---
- name: Test
  ansible.builtin.debug:
    msg: "Test"

- name: Ensure the directory containing the cert exist
  file:
    path: "{{ directory }}"
    state: directory

- name: Test if the key already exist
  stat:
    path: "{{ directory }}/{{ cname }}.key"
  register: key_file

- name: Generate private key
  become: false
  openssl_privatekey:
    path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
    mode: u=rw,g=,o=
    size: "{{ key_size | default(omit) }}"
  delegate_to: localhost
  when: not key_file.stat.exists

- name: Send private key to the server
  copy:
    src: "/tmp/ansible_hacky_pki_{{ cname }}.key"
    dest: "{{ directory }}/{{ cname }}.key"
    owner: "{{ owner | default('root') }}"
    group: "{{ group | default('root') }}"
    mode: "{{ key_mode | default('u=rw,g=,o=') }}"
  when: not key_file.stat.exists


# Clean up
- name: Remove the local cert key
  become: false
  file:
    path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
    state: absent
  delegate_to: localhost
  when: not key_file.stat.exists