[cloud] iam_cert: allow paths to be specified so slurp is not necessary for remote host… (#26097)

* allow paths to be specified so slurp is not necessary for remote hosts to use * Make requested changes remove unused parameters * remove module used out of scope check the potential filepath to be true before checking isfile remove required: false * rephrase documentation * remove 'lookups' from example
2017-07-17 15:00:54 -04:00 · 2017-07-17 15:00:54 -04:00 · 66f5a094bc
commit 66f5a094bc
parent d64e291274
1 changed files with 32 additions and 16 deletions
--- a/lib/ansible/modules/cloud/amazon/iam_cert.py
+++ b/lib/ansible/modules/cloud/amazon/iam_cert.py
@ -50,24 +50,20 @@ options:
    default: "/"
  cert_chain:
    description:
-      - The CA certificate chain in PEM encoded format.
-      - Note that prior to 2.4, this parameter expected a path to a file.
-        Since 2.4 this is now accomplished using a lookup plugin. See examples for detail.
+      - The path to, or content of the CA certificate chain in PEM encoded format.
+        As of 2.4 content is accepted. If the parameter is not a file, it is assumed to be content.
  cert:
    description:
-      - The certificate body in PEM encoded format.
-      - Note that prior to 2.4, this parameter expected a path to a file.
-        Since 2.4 this is now accomplished using a lookup plugin. See examples for detail.
+      - The path to, or content of the certificate body in PEM encoded format.
+        As of 2.4 content is accepted. If the parameter is not a file, it is assumed to be content.
  key:
    description:
-      - The key of the certificate in PEM encoded format.
-      - Note that prior to 2.4, this parameter expected a path to a file.
-        Since 2.4 this is now accomplished using a lookup plugin. See examples for detail.
+      - The path to, or content of the private key in PEM encoded format.
+        As of 2.4 content is accepted. If the parameter is not a file, it is assumed to be content.
  dup_ok:
    description:
      - By default the module will not upload a certificate that is already uploaded into AWS.
        If set to True, it will upload the certificate as long as the name is unique.
-    required: false
    default: False


@ -87,6 +83,14 @@ EXAMPLES = '''
    key: "{{ lookup('file', 'path/to/key') }}"
    cert_chain: "{{ lookup('file', 'path/to/certchain') }}"

+# Basic server certificate upload
+- iam_cert:
+    name: very_ssl
+    state: present
+    cert: path/to/cert
+    key: path/to/key
+    cert_chain: path/to/certchain
+
 # Server certificate upload using key string
 - iam_cert:
    name: very_ssl
@ -105,6 +109,7 @@ EXAMPLES = '''
 '''
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ec2 import ec2_argument_spec, get_aws_connection_info, connect_to_aws
+import os

 try:
    import boto
@ -222,6 +227,17 @@ def cert_action(module, iam, name, cpath, new_name, new_path, state,
            module.exit_json(changed=changed, msg='Certificate with the name %s already absent' % name)


+def load_data(cert, key, cert_chain):
+    # if paths are provided rather than lookups read the files and return the contents
+    if cert and os.path.isfile(cert):
+        cert = open(cert, 'r').read().rstrip()
+    if key and os.path.isfile(key):
+        key = open(key, 'r').read().rstrip()
+    if cert_chain and os.path.isfile(cert_chain):
+        cert_chain = open(cert_chain, 'r').read()
+    return cert, key, cert_chain
+
+
 def main():
    argument_spec = ec2_argument_spec()
    argument_spec.update(dict(
@ -231,9 +247,9 @@ def main():
        key=dict(no_log=True),
        cert_chain=dict(),
        new_name=dict(),
-        path=dict(default='/', required=False),
-        new_path=dict(required=False),
-        dup_ok=dict(required=False, type='bool')
+        path=dict(default='/'),
+        new_path=dict(),
+        dup_ok=dict(type='bool')
    )
    )

@ -269,9 +285,9 @@ def main():
    new_path = module.params.get('new_path')
    dup_ok = module.params.get('dup_ok')
    if state == 'present' and not new_name and not new_path:
-        cert = module.params.get('cert')
-        key = module.params.get('key')
-        cert_chain = module.params.get('cert_chain')
+        cert, key, cert_chain = load_data(cert=module.params.get('cert'),
+                                          key=module.params.get('key'),
+                                          cert_chain=module.params.get('cert_chain'))
    else:
        cert = key = cert_chain = None