openssl_pkcs12: privatekey_path and friendly_name are not always required together (#54370)

* Removed required_together, updated tests Since required_together: privatekey_path -> friendly_name, is not always required it has been removed. Updated openssl_pkcs12 integration tests to be in line with other openssl_* modules, and added a test for export with no privatekey_path. * linter fixes * Removed cryptography from tests * Added changelog fragment * Removed non-necessary select_crypto_backend
2019-03-26 15:06:00 +00:00 · 2019-03-26 15:06:00 +00:00 · df86b9ec3d
commit df86b9ec3d
parent 1c6bc5ed4a
5 changed files with 127 additions and 109 deletions
--- a/changelogs/fragments/54370-openssl_pkcs12_pkey_path_friendly_name_not_together.yaml
+++ b/changelogs/fragments/54370-openssl_pkcs12_pkey_path_friendly_name_not_together.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- "openssl_pkcs12 - No need to specify ``privatekey_path`` when ``friendly_name`` is specified."
--- a/lib/ansible/modules/crypto/openssl_pkcs12.py
+++ b/lib/ansible/modules/crypto/openssl_pkcs12.py
@ -307,15 +307,10 @@ def main():
        ['action', 'parse', ['src']],
    ]

-    required_together = [
-        ['privatekey_path', 'friendly_name'],
-    ]
-
    module = AnsibleModule(
        add_file_common_args=True,
        argument_spec=argument_spec,
        required_if=required_if,
-        required_together=required_together,
        supports_check_mode=True,
    )

