net/haproxy: Template Error with Empty User Group

[aque]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

I was troubleshooting an issue where /usr/local/etc/haproxy.conf was not getting updated. I tracked it down to the template system; running configctl template reload OPNsense/HAProxy returns Execute error. It turns out that I have an HAProxy group with no members which prevented generation of /usr/local/etc/haproxy.conf.staging.

To Reproduce

Steps to reproduce the behavior:

1. Create an empty HAProxy user group
2. I am not certain whether this is enough to cause the error, or a condition pointing to the group is required. I do have a condition referencing the group in my config.
3. Click Apply

Expected behavior

Skip the creation of userlist sections in haproxy.conf for all user groups that are empty. The user group could remain in the system in case it is reused in the future.

Edit: This might not work if there are still conditions pointing to this group, with repercussions to rules, etc.

Describe alternatives you considered

A pop-up that alerts to the group being empty, and not saving the configuration.

Relevant log files

Found in /var/log/configd/latest.log:

Inline action failed with OPNsense/HAProxy OPNsense/HAProxy/haproxy.conf
 'collections.OrderedDict object' has no attribute 'members' at Traceback (most recent call last):
   File "/usr/local/opnsense/service/modules/template.py", line 272, in _generate
     content = j2_page.render(cnf_data)
   File "/usr/local/lib/python3.9/site-packages/jinja2/environment.py", line 1301, in render
     self.environment.handle_exception()
   File "/usr/local/lib/python3.9/site-packages/jinja2/environment.py", line 936, in handle_exception
     raise rewrite_traceback_stack(source=source)
   File "/usr/local/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf", line 1146, in top-level template code
     {%       set userlist_result = UserlistAddUsers(acl.allowedUsers, acl.allowedGroups) %}
   File "/usr/local/lib/python3.9/site-packages/jinja2/runtime.py", line 777, in _invoke
     rv = self._func(*arguments)
   File "/usr/local/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf", line 890, in template
     {%         for user in group_data.members.split(",") %}
   File "/usr/local/lib/python3.9/site-packages/jinja2/environment.py", line 485, in getattr
     return getattr(obj, attribute)
 jinja2.exceptions.UndefinedError: 'collections.OrderedDict object' has no attribute 'members'
  During handling of the above exception, another exception occurred:
  Traceback (most recent call last):
   File "/usr/local/opnsense/service/modules/processhandler.py", line 510, in execute
     return ph_inline_actions.execute(self, inline_act_parameters)
   File "/usr/local/opnsense/service/modules/ph_inline_actions.py", line 51, in execute
     filenames = tmpl.generate(parameters)
   File "/usr/local/opnsense/service/modules/template.py", line 349, in generate
     raise render_exception
   File "/usr/local/opnsense/service/modules/template.py", line 340, in generate
     for filename in self._generate(template_name, create_directory):
   File "/usr/local/opnsense/service/modules/template.py", line 275, in _generate
     raise Exception("%s %s %s" % (module_name, template_filename, render_exception))
 Exception: OPNsense/HAProxy OPNsense/HAProxy/haproxy.conf 'collections.OrderedDict object' has no attribute 'members' 

Environment

OPNsense 23.1.4_1-amd64 FreeBSD 13.1-RELEASE-p7 OpenSSL 1.1.1t 7 Feb 2023 Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz Intel(R) PRO/1000 PCI Express Gigabit Ethernet adapter driver (igb)

[fraenki]

@jan-win1993 Please submit a PR with your fix :blush: