Ad support for elasticsearch-keystore entries (#769)

tasks/xpack/security/elasticsearch-security.yml

@@ -34,6 +34,41 @@
     environment:
       ES_PATH_CONF: "{{ es_conf_dir }}"
     no_log: true
+
+  - name: Remove keystore entries
+    become: yes
+    command: >
+     echo {{ es_api_basic_auth_password | quote }} | {{ es_home }}/bin/elasticsearch-keystore remove '{{ item.key }}'
+    with_items: "{{ es_keystore_entries }}"
+    when:
+      - es_keystore_entries is defined and es_keystore_entries | length > 0
+      - item.state is defined and item.state == 'absent'
+      - item.key in list_keystore.stdout_lines
+      - ('bootstrap.password' not in item.key)
+    no_log: true
+
+  - name: Reload keystore entries
+    become: yes
+    command: >
+     {{es_home}}/bin/elasticsearch-keystore list
+    register: list_keystore
+    changed_when: False
+    environment:
+      ES_PATH_CONF: "{{ es_conf_dir }}"
+    check_mode: no
+
+  - name: Add keystore entries
+    become: yes
+    shell: echo {{ item.value | quote }} | {{ es_home }}/bin/elasticsearch-keystore add -x -f {{ item.key }}
+    with_items: "{{ es_keystore_entries }}"
+    when:
+      - es_keystore_entries is defined and es_keystore_entries | length > 0
+      - item.state is undefined or item.state == 'present'
+      - item.force|default(False) or ( not item.force|default(False) and item.key not in list_keystore.stdout_lines )
+      - ('bootstrap.password' not in item.key)
+    no_log: true
+
+
 ### END BLOCK elasticsearch keystore ###
 
 #-----------------------------FILE BASED REALM----------------------------------------