From f23f277e468cb3c02bf7bcbd866e93d9b71f2ff4 Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Sun, 21 Jan 2018 12:26:18 +0100 Subject: [PATCH] Verify that acme-tiny is present (#35145) * Verify that acme-tiny is present * Use run_command rather than subprocess for acme-tiny Besides consistency with the rest of the code base, this also add 2 bug fixes: - ansible should no longer show "warning, junk after json" when using the module - it also verify the return code of acme-tiny, and so fail when the verification fail. The previous code didn't check rc, so it would continue with a empty file --- lib/ansible/modules/crypto/openssl_certificate.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/lib/ansible/modules/crypto/openssl_certificate.py b/lib/ansible/modules/crypto/openssl_certificate.py index 531a54826e..676415fff6 100644 --- a/lib/ansible/modules/crypto/openssl_certificate.py +++ b/lib/ansible/modules/crypto/openssl_certificate.py @@ -340,7 +340,6 @@ filename: from random import randint import datetime -import subprocess import os from ansible.module_utils import crypto as crypto_utils @@ -748,13 +747,15 @@ class AcmeCertificate(Certificate): ) if not self.check(module, perms_required=False) or self.force: + acme_tiny_path = self.module.get_bin_path('acme-tiny', required=True) + try: - p = subprocess.Popen([ - 'acme-tiny', - '--account-key', self.accountkey_path, - '--csr', self.csr_path, - '--acme-dir', self.challenge_path], stdout=subprocess.PIPE) - crt = p.communicate()[0] + crt = module.run_command("%s --account-key %s --csr %s" + "--acme-dir %s" % (acme_tiny_path, + self.accountkey_path, + self.csr_path, + self.challenge_path), + check_rc=True)[1] with open(self.path, 'wb') as certfile: certfile.write(str(crt)) except OSError as exc: