diff --git a/main.py b/main.py index 73f1e01c..959c12b5 100755 --- a/main.py +++ b/main.py @@ -10,6 +10,13 @@ def run_ansible_vault(action, filename, password_file): subprocess.run(cmd, check=True) def run_ansible_playbook(inventory: str, playbook: str, modes: dict, limit: str = None, password_file: str = None, verbose: int = 0, skip_tests: bool = False): + print("\n🛠️ Building project (make build)...\n") + subprocess.run(["make", "build"], check=True) + + if not skip_tests: + print("\n🧪 Running tests (make test)...\n") + subprocess.run(["make", "test"], check=True) + """Execute an ansible-playbook command with optional parameters.""" cmd = ["ansible-playbook", "-i", inventory, playbook] @@ -28,11 +35,8 @@ def run_ansible_playbook(inventory: str, playbook: str, modes: dict, limit: str if verbose: cmd.append("-" + "v" * verbose) - - if not skip_tests: - subprocess.run(["make", "test"], check=True) - subprocess.run(["make", "build"], check=True) + print("\n🚀 Launching Ansible Playbook...\n") subprocess.run(cmd, check=True) def main(): diff --git a/module_utils/cert_utils.py b/module_utils/cert_utils.py index 9d9a9748..22e7970c 100644 --- a/module_utils/cert_utils.py +++ b/module_utils/cert_utils.py @@ -47,20 +47,16 @@ class CertUtils: @staticmethod def matches(domain, san): + """RFC compliant SAN matching.""" if san.startswith('*.'): base = san[2:] - # Wildcard does NOT cover the base domain itself + # Wildcard matches ONLY one additional label if domain == base: return False - if domain.endswith('.' + base): - # Check if the domain has exactly one label more than the base - domain_labels = domain.split('.') - base_labels = base.split('.') - if len(domain_labels) == len(base_labels) + 1: - return True + if domain.endswith('.' + base) and domain.count('.') == base.count('.') + 1: + return True return False else: - # Exact match required for non-wildcard SAN entries return domain == san