From f9066fa55b62631439e3bca69be55b2d30b09a7a Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Wed, 17 Jul 2019 19:39:43 +0200
Subject: [PATCH] ipaserver: Properly set settings related to pkcs12 files

Use and generation of dirsrv_pkcs12_info, http_pkcs12_info and
pkinit_pkcs12_info has been fixed in:

- ipaserver_setup_ds
- ipaserver_setup_http
- ipaserver_test
---
 roles/ipaserver/library/ipaserver_setup_ds.py   | 3 +++
 roles/ipaserver/library/ipaserver_setup_http.py | 3 +++
 roles/ipaserver/library/ipaserver_test.py       | 6 +++---
 roles/ipaserver/tasks/install.yml               | 2 ++
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/roles/ipaserver/library/ipaserver_setup_ds.py b/roles/ipaserver/library/ipaserver_setup_ds.py
index 719b12c2..0e27a49a 100644
--- a/roles/ipaserver/library/ipaserver_setup_ds.py
+++ b/roles/ipaserver/library/ipaserver_setup_ds.py
@@ -82,6 +82,7 @@ def main():
             dirsrv_config_file=dict(required=False),
             ### ssl certificate ###
             dirsrv_cert_files=dict(required=False, type='list', default=[]),
+            _dirsrv_pkcs12_info=dict(required=False),
             ### certificate system ###
             external_cert_files=dict(required=False, type='list', default=[]),
             subject_base=dict(required=False),
@@ -108,6 +109,8 @@ def main():
     options.no_pkinit = ansible_module.params.get('no_pkinit')
     options.no_hbac_allow = ansible_module.params.get('no_hbac_allow')
     options.dirsrv_config_file = ansible_module.params.get('dirsrv_config_file')
+    options._dirsrv_pkcs12_info = ansible_module.params.get(
+        '_dirsrv_pkcs12_info')
     ### ssl certificate ###
     options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
     ### certificate system ###
diff --git a/roles/ipaserver/library/ipaserver_setup_http.py b/roles/ipaserver/library/ipaserver_setup_http.py
index 7de76199..e7235f22 100644
--- a/roles/ipaserver/library/ipaserver_setup_http.py
+++ b/roles/ipaserver/library/ipaserver_setup_http.py
@@ -97,6 +97,7 @@ def main():
 
             #_update_hosts_file=dict(required=False, type='bool', default=False),
             _dirsrv_pkcs12_info=dict(required=False),
+            _http_pkcs12_info=dict(required=False),
         ),
     )
 
@@ -146,6 +147,8 @@ def main():
     #options._update_hosts_file = ansible_module.params.get('_update_hosts_file')
     options._dirsrv_pkcs12_info = ansible_module.params.get(
         '_dirsrv_pkcs12_info')
+    options._http_pkcs12_info = ansible_module.params.get(
+        '_http_pkcs12_info')
 
     # init ##################################################################
 
diff --git a/roles/ipaserver/library/ipaserver_test.py b/roles/ipaserver/library/ipaserver_test.py
index 4a6700de..70a0606d 100644
--- a/roles/ipaserver/library/ipaserver_test.py
+++ b/roles/ipaserver/library/ipaserver_test.py
@@ -821,7 +821,7 @@ def main():
             key_nickname=options.http_cert_name,
             ca_cert_files=options.ca_cert_files,
             host_name=host_name)
-        http_pkcs12_info = (http_pkcs12_file.name, options.http_pin)
+        http_pkcs12_info = (http_pkcs12_file.name, http_pin)
 
     if options.dirsrv_cert_files:
         if options.dirsrv_pin is None:
@@ -833,7 +833,7 @@ def main():
             key_nickname=options.dirsrv_cert_name,
             ca_cert_files=options.ca_cert_files,
             host_name=host_name)
-        dirsrv_pkcs12_info = (dirsrv_pkcs12_file.name, options.dirsrv_pin)
+        dirsrv_pkcs12_info = (dirsrv_pkcs12_file.name, dirsrv_pin)
 
     if options.pkinit_cert_files:
         if options.pkinit_pin is None:
@@ -845,7 +845,7 @@ def main():
             key_nickname=options.pkinit_cert_name,
             ca_cert_files=options.ca_cert_files,
             realm_name=realm_name)
-        pkinit_pkcs12_info = (pkinit_pkcs12_file.name, options.pkinit_pin)
+        pkinit_pkcs12_info = (pkinit_pkcs12_file.name, pkinit_pin)
 
     if (options.http_cert_files and options.dirsrv_cert_files and
         http_ca_cert != dirsrv_ca_cert):
diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml
index 1193d22b..268f5d36 100644
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -190,6 +190,7 @@
       # no_host_dns: "{{ result_ipaserver_test.no_host_dns }}"
       dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
       dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default(omit) }}"
+      _dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info }}"
       external_cert_files:
         "{{ ipaserver_external_cert_files | default(omit) }}"
       subject_base: "{{ result_ipaserver_prepare.subject_base }}"
@@ -319,6 +320,7 @@
         idmax: "{{ result_ipaserver_test.idmax }}"
         http_cert_files: "{{ ipaserver_http_cert_files | default([]) }}"
         no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
+        _http_pkcs12_info: "{{ result_ipaserver_test._http_pkcs12_info }}"
 
     - name: Install - Setup KRA
       ipaserver_setup_kra: