From 6e3655c362d9e25ec0dffb0e395151045235e5f2 Mon Sep 17 00:00:00 2001
From: AnsibleGuy <guy@ansibleguy.net>
Date: Mon, 13 Feb 2023 11:23:01 +0100
Subject: [PATCH] updated config validation to be more verbose

---
 tasks/debian/letsencrypt/cert.yml | 9 +++++++++
 tasks/internal/ca_minimal.yml     | 9 +++++++++
 tasks/internal/cert.yml           | 9 +++++++++
 3 files changed, 27 insertions(+)

diff --git a/tasks/debian/letsencrypt/cert.yml b/tasks/debian/letsencrypt/cert.yml
index 218955d..99dd0ad 100644
--- a/tasks/debian/letsencrypt/cert.yml
+++ b/tasks/debian/letsencrypt/cert.yml
@@ -16,6 +16,15 @@
       - le_cert.key_size in CERT_HC.options.key_size.cert
       - le_cert.domains | length > 0
       - le_cert.email | validate_email or CERT_CONFIG.cert.email | validate_email
+  ignore_errors: true
+  register: le_cnf_check
+
+- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Invalid config"
+  ansible.builtin.fail:
+    msg: "LetsEncrypt-CONFIG: {{ CERT_CONFIG.letsencrypt }} | {{ le_cert }}"
+  when:
+    - le_cnf_check.failed is defined
+    - le_cnf_check.failed
 
 - name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Creating directory"
   ansible.builtin.file:
diff --git a/tasks/internal/ca_minimal.yml b/tasks/internal/ca_minimal.yml
index 1187147..2a081a1 100644
--- a/tasks/internal/ca_minimal.yml
+++ b/tasks/internal/ca_minimal.yml
@@ -7,6 +7,15 @@
     that:
       - config_ca.ca.key_size in CERT_HC.options.key_size.ca
       - config_ca.ca.email | default(none, true) is none or config_ca.ca.email | validate_email
+  ignore_errors: true
+  register: ca_cnf_check
+
+- name: Certificates | Internal | Minimal CA | Invalid config
+  ansible.builtin.fail:
+    msg: "CA-CONFIG: {{ config_ca }}"
+  when:
+    - ca_cnf_check.failed is defined
+    - ca_cnf_check.failed
 
 - name: Certificates | Internal | Minimal CA | Creating ca directory
   ansible.builtin.file:
diff --git a/tasks/internal/cert.yml b/tasks/internal/cert.yml
index 56ee5e6..9008b4f 100644
--- a/tasks/internal/cert.yml
+++ b/tasks/internal/cert.yml
@@ -5,6 +5,15 @@
     that:
       - config_cert.cert.key_size in CERT_HC.options.key_size.cert
       - config_cert.cert.email | default(none, true) is none or config_cert.cert.email | validate_email
+  ignore_errors: true
+  register: crt_cnf_check
+
+- name: Certificates | Internal | Minimal CA | Invalid config
+  ansible.builtin.fail:
+    msg: "CERT-CONFIG: {{ config_cert }}"
+  when:
+    - crt_cnf_check.failed is defined
+    - crt_cnf_check.failed
 
 - name: Certificates | Internal | Cert | Generate private key (encrypted)
   community.crypto.openssl_privatekey: