param pkcs12_alias and cert_alias to be optional in java_cert module (#9970)

* changed pkcs12_alias and cert_alias to be optional when importing pkcs12 certificate in keystore * Add changelog fragment * Update changelogs/fragments/9970-pkcs12_alias_cert_alias_optional.yml Co-authored-by: Felix Fontein <felix@fontein.de> * Update changelogs/fragments/9970-pkcs12_alias_cert_alias_optional.yml Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Felix Fontein <felix@fontein.de>
2025-04-26 12:21:26 -07:00 · 2025-04-16 20:52:11 +02:00 · 2025-04-16 20:52:11 +02:00 · 42a161abf5
commit 42a161abf5
parent 216e7dc06b
3 changed files with 29 additions and 7 deletions
--- a/changelogs/fragments/9970-pkcs12_alias_cert_alias_optional.yml
+++ b/changelogs/fragments/9970-pkcs12_alias_cert_alias_optional.yml
@ -0,0 +1,2 @@
 bugfixes:
  - java_cert - the module no longer fails if the optional parameters ``pkcs12_alias`` and ``cert_alias`` are not provided (https://github.com/ansible-collections/community.general/pull/9970).
--- a/plugins/modules/java_cert.py
+++ b/plugins/modules/java_cert.py
@ -315,12 +315,13 @@ def _export_public_cert_from_pkcs12(module, executable, pkcs_file, alias, passwo
        "-noprompt",
        "-keystore",
        pkcs_file,
        "-alias",
        alias,
        "-storetype",
        "pkcs12",
        "-rfc"
    ]
    # Append optional alias
    if alias:
        export_cmd.extend(["-alias", alias])
    (export_rc, export_stdout, export_err) = module.run_command(export_cmd, data=password, check_rc=False)
    if export_rc != 0:
@ -393,6 +394,10 @@ def import_pkcs12_path(module, executable, pkcs12_path, pkcs12_pass, pkcs12_alia
                       keystore_path, keystore_pass, keystore_alias, keystore_type):
    ''' Import pkcs12 from path into keystore located on
        keystore_path as alias '''
    optional_aliases = {
        "-destalias": keystore_alias,
        "-srcalias": pkcs12_alias
    }
    import_cmd = [
        executable,
        "-importkeystore",
@ -401,13 +406,14 @@ def import_pkcs12_path(module, executable, pkcs12_path, pkcs12_pass, pkcs12_alia
        "pkcs12",
        "-srckeystore",
        pkcs12_path,
        "-srcalias",
        pkcs12_alias,
        "-destkeystore",
        keystore_path,
        "-destalias",
        keystore_alias
    ]
    # Append optional aliases
    for flag, value in optional_aliases.items():
        if value:
            import_cmd.extend([flag, value])
    import_cmd += _get_keystore_type_keytool_parameters(keystore_type)
    secret_data = "%s\n%s" % (keystore_pass, pkcs12_pass)
--- a/tests/integration/targets/java_cert/tasks/main.yml
+++ b/tests/integration/targets/java_cert/tasks/main.yml
@ -10,7 +10,6 @@
 - when: has_java_keytool
  block:
    - name: prep pkcs12 file
      ansible.builtin.copy:
        src: "{{ test_pkcs12_path }}"
@ -33,6 +32,21 @@
        that:
        - result_success is successful
    - name: import pkcs12 without alias params
      community.general.java_cert:
        pkcs12_path: "{{ remote_tmp_dir }}/{{ test_pkcs12_path }}"
        pkcs12_password: changeit
        keystore_path: "{{ remote_tmp_dir }}/{{ test_keystore_path }}"
        keystore_pass: changeme_keystore
        keystore_create: true
        state: present
      register: result_success_excl_aliases
    - name: verify success
      ansible.builtin.assert:
        that:
        - result_success_excl_aliases is successful
    - name: import pkcs12 with wrong password
      community.general.java_cert:
        pkcs12_path: "{{ remote_tmp_dir }}/{{ test_pkcs12_path }}"
		`@ -0,0 +1,2 @@`
							`bugfixes:`
							- java_cert - the module no longer fails if the optional parameters ``pkcs12_alias`` and ``cert_alias`` are not provided (https://github.com/ansible-collections/community.general/pull/9970).