search

freeipa / ansible-freeipa

Ansible roles and modules for FreeIPA
GNU General Public License v3.0
480 stars 231 forks source link

Strip and verify encoded certificates #1241

Closed t-woerner closed 1 month ago

t-woerner commented 1 month ago

ansible_freeipa_module: New function strip_encoded_certificates

The new function strip_encoded_certificates strips and verifies the base64 encoded certificates in a list if the list is not None.

The certificates are verified using base64.b64decode after removing leading and training white space.

Several modules are using base64 encoded certificates, therefore adding this to ansible_freeipa_module reduces duplicate code.

ipahost: Use new strip_encoded_certificates

To strip leading and trailing white space and to verify base64 encoded certificates.

ipauser: Use new strip_encoded_certificates

To strip leading and trailing white space and to verify base64 encoded certificates.

ipaservice: Use new strip_encoded_certificates

To strip leading and trailing white space and to verify base64 encoded certificates.

t-woerner commented 1 month ago

The removal of an invalid cert should pass as the certificate can not be in IPA. Only the addition of a invalid cert should fail.