cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

add trustcacerts option for JAVA keytool (#61750)

Browse source 
* add trustcacerts option for JAVA keytool

* fixed whitespace

* added type in documentation
This commit is contained in:
Florian Paul Hoberg 2019-09-04 14:07:20 +02:00 committed by John R Barker
parent c1e02d5c7a
commit 531e0560cb
1 changed files with 27 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
lib/ansible/modules/system/java_cert.py
View file

@ -41,6 +41,12 @@ options:
- Imported certificate alias. - Imported certificate alias.
- The alias is used when checking for the presence of a certificate in the keystore. - The alias is used when checking for the presence of a certificate in the keystore.
type: str type: str
trust_cacert:
description:
- Trust imported cert as CAcert.
type: bool
default: False
version_added: "2.10"
pkcs12_path: pkcs12_path:
description: description:
- Local path to load PKCS12 keystore from. - Local path to load PKCS12 keystore from.
@ -107,6 +113,16 @@ EXAMPLES = r'''
executable: /usr/lib/jvm/jre7/bin/keytool executable: /usr/lib/jvm/jre7/bin/keytool
state: absent state: absent
- name: Import trusted CA from SSL certificate
java_cert:
cert_path: /opt/certs/rootca.crt
keystore_path: /tmp/cacerts
keystore_pass: changeit
keystore_create: yes
state: present
cert_alias: LE_RootCA
trust_cacert: True
- name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist - name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist
java_cert: java_cert:
cert_url: google.com cert_url: google.com
@ -183,7 +199,7 @@ def check_cert_present(module, executable, keystore_path, keystore_pass, alias,
return False return False
def import_cert_url(module, executable, url, port, keystore_path, keystore_pass, alias, keystore_type): def import_cert_url(module, executable, url, port, keystore_path, keystore_pass, alias, keystore_type, trust_cacert):
''' Import certificate from URL into keystore located at keystore_path ''' ''' Import certificate from URL into keystore located at keystore_path '''
https_proxy = os.getenv("https_proxy") https_proxy = os.getenv("https_proxy")
@ -209,6 +225,8 @@ def import_cert_url(module, executable, url, port, keystore_path, keystore_pass,
"-storepass '%s' -alias '%s' %s") % (executable, keystore_path, "-storepass '%s' -alias '%s' %s") % (executable, keystore_path,
keystore_pass, alias, keystore_pass, alias,
get_keystore_type(keystore_type)) get_keystore_type(keystore_type))
if trust_cacert:
import_cmd = import_cmd + " -trustcacerts"
# Fetch SSL certificate from remote host. # Fetch SSL certificate from remote host.
(_, fetch_out, _) = module.run_command(fetch_cmd, check_rc=True) (_, fetch_out, _) = module.run_command(fetch_cmd, check_rc=True)
@ -227,7 +245,7 @@ def import_cert_url(module, executable, url, port, keystore_path, keystore_pass,
error=import_err) error=import_err)
def import_cert_path(module, executable, path, keystore_path, keystore_pass, alias, keystore_type): def import_cert_path(module, executable, path, keystore_path, keystore_pass, alias, keystore_type, trust_cacert):
''' Import certificate from path into keystore located on ''' Import certificate from path into keystore located on
keystore_path as alias ''' keystore_path as alias '''
import_cmd = ("%s -importcert -noprompt -keystore '%s' " import_cmd = ("%s -importcert -noprompt -keystore '%s' "
@ -235,6 +253,9 @@ def import_cert_path(module, executable, path, keystore_path, keystore_pass, ali
keystore_pass, path, alias, keystore_pass, path, alias,
get_keystore_type(keystore_type)) get_keystore_type(keystore_type))
if trust_cacert:
import_cmd = import_cmd + " -trustcacerts"
# Use local certificate from local path and import it to a java keystore # Use local certificate from local path and import it to a java keystore
(import_rc, import_out, import_err) = module.run_command(import_cmd, (import_rc, import_out, import_err) = module.run_command(import_cmd,
check_rc=False) check_rc=False)
@ -311,6 +332,7 @@ def main():
cert_port=dict(type='int', default=443), cert_port=dict(type='int', default=443),
keystore_path=dict(type='path'), keystore_path=dict(type='path'),
keystore_pass=dict(type='str', required=True, no_log=True), keystore_pass=dict(type='str', required=True, no_log=True),
trust_cacert=dict(type='bool', default=False),
keystore_create=dict(type='bool', default=False), keystore_create=dict(type='bool', default=False),
keystore_type=dict(type='str'), keystore_type=dict(type='str'),
executable=dict(type='str', default='keytool'), executable=dict(type='str', default='keytool'),
@ -336,6 +358,7 @@ def main():
pkcs12_alias = module.params.get('pkcs12_alias', '1') pkcs12_alias = module.params.get('pkcs12_alias', '1')
cert_alias = module.params.get('cert_alias') or url cert_alias = module.params.get('cert_alias') or url
trust_cacert = module.params.get('trust_cacert')
keystore_path = module.params.get('keystore_path') keystore_path = module.params.get('keystore_path')
keystore_pass = module.params.get('keystore_pass') keystore_pass = module.params.get('keystore_pass')
@ -373,11 +396,11 @@ def main():
if path: if path:
import_cert_path(module, executable, path, keystore_path, import_cert_path(module, executable, path, keystore_path,
keystore_pass, cert_alias, keystore_type) keystore_pass, cert_alias, keystore_type, trust_cacert)
if url: if url:
import_cert_url(module, executable, url, port, keystore_path, import_cert_url(module, executable, url, port, keystore_path,
keystore_pass, cert_alias, keystore_type) keystore_pass, cert_alias, keystore_type, trust_cacert)
module.exit_json(changed=False) module.exit_json(changed=False)