From ed3be990937935028632ff3b210d83f787838b89 Mon Sep 17 00:00:00 2001
From: Ranabir Chakraborty <rchakrab@redhat.com>
Date: Wed, 3 Apr 2024 13:05:05 +0530
Subject: [PATCH] SET-742 Zeus: don't import specific service certificates into
 truststore

---
 roles/java_certs/tasks/java_certs.yml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/roles/java_certs/tasks/java_certs.yml b/roles/java_certs/tasks/java_certs.yml
index e87e2d41..88ac2459 100644
--- a/roles/java_certs/tasks/java_certs.yml
+++ b/roles/java_certs/tasks/java_certs.yml
@@ -1,8 +1,8 @@
 ---
 - ansible.builtin.assert:
     that:
-      - certificate_list is defined
-      - certificate_list is iterable
+      - root_ca_certs is defined
+      - root_ca_certs is iterable
 
 # reset cacerts_file fact between iterations
 - ansible.builtin.set_fact:
@@ -47,7 +47,9 @@
     loop_var: cert
 
 - name: Remove SSL certificates in {{ jdk.name }}
-  when: rebuild_keystore|default(false)
+  when:
+    - rebuild_keystore|default(false)
+    - certificate_list is defined
   community.general.java_cert:
     cert_url: "{{ removessl.cert_url }}"
     keystore_path: "{{ cacerts_file }}"
@@ -85,3 +87,5 @@
   with_items: "{{ certificate_list }}"
   loop_control:
     loop_var: importssl
+  when:
+    - certificate_list is defined