Implement feature in cisco.ios that would enable trustpoint creation with "enrollment terminal pem" - (does not require SCEP)
ISSUE TYPE
Currently when using ios_command to attempt to create a trustpoint with "enrollment terminal pem", you can use prompt:answer to get into config mode and then "authenticate" the trustpoint, after which you can provide the certificate as a second answer, but Cisco interpretes what it is provided by Ansible as a string with \n's for line breaks which it doesn't understand.
crypto pki authenticate pem_test
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
You would paste this in if doing it manually
-----BEGIN CERTIFICATE-----
MIIDfTCCAmWgAwIBAgIQes7tJu7l8IRGgomMEurtqzANBgkqhkiG9w0BAQsFADBR
MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxFzAVBgoJkiaJk/IsZAEZFgdhbnNpYmxl
MR8wHQYDVQQDExZhbnNpYmxlLVdJTkFEU0VSVkVSLUNBMB4XDTI0MDIxMjE4NDEw
.....
2L44U/dqJyUphP4TNqoHpXNEM0IvvafdsgawvmDQxdVwfxwPOO5qH4TP1pwBfeaR
pygpGjaxsloJn4otgbkzA3wreYFkUJ2WFU1VCcpldvNVApXjIedc5Hbb9IU4Q8AE
R8Ggz8AGqb892aUXDkZKjpcwtJgvV14VoUPTN2O5xqn0fQ2CUJB+iSL6DmUE63gv
GLf1NxQwQASzBHBKaxNnktP3v/J6yV7IKejDaEQSdkC14TA9Em/RgU6yQ6rEHfnS
wTYDbzZDQrU/FjzM9SkZRnrIfmOe58sRbNH03hUX3sk0
-----END CERTIFICATE-----
COMPONENT NAME
Two potential ideas are to implement ios_trustpoint as a resource module, or by changing the prompt:answer capability in ios_command from1:1 to 1:many.
ADDITIONAL INFORMATION
The feature would enable managing cisco trustpoints without requiring SCEP.
SUMMARY
Implement feature in cisco.ios that would enable trustpoint creation with "enrollment terminal pem" - (does not require SCEP)
ISSUE TYPE
Currently when using ios_command to attempt to create a trustpoint with "enrollment terminal pem", you can use prompt:answer to get into config mode and then "authenticate" the trustpoint, after which you can provide the certificate as a second answer, but Cisco interpretes what it is provided by Ansible as a string with \n's for line breaks which it doesn't understand. crypto pki authenticate pem_test
Enter the base 64 encoded CA certificate. End with a blank line or the word "quit" on a line by itself
You would paste this in if doing it manually -----BEGIN CERTIFICATE----- MIIDfTCCAmWgAwIBAgIQes7tJu7l8IRGgomMEurtqzANBgkqhkiG9w0BAQsFADBR MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxFzAVBgoJkiaJk/IsZAEZFgdhbnNpYmxl MR8wHQYDVQQDExZhbnNpYmxlLVdJTkFEU0VSVkVSLUNBMB4XDTI0MDIxMjE4NDEw ..... 2L44U/dqJyUphP4TNqoHpXNEM0IvvafdsgawvmDQxdVwfxwPOO5qH4TP1pwBfeaR pygpGjaxsloJn4otgbkzA3wreYFkUJ2WFU1VCcpldvNVApXjIedc5Hbb9IU4Q8AE R8Ggz8AGqb892aUXDkZKjpcwtJgvV14VoUPTN2O5xqn0fQ2CUJB+iSL6DmUE63gv GLf1NxQwQASzBHBKaxNnktP3v/J6yV7IKejDaEQSdkC14TA9Em/RgU6yQ6rEHfnS wTYDbzZDQrU/FjzM9SkZRnrIfmOe58sRbNH03hUX3sk0 -----END CERTIFICATE-----
COMPONENT NAME
Two potential ideas are to implement ios_trustpoint as a resource module, or by changing the prompt:answer capability in ios_command from1:1 to 1:many.
ADDITIONAL INFORMATION
The feature would enable managing cisco trustpoints without requiring SCEP.