import_vault_root_ca/tasks/import.yml

---
# task/import file for import_vault_root_ca
- name: "Download certificate file"
  ansible.builtin.get_url:
    url: "{{ item.url }}"
    validate_certs: false
    force: "{{ import_vault_root_ca_certificate_force_download }}"
    dest: "/tmp/{{ item.cert_name }}.tmp"
    mode: '0644'
  loop: "{{ import_vault_root_ca_certificate_list }}"
  register: download_results

- name: "Check certificate format"
  ansible.builtin.command: >
    openssl x509 -inform PEM -noout -in {{ item.dest }}
  loop: "{{ download_results.results }}"
  register: cert_format_results
  changed_when: false
  failed_when: false

- name: "Make sure certificate is in PEM format"
  ansible.builtin.command:
    cmd: openssl x509 -inform {{ 'PEM' if item.rc == 0 else 'DER' }} -in {{ item.item.dest }} -out {{ import_vault_root_ca_cert_dir }}/{{ item.item.item.cert_name }}.crt -outform pem
    creates: "{{ import_vault_root_ca_cert_dir }}/{{ item.item.item.cert_name }}.crt"
  loop: "{{ cert_format_results.results }}"
  notify:
    - update-ca-certificates
does most of the job 2023-05-22 18:23:57 +00:00			`---`
			`# task/import file for import_vault_root_ca`
			`- name: "Download certificate file"`
			`ansible.builtin.get_url:`
			`url: "{{ item.url }}"`
			`validate_certs: false`
mostly done 2023-05-24 21:00:18 +00:00			`force: "{{ import_vault_root_ca_certificate_force_download }}"`
copy to /tmp the temp cert to avoid not triggering ca-cert update 2023-07-02 18:32:30 +00:00			`dest: "/tmp/{{ item.cert_name }}.tmp"`
mostly done 2023-05-24 21:00:18 +00:00			`mode: '0644'`
does most of the job 2023-05-22 18:23:57 +00:00			`loop: "{{ import_vault_root_ca_certificate_list }}"`
handle non pem input when openssl does not autodetect certificate inform 2023-09-26 20:46:33 +00:00			`register: download_results`

			`- name: "Check certificate format"`
			`ansible.builtin.command: >`
			`openssl x509 -inform PEM -noout -in {{ item.dest }}`
			`loop: "{{ download_results.results }}"`
			`register: cert_format_results`
			`changed_when: false`
			`failed_when: false`
does most of the job 2023-05-22 18:23:57 +00:00
			`- name: "Make sure certificate is in PEM format"`
			`ansible.builtin.command:`
handle non pem input when openssl does not autodetect certificate inform 2023-09-26 20:46:33 +00:00			`cmd: openssl x509 -inform {{ 'PEM' if item.rc == 0 else 'DER' }} -in {{ item.item.dest }} -out {{ import_vault_root_ca_cert_dir }}/{{ item.item.item.cert_name }}.crt -outform pem`
			`creates: "{{ import_vault_root_ca_cert_dir }}/{{ item.item.item.cert_name }}.crt"`
			`loop: "{{ cert_format_results.results }}"`
does most of the job 2023-05-22 18:23:57 +00:00			`notify:`
			`- update-ca-certificates`