diff options
author | Jonas Gunz <himself@jonasgunz.de> | 2021-09-07 02:27:06 +0200 |
---|---|---|
committer | Jonas Gunz <himself@jonasgunz.de> | 2021-09-07 02:27:06 +0200 |
commit | 79cdef90e78237a4b197905304506c5ed15fd232 (patch) | |
tree | eb08c0fe79e9a6cc39d4593a0cea3e27fb6d55fe /roles/signed_certificate | |
parent | 2ccf20e70715acd02f86415a61341476ef2c2f14 (diff) | |
download | ansible_collection-79cdef90e78237a4b197905304506c5ed15fd232.tar.gz |
signed_certificate: check for file permissions
Diffstat (limited to 'roles/signed_certificate')
-rw-r--r-- | roles/signed_certificate/defaults/main.yml | 2 | ||||
-rw-r--r-- | roles/signed_certificate/tasks/main.yml | 11 |
2 files changed, 12 insertions, 1 deletions
diff --git a/roles/signed_certificate/defaults/main.yml b/roles/signed_certificate/defaults/main.yml index c46ef37..d0ee48e 100644 --- a/roles/signed_certificate/defaults/main.yml +++ b/roles/signed_certificate/defaults/main.yml @@ -4,7 +4,7 @@ key_path: '/etc/ssl/private/' cert_path: '/etc/ssl/certs/' alt_name: '{{ "DNS:" + ansible_facts.fqdn }}' owner: root -group: root +group: ssl-cert signed_certificate: issuer_cn: '' diff --git a/roles/signed_certificate/tasks/main.yml b/roles/signed_certificate/tasks/main.yml index 3e1a7b2..d5491ac 100644 --- a/roles/signed_certificate/tasks/main.yml +++ b/roles/signed_certificate/tasks/main.yml @@ -21,9 +21,20 @@ path: '{{ key_path }}/{{ cert_name }}.key' owner: '{{ owner }}' group: '{{ group }}' + mode: '640' become: yes when: key_check.failed +- name: Check file permissions for Key + file: + path: '{{ key_path }}/{{ cert_name }}.key' + state: file + owner: '{{ owner }}' + group: '{{ group }}' + mode: '640' + become: yes + when: not key_check.failed + - name: Read existing Certificate community.crypto.x509_certificate_info: path: '{{ cert_path }}/{{ cert_name }}.pem' |