openssl_certificate: Return self.cert.get_VALUES() (#33970)

Currently when we make up the return value, we take values based of the
parameters rather than the generated openssl_certificate itself.

This commits returns the actual certificate values making it all time
accurate.

lib/ansible/modules/crypto/openssl_certificate.py

@@ -378,7 +378,6 @@ class SelfSignedCertificate(Certificate):
 
     def __init__(self, module):
         super(SelfSignedCertificate, self).__init__(module)
-        self.serial_number = randint(1000, 99999)
         self.notBefore = module.params['selfsigned_notBefore']
         self.notAfter = module.params['selfsigned_notAfter']
         self.digest = module.params['selfsigned_digest']
@@ -387,7 +386,6 @@ class SelfSignedCertificate(Certificate):
         self.privatekey = crypto_utils.load_privatekey(
             self.privatekey_path, self.privatekey_passphrase
         )
-        self.cert = None
 
     def generate(self, module):
 
@@ -403,7 +401,7 @@ class SelfSignedCertificate(Certificate):
 
         if not self.check(module, perms_required=False) or self.force:
             cert = crypto.X509()
-            cert.set_serial_number(self.serial_number)
+            cert.set_serial_number(randint(1000, 99999))
             if self.notBefore:
                 cert.set_notBefore(self.notBefore)
             else:
@@ -420,11 +418,11 @@ class SelfSignedCertificate(Certificate):
             cert.add_extensions(self.csr.get_extensions())
 
             cert.sign(self.privatekey, self.digest)
-            self.certificate = cert
+            self.cert = cert
 
             try:
                 with open(self.path, 'wb') as cert_file:
-                    cert_file.write(crypto.dump_certificate(crypto.FILETYPE_PEM, self.certificate))
+                    cert_file.write(crypto.dump_certificate(crypto.FILETYPE_PEM, self.cert))
             except EnvironmentError as exc:
                 raise CertificateError(exc)
 
@@ -441,9 +439,9 @@ class SelfSignedCertificate(Certificate):
             'filename': self.path,
             'privatekey': self.privatekey_path,
             'csr': self.csr_path,
-            'notBefore': self.notBefore,
+            'notBefore': self.cert.get_notBefore(),
-            'notAfter': self.notAfter,
+            'notAfter': self.cert.get_notAfter(),
-            'serial_number': self.serial_number,
+            'serial_number': self.cert.get_serial_number(),
         }
 
         return result

test/integration/targets/openssl_certificate/tasks/main.yml

@@ -17,6 +17,16 @@
         privatekey_path: '{{ output_dir }}/privatekey.pem'
         provider: selfsigned
         selfsigned_digest: sha256
+      register: selfsigned_certificate
+
+    - name: Generate selfsigned certificate
+      openssl_certificate:
+        path: '{{ output_dir }}/cert.pem'
+        csr_path: '{{ output_dir }}/csr.csr'
+        privatekey_path: '{{ output_dir }}/privatekey.pem'
+        provider: selfsigned
+        selfsigned_digest: sha256
+      register: selfsigned_certificate_idempotence
 
     - name: Check selfsigned certificate
       openssl_certificate:

test/integration/targets/openssl_certificate/tests/validate.yml

@@ -16,6 +16,13 @@
       - cert_modulus.stdout == privatekey_modulus.stdout
       - cert_version.stdout == '3'
 
+- name: Validate certificate idempotence
+  assert:
+    that:
+      - selfsigned_certificate.serial_number == selfsigned_certificate_idempotence.serial_number
+      - selfsigned_certificate.notBefore == selfsigned_certificate_idempotence.notBefore
+      - selfsigned_certificate.notAfter == selfsigned_certificate_idempotence.notAfter
+
 - name: Validate certificate v2 (test - certificate version == 2)
   shell: 'openssl x509 -noout  -in {{ output_dir}}/cert_v2.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"'
   register: cert_v2_version