ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-28 15:41:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

java_keystore: fix keystore type (#2516) (#2893)

Browse source 
* fix keystore type; update unit tests

* add changelog fragment

* document new param 'keystore_type'

* add keystore_type support (backward compatible)

* check JKS format with magic bytes
* update integration tests
* revert first changes in unit tests
* update changelog fragment

* fix magic bytes for python2/python3

* fix integration tests (irrelevant check_mode)

* fix unit test (keystore removed before failure => changed=true)

* fix typo

* fix spelling

* shorten a branch

* mock is_jks_or_pkcs12

* fix function path in unit tests

* Apply suggestions from code review (spelling)

Co-authored-by: Ajpantuso <ajpantuso@gmail.com>

* rename a method (module + unit tests)

* move ArgumentSpec class content to main()

* refactor create() to not loose existing keystore in case of error

* update unit tests

* add integration test (error handling)

* fix keystore backup cleanup

Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
(cherry picked from commit 199ead85d0)

Co-authored-by: quidame <quidame@poivron.org>
This commit is contained in:
patchback[bot] 2021-06-27 15:44:31 +02:00 committed by GitHub
commit 138b57230a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 308 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

115
tests/integration/targets/java_keystore/tasks/tests.yml
View file

@ -24,6 +24,7 @@
private_key_passphrase: "{{ item.passphrase | d(omit) }}"
password: changeit
ssl_backend: "{{ ssl_backend }}"
keystore_type: "{{ item.keystore_type | d(omit) }}"
loop: "{{ java_keystore_certs }}"
check_mode: yes
register: result_check
@ -91,6 +92,98 @@
loop: "{{ java_keystore_new_certs }}"
register: result_pw_change
- name: Create a Java keystore for the given certificates (force keystore type pkcs12, check mode)
community.general.java_keystore:
<<: *java_keystore_params
name: foobar
password: hunter2
keystore_type: pkcs12
loop: "{{ java_keystore_new_certs }}"
check_mode: yes
register: result_type_pkcs12_check
- name: Create a Java keystore for the given certificates (force keystore type jks, check mode)
community.general.java_keystore:
<<: *java_keystore_params
name: foobar
password: hunter2
keystore_type: jks
loop: "{{ java_keystore_new_certs }}"
check_mode: yes
register: result_type_jks_check
- name: Create a Java keystore for the given certificates (force keystore type jks)
community.general.java_keystore:
<<: *java_keystore_params
name: foobar
password: hunter2
keystore_type: jks
loop: "{{ java_keystore_new_certs }}"
register: result_type_jks
- name: Stat keystore (before failure)
ansible.builtin.stat:
path: "{{ output_dir ~ '/' ~ (item.keyname | d(item.name)) ~ '.jks' }}"
loop: "{{ java_keystore_new_certs }}"
register: result_stat_before
- name: Fail to create a Java keystore for the given certificates (password too short)
community.general.java_keystore:
<<: *java_keystore_params
name: foobar
password: short
keystore_type: jks
loop: "{{ java_keystore_new_certs }}"
register: result_fail_jks
ignore_errors: true
- name: Stat keystore (after failure)
ansible.builtin.stat:
path: "{{ output_dir ~ '/' ~ (item.keyname | d(item.name)) ~ '.jks' }}"
loop: "{{ java_keystore_new_certs }}"
register: result_stat_after
- name: Create a Java keystore for the given certificates (keystore type changed, check mode)
community.general.java_keystore:
<<: *java_keystore_params
name: foobar
password: hunter2
keystore_type: pkcs12
loop: "{{ java_keystore_new_certs }}"
check_mode: yes
register: result_type_change_check
- name: Create a Java keystore for the given certificates (keystore type changed)
community.general.java_keystore:
<<: *java_keystore_params
name: foobar
password: hunter2
keystore_type: pkcs12
loop: "{{ java_keystore_new_certs }}"
register: result_type_change
- name: Create a Java keystore for the given certificates (omit keystore type, check mode)
community.general.java_keystore:
<<: *java_keystore_params
name: foobar
password: hunter2
loop: "{{ java_keystore_new_certs }}"
check_mode: yes
register: result_type_omit_check
- name: Create a Java keystore for the given certificates (omit keystore type)
community.general.java_keystore:
<<: *java_keystore_params
name: foobar
password: hunter2
loop: "{{ java_keystore_new_certs }}"
register: result_type_omit
- name: Check that the remote certificates have not been removed
ansible.builtin.file:
path: "{{ output_dir ~ '/' ~ item.name ~ '.pem' }}"
@ -118,3 +211,25 @@
- result_alias_change_check is changed
- result_pw_change is changed
- result_pw_change_check is changed
# We don't know if we start from jks or pkcs12 format, anyway check mode
# and actual mode must return the same 'changed' state, and 'jks' and
# 'pkcs12' must give opposite results on a same host.
- result_type_jks_check.changed != result_type_pkcs12_check.changed
- result_type_jks_check.changed == result_type_jks.changed
- result_type_change is changed
- result_type_change_check is changed
- result_type_omit is not changed
- result_type_omit_check is not changed
# keystore properties must remain the same after failure
- result_fail_jks is failed
- result_stat_before.results[0].stat.uid == result_stat_after.results[0].stat.uid
- result_stat_before.results[1].stat.uid == result_stat_after.results[1].stat.uid
- result_stat_before.results[0].stat.gid == result_stat_after.results[0].stat.gid
- result_stat_before.results[1].stat.gid == result_stat_after.results[1].stat.gid
- result_stat_before.results[0].stat.mode == result_stat_after.results[0].stat.mode
- result_stat_before.results[1].stat.mode == result_stat_after.results[1].stat.mode
- result_stat_before.results[0].stat.checksum == result_stat_after.results[0].stat.checksum
- result_stat_before.results[1].stat.checksum == result_stat_after.results[1].stat.checksum