diff options
| author | Felix Fontein <felix@fontein.de> | 2019-01-10 17:37:17 +0100 |
|---|---|---|
| committer | Toshio Kuratomi <a.badger@gmail.com> | 2019-01-10 08:37:17 -0800 |
| commit | 20eaebd9b2e86178fc9a4737b9a955fd326b5d2c (patch) | |
| tree | 04f441fe8b3383d3287c5dbeb9a9e3308c997c1e | |
| parent | 66720f470af2f9d69b27ed742ffa0be1b1e49249 (diff) | |
| download | ansible-20eaebd9b2e86178fc9a4737b9a955fd326b5d2c.tar.gz | |
[2.7] openssl_pkcs12: fix ca_certificates path expansion (#50697)
* Expand user and variables in ca_certificates paths.
This is a fix specific for stable-2.7. In devel (and stable-2.8),
this problem is fixed by #48473. That PR adds argument spec
validation for list elements.
* Add changelog.
| -rw-r--r-- | changelogs/fragments/50697-openssl_pkcs12-ca_certificates.yaml | 2 | ||||
| -rw-r--r-- | lib/ansible/modules/crypto/openssl_pkcs12.py | 2 | ||||
| -rwxr-xr-x | test/sanity/code-smell/use-argspec-type-path.py | 1 |
3 files changed, 4 insertions, 1 deletions
diff --git a/changelogs/fragments/50697-openssl_pkcs12-ca_certificates.yaml b/changelogs/fragments/50697-openssl_pkcs12-ca_certificates.yaml new file mode 100644 index 0000000000..0a936c18c9 --- /dev/null +++ b/changelogs/fragments/50697-openssl_pkcs12-ca_certificates.yaml @@ -0,0 +1,2 @@ +bugfixes: +- "openssl_pkcs12 - now does proper path expansion for ``ca_certificates``." diff --git a/lib/ansible/modules/crypto/openssl_pkcs12.py b/lib/ansible/modules/crypto/openssl_pkcs12.py index 35023cd291..df50e68dbe 100644 --- a/lib/ansible/modules/crypto/openssl_pkcs12.py +++ b/lib/ansible/modules/crypto/openssl_pkcs12.py @@ -222,7 +222,7 @@ class Pkcs(crypto_utils.OpenSSLObject): module.fail_json(msg=to_native(exc)) if self.ca_certificates: - ca_certs = [crypto_utils.load_certificate(ca_cert) for ca_cert + ca_certs = [crypto_utils.load_certificate(os.path.expanduser(os.path.expandvars(ca_cert))) for ca_cert in self.ca_certificates] self.pkcs12.set_ca_certificates(ca_certs) diff --git a/test/sanity/code-smell/use-argspec-type-path.py b/test/sanity/code-smell/use-argspec-type-path.py index a052030a38..9efa19671a 100755 --- a/test/sanity/code-smell/use-argspec-type-path.py +++ b/test/sanity/code-smell/use-argspec-type-path.py @@ -23,6 +23,7 @@ def main(): 'lib/ansible/modules/web_infrastructure/jenkins_plugin.py', 'lib/ansible/modules/cloud/vmware/vmware_deploy_ovf.py', 'lib/ansible/modules/crypto/certificate_complete_chain.py', # would need something like type=list(path) + 'lib/ansible/modules/crypto/openssl_pkcs12.py', # would need something like type=list(path) # fix uses of expanduser in the following modules and remove them from the following list 'lib/ansible/modules/cloud/rackspace/rax.py', 'lib/ansible/modules/cloud/rackspace/rax_scaling_group.py', |