From 8f98ba91190bc7ac36e44f29ac776db835f3a5ab Mon Sep 17 00:00:00 2001
From: Denis Borisov <dborisov86@gmail.com>
Date: Sun, 21 Apr 2024 15:56:01 +0300
Subject: [PATCH] java_cert: add cert_content argument (#8153)

* add cert_content arg (#8034)

* add changelog fragment (#8034)

* Update plugins/modules/java_cert.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
---
 .../8153-java_cert-add-cert_content-arg.yml   |  2 +
 plugins/modules/java_cert.py                  | 37 ++++++++++++++++---
 2 files changed, 33 insertions(+), 6 deletions(-)
 create mode 100644 changelogs/fragments/8153-java_cert-add-cert_content-arg.yml

diff --git a/changelogs/fragments/8153-java_cert-add-cert_content-arg.yml b/changelogs/fragments/8153-java_cert-add-cert_content-arg.yml
new file mode 100644
index 0000000000..40ae1f84a4
--- /dev/null
+++ b/changelogs/fragments/8153-java_cert-add-cert_content-arg.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - java_cert - add ``cert_content`` argument (https://github.com/ansible-collections/community.general/pull/8153).
diff --git a/plugins/modules/java_cert.py b/plugins/modules/java_cert.py
index 72302b12c1..e2d04b71e2 100644
--- a/plugins/modules/java_cert.py
+++ b/plugins/modules/java_cert.py
@@ -28,7 +28,7 @@ options:
   cert_url:
     description:
       - Basic URL to fetch SSL certificate from.
-      - Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate.
+      - Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
     type: str
   cert_port:
     description:
@@ -39,8 +39,14 @@ options:
   cert_path:
     description:
       - Local path to load certificate from.
-      - Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate.
+      - Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
     type: path
+  cert_content:
+    description:
+      - Content of the certificate used to create the keystore.
+      - Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
+    type: str
+    version_added: 8.6.0
   cert_alias:
     description:
       - Imported certificate alias.
@@ -55,10 +61,10 @@ options:
   pkcs12_path:
     description:
       - Local path to load PKCS12 keystore from.
-      - Unlike O(cert_url) and O(cert_path), the PKCS12 keystore embeds the private key matching
+      - Unlike O(cert_url), O(cert_path) and O(cert_content), the PKCS12 keystore embeds the private key matching
         the certificate, and is used to import both the certificate and its private key into the
         java keystore.
-      - Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate.
+      - Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
     type: path
   pkcs12_password:
     description:
@@ -149,6 +155,19 @@ EXAMPLES = r'''
     cert_alias: LE_RootCA
     trust_cacert: true
 
+- name: Import trusted CA from the SSL certificate stored in the cert_content variable
+  community.general.java_cert:
+    cert_content: |
+      -----BEGIN CERTIFICATE-----
+      ...
+      -----END CERTIFICATE-----
+    keystore_path: /tmp/cacerts
+    keystore_pass: changeit
+    keystore_create: true
+    state: present
+    cert_alias: LE_RootCA
+    trust_cacert: true
+
 - name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist
   community.general.java_cert:
     cert_url: google.com
@@ -487,6 +506,7 @@ def main():
     argument_spec = dict(
         cert_url=dict(type='str'),
         cert_path=dict(type='path'),
+        cert_content=dict(type='str'),
         pkcs12_path=dict(type='path'),
         pkcs12_password=dict(type='str', no_log=True),
         pkcs12_alias=dict(type='str'),
@@ -503,11 +523,11 @@ def main():
 
     module = AnsibleModule(
         argument_spec=argument_spec,
-        required_if=[['state', 'present', ('cert_path', 'cert_url', 'pkcs12_path'), True],
+        required_if=[['state', 'present', ('cert_path', 'cert_url', 'cert_content', 'pkcs12_path'), True],
                      ['state', 'absent', ('cert_url', 'cert_alias'), True]],
         required_together=[['keystore_path', 'keystore_pass']],
         mutually_exclusive=[
-            ['cert_url', 'cert_path', 'pkcs12_path']
+            ['cert_url', 'cert_path', 'cert_content', 'pkcs12_path']
         ],
         supports_check_mode=True,
         add_file_common_args=True,
@@ -515,6 +535,7 @@ def main():
 
     url = module.params.get('cert_url')
     path = module.params.get('cert_path')
+    content = module.params.get('cert_content')
     port = module.params.get('cert_port')
 
     pkcs12_path = module.params.get('pkcs12_path')
@@ -582,6 +603,10 @@ def main():
             # certificate to stdout so we don't need to do any transformations.
             new_certificate = path
 
+        elif content:
+            with open(new_certificate, "w") as f:
+                f.write(content)
+
         elif url:
             # Getting the X509 digest from a URL is the same as from a path, we just have
             # to download the cert first