From 21c32fb4a779d1c185afe027cba0b75dede59bc9 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sun, 30 Oct 2022 17:37:55 +0000
Subject: [PATCH] keytab: ansible-lint fixes

---
 roles/keytab/tasks/main.yml | 67 +++++++++++++++++++++----------------
 1 file changed, 38 insertions(+), 29 deletions(-)

diff --git a/roles/keytab/tasks/main.yml b/roles/keytab/tasks/main.yml
index d4c2623..70dff70 100644
--- a/roles/keytab/tasks/main.yml
+++ b/roles/keytab/tasks/main.yml
@@ -1,39 +1,48 @@
 ---
-- name: check if keytab exists
-  stat:
+- name: Check if keytab exists
+  ansible.builtin.stat:
     path: "{{ keytab }}"
   register: keytab_status
   check_mode: false
 
-- block:
-    - block:
-        - name: "add principal to keytab"
-          command:
-            argv:
-              - kadmin.local
-              - -x
-              - host=ldaps://ldap01.foo.sh
-              - ktadd
-              - -k
-              - "/tmp/{{ inventory_hostname }}.kt"
-              - "{{ item }}"
-          with_items: "{{ principals }}"
-        - name: get keytab
-          command: "base64 /tmp/{{ inventory_hostname }}.kt"
-          register: keytab_data
-        - name: delete temporary file
-          file:
-            path: "/tmp/{{ inventory_hostname }}.kt"
-            state: absent
-      delegate_to: ldap01.home.foo.sh
-    - name: deploy keytab file
-      shell: >-
-        umask 077 &&
-        echo '{{ keytab_data.stdout }}' | base64 -d > {{ keytab }}
+- name: Add principal to keytab
+  ansible.builtin.command:
+    argv:
+      - kadmin.local
+      - -x
+      - host=ldaps://ldap01.foo.sh
+      - ktadd
+      - -k
+      - "/tmp/{{ inventory_hostname }}.kt"
+      - "{{ item }}"
+  with_items: "{{ principals }}"
+  delegate_to: ldap01.home.foo.sh
   when: not keytab_status.stat.exists
 
-- name: check keytab permissions
-  file:
+- name: Get keytab
+  ansible.builtin.command:
+    argv:
+      - base64
+      - "/tmp/{{ inventory_hostname }}.kt"
+    register: keytab_data
+  delegate_to: ldap01.home.foo.sh
+  when: not keytab_status.stat.exists
+
+- name: Delete temporary file
+  ansible.builtin.file:
+    path: "/tmp/{{ inventory_hostname }}.kt"
+    state: absent
+  delegate_to: ldap01.home.foo.sh
+  when: not keytab_status.stat.exists
+
+- name: Deploy keytab file
+  ansible.builtin.shell: >-
+    umask 077 &&
+    echo '{{ keytab_data.stdout }}' | base64 -d > {{ keytab }}
+  when: not keytab_status.stat.exists
+
+- name: Check keytab permissions
+  ansible.builtin.file:
     path: "{{ keytab }}"
     mode: "{% if group == ansible_wheel %}0600{% else %}0640{% endif %}"
     owner: root