Bertrand Lanson
2ae5d8826d
All checks were successful
test / Linting (push) Successful in 9s
test / Molecule tests (default, debian11) (push) Successful in 35s
test / Molecule tests (default, debian12) (push) Successful in 43s
test / Molecule tests (default, ubuntu2004) (push) Successful in 42s
test / Molecule tests (default, ubuntu2204) (push) Successful in 39s
test / Molecule tests (with_custom_ca, debian11) (push) Successful in 41s
test / Molecule tests (with_custom_ca, debian12) (push) Successful in 42s
test / Molecule tests (with_custom_ca, ubuntu2004) (push) Successful in 46s
test / Molecule tests (with_custom_ca, ubuntu2204) (push) Successful in 50s
29 lines
1.0 KiB
YAML
29 lines
1.0 KiB
YAML
---
|
|
# task/import file for import_vault_root_ca
|
|
- name: "Download certificate file"
|
|
ansible.builtin.get_url:
|
|
url: "{{ item.url }}"
|
|
validate_certs: false
|
|
force: "{{ import_vault_root_ca_certificate_force_download }}"
|
|
dest: "/tmp/{{ item.cert_name }}.tmp"
|
|
mode: '0644'
|
|
loop: "{{ import_vault_root_ca_certificate_list }}"
|
|
register: download_results
|
|
|
|
- name: "Check certificate format"
|
|
ansible.builtin.command: >
|
|
openssl x509 -inform PEM -noout -in {{ item.dest }}
|
|
loop: "{{ download_results.results }}"
|
|
register: cert_format_results
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: "Make sure certificate is in PEM format"
|
|
ansible.builtin.command:
|
|
cmd: openssl x509 -inform {{ 'PEM' if item.rc == 0 else 'DER' }} -in {{ item.item.dest }} -out {{ import_vault_root_ca_cert_dir }}/{{ item.item.item.cert_name }}.crt -outform pem
|
|
creates: "{{ import_vault_root_ca_cert_dir }}/{{ item.item.item.cert_name }}.crt"
|
|
loop: "{{ cert_format_results.results }}"
|
|
become: true
|
|
notify:
|
|
- update-ca-certificates
|