--- a/test/integration/targets/openssl_pkcs12/tasks/impl.yml
+++ b/test/integration/targets/openssl_pkcs12/tasks/impl.yml
@ -0,0 +1,115 @@
+- block:
+  - name: 'Generate privatekey with'
+    openssl_privatekey:
+      path: "{{ output_dir }}/ansible_pkey.pem"
+
+  - name: 'Generate CSR with'
+    openssl_csr:
+      path: "{{ output_dir }}/ansible.csr"
+      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
+      commonName: 'www.ansible.com'
+
+  - name: 'Generate certificate'
+    openssl_certificate:
+      path: "{{ output_dir }}/ansible.crt"
+      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
+      csr_path: "{{ output_dir }}/ansible.csr"
+      provider: selfsigned
+
+  - name: 'Generate PKCS#12 file'
+    openssl_pkcs12:
+      path: "{{ output_dir }}/ansible.p12"
+      friendly_name: 'abracadabra'
+      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
+      certificate_path: "{{ output_dir }}/ansible.crt"
+      state: present
+    register: p12_standard
+
+  - name: 'Generate PKCS#12 file (force)'
+    openssl_pkcs12:
+      path: "{{ output_dir }}/ansible.p12"
+      friendly_name: 'abracadabra'
+      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
+      certificate_path: "{{ output_dir }}/ansible.crt"
+      state: present
+      force: True
+    register: p12_force
+
+  - name: 'Generate PKCS#12 file (force + change mode)'
+    openssl_pkcs12:
+      path: "{{ output_dir }}/ansible.p12"
+      friendly_name: 'abracadabra'
+      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
+      certificate_path: "{{ output_dir }}/ansible.crt"
+      state: present
+      force: True
+      mode: 0644
+    register: p12_force_and_mode
+
+  - name: 'Dump PKCS#12'
+    openssl_pkcs12:
+      src: "{{ output_dir }}/ansible.p12"
+      path: "{{ output_dir }}/ansible_parse.pem"
+      action: 'parse'
+      state: 'present'
+
+  - name: Generate privatekey with password
+    openssl_privatekey:
+      path: '{{ output_dir }}/privatekeypw.pem'
+      passphrase: hunter2
+      cipher: auto
+      select_crypto_backend: cryptography
+
+  - name: 'Generate PKCS#12 file (password fail 1)'
+    openssl_pkcs12:
+      path: "{{ output_dir }}/ansible_pw1.p12"
+      friendly_name: 'abracadabra'
+      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
+      privatekey_passphrase: hunter2
+      certificate_path: "{{ output_dir }}/ansible.crt"
+      state: present
+    ignore_errors: yes
+    register: passphrase_error_1
+
+  - name: 'Generate PKCS#12 file (password fail 2)'
+    openssl_pkcs12:
+      path: "{{ output_dir }}/ansible_pw2.p12"
+      friendly_name: 'abracadabra'
+      privatekey_path: '{{ output_dir }}/privatekeypw.pem'
+      privatekey_passphrase: wrong_password
+      certificate_path: "{{ output_dir }}/ansible.crt"
+      state: present
+    ignore_errors: yes
+    register: passphrase_error_2
+
+  - name: 'Generate PKCS#12 file (password fail 3)'
+    openssl_pkcs12:
+      path: "{{ output_dir }}/ansible_pw3.p12"
+      friendly_name: 'abracadabra'
+      privatekey_path: '{{ output_dir }}/privatekeypw.pem'
+      certificate_path: "{{ output_dir }}/ansible.crt"
+      state: present
+    ignore_errors: yes
+    register: passphrase_error_3
+
+  - name: 'Generate PKCS#12 file, no privatekey'
+    openssl_pkcs12:
+      path: "{{ output_dir }}/ansible_no_pkey.p12"
+      friendly_name: 'abracadabra'
+      certificate_path: "{{ output_dir }}/ansible.crt"
+      state: present
+    register: p12_no_pkey
+
+  - import_tasks: ../tests/validate.yml
+
+  always:
+  - name: 'Delete PKCS#12 file'
+    openssl_pkcs12:
+      state: absent
+      path: '{{ output_dir }}/ansible.p12'
+    loop:
+      - 'ansible'
+      - 'ansible_no_pkey'
+      - 'ansible_pw1'
+      - 'ansible_pw2'
+      - 'ansible_pw3'
--- a/test/integration/targets/openssl_pkcs12/tasks/main.yml
+++ b/test/integration/targets/openssl_pkcs12/tasks/main.yml
@ -1,104 +1,4 @@
- block:
-  - name: 'Generate privatekey'
-    openssl_privatekey:
-      path: "{{ output_dir }}/ansible_pkey.pem"
-
-  - name: 'Generate CSR'
-    openssl_csr:
-      path: "{{ output_dir }}/ansible.csr"
-      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
-      commonName: 'www.ansible.com'
-
-  - name: 'Generate certificate'
-    openssl_certificate:
-      path: "{{ output_dir }}/ansible.crt"
-      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
-      csr_path: "{{ output_dir }}/ansible.csr"
-      provider: selfsigned
-
-  - name: 'Generate PKCS#12 file'
-    openssl_pkcs12:
-      path: "{{ output_dir }}/ansible.p12"
-      friendly_name: 'abracadabra'
-      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
-      certificate_path: "{{ output_dir }}/ansible.crt"
-      state: present
-    register: p12_standard
-
-  - name: 'Generate PKCS#12 file (force)'
-    openssl_pkcs12:
-      path: "{{ output_dir }}/ansible.p12"
-      friendly_name: 'abracadabra'
-      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
-      certificate_path: "{{ output_dir }}/ansible.crt"
-      state: present
-      force: True
-    register: p12_force
-
-  - name: 'Generate PKCS#12 file (force + change mode)'
-    openssl_pkcs12:
-      path: "{{ output_dir }}/ansible.p12"
-      friendly_name: 'abracadabra'
-      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
-      certificate_path: "{{ output_dir }}/ansible.crt"
-      state: present
-      force: True
-      mode: 0644
-    register: p12_force_and_mode
-
-  - name: 'Dump PKCS#12'
-    openssl_pkcs12:
-      src: "{{ output_dir }}/ansible.p12"
-      path: "{{ output_dir }}/ansible_parse.pem"
-      action: 'parse'
-      state: 'present'
-
-  - name: Generate privatekey with password
-    openssl_privatekey:
-      path: '{{ output_dir }}/privatekeypw.pem'
-      passphrase: hunter2
-      cipher: auto
-      select_crypto_backend: cryptography
-
-  - name: 'Generate PKCS#12 file (password fail 1)'
-    openssl_pkcs12:
-      path: "{{ output_dir }}/ansible_pw1.p12"
-      friendly_name: 'abracadabra'
-      privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
-      privatekey_passphrase: hunter2
-      certificate_path: "{{ output_dir }}/ansible.crt"
-      state: present
-    ignore_errors: yes
-    register: passphrase_error_1
-
-  - name: 'Generate PKCS#12 file (password fail 2)'
-    openssl_pkcs12:
-      path: "{{ output_dir }}/ansible_pw2.p12"
-      friendly_name: 'abracadabra'
-      privatekey_path: '{{ output_dir }}/privatekeypw.pem'
-      privatekey_passphrase: wrong_password
-      certificate_path: "{{ output_dir }}/ansible.crt"
-      state: present
-    ignore_errors: yes
-    register: passphrase_error_2
-
-  - name: 'Generate PKCS#12 file (password fail 3)'
-    openssl_pkcs12:
-      path: "{{ output_dir }}/ansible_pw3.p12"
-      friendly_name: 'abracadabra'
-      privatekey_path: '{{ output_dir }}/privatekeypw.pem'
-      certificate_path: "{{ output_dir }}/ansible.crt"
-      state: present
-    ignore_errors: yes
-    register: passphrase_error_3
-
-  - import_tasks: ../tests/validate.yml
-
-  always:
-  - name: 'Delete PKCS#12 file'
-    openssl_pkcs12:
-      state: absent
-      path: '{{ output_dir }}/ansible.p12'
-
-  # this is the pyopenssl version on my laptop.
-  when: pyopenssl_version.stdout is version_compare('17.1.0', '>=')
+---
+- name: Run tests
+  include_tasks: impl.yml
+  when: pyopenssl_version.stdout is version('17.1.0', '>=')
--- a/test/integration/targets/openssl_pkcs12/tests/validate.yml
+++ b/test/integration/targets/openssl_pkcs12/tests/validate.yml
@ -7,11 +7,17 @@
  command: "openssl pkcs12 -info -in {{ output_dir }}/ansible.p12 -nodes -passin pass:''"
  register: p12

+- name: 'Validate PKCS#12 with no private key'
+  command: "openssl pkcs12 -info -in {{ output_dir }}/ansible_no_pkey.p12 -nodes -passin pass:''"
+  register: p12_validate_no_pkey
+
 - name: 'Validate PKCS#12 (assert)'
  assert:
    that:
      - p12.stdout_lines[2].split(':')[-1].strip() == 'abracadabra'
      - p12_standard.mode == '0400'
+      - p12_no_pkey.changed
+      - p12_validate_no_pkey.stdout_lines[-1] == '-----END CERTIFICATE-----'
      - p12_force.changed
      - p12_force_and_mode.mode == '0644' and p12_force_and_mode.changed