mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-25 05:23:58 -07:00 
			
		
		
		
	openssl_certificate: Handle dump() in check_mode (#38386)
Currently, when ones run the module in check_mode it tries to retrieve values from the actual certificate generated in the generate() function. Since in check_mode we call dump() without calling generate(), self.cert is None, leading to self.cert.get_notBefore(), self.cert.get_notAfter() and self.cert.get_serial_number() raising an error. > NoneType' object has no attribute 'get_notBefore' The solution is to have two way to handle dump() method, whether its run in check_mode=True or check_mode=False leading to different way the information is retrieved.
This commit is contained in:
		
					parent
					
						
							
								57738a3ab4
							
						
					
				
			
			
				commit
				
					
						99497ce54c
					
				
			
		
					 2 changed files with 32 additions and 10 deletions
				
			
		|  | @ -423,6 +423,7 @@ class SelfSignedCertificate(Certificate): | ||||||
|         self.notAfter = module.params['selfsigned_notAfter'] |         self.notAfter = module.params['selfsigned_notAfter'] | ||||||
|         self.digest = module.params['selfsigned_digest'] |         self.digest = module.params['selfsigned_digest'] | ||||||
|         self.version = module.params['selfsigned_version'] |         self.version = module.params['selfsigned_version'] | ||||||
|  |         self.serial_number = randint(1000, 99999) | ||||||
|         self.csr = crypto_utils.load_certificate_request(self.csr_path) |         self.csr = crypto_utils.load_certificate_request(self.csr_path) | ||||||
|         self.privatekey = crypto_utils.load_privatekey( |         self.privatekey = crypto_utils.load_privatekey( | ||||||
|             self.privatekey_path, self.privatekey_passphrase |             self.privatekey_path, self.privatekey_passphrase | ||||||
|  | @ -442,7 +443,7 @@ class SelfSignedCertificate(Certificate): | ||||||
| 
 | 
 | ||||||
|         if not self.check(module, perms_required=False) or self.force: |         if not self.check(module, perms_required=False) or self.force: | ||||||
|             cert = crypto.X509() |             cert = crypto.X509() | ||||||
|             cert.set_serial_number(randint(1000, 99999)) |             cert.set_serial_number(self.serial_number) | ||||||
|             if self.notBefore: |             if self.notBefore: | ||||||
|                 cert.set_notBefore(self.notBefore) |                 cert.set_notBefore(self.notBefore) | ||||||
|             else: |             else: | ||||||
|  | @ -474,17 +475,29 @@ class SelfSignedCertificate(Certificate): | ||||||
|         if module.set_fs_attributes_if_different(file_args, False): |         if module.set_fs_attributes_if_different(file_args, False): | ||||||
|             self.changed = True |             self.changed = True | ||||||
| 
 | 
 | ||||||
|     def dump(self): |     def dump(self, check_mode=False): | ||||||
| 
 | 
 | ||||||
|         result = { |         result = { | ||||||
|             'changed': self.changed, |             'changed': self.changed, | ||||||
|             'filename': self.path, |             'filename': self.path, | ||||||
|             'privatekey': self.privatekey_path, |             'privatekey': self.privatekey_path, | ||||||
|             'csr': self.csr_path, |             'csr': self.csr_path | ||||||
|  |         } | ||||||
|  | 
 | ||||||
|  |         if check_mode: | ||||||
|  |             now = datetime.datetime.utcnow() | ||||||
|  |             ten = now.replace(now.year + 10) | ||||||
|  |             result.update({ | ||||||
|  |                 'notBefore': self.notBefore if self.notBefore else now.strftime("%Y%m%d%H%M%SZ"), | ||||||
|  |                 'notAfter': self.notAfter if self.notAfter else ten.strftime("%Y%m%d%H%M%SZ"), | ||||||
|  |                 'serial_number': self.serial_number, | ||||||
|  |             }) | ||||||
|  |         else: | ||||||
|  |             result.update({ | ||||||
|                 'notBefore': self.cert.get_notBefore(), |                 'notBefore': self.cert.get_notBefore(), | ||||||
|                 'notAfter': self.cert.get_notAfter(), |                 'notAfter': self.cert.get_notAfter(), | ||||||
|                 'serial_number': self.cert.get_serial_number(), |                 'serial_number': self.cert.get_serial_number(), | ||||||
|         } |             }) | ||||||
| 
 | 
 | ||||||
|         return result |         return result | ||||||
| 
 | 
 | ||||||
|  | @ -708,7 +721,7 @@ class AssertOnlyCertificate(Certificate): | ||||||
| 
 | 
 | ||||||
|         return parent_check and assertonly_check |         return parent_check and assertonly_check | ||||||
| 
 | 
 | ||||||
|     def dump(self): |     def dump(self, check_mode=False): | ||||||
| 
 | 
 | ||||||
|         result = { |         result = { | ||||||
|             'changed': self.changed, |             'changed': self.changed, | ||||||
|  | @ -773,7 +786,7 @@ class AcmeCertificate(Certificate): | ||||||
|         if module.set_fs_attributes_if_different(file_args, False): |         if module.set_fs_attributes_if_different(file_args, False): | ||||||
|             self.changed = True |             self.changed = True | ||||||
| 
 | 
 | ||||||
|     def dump(self): |     def dump(self, check_mode=False): | ||||||
| 
 | 
 | ||||||
|         result = { |         result = { | ||||||
|             'changed': self.changed, |             'changed': self.changed, | ||||||
|  | @ -859,7 +872,7 @@ def main(): | ||||||
|     if module.params['state'] == 'present': |     if module.params['state'] == 'present': | ||||||
| 
 | 
 | ||||||
|         if module.check_mode: |         if module.check_mode: | ||||||
|             result = certificate.dump() |             result = certificate.dump(check_mode=True) | ||||||
|             result['changed'] = module.params['force'] or not certificate.check(module) |             result['changed'] = module.params['force'] or not certificate.check(module) | ||||||
|             module.exit_json(**result) |             module.exit_json(**result) | ||||||
| 
 | 
 | ||||||
|  | @ -870,7 +883,7 @@ def main(): | ||||||
|     else: |     else: | ||||||
| 
 | 
 | ||||||
|         if module.check_mode: |         if module.check_mode: | ||||||
|             result = certificate.dump() |             result = certificate.dump(check_mode=True) | ||||||
|             result['changed'] = os.path.exists(module.params['path']) |             result['changed'] = os.path.exists(module.params['path']) | ||||||
|             module.exit_json(**result) |             module.exit_json(**result) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -28,6 +28,15 @@ | ||||||
|         selfsigned_digest: sha256 |         selfsigned_digest: sha256 | ||||||
|       register: selfsigned_certificate_idempotence |       register: selfsigned_certificate_idempotence | ||||||
| 
 | 
 | ||||||
|  |     - name: Generate selfsigned certificate (check mode) | ||||||
|  |       openssl_certificate: | ||||||
|  |         path: '{{ output_dir }}/cert.pem' | ||||||
|  |         csr_path: '{{ output_dir }}/csr.csr' | ||||||
|  |         privatekey_path: '{{ output_dir }}/privatekey.pem' | ||||||
|  |         provider: selfsigned | ||||||
|  |         selfsigned_digest: sha256 | ||||||
|  |       check_mode: yes | ||||||
|  | 
 | ||||||
|     - name: Check selfsigned certificate |     - name: Check selfsigned certificate | ||||||
|       openssl_certificate: |       openssl_certificate: | ||||||
|         path: '{{ output_dir }}/cert.pem' |         path: '{{ output_dir }}/cert.pem' | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue