Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x509_certificate_info: add support to multiple certificate within a single file #542

Open
jmsierra opened this issue Dec 15, 2022 · 5 comments
Open

x509_certificate_info: add support to multiple certificate within a single file #542

jmsierra opened this issue Dec 15, 2022 · 5 comments
Labels
enhancement New feature or request

Comments

@jmsierra
Copy link

jmsierra commented Dec 15, 2022
edited
Loading

SUMMARY

Allow for the community.crypto.x509_certificate_info module to be able to read multiple certificates from a single pem file. For example, certificates issued by Let's Encrypt with default configuration (without the usage of --preferred-chain), generate a chain.pem and fullchain.pem files with 2 and 3 certificate inside respectively; such as:

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

I'd be nice this module would be able to return a list o dict with the different certificates.

ISSUE TYPE
  • Feature Idea
COMPONENT NAME

community.crypto.x509_certificate_info

ADDITIONAL INFORMATION
@felixfontein felixfontein added the enhancement New feature or request label Dec 17, 2022
@felixfontein
Copy link
Contributor

I don't think it is a good idea to allow _info modules to work both on one and many objects at the same time, this will make the interface a lot more clumsy IMO.

But what about the following:

  • Offer a jinja2 filter which allows to split a PEM file into its certificates. (We already have code for that.)

    This would allow to run x509_certificate_info in a loop on the splitted certificates.

  • Maybe also offer filter versions of the _info modules (for certificates, private keys, ...; not for things like ACME accounts).

    Combining these two filters allows to do what you want with pure jinja2 logic.

WDYT?

@felixfontein felixfontein mentioned this issue Dec 27, 2022
Merged
@felixfontein
Copy link
Contributor

I've created a PR for a split_pem filter in #549.

@felixfontein felixfontein mentioned this issue Dec 28, 2022
Closed
@felixfontein
Copy link
Contributor

I started a WIP PR for more filter plugins in #550.

@jmsierra
Copy link
Author

Sorry for the late reply and thank you so much for taking it into consideration.

Just one question, if pem file is in the remote machine, I understand something like slurp should be used before to get its content, and then pass it to the split_pem filter, right?

@felixfontein
Copy link
Contributor

Just one question, if pem file is in the remote machine, I understand something like slurp should be used before to get its content, and then pass it to the split_pem filter, right?

Yes, something like that would be needed.

This was referenced Dec 30, 2022
Merged
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jmsierra @felixfontein