for user_app in WAF_CONFIG.apps | unique_apps %}
 {%   set app = defaults_app | combine(user_app, recursive=true) %}
 {%   set name = app.name | safe_key %}
 {%   set path_rules = (WAF_HC.path.cnf + '/' + WAF_HC.path.dir.cnf_rules + '/' + name + '/' + app.ruleset_version) %}

templates/etc/rsyslog.d/coraza-spoa.conf.j2

@@ -1,6 +1,6 @@
 module(load="imfile" PollingInterval="{{ WAF_CONFIG.log.poll_interval_sec }}")
 
-{% for user_app in WAF_CONFIG.apps %}
+{% for user_app in WAF_CONFIG.apps | unique_apps %}
 {%   set app = defaults_app | combine(user_app, recursive=true) %}
 {%   set name = app.name | safe_key %}
 input(