From 981b954682becf06559760349a08670bf57aefca Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 30 Jan 2025 20:05:47 +0000
Subject: [PATCH] keytab: Try make code cleaner

---
 roles/keytab/files/empty.keytab |  1 +
 roles/keytab/tasks/main.yml     | 78 ++++++++++++++++-----------------
 2 files changed, 38 insertions(+), 41 deletions(-)
 create mode 100644 roles/keytab/files/empty.keytab

diff --git a/roles/keytab/files/empty.keytab b/roles/keytab/files/empty.keytab
new file mode 100644
index 0000000..2e2a96a
--- /dev/null
+++ b/roles/keytab/files/empty.keytab
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/roles/keytab/tasks/main.yml b/roles/keytab/tasks/main.yml
index d41a2e3..ef83269 100644
--- a/roles/keytab/tasks/main.yml
+++ b/roles/keytab/tasks/main.yml
@@ -5,50 +5,46 @@
   register: keytab_status
   check_mode: false
 
-- name: Create temporary file
-  ansible.builtin.tempfile:
-    state: file
-  register: tempfile
-  when: not keytab_status.stat.exists
+- name: Create keytab
+  block:
+    - name: Create temporary file
+      ansible.builtin.tempfile:
+        state: file
+      register: tempfile
 
-- name: Initialize keytab
-  ansible.builtin.copy:
-    dest: tempfile.path
-    content: "\\0005\\0002\\c"
-    mode: "0600"
-    owner: root
-    group: "{{ ansible_wheel }}"
-  when: not keytab_status.stat.exists
+    - name: Initialize keytab
+      ansible.builtin.copy:
+        dest: "{{ tempfile.path }}"
+        src: empty.keytab
+        mode: "0600"
+        owner: root
+        group: "{{ ansible_wheel }}"
 
-- name: Add principal to keytab
-  ansible.builtin.command:
-    argv:
-      - kadmin.local
-      - -x
-      - host=ldaps://ldap01.foo.sh
-      - ktadd
-      - -k
-      - "{{ tempfile.path }}"
-      - "{{ item }}"
-  with_items: "{{ keytab_principals }}"
+    - name: Add principal to keytab
+      ansible.builtin.command:
+        argv:
+          - kadmin.local
+          - -x
+          - host=ldaps://ldap01.foo.sh
+          - ktadd
+          - -k
+          - "{{ tempfile.path }}"
+          - "{{ item }}"
+      with_items: "{{ keytab_principals }}"
+
+    - name: Get keytab
+      ansible.builtin.command:
+        argv:
+          - base64
+          - "{{ tempfile.path }}"
+      register: keytab_data
+
+    - name: Delete temporary file
+      ansible.builtin.file:
+        path: "{{ tempfile.path }}"
+        state: absent
+  when: not keytab_status.stat.exists
   delegate_to: ldap01.home.foo.sh
-  when: not keytab_status.stat.exists
-
-- name: Get keytab
-  ansible.builtin.command:
-    argv:
-      - base64
-      - "{{ tempfile.path }}"
-  register: keytab_data
-  delegate_to: ldap01.home.foo.sh
-  when: not keytab_status.stat.exists
-
-- name: Delete temporary file
-  ansible.builtin.file:
-    path: "{{ tempfile.path }}"
-    state: absent
-  delegate_to: ldap01.home.foo.sh
-  when: not keytab_status.stat.exists
 
 - name: Deploy keytab file
   ansible.builtin.shell: >-