ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

java_cert: support of different keystore type (JKS, JCEKS) (#49953)

Browse source 
* add differents type of keystores support (JKS, JCEKS)

* update documentation

* fix pep8 errors

* fix check in get_keystore_type
This commit is contained in:
Alexander Kharkevich 2019-02-07 18:45:28 +03:00 committed by ansibot
parent 9243c927ba
commit b93b3dd7a7
1 changed files with 47 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

68
lib/ansible/modules/system/java_cert.py
View file

@ -58,6 +58,11 @@ options:
description:
- Create keystore if it doesn't exist
type: bool
keystore_type:
description:
- Keystore type (JCEKS, JKS).
default: None
version_added: "2.8"
executable:
description:
- Path to keytool binary if not used we search in PATH for it.
@ -104,6 +109,18 @@ EXAMPLES = '''
keystore_pass: changeit
keystore_create: yes
state: present
- name: Import SSL certificate to JCEKS keystore
java_cert:
pkcs12_path: "/tmp/importkeystore.p12"
pkcs12_alias: default
pkcs12_password: somepass
cert_alias: default
keystore_path: /opt/someapp/security/keystore.jceks
keystore_type: "JCEKS"
keystore_pass: changeit
keystore_create: yes
state: present
'''
RETURN = '''
@ -132,11 +149,18 @@ import os
from ansible.module_utils.basic import AnsibleModule
def check_cert_present(module, executable, keystore_path, keystore_pass, alias):
def get_keystore_type(keystore_type):
''' Check that custom keystore is presented in parameters '''
if keystore_type:
return (" -storetype '%s'") % (keystore_type)
return ''
def check_cert_present(module, executable, keystore_path, keystore_pass, alias, keystore_type):
''' Check if certificate with alias is present in keystore
located at keystore_path '''
test_cmd = ("%s -noprompt -list -keystore '%s' -storepass '%s' "
"-alias '%s'") % (executable, keystore_path, keystore_pass, alias)
"-alias '%s' %s") % (executable, keystore_path, keystore_pass, alias, get_keystore_type(keystore_type))
(check_rc, _, _) = module.run_command(test_cmd)
if check_rc == 0:
@ -144,7 +168,7 @@ def check_cert_present(module, executable, keystore_path, keystore_pass, alias):
return False
def import_cert_url(module, executable, url, port, keystore_path, keystore_pass, alias):
def import_cert_url(module, executable, url, port, keystore_path, keystore_pass, alias, keystore_type):
''' Import certificate from URL into keystore located at keystore_path '''
import re
@ -167,10 +191,10 @@ def import_cert_url(module, executable, url, port, keystore_path, keystore_pass,
proxy_opts += (" -J-Dhttp.nonProxyHosts='%s'") % (non_proxy_hosts)
fetch_cmd = ("%s -printcert -rfc -sslserver %s %s:%d") % (executable, proxy_opts, url, port)
import_cmd = ("%s -importcert -noprompt -keystore '%s' "
"-storepass '%s' -alias '%s'") % (executable, keystore_path,
keystore_pass, alias)
"-storepass '%s' -alias '%s' %s") % (executable, keystore_path,
keystore_pass, alias,
get_keystore_type(keystore_type))
if module.check_mode:
module.exit_json(changed=True)
@ -192,14 +216,13 @@ def import_cert_url(module, executable, url, port, keystore_path, keystore_pass,
error=import_err)
def import_cert_path(module, executable, path, keystore_path, keystore_pass, alias):
def import_cert_path(module, executable, path, keystore_path, keystore_pass, alias, keystore_type):
''' Import certificate from path into keystore located on
keystore_path as alias '''
import_cmd = ("%s -importcert -noprompt -keystore '%s' "
"-storepass '%s' -file '%s' -alias '%s'") % (executable,
keystore_path,
keystore_pass,
path, alias)
"-storepass '%s' -file '%s' -alias '%s' %s") % (executable, keystore_path,
keystore_pass, path, alias,
get_keystore_type(keystore_type))
if module.check_mode:
module.exit_json(changed=True)
@ -217,13 +240,14 @@ def import_cert_path(module, executable, path, keystore_path, keystore_pass, ali
return module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd)
def import_pkcs12_path(module, executable, path, keystore_path, keystore_pass, pkcs12_pass, pkcs12_alias, alias):
def import_pkcs12_path(module, executable, path, keystore_path, keystore_pass, pkcs12_pass, pkcs12_alias, alias, keystore_type):
''' Import pkcs12 from path into keystore located on
keystore_path as alias '''
import_cmd = ("%s -importkeystore -noprompt -destkeystore '%s' -srcstoretype PKCS12 "
"-deststorepass '%s' -destkeypass '%s' -srckeystore '%s' -srcstorepass '%s' "
"-srcalias '%s' -destalias '%s'") % (executable, keystore_path, keystore_pass,
keystore_pass, path, pkcs12_pass, pkcs12_alias, alias)
"-srcalias '%s' -destalias '%s' %s") % (executable, keystore_path, keystore_pass,
keystore_pass, path, pkcs12_pass, pkcs12_alias,
alias, get_keystore_type(keystore_type))
if module.check_mode:
module.exit_json(changed=True)
@ -241,10 +265,10 @@ def import_pkcs12_path(module, executable, path, keystore_path, keystore_pass, p
return module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd)
def delete_cert(module, executable, keystore_path, keystore_pass, alias):
def delete_cert(module, executable, keystore_path, keystore_pass, alias, keystore_type):
''' Delete certificate identified with alias from keystore on keystore_path '''
del_cmd = ("%s -delete -keystore '%s' -storepass '%s' "
"-alias '%s'") % (executable, keystore_path, keystore_pass, alias)
"-alias '%s' %s") % (executable, keystore_path, keystore_pass, alias, get_keystore_type(keystore_type))
if module.check_mode:
module.exit_json(changed=True)
@ -290,6 +314,7 @@ def main():
keystore_path=dict(type='path'),
keystore_pass=dict(type='str', required=True, no_log=True),
keystore_create=dict(type='bool', default=False),
keystore_type=dict(type='str', default=None),
executable=dict(type='str', default='keytool'),
state=dict(type='str', default='present', choices=['absent', 'present']),
)
@ -317,6 +342,7 @@ def main():
keystore_path = module.params.get('keystore_path')
keystore_pass = module.params.get('keystore_pass')
keystore_create = module.params.get('keystore_create')
keystore_type = module.params.get('keystore_type')
executable = module.params.get('executable')
state = module.params.get('state')
@ -331,25 +357,25 @@ def main():
test_keystore(module, keystore_path)
cert_present = check_cert_present(module, executable, keystore_path,
keystore_pass, cert_alias)
keystore_pass, cert_alias, keystore_type)
if state == 'absent':
if cert_present:
delete_cert(module, executable, keystore_path, keystore_pass, cert_alias)
delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type)
elif state == 'present':
if not cert_present:
if pkcs12_path:
import_pkcs12_path(module, executable, pkcs12_path, keystore_path,
keystore_pass, pkcs12_pass, pkcs12_alias, cert_alias)
keystore_pass, pkcs12_pass, pkcs12_alias, cert_alias, keystore_type)
if path:
import_cert_path(module, executable, path, keystore_path,
keystore_pass, cert_alias)
keystore_pass, cert_alias, keystore_type)
if url:
import_cert_url(module, executable, url, port, keystore_path,
keystore_pass, cert_alias)
keystore_pass, cert_alias, keystore_type)
module.exit_json(changed=False)