tasks/create-jwt-keys.yml - private-cloud-ansible-playbooks/apigee-opdk-setup-edge-sso-config - Git at Google

 ---
 - name: Assert whether Private
   stat:
     path: "{{ sso_jwt_signinig_key_file_path }}"
   register: key

 - block:
   - name: Create folder for jwt-keys
     file:
       path: "{{ jwt_folder }}"
       state: directory
       owner: "{{ opdk_user_name }}"
       group: "{{ opdk_group_name }}"

   - name: Generate a passphrase
     command: "openssl rand -base64 48"
     args:
       chdir: "{{ jwt_folder }}"
     register: passphrase

   - name: Generate your private key with a passphrase
     shell: "openssl genrsa -passout pass:{{ passphrase.stdout }} -out {{ sso_jwt_signinig_key_file_name }} {{ sso_jwt_signinig_key_size }}"
     args:
       chdir: "{{ jwt_folder }}"

   - name: Prep to remove passphrase from Key
     copy:
       dest: "{{ jwt_folder }}/remove-passphrase-{{ sso_jwt_signinig_key_file_name }}"
       src: "{{ jwt_folder }}/{{ sso_jwt_signinig_key_file_name }}"
       remote_src: yes

   - name: Remove the passphrase from the key
     shell: "openssl rsa -in remove-passphrase-{{ sso_jwt_signinig_key_file_name }} -passin pass:{{ passphrase.stdout }} -out {{ sso_jwt_signinig_key_file_name }}"
     args:
       chdir: "{{ jwt_folder }}"

   - name: Clean up passphrase removal file
     file:
       path: "{{ jwt_folder }}/remove-passphrase-{{ sso_jwt_signinig_key_file_name }}"
       state: absent

   - name: Generate Verification Key
     shell: "openssl rsa -pubout -in {{ sso_jwt_signinig_key_file_name }} -out {{ sso_jwt_verification_key_file_name }}"
     args:
       chdir: "{{ jwt_folder }}"

   become: yes
   when: key.stat.exists == False
	---
	- name: Assert whether Private
	stat:
	path: "{{ sso_jwt_signinig_key_file_path }}"
	register: key

	- block:
	- name: Create folder for jwt-keys
	file:
	path: "{{ jwt_folder }}"
	state: directory
	owner: "{{ opdk_user_name }}"
	group: "{{ opdk_group_name }}"

	- name: Generate a passphrase
	command: "openssl rand -base64 48"
	args:
	chdir: "{{ jwt_folder }}"
	register: passphrase

	- name: Generate your private key with a passphrase
	shell: "openssl genrsa -passout pass:{{ passphrase.stdout }} -out {{ sso_jwt_signinig_key_file_name }} {{ sso_jwt_signinig_key_size }}"
	args:
	chdir: "{{ jwt_folder }}"

	- name: Prep to remove passphrase from Key
	copy:
	dest: "{{ jwt_folder }}/remove-passphrase-{{ sso_jwt_signinig_key_file_name }}"
	src: "{{ jwt_folder }}/{{ sso_jwt_signinig_key_file_name }}"
	remote_src: yes

	- name: Remove the passphrase from the key
	shell: "openssl rsa -in remove-passphrase-{{ sso_jwt_signinig_key_file_name }} -passin pass:{{ passphrase.stdout }} -out {{ sso_jwt_signinig_key_file_name }}"
	args:
	chdir: "{{ jwt_folder }}"

	- name: Clean up passphrase removal file
	file:
	path: "{{ jwt_folder }}/remove-passphrase-{{ sso_jwt_signinig_key_file_name }}"
	state: absent

	- name: Generate Verification Key
	shell: "openssl rsa -pubout -in {{ sso_jwt_signinig_key_file_name }} -out {{ sso_jwt_verification_key_file_name }}"
	args:
	chdir: "{{ jwt_folder }}"

	become: yes
	when: key.stat.exists == False