From ec2e1c36d287577e7306eec93f092e7b09ae1986 Mon Sep 17 00:00:00 2001
From: ace <ace@0xace.cc>
Date: Mon, 9 Oct 2023 03:04:30 +0300
Subject: [PATCH] support forced custom ips and names in cert

---
 tasks/cacert.yaml | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/tasks/cacert.yaml b/tasks/cacert.yaml
index 9472045..881ddf8 100644
--- a/tasks/cacert.yaml
+++ b/tasks/cacert.yaml
@@ -88,6 +88,16 @@
         consul_server_subject_alt_ips_all_ipv4: "{{ groups[consul_server_group] | default([]) | map('extract', hostvars, ['ansible_all_ipv4_addresses']) | flatten | map('regex_replace', '^', 'IP:') | list }}"
       when: hostvars[inventory_hostname]['ansible_all_ipv4_addresses'] is defined
 
+    - name: Generate consul server subject_alt_ips from consul_cacert_force_append_ips
+      set_fact:
+        consul_server_subject_alt_ips_force_append: "{{ consul_cacert_force_append_ips | map('regex_replace', '^', 'IP:') | list }}"
+      when: consul_cacert_force_append_ips is defined
+
+    - name: Generate consul server subject_alt_names from consul_cacert_force_append_names
+      set_fact:
+        consul_server_subject_alt_names_force_append: "{{ consul_cacert_force_append_names | map('regex_replace', '^', 'DNS:') | list }}"
+      when: consul_cacert_force_append_names is defined
+
     - name: Generate consul agent subject_alt_ips from ansible_host
       set_fact:
         consul_agent_subject_alt_ips_from_ansible_host: "{{ groups[consul_agent_group] | default([]) | map('extract', hostvars, ['ansible_host']) | map('regex_replace', '^', 'IP:') | list }}"
@@ -105,15 +115,15 @@
         consul_agent_subject_alt_ips_all_ipv4: "{{ groups[consul_agent_group] | default([]) | map('extract', hostvars, ['ansible_all_ipv4_addresses']) | flatten | map('regex_replace', '^', 'IP:') | list }}"
       when: hostvars[inventory_hostname]['ansible_all_ipv4_addresses'] is defined
 
-    - name: Generate consul agent subject_alt_ips from cacert_force_append_ips
+    - name: Generate consul agent subject_alt_ips from consul_cacert_force_append_ips
       set_fact:
-        consul_agent_subject_alt_ips_force_append: "{{ cacert_force_append_ips | map('regex_replace', '^', 'IP:') | list }}"
-      when: cacert_force_append_ips is defined
+        consul_agent_subject_alt_ips_force_append: "{{ consul_cacert_force_append_ips | map('regex_replace', '^', 'IP:') | list }}"
+      when: consul_cacert_force_append_ips is defined
 
-    - name: Generate consul agent subject_alt_names from cacert_force_append_names
+    - name: Generate consul agent subject_alt_names from consul_cacert_force_append_names
       set_fact:
-        consul_agent_subject_alt_names_force_append: "{{ cacert_force_append_names | map('regex_replace', '^', 'DNS:') | list }}"
-      when: cacert_force_append_names is defined
+        consul_agent_subject_alt_names_force_append: "{{ consul_cacert_force_append_names | map('regex_replace', '^', 'DNS:') | list }}"
+      when: consul_cacert_force_append_names is defined
 
     - name: Generate consul agent subject_alt_names
       set_fact:
@@ -124,7 +134,7 @@
         path: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.csr"
         privatekey_path: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.key"
         common_name: "{{ consul_self_signed_cert_name }}"
-        subject_alt_name: "{{ consul_server_subject_alt_ips | default([]) + consul_server_subject_alt_names | default([]) + consul_agent_subject_alt_ips | default([]) + consul_agent_subject_alt_names | default([]) + consul_server_subject_alt_ips_from_ansible_host | default([]) + consul_server_subject_alt_ips_all_ipv4 | default([]) + consul_agent_subject_alt_ips_from_ansible_host | default([]) + consul_agent_subject_alt_ips_all_ipv4 | default([]) + consul_agent_subject_alt_ips_force_append | default([]) + consul_agent_subject_alt_names_force_append | default([])}}"
+        subject_alt_name: "{{ consul_server_subject_alt_ips | default([]) + consul_server_subject_alt_names | default([]) + consul_agent_subject_alt_ips | default([]) + consul_agent_subject_alt_names | default([]) + consul_server_subject_alt_ips_from_ansible_host | default([]) + consul_server_subject_alt_ips_all_ipv4 | default([]) + consul_server_subject_alt_ips_force_append | default([]) + consul_server_subject_alt_names_force_append | default([]) + consul_agent_subject_alt_ips_from_ansible_host | default([]) + consul_agent_subject_alt_ips_all_ipv4 | default([]) + consul_agent_subject_alt_ips_force_append | default([]) + consul_agent_subject_alt_names_force_append | default([]) }}"
         owner: consul
         group: consul
       register: consul_csr