From 9121f2a4c9723a0d6a1481534c1c5613e4bbc88a Mon Sep 17 00:00:00 2001
From: Xyon <admin@jbladen.co.uk>
Date: Fri, 27 Jul 2018 10:24:51 +0100
Subject: [PATCH] Validate and reject if csr_path is not supplied when provider
 is not assertonly (#41385)

---
 lib/ansible/modules/crypto/openssl_certificate.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/ansible/modules/crypto/openssl_certificate.py b/lib/ansible/modules/crypto/openssl_certificate.py
index 18ac31b742..b29afccf6a 100644
--- a/lib/ansible/modules/crypto/openssl_certificate.py
+++ b/lib/ansible/modules/crypto/openssl_certificate.py
@@ -1038,6 +1038,9 @@ def main():
         except AttributeError:
             module.fail_json(msg='You need to have PyOpenSSL>=0.15')
 
+    if module.params['provider'] != 'assertonly' and module.params['csr_path'] is None:
+        module.fail_json(msg='csr_path is required when provider is not assertonly')
+
     base_dir = os.path.dirname(module.params['path'])
     if not os.path.isdir(base_dir):
         module.fail_json(