We uploaded an IAM cert to AWS, and now need to update the certificate (the contents). On the theory that a lost of this stuff is idempotent, I thought this task, which we used to upload it in the first place, would work to update it as well:
- name: configure IAM certificates iam_cert: name: "{{ item }}" state: present cert: "{{ iam_cert[item]['certfile'] }}" key: "{{ iam_cert[item]['keyfile'] }}" cert_chain: "{{ iam_cert[item]['chainfile'] }}" with_items: "{{ iam_cert_names }}" We've got a dict iam_cert in inventory, like this: iam_cert: myserver1: certfile: "/path/to/myserver1.crt" chainfile: "/path/to/myca.crt" keyfile: "/path/to/myserver1.key" (and so on for myserver2 etc) So this works fine for adding a new cert, but if we put a new cert in /path/to/myserver.crt, it fails, saying: failed: [localhost] (item=myserver1) => {"changed": false, "failed": true, "item": "myserver1", "msg": "A cert with the name myserver1 already exists and has a different certificate body associated with it. Certificates cannot have the same name"} https://docs.ansible.com/ansible/iam_cert_module.html has 'new_path', which says "When present, this will update the path of the cert with the value passed here.", but it doesn't say what this is supposed to be -- a Boolean? a path to the new cert file on disk? Perhaps the same sort of thing as the 'path' option, which says "When creating or updating, specify the desired path of the certificate", but we're not using that, we're using 'cert', which says "The path to the certificate body in PEM encoded format." What's "the path of the certificate", and is it different from "the path to the certificate body"? There's only one example, and it doesn't use either 'path' or 'new_path'. Anyone know how this is supposed to work? -Josh (j...@care.com) (apologies for the automatic corporate disclaimer that follows) This email is intended for the person(s) to whom it is addressed and may contain information that is PRIVILEGED or CONFIDENTIAL. Any unauthorized use, distribution, copying, or disclosure by any person other than the addressee(s) is strictly prohibited. If you have received this email in error, please notify the sender immediately by return email and delete the message and any attachments from your system. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/22815.9930.657303.909353%40gargle.gargle.HOWL. For more options, visit https://groups.google.com/d/optout.