fix(certs): Fix node cert SAN template structure and variable assignment

5879fede · Alexander Käb · dddd714b · 5879fede · 5879fede
Commit 5879fede authored 2 years ago by Alexander Käb
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -18,7 +18,7 @@ sidecar_cert_dir: "/etc/graylog/sidecar"
 cert_valid_days: 1095

 # Cert SAN settings
-node_cert_sans: "{{ lookup('template', 'node-cert-sans.j2') }}"
+node_cert_sans: "{{ lookup('template', 'node-cert-sans.j2') | replace('\n', '') | split(',') | map('trim') | list }}"
 use_ipv4: true
 use_ipv6: true
 use_default: true

--- a/templates/node-cert-sans.j2
+++ b/templates/node-cert-sans.j2
-{%- macro ansible_iface(name) -%}
-    ansible_{{name}}
-{%- endmacro -%}
-
- "DNS:{{ inventory_hostname }}"
- "DNS:{{ ansible_fqdn }}"
-{% if use_default == true -%}
-    {% if use_ipv4 == true and ansible_default_ipv4.address is defined -%}
- "IP:{{ ansible_default_ipv4.address }}"
-    {% endif -%}
-    {% if use_ipv6 == true and ansible_default_ipv6.address is defined -%}
- "IP:{{ ansible_default_ipv6.address }}"
-    {% endif -%}
-{% endif -%}
-{% if use_interface_ip == true -%}
-    {% if ansible_facts[ansible_iface(iface_name)] is defined -%}
-        {% if use_ipv4 == true and ansible_facts[ansible_iface(iface_name)].ipv4.address is defined -%}
- "IP:{{ ansible_facts[ansible_iface(iface_name)].ipv6.address }}"
-        {% endif -%}
-        {% if use_ipv6 == true and ansible_facts[ansible_iface(iface_name)].ipv6.address is defined -%}
- "IP:{{ ansible_facts[ansible_iface(iface_name)].ipv6.address }}"
+DNS:{{ inventory_hostname }},
+DNS:{{ ansible_fqdn }},
+{%- if use_default == true -%}
+    {%- if use_ipv4 == true and ansible_default_ipv4.address is defined -%}
+        IP:{{ ansible_default_ipv4.address }},
+    {%- endif -%}
+    {%- if use_ipv6 == true and ansible_default_ipv6.address is defined -%}
+        IP:{{ ansible_default_ipv6.address }},
+    {%- endif -%}
+{%- endif -%}
+{%- if use_interface_ip == true -%}
+    {%- if ansible_facts[iface_name] is defined -%}
+        {%- if use_ipv4 == true and ansible_facts[iface_name].ipv4.address is defined -%}
+            IP:{{ ansible_facts[iface_name].ipv6.address }},
+        {%- endif -%}
+        {%- if use_ipv6 == true and (ansible_facts[iface_name].ipv6 | selectattr("scope", "equalto", "global") | length > 0) -%}
+            {%- for ip in (ansible_facts[iface_name].ipv6 | selectattr("scope", "equalto", "global"))%}
+                IP:{{ ip.address }}{% if not loop.last %},{% endif %}
+            {%- endfor -%}
        {%- endif -%}
    {%- endif-%}
 {%- endif -%}
\ No newline at end of file