Syntax and Logic in Ansible playbook

Question

In my Orchestration file I define the variables "secret_name" and "vault_name" as follows:

- hosts: host1
  roles:
   - role: launch-playbook 
     playbook_name:  '{{playbook_dir}}/{{Pos_playbook}}'
     secret_name:
     vault_name:

As you can see, secret_name and vault_name are undefined (no values). However, when I print out the command, it finds it like secret_name and vault_name do exist.

This is the command that I run:

- set_fact:
 execution_command: "ansible-playbook -i {{inventory_file}} {{playbook_name}} {% if secret_name is defined %} 
-e {{secret_name}} {% else %} {% endif %} {% if vault_name is defined %} --vault-password-file {{vault_name}} {% else %} {% endif %}"

And here is the output:

ok: [web1] => {
"msg": "The execution_command is !ansible-playbook -i /fndusers/fnd/users/pkiadm/itay/backing-services/tbs_orchestration/playbook/inventory_itay.yml /fndusers/fnd/users/pkiadm/users/tanya/t2/PostgreSQL/pg_orchestartion.yaml
-e    --vault-password-file  !"
}

The "-e" and "--vault-password-file" should not be there!! since secret and vault values are not defined!! but it consider them just as they exists and their values are " ".

I can't find what is wrong with my syntax / logic?

Answer 1

Q: "They(the variables) exists and their values are " ". I can't find what is wrong with my syntax/logic?"

A: The syntax is correct. The objects of type 'NoneType' exist. For example

  vars:
    vault_name:
  tasks:
    - debug:
        msg: "Variable vault_name: {{ vault_name }}"
      when: vault_name is defined

give

    "msg": "Variable vault_name: "

A correct logic might be to test whether the variable is a non-empty string. For example

    - debug:
        var: vault_name
      when:
        - vault_name is string
        - vault_name|length > 0

This would translate to Jinja

{% if (vault_name is string) and (vault_name|length > 0) %}