mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
[PR #8116/4f758bfb backport][stable-8] java_cert: owner, group, mode arguments enabled (#8152)
java_cert: owner, group, mode arguments enabled (#8116)
* java_cert: owner, group, mode arguments enabled
* java_cert: sanity fix
* add changelog fragment
* remove duplication in documentation
* refactor change detection
* fix indentation
* Update changelogs/fragments/8116-java_cert-enable-owner-group-mode-args.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/java_cert.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/java_cert.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* update options
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 4f758bfb84
)
Co-authored-by: Denis Borisov <dborisov86@gmail.com>
This commit is contained in:
parent
029b811c7b
commit
9e641019be
2 changed files with 61 additions and 27 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
minor_changes:
|
||||||
|
- java_cert - enable ``owner``, ``group``, ``mode``, and other generic file arguments (https://github.com/ansible-collections/community.general/pull/8116).
|
|
@ -18,6 +18,7 @@ description:
|
||||||
and optionally private keys to a given java keystore, or remove them from it.
|
and optionally private keys to a given java keystore, or remove them from it.
|
||||||
extends_documentation_fragment:
|
extends_documentation_fragment:
|
||||||
- community.general.attributes
|
- community.general.attributes
|
||||||
|
- ansible.builtin.files
|
||||||
attributes:
|
attributes:
|
||||||
check_mode:
|
check_mode:
|
||||||
support: full
|
support: full
|
||||||
|
@ -98,6 +99,24 @@ options:
|
||||||
type: str
|
type: str
|
||||||
choices: [ absent, present ]
|
choices: [ absent, present ]
|
||||||
default: present
|
default: present
|
||||||
|
mode:
|
||||||
|
version_added: 8.5.0
|
||||||
|
owner:
|
||||||
|
version_added: 8.5.0
|
||||||
|
group:
|
||||||
|
version_added: 8.5.0
|
||||||
|
seuser:
|
||||||
|
version_added: 8.5.0
|
||||||
|
serole:
|
||||||
|
version_added: 8.5.0
|
||||||
|
setype:
|
||||||
|
version_added: 8.5.0
|
||||||
|
selevel:
|
||||||
|
version_added: 8.5.0
|
||||||
|
unsafe_writes:
|
||||||
|
version_added: 8.5.0
|
||||||
|
attributes:
|
||||||
|
version_added: 8.5.0
|
||||||
requirements: [openssl, keytool]
|
requirements: [openssl, keytool]
|
||||||
author:
|
author:
|
||||||
- Adam Hamsik (@haad)
|
- Adam Hamsik (@haad)
|
||||||
|
@ -331,6 +350,12 @@ def build_proxy_options():
|
||||||
return proxy_opts
|
return proxy_opts
|
||||||
|
|
||||||
|
|
||||||
|
def _update_permissions(module, keystore_path):
|
||||||
|
""" Updates keystore file attributes as necessary """
|
||||||
|
file_args = module.load_file_common_arguments(module.params, path=keystore_path)
|
||||||
|
return module.set_fs_attributes_if_different(file_args, False)
|
||||||
|
|
||||||
|
|
||||||
def _download_cert_url(module, executable, url, port):
|
def _download_cert_url(module, executable, url, port):
|
||||||
""" Fetches the certificate from the remote URL using `keytool -printcert...`
|
""" Fetches the certificate from the remote URL using `keytool -printcert...`
|
||||||
The PEM formatted string is returned """
|
The PEM formatted string is returned """
|
||||||
|
@ -375,15 +400,15 @@ def import_pkcs12_path(module, executable, pkcs12_path, pkcs12_pass, pkcs12_alia
|
||||||
|
|
||||||
# Use local certificate from local path and import it to a java keystore
|
# Use local certificate from local path and import it to a java keystore
|
||||||
(import_rc, import_out, import_err) = module.run_command(import_cmd, data=secret_data, check_rc=False)
|
(import_rc, import_out, import_err) = module.run_command(import_cmd, data=secret_data, check_rc=False)
|
||||||
|
|
||||||
diff = {'before': '\n', 'after': '%s\n' % keystore_alias}
|
diff = {'before': '\n', 'after': '%s\n' % keystore_alias}
|
||||||
if import_rc == 0 and os.path.exists(keystore_path):
|
|
||||||
module.exit_json(changed=True, msg=import_out,
|
if import_rc != 0 or not os.path.exists(keystore_path):
|
||||||
rc=import_rc, cmd=import_cmd, stdout=import_out,
|
|
||||||
error=import_err, diff=diff)
|
|
||||||
else:
|
|
||||||
module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd, error=import_err)
|
module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd, error=import_err)
|
||||||
|
|
||||||
|
return dict(changed=True, msg=import_out,
|
||||||
|
rc=import_rc, cmd=import_cmd, stdout=import_out,
|
||||||
|
error=import_err, diff=diff)
|
||||||
|
|
||||||
|
|
||||||
def import_cert_path(module, executable, path, keystore_path, keystore_pass, alias, keystore_type, trust_cacert):
|
def import_cert_path(module, executable, path, keystore_path, keystore_pass, alias, keystore_type, trust_cacert):
|
||||||
''' Import certificate from path into keystore located on
|
''' Import certificate from path into keystore located on
|
||||||
|
@ -408,17 +433,17 @@ def import_cert_path(module, executable, path, keystore_path, keystore_pass, ali
|
||||||
(import_rc, import_out, import_err) = module.run_command(import_cmd,
|
(import_rc, import_out, import_err) = module.run_command(import_cmd,
|
||||||
