diff options
| author | Alexander Kharkevich <aliaksandr_kharkevich@outlook.com> | 2019-02-07 18:45:28 +0300 |
|---|---|---|
| committer | ansibot <ansibot@users.noreply.github.com> | 2019-02-07 10:45:28 -0500 |
| commit | b93b3dd7a7a65a3522c71afad936968d5fceb928 (patch) | |
| tree | 46d5e09ea899619e93c0c9bd4359a39402523df8 | |
| parent | 9243c927ba9172a12c3f9af9598eb882e183d44d (diff) | |
| download | ansible-b93b3dd7a7a65a3522c71afad936968d5fceb928.tar.gz | |
java_cert: support of different keystore type (JKS, JCEKS) (#49953)
* add differents type of keystores support (JKS, JCEKS)
* update documentation
* fix pep8 errors
* fix check in get_keystore_type
| -rw-r--r-- | lib/ansible/modules/system/java_cert.py | 68 |
1 files changed, 47 insertions, 21 deletions
diff --git a/lib/ansible/modules/system/java_cert.py b/lib/ansible/modules/system/java_cert.py index bafe6c1436..d076ddeed3 100644 --- a/lib/ansible/modules/system/java_cert.py +++ b/lib/ansible/modules/system/java_cert.py @@ -58,6 +58,11 @@ options: description: - Create keystore if it doesn't exist type: bool + keystore_type: + description: + - Keystore type (JCEKS, JKS). + default: None + version_added: "2.8" executable: description: - Path to keytool binary if not used we search in PATH for it. @@ -104,6 +109,18 @@ EXAMPLES = ''' keystore_pass: changeit keystore_create: yes state: present + +- name: Import SSL certificate to JCEKS keystore + java_cert: + pkcs12_path: "/tmp/importkeystore.p12" + pkcs12_alias: default + pkcs12_password: somepass + cert_alias: default + keystore_path: /opt/someapp/security/keystore.jceks + keystore_type: "JCEKS" + keystore_pass: changeit + keystore_create: yes + state: present ''' RETURN = ''' @@ -132,11 +149,18 @@ import os from ansible.module_utils.basic import AnsibleModule -def check_cert_present(module, executable, keystore_path, keystore_pass, alias): +def get_keystore_type(keystore_type): + ''' Check that custom keystore is presented in parameters ''' + if keystore_type: + return (" -storetype '%s'") % (keystore_type) + return '' + + +def check_cert_present(module, executable, keystore_path, keystore_pass, alias, keystore_type): ''' Check if certificate with alias is present in keystore located at keystore_path ''' test_cmd = ("%s -noprompt -list -keystore '%s' -storepass '%s' " - "-alias '%s'") % (executable, keystore_path, keystore_pass, alias) + "-alias '%s' %s") % (executable, keystore_path, keystore_pass, alias, get_keystore_type(keystore_type)) (check_rc, _, _) = module.run_command(test_cmd) if check_rc == 0: @@ -144,7 +168,7 @@ def check_cert_present(module, executable, keystore_path, keystore_pass, alias): return False -def import_cert_url(module, executable, url, port, keystore_path, keystore_pass, alias): +def import_cert_url(module, executable, url, port, keystore_path, keystore_pass, alias, keystore_type): ''' Import certificate from URL into keystore located at keystore_path ''' import re @@ -167,10 +191,10 @@ def import_cert_url(module, executable, url, port, keystore_path, keystore_pass, proxy_opts += (" -J-Dhttp.nonProxyHosts='%s'") % (non_proxy_hosts) fetch_cmd = ("%s -printcert -rfc -sslserver %s %s:%d") % (executable, proxy_opts, url, port) - import_cmd = ("%s -importcert -noprompt -keystore '%s' " - "-storepass '%s' -alias '%s'") % (executable, keystore_path, - keystore_pass, alias) + "-storepass '%s' -alias '%s' %s") % (executable, keystore_path, + keystore_pass, alias, + get_keystore_type(keystore_type)) if module.check_mode: module.exit_json(changed=True) @@ -192,14 +216,13 @@ def import_cert_url(module, executable, url, port, keystore_path, keystore_pass, error=import_err) -def import_cert_path(module, executable, path, keystore_path, keystore_pass, alias): +def import_cert_path(module, executable, path, keystore_path, keystore_pass, alias, keystore_type): ''' Import