From 819474bbe779f2082d2e5f4ceee4fd89382fa32e Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Thu, 3 Nov 2016 13:19:45 +0000
Subject: [PATCH] Decode and destroy the b64-encoded keytab

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/keytab/service/tasks/main.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/roles/keytab/service/tasks/main.yml b/roles/keytab/service/tasks/main.yml
index 19d05f183d..73ccdcd76b 100644
--- a/roles/keytab/service/tasks/main.yml
+++ b/roles/keytab/service/tasks/main.yml
@@ -130,6 +130,21 @@
   - krb5
   when: not keytab_status.stat.exists
 
+- name: Base64-decode keytab
+  shell: "umask 077 && base64 -d {{kt_location}}.b64 >{{kt_location}}"
+  tags:
+  - keytab
+  - config
+  - krb5
+  when: not keytab_status.stat.exists
+
+- name: Destroy encoded keytab
+  file: path={{kt_location}}.b64 state=absent
+  tags:
+  - keytab
+  - config
+  - krb5
+
 - name: Set keytab permissions
   file: path={{kt_location}} owner={{owner_user}} group={{owner_group}} mode=0600
   tags: