use random cert label during renewal

IBM · Oct 18, 2024 · 1c9ffd3 · 1c9ffd3
1 parent 45f0b10
commit 1c9ffd3
Showing 1 changed file with 12 additions and 9 deletions.
diff --git a/ibm_concert/cert_renewal/renew_cert.yml b/ibm_concert/cert_renewal/renew_cert.yml
@@ -198,30 +198,33 @@
               - RACDCERT CHECKCERT('{{ ansible_user }}.CERT.{{cert_type}}.BACKUP.{{today}}')  ID({{owner_id}})
           when: cert_type == 'USER'
 
+        - ansible.builtin.set_fact:
+            random_str: lookup('community.general.random_string', length=3)
+
         - ansible.builtin.include_role:
             name: issue_tso_cmd
           vars:
             task_description: 'Rekey and Generate new cert request for {{cert_type}}'
             command:
-              - RACDCERT {{cert_type}} REKEY(LABEL('{{cert_label}}')) WITHLABEL('{{cert_label[:-3]}}NEW') NOTAFTER(DATE({{expiry_date}}))
-              - RACDCERT {{cert_type}} ROLLOVER(LABEL('{{cert_label}}')) NEWLABEL('{{cert_label[:-3]}}NEW')
-              - RACDCERT {{cert_type}} LIST(LABEL('{{cert_label[:-3]}}NEW'))
+              - RACDCERT {{cert_type}} REKEY(LABEL('{{cert_label}}')) WITHLABEL('{{cert_label[:-3]}}{{random_str}}') NOTAFTER(DATE({{expiry_date}}))
+              - RACDCERT {{cert_type}} ROLLOVER(LABEL('{{cert_label}}')) {{random_str}}LABEL('{{cert_label[:-3]}}{{random_str}}')
+              - RACDCERT {{cert_type}} LIST(LABEL('{{cert_label[:-3]}}{{random_str}}'))
               - RACDCERT {{cert_type}} DELETE(LABEL('{{ cert_label }}'))
-              - RACDCERT {{cert_type}} ALTER(LABEL('{{ cert_label[:-3]}}NEW')) NEWLABEL('{{ cert_label }}')
+              - RACDCERT {{cert_type}} ALTER(LABEL('{{ cert_label[:-3]}}{{random_str}}')) {{random_str}}LABEL('{{ cert_label }}')
           when: not cert_type == 'USER'
 
         - ansible.builtin.include_role:
             name: issue_tso_cmd
           vars:
             task_description: 'Rekey and Generate new cert request for {{cert_type}}'
             command:
-              - RACDCERT ID({{owner_id}}) REKEY(LABEL('{{cert_label}}')) WITHLABEL('{{cert_label[:-3]}}NEW')  NOTAFTER(DATE({{expiry_date}}))
-              - RACDCERT ID({{owner_id}}) ROLLOVER(LABEL('{{cert_label}}')) NEWLABEL('{{cert_label[:-3]}}NEW')
-              - RACDCERT ID({{owner_id}}) LIST(LABEL('{{cert_label[:-3]}}NEW'))
+              - RACDCERT ID({{owner_id}}) REKEY(LABEL('{{cert_label}}')) WITHLABEL('{{cert_label[:-3]}}{{random_str}}')  NOTAFTER(DATE({{expiry_date}}))
+              - RACDCERT ID({{owner_id}}) ROLLOVER(LABEL('{{cert_label}}')) {{random_str}}LABEL('{{cert_label[:-3]}}{{random_str}}')
+              - RACDCERT ID({{owner_id}}) LIST(LABEL('{{cert_label[:-3]}}{{random_str}}'))
               - RACDCERT ID({{owner_id}}) DELETE(LABEL('{{cert_label}}'))
-              - RACDCERT ID({{owner_id}}) ALTER(LABEL('{{ cert_label[:-3]}}NEW')) NEWLABEL('{{ cert_label }}')
+              - RACDCERT ID({{owner_id}}) ALTER(LABEL('{{ cert_label[:-3]}}{{random_str}}')) {{random_str}}LABEL('{{ cert_label }}')
           when: cert_type == 'USER'
-              # - RACDCERT ID({{owner_id}}) GENREQ (LABEL('{{cert_label[:-3]}}NEW'))  DSN('{{ ansible_user }}.CSR.{{cert_type}}.{{today}}')
+              # - RACDCERT ID({{owner_id}}) GENREQ (LABEL('{{cert_label[:-3]}}{{random_str}}'))  DSN('{{ ansible_user }}.CSR.{{cert_type}}.{{today}}')
               # - RACDCERT ID({{owner_id}}) GENCERT('{{ ansible_user }}.CSR.{{cert_type}}.{{today}}')  SIGNWITH({{sign_with}} LABEL('{{cert_args.cert_signer}}')) NOTAFTER(DATE({{expiry_date}}))
 
         - name: Save new expiration date