From eb18df1a0fdcc56a5d232bafd2573ef9c01201d5 Mon Sep 17 00:00:00 2001 From: Jordan Borean Date: Tue, 19 Mar 2019 11:49:25 +1000 Subject: [PATCH] win_certificate_store - fix glob like paths (#54007) --- .../fragments/win_certificate_store-paths.yaml | 2 ++ .../modules/windows/win_certificate_store.ps1 | 18 +++++++++--------- .../win_certificate_store/defaults/main.yml | 2 +- 3 files changed, 12 insertions(+), 10 deletions(-) create mode 100644 changelogs/fragments/win_certificate_store-paths.yaml diff --git a/changelogs/fragments/win_certificate_store-paths.yaml b/changelogs/fragments/win_certificate_store-paths.yaml new file mode 100644 index 0000000000..55ed38cdac --- /dev/null +++ b/changelogs/fragments/win_certificate_store-paths.yaml @@ -0,0 +1,2 @@ +bugfixes: +- win_certificate_store - Fix issues when using paths with glob like characters, e.g. ``[``, ``]`` diff --git a/lib/ansible/modules/windows/win_certificate_store.ps1 b/lib/ansible/modules/windows/win_certificate_store.ps1 index faf0ad6ffd..6ecc9f7359 100644 --- a/lib/ansible/modules/windows/win_certificate_store.ps1 +++ b/lib/ansible/modules/windows/win_certificate_store.ps1 @@ -31,7 +31,7 @@ $module = [Ansible.Basic.AnsibleModule]::Create($args, $spec) Function Get-CertFile($module, $path, $password, $key_exportable, $key_storage) { # parses a certificate file and returns X509Certificate2Collection - if (-not (Test-Path -Path $path -PathType Leaf)) { + if (-not (Test-Path -LiteralPath $path -PathType Leaf)) { $module.FailJson("File at '$path' either does not exist or is not a file") } @@ -77,8 +77,8 @@ Function New-CertFile($module, $cert, $path, $type, $password) { } } - if (Test-Path -Path $path) { - Remove-Item -Path $path -Force + if (Test-Path -LiteralPath $path) { + Remove-Item -LiteralPath $path -Force $module.Result.changed = $true } try { @@ -109,7 +109,7 @@ Function New-CertFile($module, $cert, $path, $type, $password) { $module.FailJson("Failed to write cert to file, cert was null: $($_.Exception.Message)", $_) } catch [System.IO.IOException] { $module.FailJson("Failed to write cert to file due to IO Exception: $($_.Exception.Message)", $_) - } catch [System.UnauthorizedAccessException, System.Security.SecurityException] { + } catch [System.UnauthorizedAccessException] { $module.FailJson("Failed to write cert to file due to permissions: $($_.Exception.Message)", $_) } catch { $module.FailJson("Failed to write cert to file: $($_.Exception.Message)", $_) @@ -129,7 +129,7 @@ Function Get-CertFileType($path, $password) { return "unknown" } - $file_contents = Get-Content -Path $path -Raw + $file_contents = Get-Content -LiteralPath $path -Raw if ($file_contents.StartsWith("-----BEGIN CERTIFICATE-----")) { return "pem" } elseif ($file_contents.StartsWith("-----BEGIN PKCS7-----")) { @@ -176,12 +176,12 @@ try { if ($state -eq "absent") { $cert_thumbprints = @() - if ($path -ne $null) { + if ($null -ne $path) { $certs = Get-CertFile -module $module -path $path -password $password -key_exportable $key_exportable -key_storage $key_storage foreach ($cert in $certs) { $cert_thumbprints += $cert.Thumbprint } - } elseif ($thumbprint -ne $null) { + } elseif ($null -ne $thumbprint) { $cert_thumbprints += $thumbprint } @@ -207,9 +207,9 @@ try { # TODO: Add support for PKCS7 and exporting a cert chain $module.Result.thumbprints += $thumbprint $export = $true - if (Test-Path -Path $path -PathType Container) { + if (Test-Path -LiteralPath $path -PathType Container) { $module.FailJson("Cannot export cert to path '$path' as it is a directory") - } elseif (Test-Path -Path $path -PathType Leaf) { + } elseif (Test-Path -LiteralPath $path -PathType Leaf) { $actual_cert_type = Get-CertFileType -path $path -password $password if ($actual_cert_type -eq $file_type) { try { diff --git a/test/integration/targets/win_certificate_store/defaults/main.yml b/test/integration/targets/win_certificate_store/defaults/main.yml index 076b65d639..19ab156654 100644 --- a/test/integration/targets/win_certificate_store/defaults/main.yml +++ b/test/integration/targets/win_certificate_store/defaults/main.yml @@ -1,4 +1,4 @@ -win_cert_dir: '{{win_output_dir}}\win_certificate' +win_cert_dir: '{{win_output_dir}}\win_certificate .ÅÑŚÌβŁÈ [$!@^&test(;)]' key_password: password subj_thumbprint: 'BD7AF104CF1872BDB518D95C9534EA941665FD27' root_thumbprint: 'BC05633694E675449136679A658281F17A191087'