openstack/ansible-role-pki
Code Issues Proposed changes

Auto-fix yaml rules

Browse Source 
In order to reduce divergance with ansible-lint rules, we apply
auto-fixing of violations.

In current patch we replace all kind of truthy variables with
`true` or `false` values to align with recommendations along with
alignment of used quotes.

Change-Id: I2e7bdac26e914a62e9416d34381696ce3d2117dc
This commit is contained in:
Dmitriy Rabotyagov 2025-02-17 12:23:12 +01:00
parent d4ff35aa1c
commit 9bae6bfdb9
11 changed files with 48 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -45,6 +45,7 @@ logs/*
# OS generated files # # OS generated files #
###################### ######################
._* ._*
.ansible
.tox .tox
*.egg-info *.egg-info
.eggs .eggs

4
defaults/main.yml
View File

@ -70,7 +70,7 @@ pki_install_ca: []
pki_search_install_ca_pattern: "pki_install_ca_" pki_search_install_ca_pattern: "pki_install_ca_"
# set this to the name of a CA to regenerate, or to 'true' to regenerate all # set this to the name of a CA to regenerate, or to 'true' to regenerate all
pki_regen_ca: '' pki_regen_ca: ""
# locations of system trust stores to install CA certs to # locations of system trust stores to install CA certs to
pki_trust_store_location: pki_trust_store_location:
@ -104,7 +104,7 @@ pki_search_certificates_pattern: "pki_certificates_"
# signed_by: "SnakeRootIntermediate" # signed_by: "SnakeRootIntermediate"
# set this to the name of the certificate to regenerate, or to 'true' to regenerate all # set this to the name of the certificate to regenerate, or to 'true' to regenerate all
pki_regen_cert: '' pki_regen_cert: ""
# host where the generated PKI files are kept # host where the generated PKI files are kept
pki_setup_host: localhost pki_setup_host: localhost

1
examples/playbook.yml
View File

@ -1,5 +1,4 @@
--- ---
- name: Install PKI - name: Install PKI
hosts: all hosts: all
tasks: tasks:

1
meta/main.yml
View File

@ -1,3 +1,4 @@
---
galaxy_info: galaxy_info:
author: City Networks, BBC author: City Networks, BBC
description: Installation and configuration of PKI infrastructure description: Installation and configuration of PKI infrastructure

1
molecule/default/verify.yml
View File

@ -6,7 +6,6 @@
apt: /usr/local/share/ca-certificates/ apt: /usr/local/share/ca-certificates/
dnf: /etc/pki/ca-trust/source/anchors/ dnf: /etc/pki/ca-trust/source/anchors/
tasks: tasks:
# Check that certificate authorities are installed (or absent) at the correct path # Check that certificate authorities are installed (or absent) at the correct path
- stat: - stat:
path: "{{ pki_trust_store_location[ansible_facts['pkg_mgr']] }}/{{ functional_ca_name_1 }}.crt" path: "{{ pki_trust_store_location[ansible_facts['pkg_mgr']] }}/{{ functional_ca_name_1 }}.crt"

1
requirements.yml
View File

@ -1,3 +1,4 @@
---
collections: collections:
- name: community.crypto - name: community.crypto
version: 2.0.2 version: 2.0.2

2
tasks/main_ca.yml
View File

@ -28,7 +28,7 @@
- "{{ pki_ca_dirs }}" - "{{ pki_ca_dirs }}"
- "{{ pki_cert_dirs }}" - "{{ pki_cert_dirs }}"
delegate_to: "{{ pki_setup_host }}" delegate_to: "{{ pki_setup_host }}"
check_mode: no check_mode: false
- name: Create certificate authorities - name: Create certificate authorities
include_tasks: "{{ pki_method }}/create_ca.yml" include_tasks: "{{ pki_method }}/create_ca.yml"

2
tasks/main_certs.yml
View File

@ -44,7 +44,7 @@
loop_label: loop_label:
path: "{{ install }}" path: "{{ install }}"
state: directory state: directory
mode: '0755' mode: "0755"
- name: Install Server certificates to targets - name: Install Server certificates to targets
copy: copy:

