1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

java_cert: owner, group, mode arguments enabled (#8116)

* java_cert: owner, group, mode arguments enabled

* java_cert: sanity fix

* add changelog fragment

* remove duplication in documentation

* refactor change detection

* fix indentation

* Update changelogs/fragments/8116-java_cert-enable-owner-group-mode-args.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/java_cert.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/java_cert.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* update options

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Denis Borisov 2024-03-25 20:32:42 +03:00 committed by GitHub
parent 90c9f20ef8
commit 4f758bfb84
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 61 additions and 27 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- java_cert - enable ``owner``, ``group``, ``mode``, and other generic file arguments (https://github.com/ansible-collections/community.general/pull/8116).

View file

@ -18,6 +18,7 @@ description:
and optionally private keys to a given java keystore, or remove them from it. and optionally private keys to a given java keystore, or remove them from it.
extends_documentation_fragment: extends_documentation_fragment:
- community.general.attributes - community.general.attributes
- ansible.builtin.files
attributes: attributes:
check_mode: check_mode:
support: full support: full
@ -98,6 +99,24 @@ options:
type: str type: str
choices: [ absent, present ] choices: [ absent, present ]
default: present default: present
mode:
version_added: 8.5.0
owner:
version_added: 8.5.0
group:
version_added: 8.5.0
seuser:
version_added: 8.5.0
serole:
version_added: 8.5.0
setype:
version_added: 8.5.0
selevel:
version_added: 8.5.0
unsafe_writes:
version_added: 8.5.0
attributes:
version_added: 8.5.0
requirements: [openssl, keytool] requirements: [openssl, keytool]
author: author:
- Adam Hamsik (@haad) - Adam Hamsik (@haad)
@ -331,6 +350,12 @@ def build_proxy_options():
return proxy_opts return proxy_opts
def _update_permissions(module, keystore_path):
""" Updates keystore file attributes as necessary """
file_args = module.load_file_common_arguments(module.params, path=keystore_path)
return module.set_fs_attributes_if_different(file_args, False)
def _download_cert_url(module, executable, url, port): def _download_cert_url(module, executable, url, port):
""" Fetches the certificate from the remote URL using `keytool -printcert...` """ Fetches the certificate from the remote URL using `keytool -printcert...`
The PEM formatted string is returned """ The PEM formatted string is returned """
@ -375,14 +400,14 @@ def import_pkcs12_path(module, executable, pkcs12_path, pkcs12_pass, pkcs12_alia
# Use local certificate from local path and import it to a java keystore # Use local certificate from local path and import it to a java keystore
(import_rc, import_out, import_err) = module.run_command(import_cmd, data=secret_data, check_rc=False) (import_rc, import_out, import_err) = module.run_command(import_cmd, data=secret_data, check_rc=False)
diff = {'before': '\n', 'after': '%s\n' % keystore_alias} diff = {'before': '\n', 'after': '%s\n' % keystore_alias}
if import_rc == 0 and os.path.exists(keystore_path):
module.exit_json(changed=True, msg=import_out, if import_rc != 0 or not os.path.exists(keystore_path):
module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd, error=import_err)
return dict(changed=True, msg=import_out,
rc=import_rc, cmd=import_cmd, stdout=import_out, rc=import_rc, cmd=import_cmd, stdout=import_out,
error=import_err, diff=diff) error=import_err, diff=diff)
else:
module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd, error=import_err)
def import_cert_path(module, executable, path, keystore_path, keystore_pass, alias, keystore_type, trust_cacert): def import_cert_path(module, executable, path, keystore_path, keystore_pass, alias, keystore_type, trust_cacert):
@ -408,17 +433,17 @@ def import_cert_path(module, executable, path, keystore_path, keystore_pass, ali
(import_rc, import_out, import_err) = module.run_command(import_cmd, (import_rc, import_out, import_err) = module.run_command(import_cmd,
data="%s\n%s" % (keystore_pass, keystore_pass), data="%s\n%s" % (keystore_pass, keystore_pass),
