diff --git a/lib/ansible/modules/system/java_cert.py b/lib/ansible/modules/system/java_cert.py index 709d3f62cc..804c1bebab 100644 --- a/lib/ansible/modules/system/java_cert.py +++ b/lib/ansible/modules/system/java_cert.py @@ -15,7 +15,7 @@ DOCUMENTATION = r''' --- module: java_cert version_added: '2.3' -short_description: Uses keytool to import/remove key from java keystore(cacerts) +short_description: Uses keytool to import/remove key from java keystore (cacerts) description: - This is a wrapper module around keytool, which can be used to import/remove certificates from a given java keystore. @@ -23,7 +23,7 @@ options: cert_url: description: - Basic URL to fetch SSL certificate from. - - One of iC(cert_url) or C(cert_path) is required to load certificate. + - One of C(cert_url) or C(cert_path) is required to load certificate. type: str cert_port: description: @@ -34,7 +34,7 @@ options: cert_path: description: - Local path to load certificate from. - - One of cert_url or cert_path is required to load certificate. + - One of C(cert_url) or C(cert_path) is required to load certificate. type: path cert_alias: description: @@ -158,6 +158,7 @@ cmd: ''' import os +import re # import module snippets from ansible.module_utils.basic import AnsibleModule @@ -166,7 +167,7 @@ from ansible.module_utils.basic import AnsibleModule def get_keystore_type(keystore_type): ''' Check that custom keystore is presented in parameters ''' if keystore_type: - return (" -storetype '%s'") % (keystore_type) + return " -storetype '%s'" % keystore_type return '' @@ -184,7 +185,6 @@ def check_cert_present(module, executable, keystore_path, keystore_pass, alias, def import_cert_url(module, executable, url, port, keystore_path, keystore_pass, alias, keystore_type): ''' Import certificate from URL into keystore located at keystore_path ''' - import re https_proxy = os.getenv("https_proxy") no_proxy = os.getenv("no_proxy") @@ -192,7 +192,7 @@ def import_cert_url(module, executable, url, port, keystore_path, keystore_pass, proxy_opts = '' if https_proxy is not None: (proxy_host, proxy_port) = https_proxy.split(':') - proxy_opts = ("-J-Dhttps.proxyHost=%s -J-Dhttps.proxyPort=%s") % (proxy_host, proxy_port) + proxy_opts = "-J-Dhttps.proxyHost=%s -J-Dhttps.proxyPort=%s" % (proxy_host, proxy_port) if no_proxy is not None: # For Java's nonProxyHosts property, items are separated by '|', @@ -202,17 +202,14 @@ def import_cert_url(module, executable, url, port, keystore_path, keystore_pass, # The property name is http.nonProxyHosts, there is no # separate setting for HTTPS. - proxy_opts += (" -J-Dhttp.nonProxyHosts='%s'") % (non_proxy_hosts) + proxy_opts += " -J-Dhttp.nonProxyHosts='%s'" % non_proxy_hosts - fetch_cmd = ("%s -printcert -rfc -sslserver %s %s:%d") % (executable, proxy_opts, url, port) + fetch_cmd = "%s -printcert -rfc -sslserver %s %s:%d" % (executable, proxy_opts, url, port) import_cmd = ("%s -importcert -noprompt -keystore '%s' " "-storepass '%s' -alias '%s' %s") % (executable, keystore_path, keystore_pass, alias, get_keystore_type(keystore_type)) - if module.check_mode: - module.exit_json(changed=True) - # Fetch SSL certificate from remote host. (_, fetch_out, _) = module.run_command(fetch_cmd, check_rc=True) @@ -222,12 +219,12 @@ def import_cert_url(module, executable, url, port, keystore_path, keystore_pass, check_rc=False) diff = {'before': '\n', 'after': '%s\n' % alias} if import_rc == 0: - return module.exit_json(changed=True, msg=import_out, - rc=import_rc, cmd=import_cmd, stdout=import_out, - diff=diff) + module.exit_json(changed=True, msg=import_out, + rc=import_rc, cmd=import_cmd, stdout=import_out, + diff=diff) else: - return module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd, - error=import_err) + module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd, + error=import_err) def import_cert_path(module, executable, path, keystore_path, keystore_pass, alias, keystore_type): @@ -238,20 +235,17 @@ def import_cert_path(module, executable, path, keystore_path, keystore_pass, ali keystore_pass, path, alias, get_keystore_type(keystore_type)) - if module.check_mode: - module.exit_json(changed=True) - # Use local certificate from local path and import it to a java keystore (import_rc, import_out, import_err) = module.run_command(import_cmd, check_rc=False) diff = {'before': '\n', 'after': '%s\n' % alias} if import_rc == 0: - return