From b2e4485567b61dbf4ebe2ef1989ee64911355e9d Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Mon, 17 May 2021 20:24:09 +0200 Subject: [PATCH] java_keystore: pass in secret to keytool via stdin (#2526) (#2545) * java_keystore: pass in secret to keytool via stdin * add changelog fragment (cherry picked from commit 2b1eff2783b6f6c8b6d4ef0552afc35d5eac9146) Co-authored-by: quidame --- .../2526-java_keystore-password-via-stdin.yml | 4 ++++ plugins/modules/system/java_keystore.py | 10 ++++------ .../unit/plugins/modules/system/test_java_keystore.py | 6 +++--- 3 files changed, 11 insertions(+), 9 deletions(-) create mode 100644 changelogs/fragments/2526-java_keystore-password-via-stdin.yml diff --git a/changelogs/fragments/2526-java_keystore-password-via-stdin.yml b/changelogs/fragments/2526-java_keystore-password-via-stdin.yml new file mode 100644 index 0000000000..1e45e306af --- /dev/null +++ b/changelogs/fragments/2526-java_keystore-password-via-stdin.yml @@ -0,0 +1,4 @@ +--- +minor_changes: + - "java_keystore - replace envvar by stdin to pass secret to ``keytool`` + (https://github.com/ansible-collections/community.general/pull/2526)." diff --git a/plugins/modules/system/java_keystore.py b/plugins/modules/system/java_keystore.py index 78bcfb6af6..8293801f1b 100644 --- a/plugins/modules/system/java_keystore.py +++ b/plugins/modules/system/java_keystore.py @@ -290,11 +290,11 @@ class JavaKeystore: def read_stored_certificate_fingerprint(self): stored_certificate_fingerprint_cmd = [ - self.keytool_bin, "-list", "-alias", self.name, "-keystore", - self.keystore_path, "-storepass:env", "STOREPASS", "-v" + self.keytool_bin, "-list", "-alias", self.name, + "-keystore", self.keystore_path, "-v" ] (rc, stored_certificate_fingerprint_out, stored_certificate_fingerprint_err) = self.module.run_command( - stored_certificate_fingerprint_cmd, environ_update=dict(STOREPASS=self.password), check_rc=False) + stored_certificate_fingerprint_cmd, data=self.password, check_rc=False) if rc != 0: if "keytool error: java.lang.Exception: Alias <%s> does not exist" % self.name \ in stored_certificate_fingerprint_out: @@ -428,12 +428,10 @@ class JavaKeystore: "-srckeystore", keystore_p12_path, "-srcstoretype", "pkcs12", "-alias", self.name, - "-deststorepass:env", "STOREPASS", - "-srcstorepass:env", "STOREPASS", "-noprompt"] (rc, import_keystore_out, dummy) = self.module.run_command( - import_keystore_cmd, data=None, environ_update=dict(STOREPASS=self.password), check_rc=False + import_keystore_cmd, data='%s\n%s\n%s' % (self.password, self.password, self.password), check_rc=False ) if rc != 0: return self.module.fail_json(msg=import_keystore_out, cmd=import_keystore_cmd, rc=rc) diff --git a/tests/unit/plugins/modules/system/test_java_keystore.py b/tests/unit/plugins/modules/system/test_java_keystore.py index 5e99074c95..7d582a3e99 100644 --- a/tests/unit/plugins/modules/system/test_java_keystore.py +++ b/tests/unit/plugins/modules/system/test_java_keystore.py @@ -80,7 +80,7 @@ class TestCreateJavaKeystore(ModuleTestCase): 'cmd': ["keytool", "-importkeystore", "-destkeystore", "/path/to/keystore.jks", "-srckeystore", "/tmp/tmpgrzm2ah7", "-srcstoretype", "pkcs12", "-alias", "test", - "-deststorepass:env", "STOREPASS", "-srcstorepass:env", "STOREPASS", "-noprompt"], + "-noprompt"], 'msg': '', 'rc': 0 } @@ -183,7 +183,7 @@ class TestCreateJavaKeystore(ModuleTestCase): cmd=["keytool", "-importkeystore", "-destkeystore", "/path/to/keystore.jks", "-srckeystore", "/tmp/tmpgrzm2ah7", "-srcstoretype", "pkcs12", "-alias", "test", - "-deststorepass:env", "STOREPASS", "-srcstorepass:env", "STOREPASS", "-noprompt"], + "-noprompt"], msg='', rc=1 ) @@ -354,7 +354,7 @@ class TestCertChanged(ModuleTestCase): jks = JavaKeystore(module) jks.cert_changed() module.fail_json.assert_called_with( - cmd=["keytool", "-list", "-alias", "foo", "-keystore", "/path/to/keystore.jks", "-storepass:env", "STOREPASS", "-v"], + cmd=["keytool", "-list", "-alias", "foo", "-keystore", "/path/to/keystore.jks", "-v"], msg='', err='Oops', rc=1