java_keystore: overwrite instead of fail when password or alias does not match (#2262)

* Overwrite instead of fail when password does not match.

* Update documentation.

* Fix tests.

* Update plugins/modules/system/java_keystore.py

Co-authored-by: Amin Vakil <info@aminvakil.com>

* Fix documentation.

* Apply suggestions from code review

Co-authored-by: quidame <quidame@poivron.org>

* Update tests/unit/plugins/modules/system/test_java_keystore.py

* One more.

Co-authored-by: Amin Vakil <info@aminvakil.com>
Co-authored-by: quidame <quidame@poivron.org>
This commit is contained in:
Felix Fontein 2021-04-19 06:59:52 +02:00 committed by GitHub
commit 91a0264f38
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 46 additions and 30 deletions

View file

@ -64,7 +64,6 @@
loop: "{{ java_keystore_new_certs }}"
check_mode: yes
register: result_alias_change_check
when: false # FIXME: module currently crashes
- name: Create a Java keystore for the given certificates (alias changed)
community.general.java_keystore:
@ -72,7 +71,6 @@
name: foobar
loop: "{{ java_keystore_new_certs }}"
register: result_alias_change
when: false # FIXME: module currently crashes
- name: Create a Java keystore for the given certificates (password changed, check mode)
@ -83,7 +81,6 @@
loop: "{{ java_keystore_new_certs }}"
check_mode: yes
register: result_pw_change_check
when: false # FIXME: module currently crashes
- name: Create a Java keystore for the given certificates (password changed)
community.general.java_keystore:
@ -92,7 +89,6 @@
password: hunter2
loop: "{{ java_keystore_new_certs }}"
register: result_pw_change
when: false # FIXME: module currently crashes
- name: Check that the remote certificates have not been removed
ansible.builtin.file:
@ -117,7 +113,7 @@
- result_idem_check is not changed
- result_change is changed
- result_change_check is changed
# - result_alias_change is changed # FIXME: module currently crashes
# - result_alias_change_check is changed # FIXME: module currently crashes
# - result_pw_change is changed # FIXME: module currently crashes
# - result_pw_change_check is changed # FIXME: module currently crashes
- result_alias_change is changed
- result_alias_change_check is changed
- result_pw_change is changed
- result_pw_change_check is changed

View file

@ -250,19 +250,33 @@ class TestCertChanged(ModuleTestCase):
supports_check_mode=self.spec.supports_check_mode
)
module.fail_json = Mock()
with patch('os.remove', return_value=True):
self.create_file.side_effect = ['/tmp/placeholder']
self.run_commands.side_effect = [(0, 'foo=abcd:1234:efgh', ''),
(1, 'keytool error: java.lang.Exception: Alias <foo> does not exist', '')]
cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks", "changeit", 'foo')
module.fail_json.assert_called_once_with(
cmd=["keytool", "-list", "-alias", "foo", "-keystore", "/path/to/keystore.jks", "-storepass:env", "STOREPASS", "-v"],
msg='keytool error: java.lang.Exception: Alias <foo> does not exist',
err='',
rc=1
)
result = cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks", "changeit", 'foo')
self.assertTrue(result, 'Alias mismatch detected')
def test_cert_changed_password_mismatch(self):
set_module_args(dict(
certificate='cert-foo',
private_key='private-foo',
dest='/path/to/keystore.jks',
name='foo',
password='changeit'
))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode
)
with patch('os.remove', return_value=True):
self.create_file.side_effect = ['/tmp/placeholder']
self.run_commands.side_effect = [(0, 'foo=abcd:1234:efgh', ''),
(1, 'keytool error: java.io.IOException: Keystore password was incorrect', '')]
result = cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks", "changeit", 'foo')
self.assertTrue(result, 'Password mismatch detected')
def test_cert_changed_fail_read_cert(self):
set_module_args(dict(