Copy CA over to the quadlet box

Author: evgeni

src/roles/check_database_connection/tasks/check.yaml

@@ -1,14 +1,41 @@
+- name: Store CA cert to a temporary file
+  when:
+    - db_item.ca_cert is defined
+    - db_item.ca_cert != ''
+  block:
+    - name: Create temporary file
+      ansible.builtin.tempfile:
+        state: file
+        prefix: check_database_connection_
+      register: _check_database_connection_ca_cert
+
+    - name: Write CA cert to temporary file
+      ansible.builtin.copy:
+        dest: "{{ _check_database_connection_ca_cert.path }}"
+        content: "{{ lookup('ansible.builtin.file', db_item.ca_cert) if db_item.ca_cert != '' else 'empty' }}"
+        mode: '0640'
+
 - name: Check database connectivity to {{ db_item.name }}
   community.postgresql.postgresql_ping:
     login_host: "{{ db_item.host }}"
     login_user: "{{ db_item.user }}"
     login_password: "{{ db_item.password }}"
     login_db: "{{ db_item.dbname }}"
-    ca_cert: "{{ db_item.ca_cert | default(omit) }}"
+    ca_cert: "{{ _check_database_connection_ca_cert.path | default(omit) }}"
     ssl_mode: "{{ db_item.sslmode | default(omit) }}"
   register: check_database_connection_ping_result
   ignore_errors: true
 
+- name: Delete temporary CA cert file
+  when:
+    - db_item.ca_cert is defined
+    - db_item.ca_cert != ''
+  block:
+    - name: Delete temporary file
+      ansible.builtin.file:
+        state: absent
+        path: "{{ _check_database_connection_ca_cert.path }}"
+
 - name: Assert database is reachable for  {{ db_item.name }}
   ansible.builtin.assert:
     that:

src/roles/check_database_connection/tasks/main.yaml

@@ -8,23 +8,23 @@
       user: "{{ foreman_database_user }}"
       password: "{{ foreman_database_password }}"
       dbname: "{{ foreman_database_name }}"
-      ca_cert: "{{ foreman_database_ssl_ca | default(omit) }}"
+      ca_cert: "{{ foreman_database_ssl_ca | default('') }}"
       sslmode: "{{ foreman_database_ssl_mode | default(omit) }}"
 
     - name: Candlepin
       host: "{{ candlepin_database_host }}"
       user: "{{ candlepin_database_user }}"
       password: "{{ candlepin_database_password }}"
       dbname: "{{ candlepin_database_name }}"
-      ca_cert: "{{ candlepin_database_ssl_ca | default(omit) }}"
+      ca_cert: "{{ candlepin_database_ssl_ca | default('') }}"
       sslmode: "{{ candlepin_database_ssl_mode | default(omit) }}"
 
     - name: Pulp
       host: "{{ pulp_database_host }}"
       user: "{{ pulp_database_user }}"
       password: "{{ pulp_database_password }}"
       dbname: "{{ pulp_database_name }}"
-      ca_cert: "{{ pulp_database_ssl_ca | default(omit) }}"
+      ca_cert: "{{ pulp_database_ssl_ca | default('') }}"
       sslmode: "{{ pulp_database_ssl_mode | default(omit) }}"
   loop_control:
     loop_var: db_item