openssl_certificate: update for #54298 (state=absent fix) (#54353)

* Update for #54298: Certificate is abstract, so instantiating doesn't work. * Add test for removal.
2019-03-26 16:09:54 +01:00 · 2019-03-26 16:09:54 +01:00 · 5bb5c9d295
commit 5bb5c9d295
parent df86b9ec3d
3 changed files with 60 additions and 2 deletions
--- a/lib/ansible/modules/crypto/openssl_certificate.py
+++ b/lib/ansible/modules/crypto/openssl_certificate.py
@ -691,6 +691,14 @@ class Certificate(crypto_utils.OpenSSLObject):

        return True

+
+class CertificateAbsent(Certificate):
+    def __init__(self, module):
+        super(CertificateAbsent, self).__init__(module, 'cryptography')  # backend doesn't matter
+
+    def generate(self, module):
+        pass
+
    def dump(self, check_mode=False):
        # Use only for absent

@ -1684,8 +1692,7 @@ def main():
    )

    if module.params['state'] == 'absent':
-        # backend doesn't matter
-        certificate = Certificate(module, 'cryptography')
+        certificate = CertificateAbsent(module)

    else:
        if module.params['provider'] != 'assertonly' and module.params['csr_path'] is None:
--- a/test/integration/targets/openssl_certificate/tasks/impl.yml
+++ b/test/integration/targets/openssl_certificate/tasks/impl.yml
@ -5,3 +5,4 @@
 - import_tasks: expired.yml
 - import_tasks: selfsigned.yml
 - import_tasks: ownca.yml
+- import_tasks: removal.yml
--- a/test/integration/targets/openssl_certificate/tasks/removal.yml
+++ b/test/integration/targets/openssl_certificate/tasks/removal.yml
@ -0,0 +1,50 @@
+---
+- name: (Removal, {{select_crypto_backend}}) Generate privatekey
+  openssl_privatekey:
+    path: '{{ output_dir }}/removal_privatekey.pem'
+
+- name: (Removal, {{select_crypto_backend}}) Generate CSR
+  openssl_csr:
+    path: '{{ output_dir }}/removal_csr.csr'
+    privatekey_path: '{{ output_dir }}/removal_privatekey.pem'
+
+- name: (Removal, {{select_crypto_backend}}) Generate selfsigned certificate
+  openssl_certificate:
+    path: '{{ output_dir }}/removal_cert.pem'
+    csr_path: '{{ output_dir }}/removal_csr.csr'
+    privatekey_path: '{{ output_dir }}/removal_privatekey.pem'
+    provider: selfsigned
+    selfsigned_digest: sha256
+    select_crypto_backend: '{{ select_crypto_backend }}'
+
+- name: "(Removal, {{select_crypto_backend}}) Check that file is not gone"
+  stat:
+    path: "{{ output_dir }}/removal_cert.pem"
+  register: removal_1_prestat
+
+- name: "(Removal, {{select_crypto_backend}}) Remove certificate"
+  openssl_certificate:
+    path: "{{ output_dir }}/removal_cert.pem"
+    state: absent
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: removal_1
+
+- name: "(Removal, {{select_crypto_backend}}) Check that file is gone"
+  stat:
+    path: "{{ output_dir }}/removal_cert.pem"
+  register: removal_1_poststat
+
+- name: "(Removal, {{select_crypto_backend}}) Remove certificate (idempotent)"
+  openssl_certificate:
+    path: "{{ output_dir }}/removal_cert.pem"
+    state: absent
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: removal_2
+
+- name: (Removal, {{select_crypto_backend}}) Ensure removal worked
+  assert:
+    that:
+    - removal_1_prestat.stat.exists
+    - removal_1 is changed
+    - not removal_1_poststat.stat.exists
+    - removal_2 is not changed