java_cert: add cert_content argument (#8153)

* add cert_content arg (#8034) * add changelog fragment (#8034) * Update plugins/modules/java_cert.py Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Felix Fontein <felix@fontein.de>
2024-09-14 20:13:21 +02:00 · 2024-04-21 15:56:01 +03:00 · 2024-04-21 15:56:01 +03:00 · 8f98ba9119
commit 8f98ba9119
parent a05a5982a6
2 changed files with 33 additions and 6 deletions
--- a/changelogs/fragments/8153-java_cert-add-cert_content-arg.yml
+++ b/changelogs/fragments/8153-java_cert-add-cert_content-arg.yml
@ -0,0 +1,2 @@
+minor_changes:
+  - java_cert - add ``cert_content`` argument (https://github.com/ansible-collections/community.general/pull/8153).
--- a/plugins/modules/java_cert.py
+++ b/plugins/modules/java_cert.py
@ -28,7 +28,7 @@ options:
  cert_url:
    description:
      - Basic URL to fetch SSL certificate from.
-      - Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate.
+      - Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
    type: str
  cert_port:
    description:
@ -39,8 +39,14 @@ options:
  cert_path:
    description:
      - Local path to load certificate from.
-      - Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate.
+      - Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
    type: path
+  cert_content:
+    description:
+      - Content of the certificate used to create the keystore.
+      - Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
+    type: str
+    version_added: 8.6.0
  cert_alias:
    description:
      - Imported certificate alias.
@ -55,10 +61,10 @@ options:
  pkcs12_path:
    description:
      - Local path to load PKCS12 keystore from.
-      - Unlike O(cert_url) and O(cert_path), the PKCS12 keystore embeds the private key matching
+      - Unlike O(cert_url), O(cert_path) and O(cert_content), the PKCS12 keystore embeds the private key matching
        the certificate, and is used to import both the certificate and its private key into the
        java keystore.
-      - Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate.
+      - Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
    type: path
  pkcs12_password:
    description:
@ -149,6 +155,19 @@ EXAMPLES = r'''
    cert_alias: LE_RootCA
    trust_cacert: true

+- name: Import trusted CA from the SSL certificate stored in the cert_content variable
+  community.general.java_cert:
+    cert_content: |
+      -----BEGIN CERTIFICATE-----
+      ...
+      -----END CERTIFICATE-----
+    keystore_path: /tmp/cacerts
+    keystore_pass: changeit
+    keystore_create: true
+    state: present
+    cert_alias: LE_RootCA
+    trust_cacert: true
+
 - name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist
  community.general.java_cert:
    cert_url: google.com
@ -487,6 +506,7 @@ def main():
    argument_spec = dict(
        cert_url=dict(type='str'),
        cert_path=dict(type='path'),
+        cert_content=dict(type='str'),
        pkcs12_path=dict(type='path'),
        pkcs12_password=dict(type='str', no_log=True),
        pkcs12_alias=dict(type='str'),
@ -503,11 +523,11 @@ def main():

    module = AnsibleModule(
        argument_spec=argument_spec,
-        required_if=[['state', 'present', ('cert_path', 'cert_url', 'pkcs12_path'), True],
+        required_if=[['state', 'present', ('cert_path', 'cert_url', 'cert_content', 'pkcs12_path'), True],
                     ['state', 'absent', ('cert_url', 'cert_alias'), True]],
        required_together=[['keystore_path', 'keystore_pass']],
        mutually_exclusive=[
-            ['cert_url', 'cert_path', 'pkcs12_path']
+            ['cert_url', 'cert_path', 'cert_content', 'pkcs12_path']
        ],
        supports_check_mode=True,
        add_file_common_args=True,
@ -515,6 +535,7 @@ def main():

    url = module.params.get('cert_url')
    path = module.params.get('cert_path')
+    content = module.params.get('cert_content')
    port = module.params.get('cert_port')

    pkcs12_path = module.params.get('pkcs12_path')
@ -582,6 +603,10 @@ def main():
            # certificate to stdout so we don't need to do any transformations.
            new_certificate = path

+        elif content:
+            with open(new_certificate, "w") as f:
+                f.write(content)
+
        elif url:
            # Getting the X509 digest from a URL is the same as from a path, we just have
            # to download the cert first