From 5879fede115f5819b6dc6656b82bc24aba6378d9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20K=C3=A4b?= <alexander.kaeb@h-da.de>
Date: Thu, 2 Mar 2023 14:25:08 +0100
Subject: [PATCH] fix(certs): Fix node cert SAN template structure and variable
 assignment

---
 defaults/main.yml           |  2 +-
 templates/node-cert-sans.j2 | 40 ++++++++++++++++++-------------------
 2 files changed, 20 insertions(+), 22 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 876c7e4..bc9969e 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -18,7 +18,7 @@ sidecar_cert_dir: "/etc/graylog/sidecar"
 cert_valid_days: 1095
 
 # Cert SAN settings
-node_cert_sans: "{{ lookup('template', 'node-cert-sans.j2') }}"
+node_cert_sans: "{{ lookup('template', 'node-cert-sans.j2') | replace('\n', '') | split(',') | map('trim') | list }}"
 use_ipv4: true
 use_ipv6: true
 use_default: true
diff --git a/templates/node-cert-sans.j2 b/templates/node-cert-sans.j2
index c811ac5..41a630a 100644
--- a/templates/node-cert-sans.j2
+++ b/templates/node-cert-sans.j2
@@ -1,24 +1,22 @@
-{%- macro ansible_iface(name) -%}
-    ansible_{{name}}
-{%- endmacro -%}
-
-- "DNS:{{ inventory_hostname }}"
-- "DNS:{{ ansible_fqdn }}"
-{% if use_default == true -%}
-    {% if use_ipv4 == true and ansible_default_ipv4.address is defined -%}
-- "IP:{{ ansible_default_ipv4.address }}"
-    {% endif -%}
-    {% if use_ipv6 == true and ansible_default_ipv6.address is defined -%}
-- "IP:{{ ansible_default_ipv6.address }}"
-    {% endif -%}
-{% endif -%}
-{% if use_interface_ip == true -%}
-    {% if ansible_facts[ansible_iface(iface_name)] is defined -%}
-        {% if use_ipv4 == true and ansible_facts[ansible_iface(iface_name)].ipv4.address is defined -%}
-- "IP:{{ ansible_facts[ansible_iface(iface_name)].ipv6.address }}"
-        {% endif -%}
-        {% if use_ipv6 == true and ansible_facts[ansible_iface(iface_name)].ipv6.address is defined -%}
-- "IP:{{ ansible_facts[ansible_iface(iface_name)].ipv6.address }}"
+DNS:{{ inventory_hostname }},
+DNS:{{ ansible_fqdn }},
+{%- if use_default == true -%}
+    {%- if use_ipv4 == true and ansible_default_ipv4.address is defined -%}
+        IP:{{ ansible_default_ipv4.address }},
+    {%- endif -%}
+    {%- if use_ipv6 == true and ansible_default_ipv6.address is defined -%}
+        IP:{{ ansible_default_ipv6.address }},
+    {%- endif -%}
+{%- endif -%}
+{%- if use_interface_ip == true -%}
+    {%- if ansible_facts[iface_name] is defined -%}
+        {%- if use_ipv4 == true and ansible_facts[iface_name].ipv4.address is defined -%}
+            IP:{{ ansible_facts[iface_name].ipv6.address }},
+        {%- endif -%}
+        {%- if use_ipv6 == true and (ansible_facts[iface_name].ipv6 | selectattr("scope", "equalto", "global") | length > 0) -%}
+            {%- for ip in (ansible_facts[iface_name].ipv6 | selectattr("scope", "equalto", "global"))%}
+                IP:{{ ip.address }}{% if not loop.last %},{% endif %}
+            {%- endfor -%}
         {%- endif -%}
     {%- endif-%}
 {%- endif -%}
\ No newline at end of file
-- 
GitLab