From 3108ff7ee94ca22aff32093033263e230c76a0a8 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Mon, 4 Nov 2019 18:53:08 +0100
Subject: [PATCH] Manage a generic CA cert file, provided via a URL.

---
 library/roles/ubuntu-deb-general/defaults/main.yml           | 1 +
 .../ubuntu-deb-general/tasks/install_external_ca_cert.yml    | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/library/roles/ubuntu-deb-general/defaults/main.yml b/library/roles/ubuntu-deb-general/defaults/main.yml
index 80f9467d..15e539c4 100644
--- a/library/roles/ubuntu-deb-general/defaults/main.yml
+++ b/library/roles/ubuntu-deb-general/defaults/main.yml
@@ -101,6 +101,7 @@ pki_dir: /etc/pki
 pki_subdirs:
   - certs
   - keys
+pki_install_a_custom_ca: False
   
 # Install our /etc/resolv.conf
 install_resolvconf: True
diff --git a/library/roles/ubuntu-deb-general/tasks/install_external_ca_cert.yml b/library/roles/ubuntu-deb-general/tasks/install_external_ca_cert.yml
index 0f268679..e26b3a9a 100644
--- a/library/roles/ubuntu-deb-general/tasks/install_external_ca_cert.yml
+++ b/library/roles/ubuntu-deb-general/tasks/install_external_ca_cert.yml
@@ -6,6 +6,7 @@
   notify: Update the CA bundle list
   tags: ca
 
-- name: Install a CA file that contains both the letsencrypt complete chain, the INFN CA certs and the TERENA personal certs CA
-  copy: src=infn-letsencrypt-ca.crt dest={{ pki_dir }}/infn-letsencrypt-ca.crt
+- name: Install a CA file with the certificates that we need. From a URL
+  get_url: url={{ pki_custom_ca_url }} dest={{ pki_dir }}/{{ pki_custom_ca_filename }}
+  when: pki_install_a_custom_ca | bool
   tags: ca