From 66f5a094bcb9789d8c84f607cbc09852b011ccc9 Mon Sep 17 00:00:00 2001 From: Sloane Hertel Date: Mon, 17 Jul 2017 15:00:54 -0400 Subject: [PATCH] =?UTF-8?q?[cloud]=20iam=5Fcert:=20allow=20paths=20to=20be?= =?UTF-8?q?=20specified=20so=20slurp=20is=20not=20necessary=20for=20remote?= =?UTF-8?q?=20host=E2=80=A6=20(#26097)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * allow paths to be specified so slurp is not necessary for remote hosts to use * Make requested changes remove unused parameters * remove module used out of scope check the potential filepath to be true before checking isfile remove required: false * rephrase documentation * remove 'lookups' from example --- lib/ansible/modules/cloud/amazon/iam_cert.py | 48 +++++++++++++------- 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/lib/ansible/modules/cloud/amazon/iam_cert.py b/lib/ansible/modules/cloud/amazon/iam_cert.py index f7b512e505d..c16475dd270 100644 --- a/lib/ansible/modules/cloud/amazon/iam_cert.py +++ b/lib/ansible/modules/cloud/amazon/iam_cert.py @@ -50,24 +50,20 @@ options: default: "/" cert_chain: description: - - The CA certificate chain in PEM encoded format. - - Note that prior to 2.4, this parameter expected a path to a file. - Since 2.4 this is now accomplished using a lookup plugin. See examples for detail. + - The path to, or content of the CA certificate chain in PEM encoded format. + As of 2.4 content is accepted. If the parameter is not a file, it is assumed to be content. cert: description: - - The certificate body in PEM encoded format. - - Note that prior to 2.4, this parameter expected a path to a file. - Since 2.4 this is now accomplished using a lookup plugin. See examples for detail. + - The path to, or content of the certificate body in PEM encoded format. + As of 2.4 content is accepted. If the parameter is not a file, it is assumed to be content. key: description: - - The key of the certificate in PEM encoded format. - - Note that prior to 2.4, this parameter expected a path to a file. - Since 2.4 this is now accomplished using a lookup plugin. See examples for detail. + - The path to, or content of the private key in PEM encoded format. + As of 2.4 content is accepted. If the parameter is not a file, it is assumed to be content. dup_ok: description: - By default the module will not upload a certificate that is already uploaded into AWS. If set to True, it will upload the certificate as long as the name is unique. - required: false default: False @@ -87,6 +83,14 @@ EXAMPLES = ''' key: "{{ lookup('file', 'path/to/key') }}" cert_chain: "{{ lookup('file', 'path/to/certchain') }}" +# Basic server certificate upload +- iam_cert: + name: very_ssl + state: present + cert: path/to/cert + key: path/to/key + cert_chain: path/to/certchain + # Server certificate upload using key string - iam_cert: name: very_ssl @@ -105,6 +109,7 @@ EXAMPLES = ''' ''' from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ec2 import ec2_argument_spec, get_aws_connection_info, connect_to_aws +import os try: import boto @@ -222,6 +227,17 @@ def cert_action(module, iam, name, cpath, new_name, new_path, state, module.exit_json(changed=changed, msg='Certificate with the name %s already absent' % name) +def load_data(cert, key, cert_chain): + # if paths are provided rather than lookups read the files and return the contents + if cert and os.path.isfile(cert): + cert = open(cert, 'r').read().rstrip() + if key and os.path.isfile(key): + key = open(key, 'r').read().rstrip() + if cert_chain and os.path.isfile(cert_chain): + cert_chain = open(cert_chain, 'r').read() + return cert, key, cert_chain + + def main(): argument_spec = ec2_argument_spec() argument_spec.update(dict( @@ -231,9 +247,9 @@ def main(): key=dict(no_log=True), cert_chain=dict(), new_name=dict(), - path=dict(default='/', required=False), - new_path=dict(required=False), - dup_ok=dict(required=False, type='bool') + path=dict(default='/'), + new_path=dict(), + dup_ok=dict(type='bool') ) ) @@ -269,9 +285,9 @@ def main(): new_path = module.params.get('new_path') dup_ok = module.params.get('dup_ok') if state == 'present' and not new_name and not new_path: - cert = module.params.get('cert') - key = module.params.get('key') - cert_chain = module.params.get('cert_chain') + cert, key, cert_chain = load_data(cert=module.params.get('cert'), + key=module.params.get('key'), + cert_chain=module.params.get('cert_chain')) else: cert = key = cert_chain = None