certificate from path into keystore located on keystore_path as alias ''' import_cmd = ("%s -importcert -noprompt -keystore '%s' " - "-storepass '%s' -file '%s' -alias '%s'") % (executable, - keystore_path, - keystore_pass, - path, alias) + "-storepass '%s' -file '%s' -alias '%s' %s") % (executable, keystore_path, + keystore_pass, path, alias, + get_keystore_type(keystore_type)) if module.check_mode: module.exit_json(changed=True) @@ -217,13 +240,14 @@ def import_cert_path(module, executable, path, keystore_path, keystore_pass, ali return module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd) -def import_pkcs12_path(module, executable, path, keystore_path, keystore_pass, pkcs12_pass, pkcs12_alias, alias): +def import_pkcs12_path(module, executable, path, keystore_path, keystore_pass, pkcs12_pass, pkcs12_alias, alias, keystore_type): ''' Import pkcs12 from path into keystore located on keystore_path as alias ''' import_cmd = ("%s -importkeystore -noprompt -destkeystore '%s' -srcstoretype PKCS12 " "-deststorepass '%s' -destkeypass '%s' -srckeystore '%s' -srcstorepass '%s' " - "-srcalias '%s' -destalias '%s'") % (executable, keystore_path, keystore_pass, - keystore_pass, path, pkcs12_pass, pkcs12_alias, alias) + "-srcalias '%s' -destalias '%s' %s") % (executable, keystore_path, keystore_pass, + keystore_pass, path, pkcs12_pass, pkcs12_alias, + alias, get_keystore_type(keystore_type)) if module.check_mode: module.exit_json(changed=True) @@ -241,10 +265,10 @@ def import_pkcs12_path(module, executable, path, keystore_path, keystore_pass, p return module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd) -def delete_cert(module, executable, keystore_path, keystore_pass, alias): +def delete_cert(module, executable, keystore_path, keystore_pass, alias, keystore_type): ''' Delete certificate identified with alias from keystore on keystore_path ''' del_cmd = ("%s -delete -keystore '%s' -storepass '%s' " - "-alias '%s'") % (executable, keystore_path, keystore_pass, alias) + "-alias '%s' %s") % (executable, keystore_path, keystore_pass, alias, get_keystore_type(keystore_type)) if module.check_mode: module.exit_json(changed=True) @@ -290,6 +314,7 @@ def main(): keystore_path=dict(type='path'), keystore_pass=dict(type='str', required=True, no_log=True), keystore_create=dict(type='bool', default=False), + keystore_type=dict(type='str', default=None), executable=dict(type='str', default='keytool'), state=dict(type='str', default='present', choices=['absent', 'present']), ) @@ -317,6 +342,7 @@ def main(): keystore_path = module.params.get('keystore_path') keystore_pass = module.params.get('keystore_pass') keystore_create = module.params.get('keystore_create') + keystore_type = module.params.get('keystore_type') executable = module.params.get('executable') state = module.params.get('state') @@ -331,25 +357,25 @@ def main(): test_keystore(module, keystore_path) cert_present = check_cert_present(module, executable, keystore_path, - keystore_pass, cert_alias) + keystore_pass, cert_alias, keystore_type) if state == 'absent': if cert_present: - delete_cert(module, executable, keystore_path, keystore_pass, cert_alias) + delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type) elif state == 'present': if not cert_present: if pkcs12_path: import_pkcs12_path(module, executable, pkcs12_path, keystore_path, - keystore_pass, pkcs12_pass, pkcs12_alias, cert_alias) + keystore_pass, pkcs12_pass, pkcs12_alias, cert_alias, keystore_type) if path: import_cert_path(module, executable, path, keystore_path, - keystore_pass, cert_alias) + keystore_pass, cert_alias, keystore_type) if url: import_cert_url(module, executable, url, port, keystore_path, - keystore_pass, cert_alias) + keystore_pass, cert_alias, keystore_type) module.exit_json(changed=False) |