data="%s\n%s" % (keystore_pass, keystore_pass),
|
data="%s\n%s" % (keystore_pass, keystore_pass),
|
||||||
check_rc=False)
|
check_rc=False)
|
||||||
|
|
||||||
diff = {'before': '\n', 'after': '%s\n' % alias}
|
diff = {'before': '\n', 'after': '%s\n' % alias}
|
||||||
if import_rc == 0:
|
|
||||||
module.exit_json(changed=True, msg=import_out,
|
if import_rc != 0:
|
||||||
rc=import_rc, cmd=import_cmd, stdout=import_out,
|
module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd, error=import_err)
|
||||||
error=import_err, diff=diff)
|
|
||||||
else:
|
return dict(changed=True, msg=import_out,
|
||||||
module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd)
|
rc=import_rc, cmd=import_cmd, stdout=import_out,
|
||||||
|
error=import_err, diff=diff)
|
||||||
|
|
||||||
|
|
||||||
def delete_cert(module, executable, keystore_path, keystore_pass, alias, keystore_type, exit_after=True):
|
def delete_cert(module, executable, keystore_path, keystore_pass, alias, keystore_type):
|
||||||
''' Delete certificate identified with alias from keystore on keystore_path '''
|
''' Delete certificate identified with alias from keystore on keystore_path '''
|
||||||
del_cmd = [
|
del_cmd = [
|
||||||
executable,
|
executable,
|
||||||
|
@ -434,13 +459,13 @@ def delete_cert(module, executable, keystore_path, keystore_pass, alias, keystor
|
||||||
|
|
||||||
# Delete SSL certificate from keystore
|
# Delete SSL certificate from keystore
|
||||||
(del_rc, del_out, del_err) = module.run_command(del_cmd, data=keystore_pass, check_rc=True)
|
(del_rc, del_out, del_err) = module.run_command(del_cmd, data=keystore_pass, check_rc=True)
|
||||||
|
diff = {'before': '%s\n' % alias, 'after': None}
|
||||||
|
|
||||||
if exit_after:
|
if del_rc != 0:
|
||||||
diff = {'before': '%s\n' % alias, 'after': None}
|
module.fail_json(msg=del_out, rc=del_rc, cmd=del_cmd, error=del_err)
|
||||||
|
|
||||||
module.exit_json(changed=True, msg=del_out,
|
return dict(changed=True, msg=del_out, rc=del_rc, cmd=del_cmd,
|
||||||
rc=del_rc, cmd=del_cmd, stdout=del_out,
|
stdout=del_out, error=del_err, diff=diff)
|
||||||
error=del_err, diff=diff)
|
|
||||||
|
|
||||||
|
|
||||||
def test_keytool(module, executable):
|
def test_keytool(module, executable):
|
||||||
|
@ -485,6 +510,7 @@ def main():
|
||||||
['cert_url', 'cert_path', 'pkcs12_path']
|
['cert_url', 'cert_path', 'pkcs12_path']
|
||||||
],
|
],
|
||||||
supports_check_mode=True,
|
supports_check_mode=True,
|
||||||
|
add_file_common_args=True,
|
||||||
)
|
)
|
||||||
|
|
||||||
url = module.params.get('cert_url')
|
url = module.params.get('cert_url')
|
||||||
|
@ -526,12 +552,14 @@ def main():
|
||||||
module.add_cleanup_file(new_certificate)
|
module.add_cleanup_file(new_certificate)
|
||||||
module.add_cleanup_file(old_certificate)
|
module.add_cleanup_file(old_certificate)
|
||||||
|
|
||||||
|
result = dict()
|
||||||
|
|
||||||
if state == 'absent' and alias_exists:
|
if state == 'absent' and alias_exists:
|
||||||
if module.check_mode:
|
if module.check_mode:
|
||||||
module.exit_json(changed=True)
|
module.exit_json(changed=True)
|
||||||
|
|
||||||
# delete and exit
|
# delete
|
||||||
delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type)
|
result = delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type)
|
||||||
|
|
||||||
# dump certificate to enroll in the keystore on disk and compute digest
|
# dump certificate to enroll in the keystore on disk and compute digest
|
||||||
if state == 'present':
|
if state == 'present':
|
||||||
|
@ -569,16 +597,20 @@ def main():
|
||||||
if alias_exists:
|
if alias_exists:
|
||||||
# The certificate in the keystore does not match with the one we want to be present
|
# The certificate in the keystore does not match with the one we want to be present
|
||||||
# The existing certificate must first be deleted before we insert the correct one
|
# The existing certificate must first be deleted before we insert the correct one
|
||||||
delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type, exit_after=False)
|
delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type)
|
||||||
|
|
||||||
if pkcs12_path:
|
if pkcs12_path:
|
||||||
import_pkcs12_path(module, executable, pkcs12_path, pkcs12_pass, pkcs12_alias,
|
result = import_pkcs12_path(module, executable, pkcs12_path, pkcs12_pass, pkcs12_alias,
|
||||||
keystore_path, keystore_pass, cert_alias, keystore_type)
|
keystore_path, keystore_pass, cert_alias, keystore_type)
|
||||||
else:
|
else:
|
||||||
import_cert_path(module, executable, new_certificate, keystore_path,
|
result = import_cert_path(module, executable, new_certificate, keystore_path,
|
||||||
keystore_pass, cert_alias, keystore_type, trust_cacert)
|
keystore_pass, cert_alias, keystore_type, trust_cacert)
|
||||||
|
|
||||||
module.exit_json(changed=False)
|
if os.path.exists(keystore_path):
|
||||||
|
changed_permissions = _update_permissions(module, keystore_path)
|
||||||
|
result['changed'] = result.get('changed', False) or changed_permissions
|
||||||
|
|
||||||
|
module.exit_json(**result)
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
|
|
Loading…
Reference in a new issue