kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-30 02:58:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Last SAN optimations

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-04-29 06:37:12 +02:00
parent d38d4204f8
commit 90f9d97c54
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
2 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
main.py
View File

@ -10,6 +10,13 @@ def run_ansible_vault(action, filename, password_file):
subprocess.run(cmd, check=True) subprocess.run(cmd, check=True)
def run_ansible_playbook(inventory: str, playbook: str, modes: dict, limit: str = None, password_file: str = None, verbose: int = 0, skip_tests: bool = False): def run_ansible_playbook(inventory: str, playbook: str, modes: dict, limit: str = None, password_file: str = None, verbose: int = 0, skip_tests: bool = False):
print("\n🛠️ Building project (make build)...\n")
subprocess.run(["make", "build"], check=True)
if not skip_tests:
print("\n🧪 Running tests (make test)...\n")
subprocess.run(["make", "test"], check=True)
"""Execute an ansible-playbook command with optional parameters.""" """Execute an ansible-playbook command with optional parameters."""
cmd = ["ansible-playbook", "-i", inventory, playbook] cmd = ["ansible-playbook", "-i", inventory, playbook]
@ -29,10 +36,7 @@ def run_ansible_playbook(inventory: str, playbook: str, modes: dict, limit: str
if verbose: if verbose:
cmd.append("-" + "v" * verbose) cmd.append("-" + "v" * verbose)
if not skip_tests: print("\n🚀 Launching Ansible Playbook...\n")
subprocess.run(["make", "test"], check=True)
subprocess.run(["make", "build"], check=True)
subprocess.run(cmd, check=True) subprocess.run(cmd, check=True)
def main(): def main():

12
module_utils/cert_utils.py
View File

@ -47,20 +47,16 @@ class CertUtils:
@staticmethod @staticmethod
def matches(domain, san): def matches(domain, san):
"""RFC compliant SAN matching."""
if san.startswith('*.'): if san.startswith('*.'):
base = san[2:] base = san[2:]
# Wildcard does NOT cover the base domain itself # Wildcard matches ONLY one additional label
if domain == base: if domain == base:
return False return False
if domain.endswith('.' + base): if domain.endswith('.' + base) and domain.count('.') == base.count('.') + 1:
# Check if the domain has exactly one label more than the base return True
domain_labels = domain.split('.')
base_labels = base.split('.')
if len(domain_labels) == len(base_labels) + 1:
return True
return False return False
else: else:
# Exact match required for non-wildcard SAN entries
return domain == san return domain == san