check_rc=False) check_rc=False)
diff = {'before': '\n', 'after': '%s\n' % alias} diff = {'before': '\n', 'after': '%s\n' % alias}
if import_rc == 0:
module.exit_json(changed=True, msg=import_out, if import_rc != 0:
module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd, error=import_err)
return dict(changed=True, msg=import_out,
rc=import_rc, cmd=import_cmd, stdout=import_out, rc=import_rc, cmd=import_cmd, stdout=import_out,
error=import_err, diff=diff) error=import_err, diff=diff)
else:
module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd)
def delete_cert(module, executable, keystore_path, keystore_pass, alias, keystore_type, exit_after=True): def delete_cert(module, executable, keystore_path, keystore_pass, alias, keystore_type):
''' Delete certificate identified with alias from keystore on keystore_path ''' ''' Delete certificate identified with alias from keystore on keystore_path '''
del_cmd = [ del_cmd = [
executable, executable,
@ -434,13 +459,13 @@ def delete_cert(module, executable, keystore_path, keystore_pass, alias, keystor
# Delete SSL certificate from keystore # Delete SSL certificate from keystore
(del_rc, del_out, del_err) = module.run_command(del_cmd, data=keystore_pass, check_rc=True) (del_rc, del_out, del_err) = module.run_command(del_cmd, data=keystore_pass, check_rc=True)
if exit_after:
diff = {'before': '%s\n' % alias, 'after': None} diff = {'before': '%s\n' % alias, 'after': None}
module.exit_json(changed=True, msg=del_out, if del_rc != 0:
rc=del_rc, cmd=del_cmd, stdout=del_out, module.fail_json(msg=del_out, rc=del_rc, cmd=del_cmd, error=del_err)
error=del_err, diff=diff)
return dict(changed=True, msg=del_out, rc=del_rc, cmd=del_cmd,
stdout=del_out, error=del_err, diff=diff)
def test_keytool(module, executable): def test_keytool(module, executable):
@ -485,6 +510,7 @@ def main():
['cert_url', 'cert_path', 'pkcs12_path'] ['cert_url', 'cert_path', 'pkcs12_path']
], ],
supports_check_mode=True, supports_check_mode=True,
add_file_common_args=True,
) )
url = module.params.get('cert_url') url = module.params.get('cert_url')
@ -526,12 +552,14 @@ def main():
module.add_cleanup_file(new_certificate) module.add_cleanup_file(new_certificate)
module.add_cleanup_file(old_certificate) module.add_cleanup_file(old_certificate)
result = dict()
if state == 'absent' and alias_exists: if state == 'absent' and alias_exists:
if module.check_mode: if module.check_mode:
module.exit_json(changed=True) module.exit_json(changed=True)
# delete and exit # delete
delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type) result = delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type)
# dump certificate to enroll in the keystore on disk and compute digest # dump certificate to enroll in the keystore on disk and compute digest
if state == 'present': if state == 'present':
@ -569,16 +597,20 @@ def main():
if alias_exists: if alias_exists:
# The certificate in the keystore does not match with the one we want to be present # The certificate in the keystore does not match with the one we want to be present
# The existing certificate must first be deleted before we insert the correct one # The existing certificate must first be deleted before we insert the correct one
delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type, exit_after=False) delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type)
if pkcs12_path: if pkcs12_path:
import_pkcs12_path(module, executable, pkcs12_path, pkcs12_pass, pkcs12_alias, result = import_pkcs12_path(module, executable, pkcs12_path, pkcs12_pass, pkcs12_alias,
keystore_path, keystore_pass, cert_alias, keystore_type) keystore_path, keystore_pass, cert_alias, keystore_type)
else: else:
import_cert_path(module, executable, new_certificate, keystore_path, result = import_cert_path(module, executable, new_certificate, keystore_path,
keystore_pass, cert_alias, keystore_type, trust_cacert) keystore_pass, cert_alias, keystore_type, trust_cacert)
module.exit_json(changed=False) if os.path.exists(keystore_path):
changed_permissions = _update_permissions(module, keystore_path)
result['changed'] = result.get('changed', False) or changed_permissions
module.exit_json(**result)
if __name__ == "__main__": if __name__ == "__main__":