mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
java_cert: support of different keystore type (JKS, JCEKS) (#49953)
* add differents type of keystores support (JKS, JCEKS) * update documentation * fix pep8 errors * fix check in get_keystore_type
This commit is contained in:
parent
9243c927ba
commit
b93b3dd7a7
1 changed files with 47 additions and 21 deletions
|
@ -58,6 +58,11 @@ options:
|
||||||
description:
|
description:
|
||||||
- Create keystore if it doesn't exist
|
- Create keystore if it doesn't exist
|
||||||
type: bool
|
type: bool
|
||||||
|
keystore_type:
|
||||||
|
description:
|
||||||
|
- Keystore type (JCEKS, JKS).
|
||||||
|
default: None
|
||||||
|
version_added: "2.8"
|
||||||
executable:
|
executable:
|
||||||
description:
|
description:
|
||||||
- Path to keytool binary if not used we search in PATH for it.
|
- Path to keytool binary if not used we search in PATH for it.
|
||||||
|
@ -104,6 +109,18 @@ EXAMPLES = '''
|
||||||
keystore_pass: changeit
|
keystore_pass: changeit
|
||||||
keystore_create: yes
|
keystore_create: yes
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: Import SSL certificate to JCEKS keystore
|
||||||
|
java_cert:
|
||||||
|
pkcs12_path: "/tmp/importkeystore.p12"
|
||||||
|
pkcs12_alias: default
|
||||||
|
pkcs12_password: somepass
|
||||||
|
cert_alias: default
|
||||||
|
keystore_path: /opt/someapp/security/keystore.jceks
|
||||||
|
keystore_type: "JCEKS"
|
||||||
|
keystore_pass: changeit
|
||||||
|
keystore_create: yes
|
||||||
|
state: present
|
||||||
'''
|
'''
|
||||||
|
|
||||||
RETURN = '''
|
RETURN = '''
|
||||||
|
@ -132,11 +149,18 @@ import os
|
||||||
from ansible.module_utils.basic import AnsibleModule
|
from ansible.module_utils.basic import AnsibleModule
|
||||||
|
|
||||||
|
|
||||||
def check_cert_present(module, executable, keystore_path, keystore_pass, alias):
|
def get_keystore_type(keystore_type):
|
||||||
|
''' Check that custom keystore is presented in parameters '''
|
||||||
|
if keystore_type:
|
||||||
|
return (" -storetype '%s'") % (keystore_type)
|
||||||
|
return ''
|
||||||
|
|
||||||
|
|
||||||
|
def check_cert_present(module, executable, keystore_path, keystore_pass, alias, keystore_type):
|
||||||
''' Check if certificate with alias is present in keystore
|
''' Check if certificate with alias is present in keystore
|
||||||
located at keystore_path '''
|
located at keystore_path '''
|
||||||
test_cmd = ("%s -noprompt -list -keystore '%s' -storepass '%s' "
|
test_cmd = ("%s -noprompt -list -keystore '%s' -storepass '%s' "
|
||||||
"-alias '%s'") % (executable, keystore_path, keystore_pass, alias)
|
"-alias '%s' %s") % (executable, keystore_path, keystore_pass, alias, get_keystore_type(keystore_type))
|
||||||
|
|
||||||
(check_rc, _, _) = module.run_command(test_cmd)
|
(check_rc, _, _) = module.run_command(test_cmd)
|
||||||
if check_rc == 0:
|
if check_rc == 0:
|
||||||
|
@ -144,7 +168,7 @@ def check_cert_present(module, executable, keystore_path, keystore_pass, alias):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
def import_cert_url(module, executable, url, port, keystore_path, keystore_pass, alias):
|
def import_cert_url(module, executable, url, port, keystore_path, keystore_pass, alias, keystore_type):
|
||||||
''' Import certificate from URL into keystore located at keystore_path '''
|
''' Import certificate from URL into keystore located at keystore_path '''
|
||||||
import re
|
import re
|
||||||
|
|
||||||
|
@ -167,10 +191,10 @@ def import_cert_url(module, executable, url, port, keystore_path, keystore_pass,
|
||||||
proxy_opts += (" -J-Dhttp.nonProxyHosts='%s'") % (non_proxy_hosts)
|
proxy_opts += (" -J-Dhttp.nonProxyHosts='%s'") % (non_proxy_hosts)
|
||||||
|
|
||||||
