handle non pem input when openssl does not autodetect certificate inform
All checks were successful
test / Linting (push) Successful in 29s
test / Molecule tests (default, debian12) (push) Successful in 1m4s
test / Molecule tests (default, debian11) (push) Successful in 1m24s
test / Molecule tests (default, ubuntu2004) (push) Successful in 1m24s
test / Molecule tests (default, ubuntu2204) (push) Successful in 1m0s
test / Molecule tests (with_custom_ca, debian11) (push) Successful in 44s
test / Molecule tests (with_custom_ca, debian12) (push) Successful in 1m1s
test / Molecule tests (with_custom_ca, ubuntu2204) (push) Successful in 1m5s
test / Molecule tests (with_custom_ca, ubuntu2004) (push) Successful in 1m12s

This commit is contained in:
Bertrand Lanson 2023-09-26 22:46:33 +02:00
parent 891015013b
commit 263da6e7ab

View File

@ -8,11 +8,22 @@
dest: "/tmp/{{ item.cert_name }}.tmp"
mode: '0644'
loop: "{{ import_vault_root_ca_certificate_list }}"
register: download_results
- name: "Check certificate format"
ansible.builtin.command: >
openssl x509 -inform PEM -noout -in {{ item.dest }}
loop: "{{ download_results.results }}"
register: cert_format_results
changed_when: false
failed_when: false
- name: "Make sure certificate is in PEM format"
ansible.builtin.command:
cmd: "openssl x509 -in /tmp/{{ item.cert_name }}.tmp -out {{ import_vault_root_ca_cert_dir }}/{{ item.cert_name }}.crt -outform pem"
creates: "{{ import_vault_root_ca_cert_dir }}/{{ item.cert_name }}.crt"
loop: "{{ import_vault_root_ca_certificate_list }}"
cmd: openssl x509 -inform {{ 'PEM' if item.rc == 0 else 'DER' }} -in {{ item.item.dest }} -out {{ import_vault_root_ca_cert_dir }}/{{ item.item.item.cert_name }}.crt -outform pem
creates: "{{ import_vault_root_ca_cert_dir }}/{{ item.item.item.cert_name }}.crt"
loop: "{{ cert_format_results.results }}"
notify:
- update-ca-certificates
# loop_control:
# loop_var: item