module.exit_json(changed=True, msg=import_out, - rc=import_rc, cmd=import_cmd, stdout=import_out, - error=import_err, diff=diff) + module.exit_json(changed=True, msg=import_out, + rc=import_rc, cmd=import_cmd, stdout=import_out, + error=import_err, diff=diff) else: - return module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd) + module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd) def import_pkcs12_path(module, executable, path, keystore_path, keystore_pass, pkcs12_pass, pkcs12_alias, alias, keystore_type): @@ -263,20 +257,17 @@ def import_pkcs12_path(module, executable, path, keystore_path, keystore_pass, p keystore_pass, path, pkcs12_pass, pkcs12_alias, alias, get_keystore_type(keystore_type)) - if module.check_mode: - module.exit_json(changed=True) - # Use local certificate from local path and import it to a java keystore (import_rc, import_out, import_err) = module.run_command(import_cmd, check_rc=False) diff = {'before': '\n', 'after': '%s\n' % alias} if import_rc == 0: - return module.exit_json(changed=True, msg=import_out, - rc=import_rc, cmd=import_cmd, stdout=import_out, - error=import_err, diff=diff) + module.exit_json(changed=True, msg=import_out, + rc=import_rc, cmd=import_cmd, stdout=import_out, + error=import_err, diff=diff) else: - return module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd) + module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd) def delete_cert(module, executable, keystore_path, keystore_pass, alias, keystore_type): @@ -284,24 +275,19 @@ def delete_cert(module, executable, keystore_path, keystore_pass, alias, keystor del_cmd = ("%s -delete -keystore '%s' -storepass '%s' " "-alias '%s' %s") % (executable, keystore_path, keystore_pass, alias, get_keystore_type(keystore_type)) - if module.check_mode: - module.exit_json(changed=True) - # Delete SSL certificate from keystore (del_rc, del_out, del_err) = module.run_command(del_cmd, check_rc=True) diff = {'before': '%s\n' % alias, 'after': None} - return module.exit_json(changed=True, msg=del_out, - rc=del_rc, cmd=del_cmd, stdout=del_out, - error=del_err, diff=diff) + module.exit_json(changed=True, msg=del_out, + rc=del_rc, cmd=del_cmd, stdout=del_out, + error=del_err, diff=diff) def test_keytool(module, executable): - ''' Test if keytool is actuall executable or not ''' - test_cmd = "%s" % (executable) - - module.run_command(test_cmd, check_rc=True) + ''' Test if keytool is actually executable or not ''' + module.run_command("%s" % executable, check_rc=True) def test_keystore(module, keystore_path): @@ -311,9 +297,7 @@ def test_keystore(module, keystore_path): if not os.path.exists(keystore_path) and not os.path.isfile(keystore_path): # Keystore doesn't exist we want to create it - return module.fail_json(changed=False, - msg="Module require existing keystore at keystore_path '%s'" - % (keystore_path)) + module.fail_json(changed=False, msg="Module require existing keystore at keystore_path '%s'" % keystore_path) def main(): @@ -363,7 +347,7 @@ def main(): if path and not cert_alias: module.fail_json(changed=False, msg="Using local path import from %s requires alias argument." - % (keystore_path)) + % keystore_path) test_keytool(module, executable) @@ -373,23 +357,27 @@ def main(): cert_present = check_cert_present(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type) - if state == 'absent': - if cert_present: - delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type) + if state == 'absent' and cert_present: + if module.check_mode: + module.exit_json(changed=True) - elif state == 'present': - if not cert_present: - if pkcs12_path: - import_pkcs12_path(module, executable, pkcs12_path, keystore_path, - keystore_pass, pkcs12_pass, pkcs12_alias, cert_alias, keystore_type) + delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type) - if path: - import_cert_path(module, executable, path, keystore_path, - keystore_pass, cert_alias, keystore_type) + elif state == 'present' and not cert_present: + if module.check_mode: + module.exit_json(changed=True) - if url: - import_cert_url(module, executable, url, port, keystore_path, - keystore_pass, cert_alias, keystore_type) + if pkcs12_path: + import_pkcs12_path(module, executable, pkcs12_path, keystore_path, + keystore_pass, pkcs12_pass, pkcs12_alias, cert_alias, keystore_type) + + if path: + import_cert_path(module, executable, path, keystore_path, + keystore_pass, cert_alias, keystore_type) + + if url: + import_cert_url(module, executable, url, port, keystore_path, + keystore_pass, cert_alias, keystore_type) module.exit_json(changed=False)