From 03641fbd66fe1475011ee0d7d99fee5c6da16c7c Mon Sep 17 00:00:00 2001
From: Zaku <127139771+Zakurama@users.noreply.github.com>
Date: Mon, 18 Nov 2024 20:00:58 +0100
Subject: [PATCH] feat: copying certificates to target directory

---
 roles/vault_agent/files/retrieving_cert.tmpl        | 10 ----------
 roles/vault_agent/tasks/main.yml                    | 13 +++++++++++--
 roles/vault_agent/templates/retrieving_cert.tmpl.j2 | 10 ++++++++++
 3 files changed, 21 insertions(+), 12 deletions(-)
 delete mode 100644 roles/vault_agent/files/retrieving_cert.tmpl
 create mode 100644 roles/vault_agent/templates/retrieving_cert.tmpl.j2

diff --git a/roles/vault_agent/files/retrieving_cert.tmpl b/roles/vault_agent/files/retrieving_cert.tmpl
deleted file mode 100644
index 8be1415..0000000
--- a/roles/vault_agent/files/retrieving_cert.tmpl
+++ /dev/null
@@ -1,10 +0,0 @@
-{{with secret "secret/certificat-web"}}
-{{ index .Data.data "privkey.pem" | writeToFile "privkey.pem" "" "" "0400"}}
-{{ index .Data.data "chain.pem" | writeToFile "chain.pem" "" "" "0400"}}
-{{ index .Data.data "cert.pem" | writeToFile "cert.pem" "" "" "0400"}}
-{{ index .Data.data "fullchain.pem" | writeToFile "fullchain.pem" "" "" "0400"}}
-{{ index .Data.data "privkey.pem"}}
-{{ index .Data.data "chain.pem"}}
-{{ index .Data.data "cert.pem"}}
-{{ index .Data.data "fullchain.pem"}}
-{{end}}
\ No newline at end of file
diff --git a/roles/vault_agent/tasks/main.yml b/roles/vault_agent/tasks/main.yml
index 35f65f8..5d7311f 100644
--- a/roles/vault_agent/tasks/main.yml
+++ b/roles/vault_agent/tasks/main.yml
@@ -63,12 +63,13 @@
   notify: Restart vault-agent-certificates
 
 - name: Copy retrieving_cert.tmpl
-  ansible.builtin.copy:
-    src: retrieving_cert.tmpl
+  ansible.builtin.template:
+    src: retrieving_cert.tmpl.j2
     dest: /root/vault_agent_certificat/retrieving_cert.tmpl
     mode: '0644'
     owner: root
     group: root
+  notify: Restart vault-agent-certificates
 
 - name: Copy vault-agent-certificates.service
   ansible.builtin.copy:
@@ -78,6 +79,14 @@
     owner: root
     group: root
 
+- name: Create directory for certificates
+  ansible.builtin.file:
+    state: directory
+    dest: "{{ vault_agent_certificate_directory }}"
+    mode: '0755'
+    owner: root
+    group: root
+
 - name: Start vault-agent-certificates service
   ansible.builtin.systemd:
     name: vault-agent-certificates
diff --git a/roles/vault_agent/templates/retrieving_cert.tmpl.j2 b/roles/vault_agent/templates/retrieving_cert.tmpl.j2
new file mode 100644
index 0000000..548265a
--- /dev/null
+++ b/roles/vault_agent/templates/retrieving_cert.tmpl.j2
@@ -0,0 +1,10 @@
+{{ '{{' }}with secret "secret/certificat-web"{{ '}}' }}
+{{ '{{' }} index .Data.data "privkey.pem" | writeToFile "{{vault_agent_certificate_directory}}/privkey.pem" "" "" "0400"{{ '}}' }}
+{{ '{{' }} index .Data.data "chain.pem" | writeToFile "{{vault_agent_certificate_directory}}/chain.pem" "" "" "0400"{{ '}}' }}
+{{ '{{' }} index .Data.data "cert.pem" | writeToFile "{{vault_agent_certificate_directory}}/cert.pem" "" "" "0400"{{ '}}' }}
+{{ '{{' }} index .Data.data "fullchain.pem" | writeToFile "{{vault_agent_certificate_directory}}/fullchain.pem" "" "" "0400"{{ '}}' }}
+{{ '{{' }} index .Data.data "privkey.pem"{{ '}}' }}
+{{ '{{' }} index .Data.data "chain.pem"{{ '}}' }}
+{{ '{{' }} index .Data.data "cert.pem"{{ '}}' }}
+{{ '{{' }} index .Data.data "fullchain.pem"{{ '}}' }}
+{{ '{{' }}end{{ '}}' }}