java_keystore: overwrite instead of fail when password or alias does not match (#2262)

* Overwrite instead of fail when password does not match. * Update documentation. * Fix tests. * Update plugins/modules/system/java_keystore.py Co-authored-by: Amin Vakil <info@aminvakil.com> * Fix documentation. * Apply suggestions from code review Co-authored-by: quidame <quidame@poivron.org> * Update tests/unit/plugins/modules/system/test_java_keystore.py * One more. Co-authored-by: Amin Vakil <info@aminvakil.com> Co-authored-by: quidame <quidame@poivron.org>
2025-07-24 22:00:22 -07:00 · 2021-04-19 06:59:52 +02:00 · 2021-04-19 06:59:52 +02:00 · 91a0264f38
commit 91a0264f38
parent 6a8eb7b388
4 changed files with 46 additions and 30 deletions
--- a/tests/integration/targets/java_keystore/tasks/tests.yml
+++ b/tests/integration/targets/java_keystore/tasks/tests.yml
@ -64,7 +64,6 @@
  loop: "{{ java_keystore_new_certs }}"
  check_mode: yes
  register: result_alias_change_check
-  when: false  # FIXME: module currently crashes

 - name: Create a Java keystore for the given certificates (alias changed)
  community.general.java_keystore:
@ -72,7 +71,6 @@
    name: foobar
  loop: "{{ java_keystore_new_certs }}"
  register: result_alias_change
-  when: false  # FIXME: module currently crashes


 - name: Create a Java keystore for the given certificates (password changed, check mode)
@ -83,7 +81,6 @@
  loop: "{{ java_keystore_new_certs }}"
  check_mode: yes
  register: result_pw_change_check
-  when: false  # FIXME: module currently crashes

 - name: Create a Java keystore for the given certificates (password changed)
  community.general.java_keystore:
@ -92,7 +89,6 @@
    password: hunter2
  loop: "{{ java_keystore_new_certs }}"
  register: result_pw_change
-  when: false  # FIXME: module currently crashes

 - name: Check that the remote certificates have not been removed
  ansible.builtin.file:
@ -117,7 +113,7 @@
      - result_idem_check is not changed
      - result_change is changed
      - result_change_check is changed
-      # - result_alias_change is changed        # FIXME: module currently crashes
-      # - result_alias_change_check is changed  # FIXME: module currently crashes
-      # - result_pw_change is changed           # FIXME: module currently crashes
-      # - result_pw_change_check is changed     # FIXME: module currently crashes
+      - result_alias_change is changed
+      - result_alias_change_check is changed
+      - result_pw_change is changed
+      - result_pw_change_check is changed
--- a/tests/unit/plugins/modules/system/test_java_keystore.py
+++ b/tests/unit/plugins/modules/system/test_java_keystore.py
@ -250,19 +250,33 @@ class TestCertChanged(ModuleTestCase):
            supports_check_mode=self.spec.supports_check_mode
        )

-        module.fail_json = Mock()
-
        with patch('os.remove', return_value=True):
            self.create_file.side_effect = ['/tmp/placeholder']
            self.run_commands.side_effect = [(0, 'foo=abcd:1234:efgh', ''),
                                             (1, 'keytool error: java.lang.Exception: Alias <foo> does not exist', '')]
-            cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks", "changeit", 'foo')
-            module.fail_json.assert_called_once_with(
-                cmd=["keytool", "-list", "-alias", "foo", "-keystore", "/path/to/keystore.jks", "-storepass:env", "STOREPASS", "-v"],
-                msg='keytool error: java.lang.Exception: Alias <foo> does not exist',
-                err='',
-                rc=1
-            )
+            result = cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks", "changeit", 'foo')
+            self.assertTrue(result, 'Alias mismatch detected')
+
+    def test_cert_changed_password_mismatch(self):
+        set_module_args(dict(
+            certificate='cert-foo',
+            private_key='private-foo',
+            dest='/path/to/keystore.jks',
+            name='foo',
+            password='changeit'
+        ))
+
+        module = AnsibleModule(
+            argument_spec=self.spec.argument_spec,
+            supports_check_mode=self.spec.supports_check_mode
+        )
+
+        with patch('os.remove', return_value=True):
+            self.create_file.side_effect = ['/tmp/placeholder']
+            self.run_commands.side_effect = [(0, 'foo=abcd:1234:efgh', ''),
+                                             (1, 'keytool error: java.io.IOException: Keystore password was incorrect', '')]
+            result = cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks", "changeit", 'foo')
+            self.assertTrue(result, 'Password mismatch detected')

    def test_cert_changed_fail_read_cert(self):
        set_module_args(dict(