mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
[PR #8153/8f98ba91 backport][stable-8] java_cert: add cert_content argument (#8262)
java_cert: add cert_content argument (#8153)
* add cert_content arg (#8034)
* add changelog fragment (#8034)
* Update plugins/modules/java_cert.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 8f98ba9119
)
Co-authored-by: Denis Borisov <dborisov86@gmail.com>
This commit is contained in:
parent
a64098cd76
commit
9ff5e6f757
2 changed files with 33 additions and 6 deletions
|
@ -0,0 +1,2 @@
|
|||
minor_changes:
|
||||
- java_cert - add ``cert_content`` argument (https://github.com/ansible-collections/community.general/pull/8153).
|
|
@ -28,7 +28,7 @@ options:
|
|||
cert_url:
|
||||
description:
|
||||
- Basic URL to fetch SSL certificate from.
|
||||
- Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate.
|
||||
- Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
|
||||
type: str
|
||||
cert_port:
|
||||
description:
|
||||
|
@ -39,8 +39,14 @@ options:
|
|||
cert_path:
|
||||
description:
|
||||
- Local path to load certificate from.
|
||||
- Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate.
|
||||
- Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
|
||||
type: path
|
||||
cert_content:
|
||||
description:
|
||||
- Content of the certificate used to create the keystore.
|
||||
- Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
|
||||
type: str
|
||||
version_added: 8.6.0
|
||||
cert_alias:
|
||||
description:
|
||||
- Imported certificate alias.
|
||||
|
@ -55,10 +61,10 @@ options:
|
|||
pkcs12_path:
|
||||
description:
|
||||
- Local path to load PKCS12 keystore from.
|
||||
- Unlike O(cert_url) and O(cert_path), the PKCS12 keystore embeds the private key matching
|
||||
- Unlike O(cert_url), O(cert_path) and O(cert_content), the PKCS12 keystore embeds the private key matching
|
||||
the certificate, and is used to import both the certificate and its private key into the
|
||||
java keystore.
|
||||
- Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate.
|
||||
- Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
|
||||
type: path
|
||||
pkcs12_password:
|
||||
description:
|
||||
|
@ -149,6 +155,19 @@ EXAMPLES = r'''
|
|||
cert_alias: LE_RootCA
|
||||
trust_cacert: true
|
||||
|
||||
- name: Import trusted CA from the SSL certificate stored in the cert_content variable
|
||||
community.general.java_cert:
|
||||
cert_content: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
...
|
||||
-----END CERTIFICATE-----
|
||||
keystore_path: /tmp/cacerts
|
||||
keystore_pass: changeit
|
||||
keystore_create: true
|
||||
state: present
|
||||
cert_alias: LE_RootCA
|
||||
trust_cacert: true
|
||||
|
||||
- name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist
|
||||
community.general.java_cert:
|
||||
cert_url: google.com
|
||||
|
@ -487,6 +506,7 @@ def main():
|
|||
argument_spec = dict(
|
||||
cert_url=dict(type='str'),
|
||||
cert_path=dict(type='path'),
|
||||
cert_content=dict(type='str'),
|
||||
pkcs12_path=dict(type='path'),
|
||||
pkcs12_password=dict(type='str', no_log=True),
|
||||
pkcs12_alias=dict(type='str'),
|
||||
|
@ -503,11 +523,11 @@ def main():
|
|||
|
||||
module = AnsibleModule(
|
||||
argument_spec=argument_spec,
|
||||
required_if=[['state', 'present', ('cert_path', 'cert_url', 'pkcs12_path'), True],
|
||||
required_if=[['state', 'present', ('cert_path', 'cert_url', 'cert_content', 'pkcs12_path'), True],
|
||||
['state', 'absent', ('cert_url', 'cert_alias'), True]],
|
||||
required_together=[['keystore_path', 'keystore_pass']],
|
||||
mutually_exclusive=[
|
||||
['cert_url', 'cert_path', 'pkcs12_path']
|
||||
['cert_url', 'cert_path', 'cert_content', 'pkcs12_path']
|
||||
],
|
||||
supports_check_mode=True,
|
||||
add_file_common_args=True,
|
||||
|
@ -515,6 +535,7 @@ def main():
|
|||
|
||||
url = module.params.get('cert_url')
|
||||
path = module.params.get('cert_path')
|
||||
content = module.params.get('cert_content')
|
||||
port = module.params.get('cert_port')
|
||||
|
||||
pkcs12_path = module.params.get('pkcs12_path')
|
||||
|
@ -582,6 +603,10 @@ def main():
|
|||
# certificate to stdout so we don't need to do any transformations.
|
||||
new_certificate = path
|
||||
|
||||
elif content:
|
||||
with open(new_certificate, "w") as f:
|
||||
f.write(content)
|
||||
|
||||
elif url:
|
||||
# Getting the X509 digest from a URL is the same as from a path, we just have
|
||||
# to download the cert first
|
||||
|
|
Loading…
Reference in a new issue