openssl_certificate: Handle dump() in check_mode (#38386)
Currently, when ones run the module in check_mode it tries to retrieve values from the actual certificate generated in the generate() function. Since in check_mode we call dump() without calling generate(), self.cert is None, leading to self.cert.get_notBefore(), self.cert.get_notAfter() and self.cert.get_serial_number() raising an error. > NoneType' object has no attribute 'get_notBefore' The solution is to have two way to handle dump() method, whether its run in check_mode=True or check_mode=False leading to different way the information is retrieved.
This commit is contained in:
parent
57738a3ab4
commit
99497ce54c
2 changed files with 32 additions and 10 deletions
|
@ -423,6 +423,7 @@ class SelfSignedCertificate(Certificate):
|
|||
self.notAfter = module.params['selfsigned_notAfter']
|
||||
self.digest = module.params['selfsigned_digest']
|
||||
self.version = module.params['selfsigned_version']
|
||||
self.serial_number = randint(1000, 99999)
|
||||
self.csr = crypto_utils.load_certificate_request(self.csr_path)
|
||||
self.privatekey = crypto_utils.load_privatekey(
|
||||
self.privatekey_path, self.privatekey_passphrase
|
||||
|
@ -442,7 +443,7 @@ class SelfSignedCertificate(Certificate):
|
|||
|
||||
if not self.check(module, perms_required=False) or self.force:
|
||||
cert = crypto.X509()
|
||||
cert.set_serial_number(randint(1000, 99999))
|
||||
cert.set_serial_number(self.serial_number)
|
||||
if self.notBefore:
|
||||
cert.set_notBefore(self.notBefore)
|
||||
else:
|
||||
|
@ -474,17 +475,29 @@ class SelfSignedCertificate(Certificate):
|
|||
if module.set_fs_attributes_if_different(file_args, False):
|
||||
self.changed = True
|
||||
|
||||
def dump(self):
|
||||
def dump(self, check_mode=False):
|
||||
|
||||
result = {
|
||||
'changed': self.changed,
|
||||
'filename': self.path,
|
||||
'privatekey': self.privatekey_path,
|
||||
'csr': self.csr_path,
|
||||
'csr': self.csr_path
|
||||
}
|
||||
|
||||
if check_mode:
|
||||
now = datetime.datetime.utcnow()
|
||||
ten = now.replace(now.year + 10)
|
||||
result.update({
|
||||
'notBefore': self.notBefore if self.notBefore else now.strftime("%Y%m%d%H%M%SZ"),
|
||||
'notAfter': self.notAfter if self.notAfter else ten.strftime("%Y%m%d%H%M%SZ"),
|
||||
'serial_number': self.serial_number,
|
||||
})
|
||||
else:
|
||||
result.update({
|
||||
'notBefore': self.cert.get_notBefore(),
|
||||
'notAfter': self.cert.get_notAfter(),
|
||||
'serial_number': self.cert.get_serial_number(),
|
||||
}
|
||||
})
|
||||
|
||||
return result
|
||||
|
||||
|
@ -708,7 +721,7 @@ class AssertOnlyCertificate(Certificate):
|
|||
|
||||
return parent_check and assertonly_check
|
||||
|
||||
def dump(self):
|
||||
def dump(self, check_mode=False):
|
||||
|
||||
result = {
|
||||
'changed': self.changed,
|
||||
|
@ -773,7 +786,7 @@ class AcmeCertificate(Certificate):
|
|||
if module.set_fs_attributes_if_different(file_args, False):
|
||||
self.changed = True
|
||||
|
||||
def dump(self):
|
||||
def dump(self, check_mode=False):
|
||||
|
||||
result = {
|
||||
'changed': self.changed,
|
||||
|
@ -859,7 +872,7 @@ def main():
|
|||
if module.params['state'] == 'present':
|
||||
|
||||
if module.check_mode:
|
||||
result = certificate.dump()
|
||||
result = certificate.dump(check_mode=True)
|
||||
result['changed'] = module.params['force'] or not certificate.check(module)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
@ -870,7 +883,7 @@ def main():
|
|||
else:
|
||||
|
||||
if module.check_mode:
|
||||
result = certificate.dump()
|
||||
result = certificate.dump(check_mode=True)
|
||||
result['changed'] = os.path.exists(module.params['path'])
|
||||
module.exit_json(**result)
|
||||
|
||||
|
|
|
@ -28,6 +28,15 @@
|
|||
selfsigned_digest: sha256
|
||||
register: selfsigned_certificate_idempotence
|
||||
|
||||
- name: Generate selfsigned certificate (check mode)
|
||||
openssl_certificate:
|
||||
path: '{{ output_dir }}/cert.pem'
|
||||
csr_path: '{{ output_dir }}/csr.csr'
|
||||
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
||||
provider: selfsigned
|
||||
selfsigned_digest: sha256
|
||||
check_mode: yes
|
||||
|
||||
- name: Check selfsigned certificate
|
||||
openssl_certificate:
|
||||
path: '{{ output_dir }}/cert.pem'
|
||||
|
|
Loading…
Reference in a new issue