11
tasks/standalone/create_ca.yml
View File

@ -19,7 +19,6 @@
ansible_python_interpreter: "{{ pki_setup_host_python_interpreter }}" ansible_python_interpreter: "{{ pki_setup_host_python_interpreter }}"
delegate_to: "{{ pki_setup_host }}" delegate_to: "{{ pki_setup_host }}"
block: block:
- name: Create directories for certificate authority {{ ca.name }} - name: Create directories for certificate authority {{ ca.name }}
file: file:
state: directory state: directory
@ -50,8 +49,8 @@
- name: Initialise the serial number for {{ ca.name }} - name: Initialise the serial number for {{ ca.name }}
copy: copy:
content: "999" content: "999"
dest : "{{ ca_dir ~ '/serial' }}" dest: "{{ ca_dir ~ '/serial' }}"
force: no force: false
- name: Generate CA private key for {{ ca.name }} - name: Generate CA private key for {{ ca.name }}
community.crypto.openssl_privatekey: community.crypto.openssl_privatekey:
@ -75,7 +74,7 @@
privatekey_path: "{{ ca_privkey.filename }}" privatekey_path: "{{ ca_privkey.filename }}"
privatekey_passphrase: "{{ ca.key_passphrase | default(omit) }}" privatekey_passphrase: "{{ ca.key_passphrase | default(omit) }}"
common_name: "{{ ca.cn }}" common_name: "{{ ca.cn }}"
basic_constraints_critical: yes basic_constraints_critical: true
basic_constraints: "{{ ca.basic_constraints }}" basic_constraints: "{{ ca.basic_constraints }}"
key_usage: "{{ ca.key_usage }}" key_usage: "{{ ca.key_usage }}"
country_name: "{{ ca.country_name | default(omit) }}" country_name: "{{ ca.country_name | default(omit) }}"
@ -99,7 +98,7 @@
community.crypto.x509_certificate: community.crypto.x509_certificate:
path: "{{ ca_cert_prefix ~ '-' ~ next_serial_no ~ '.crt' }}" path: "{{ ca_cert_prefix ~ '-' ~ next_serial_no ~ '.crt' }}"
csr_path: "{{ ca_csr.filename }}" csr_path: "{{ ca_csr.filename }}"
provider: 'selfsigned' provider: "selfsigned"
privatekey_path: "{{ ca_privkey.filename }}" privatekey_path: "{{ ca_privkey.filename }}"
privatekey_passphrase: "{{ ca.key_passphrase | default(omit) }}" privatekey_passphrase: "{{ ca.key_passphrase | default(omit) }}"
selfsigned_not_after: "{{ ca.not_after }}" selfsigned_not_after: "{{ ca.not_after }}"
@ -116,7 +115,7 @@
community.crypto.x509_certificate: community.crypto.x509_certificate:
path: "{{ ca_cert_prefix ~ '-' ~ next_serial_no ~ '.crt' }}" path: "{{ ca_cert_prefix ~ '-' ~ next_serial_no ~ '.crt' }}"
csr_path: "{{ ca_csr.filename }}" csr_path: "{{ ca_csr.filename }}"
provider: 'ownca' provider: "ownca"
ownca_privatekey_path: "{{ pki_dir ~ '/roots/' ~ ca.signed_by ~ '/private/' ~ ca.signed_by ~ '.key.pem' }}" ownca_privatekey_path: "{{ pki_dir ~ '/roots/' ~ ca.signed_by ~ '/private/' ~ ca.signed_by ~ '.key.pem' }}"
ownca_privatekey_passphrase: "{{ ca.ownca_key_passphrase | default(omit) }}" ownca_privatekey_passphrase: "{{ ca.ownca_key_passphrase | default(omit) }}"
ownca_path: "{{ pki_dir ~ '/roots/' ~ ca.signed_by ~ '/certs/' ~ ca.signed_by ~ '.crt' }}" ownca_path: "{{ pki_dir ~ '/roots/' ~ ca.signed_by ~ '/certs/' ~ ca.signed_by ~ '.crt' }}"

3
tasks/standalone/create_cert.yml
View File

@ -21,7 +21,6 @@
_ca_file: "{{ pki_dir ~ '/roots/' ~ cert.signed_by ~ '/certs/' ~ cert.signed_by ~ '.crt' }}" _ca_file: "{{ pki_dir ~ '/roots/' ~ cert.signed_by ~ '/certs/' ~ cert.signed_by ~ '.crt' }}"
delegate_to: "{{ pki_setup_host }}" delegate_to: "{{ pki_setup_host }}"
block: block:
- name: Generate certificate private key for {{ cert.name }} - name: Generate certificate private key for {{ cert.name }}
community.crypto.openssl_privatekey: community.crypto.openssl_privatekey:
path: "{{ cert_dir ~ '/private/' ~ cert.name ~ '.key.pem' }}" path: "{{ cert_dir ~ '/private/' ~ cert.name ~ '.key.pem' }}"
@ -37,7 +36,7 @@
privatekey_path: "{{ cert_privkey.filename }}" privatekey_path: "{{ cert_privkey.filename }}"
privatekey_passphrase: "{{ cert.key_passphrase | default(omit) }}" privatekey_passphrase: "{{ cert.key_passphrase | default(omit) }}"
common_name: "{{ cert.cn | default(omit) }}" common_name: "{{ cert.cn | default(omit) }}"
basic_constraints_critical: yes basic_constraints_critical: true
basic_constraints: "{{ cert.basic_constraints | default(omit) }}" basic_constraints: "{{ cert.basic_constraints | default(omit) }}"
key_usage: "{{ cert.key_usage | default(omit) }}" key_usage: "{{ cert.key_usage | default(omit) }}"
extended_key_usage: "{{ cert.extended_key_usage | default(omit) }}" extended_key_usage: "{{ cert.extended_key_usage | default(omit) }}"