fetch_cmd = ("%s -printcert -rfc -sslserver %s %s:%d") % (executable, proxy_opts, url, port)
|
fetch_cmd = ("%s -printcert -rfc -sslserver %s %s:%d") % (executable, proxy_opts, url, port)
|
||||||
|
|
||||||
import_cmd = ("%s -importcert -noprompt -keystore '%s' "
|
import_cmd = ("%s -importcert -noprompt -keystore '%s' "
|
||||||
"-storepass '%s' -alias '%s'") % (executable, keystore_path,
|
"-storepass '%s' -alias '%s' %s") % (executable, keystore_path,
|
||||||
keystore_pass, alias)
|
keystore_pass, alias,
|
||||||
|
get_keystore_type(keystore_type))
|
||||||
|
|
||||||
if module.check_mode:
|
if module.check_mode:
|
||||||
module.exit_json(changed=True)
|
module.exit_json(changed=True)
|
||||||
|
@ -192,14 +216,13 @@ def import_cert_url(module, executable, url, port, keystore_path, keystore_pass,
|
||||||
error=import_err)
|
error=import_err)
|
||||||
|
|
||||||
|
|
||||||
def import_cert_path(module, executable, path, keystore_path, keystore_pass, alias):
|
def import_cert_path(module, executable, path, keystore_path, keystore_pass, alias, keystore_type):
|
||||||
''' Import certificate from path into keystore located on
|
''' Import certificate from path into keystore located on
|
||||||
keystore_path as alias '''
|
keystore_path as alias '''
|
||||||
import_cmd = ("%s -importcert -noprompt -keystore '%s' "
|
import_cmd = ("%s -importcert -noprompt -keystore '%s' "
|
||||||
"-storepass '%s' -file '%s' -alias '%s'") % (executable,
|
"-storepass '%s' -file '%s' -alias '%s' %s") % (executable, keystore_path,
|
||||||
keystore_path,
|
keystore_pass, path, alias,
|
||||||
keystore_pass,
|
get_keystore_type(keystore_type))
|
||||||
path, alias)
|
|
||||||
|
|
||||||
if module.check_mode:
|
if module.check_mode:
|
||||||
module.exit_json(changed=True)
|
module.exit_json(changed=True)
|
||||||
|
@ -217,13 +240,14 @@ def import_cert_path(module, executable, path, keystore_path, keystore_pass, ali
|
||||||
return module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd)
|
return module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd)
|
||||||
|
|
||||||
|
|
||||||
def import_pkcs12_path(module, executable, path, keystore_path, keystore_pass, pkcs12_pass, pkcs12_alias, alias):
|
def import_pkcs12_path(module, executable, path, keystore_path, keystore_pass, pkcs12_pass, pkcs12_alias, alias, keystore_type):
|
||||||
''' Import pkcs12 from path into keystore located on
|
''' Import pkcs12 from path into keystore located on
|
||||||
keystore_path as alias '''
|
keystore_path as alias '''
|
||||||
import_cmd = ("%s -importkeystore -noprompt -destkeystore '%s' -srcstoretype PKCS12 "
|
import_cmd = ("%s -importkeystore -noprompt -destkeystore '%s' -srcstoretype PKCS12 "
|
||||||
"-deststorepass '%s' -destkeypass '%s' -srckeystore '%s' -srcstorepass '%s' "
|
"-deststorepass '%s' -destkeypass '%s' -srckeystore '%s' -srcstorepass '%s' "
|
||||||
"-srcalias '%s' -destalias '%s'") % (executable, keystore_path, keystore_pass,
|
"-srcalias '%s' -destalias '%s' %s") % (executable, keystore_path, keystore_pass,
|
||||||
keystore_pass, path, pkcs12_pass, pkcs12_alias, alias)
|
keystore_pass, path, pkcs12_pass, pkcs12_alias,
|
||||||
|
alias, get_keystore_type(keystore_type))
|
||||||
|
|
||||||
if module.check_mode:
|
if module.check_mode:
|
||||||
module.exit_json(changed=True)
|
module.exit_json(changed=True)
|
||||||
|
@ -241,10 +265,10 @@ def import_pkcs12_path(module, executable, path, keystore_path, keystore_pass, p
|
||||||
return module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd)
|
return module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd)
|
||||||
|
|
||||||
|
|
||||||
def delete_cert(module, executable, keystore_path, keystore_pass, alias):
|
def delete_cert(module, executable, keystore_path, keystore_pass, alias, keystore_type):
|
||||||
''' Delete certificate identified with alias from keystore on keystore_path '''
|
''' Delete certificate identified with alias from keystore on keystore_path '''
|
||||||
del_cmd = ("%s -delete -keystore '%s' -storepass '%s' "
|
del_cmd = ("%s -delete -keystore '%s' -storepass '%s' "
|
||||||
"-alias '%s'") % (executable, keystore_path, keystore_pass, alias)
|
"-alias '%s' %s") % (executable, keystore_path, keystore_pass, alias, get_keystore_type(keystore_type))
|
||||||
|
|
||||||
if module.check_mode:
|
if module.check_mode:
|
||||||
module.exit_json(changed=True)
|
module.exit_json(changed=True)
|
||||||
|
@ -290,6 +314,7 @@ def main():
|
||||||
keystore_path=dict(type='path'),
|
keystore_path=dict(type='path'),
|
||||||
keystore_pass=dict(type='str', required=True, no_log=True),
|
keystore_pass=dict(type='str', required=True, no_log=True),
|
||||||
keystore_create=dict(type='bool', default=False),
|
keystore_create=dict(type='bool', default=False),
|
||||||
|
keystore_type=dict(type='str', default=None),
|
||||||
executable=dict(type='str', default='keytool'),
|
executable=dict(type='str', default='keytool'),
|
||||||
state=dict(type='str', default='present', choices=['absent', 'present']),
|
state=dict(type='str', default='present', choices=['absent', 'present']),
|
||||||
)
|
)
|
||||||
|
@ -317,6 +342,7 @@ def main():
|
||||||
keystore_path = module.params.get('keystore_path')
|
keystore_path = module.params.get('keystore_path')
|
||||||
keystore_pass = module.params.get('keystore_pass')
|
keystore_pass = module.params.get('keystore_pass')
|
||||||
keystore_create = module.params.get('keystore_create')
|
keystore_create = module.params.get('keystore_create')
|
||||||
|
keystore_type = module.params.get('keystore_type')
|
||||||
executable = module.params.get('executable')
|
executable = module.params.get('executable')
|
||||||
state = module.params.get('state')
|
state = module.params.get('state')
|
||||||
|
|
||||||
|
@ -331,25 +357,25 @@ def main():
|
||||||
test_keystore(module, keystore_path)
|
test_keystore(module, keystore_path)
|
||||||
|
|
||||||
cert_present = check_cert_present(module, executable, keystore_path,
|
cert_present = check_cert_present(module, executable, keystore_path,
|
||||||
keystore_pass, cert_alias)
|
keystore_pass, cert_alias, keystore_type)
|
||||||
|
|
||||||
if state == 'absent':
|
if state == 'absent':
|
||||||
if cert_present:
|
if cert_present:
|
||||||
delete_cert(module, executable, keystore_path, keystore_pass, cert_alias)
|
delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type)
|
||||||
|
|
||||||
elif state == 'present':
|
elif state == 'present':
|
||||||
if not cert_present:
|
if not cert_present:
|
||||||
if pkcs12_path:
|
if pkcs12_path:
|
||||||
import_pkcs12_path(module, executable, pkcs12_path, keystore_path,
|
import_pkcs12_path(module, executable, pkcs12_path, keystore_path,
|
||||||
keystore_pass, pkcs12_pass, pkcs12_alias, cert_alias)
|
keystore_pass, pkcs12_pass, pkcs12_alias, cert_alias, keystore_type)
|
||||||
|
|
||||||
if path:
|
if path:
|
||||||
import_cert_path(module, executable, path, keystore_path,
|
import_cert_path(module, executable, path, keystore_path,
|
||||||
keystore_pass, cert_alias)
|
keystore_pass, cert_alias, keystore_type)
|
||||||
|
|
||||||
if url:
|
if url:
|
||||||
import_cert_url(module, executable, url, port, keystore_path,
|
import_cert_url(module, executable, url, port, keystore_path,
|
||||||
keystore_pass, cert_alias)
|
keystore_pass, cert_alias, keystore_type)
|
||||||
|
|
||||||
module.exit_json(changed=False)
|
module.exit_json(changed=False)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue