From 5bb5c9d295dec77d802eeb072312e1df6f74304d Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Tue, 26 Mar 2019 16:09:54 +0100 Subject: [PATCH] openssl_certificate: update for #54298 (state=absent fix) (#54353) * Update for #54298: Certificate is abstract, so instantiating doesn't work. * Add test for removal. --- .../modules/crypto/openssl_certificate.py | 11 +++- .../openssl_certificate/tasks/impl.yml | 1 + .../openssl_certificate/tasks/removal.yml | 50 +++++++++++++++++++ 3 files changed, 60 insertions(+), 2 deletions(-) create mode 100644 test/integration/targets/openssl_certificate/tasks/removal.yml diff --git a/lib/ansible/modules/crypto/openssl_certificate.py b/lib/ansible/modules/crypto/openssl_certificate.py index b22f3fd786e..583802654a9 100644 --- a/lib/ansible/modules/crypto/openssl_certificate.py +++ b/lib/ansible/modules/crypto/openssl_certificate.py @@ -691,6 +691,14 @@ class Certificate(crypto_utils.OpenSSLObject): return True + +class CertificateAbsent(Certificate): + def __init__(self, module): + super(CertificateAbsent, self).__init__(module, 'cryptography') # backend doesn't matter + + def generate(self, module): + pass + def dump(self, check_mode=False): # Use only for absent @@ -1684,8 +1692,7 @@ def main(): ) if module.params['state'] == 'absent': - # backend doesn't matter - certificate = Certificate(module, 'cryptography') + certificate = CertificateAbsent(module) else: if module.params['provider'] != 'assertonly' and module.params['csr_path'] is None: diff --git a/test/integration/targets/openssl_certificate/tasks/impl.yml b/test/integration/targets/openssl_certificate/tasks/impl.yml index aab83cbf087..f215591f602 100644 --- a/test/integration/targets/openssl_certificate/tasks/impl.yml +++ b/test/integration/targets/openssl_certificate/tasks/impl.yml @@ -5,3 +5,4 @@ - import_tasks: expired.yml - import_tasks: selfsigned.yml - import_tasks: ownca.yml +- import_tasks: removal.yml diff --git a/test/integration/targets/openssl_certificate/tasks/removal.yml b/test/integration/targets/openssl_certificate/tasks/removal.yml new file mode 100644 index 00000000000..f51d673fd91 --- /dev/null +++ b/test/integration/targets/openssl_certificate/tasks/removal.yml @@ -0,0 +1,50 @@ +--- +- name: (Removal, {{select_crypto_backend}}) Generate privatekey + openssl_privatekey: + path: '{{ output_dir }}/removal_privatekey.pem' + +- name: (Removal, {{select_crypto_backend}}) Generate CSR + openssl_csr: + path: '{{ output_dir }}/removal_csr.csr' + privatekey_path: '{{ output_dir }}/removal_privatekey.pem' + +- name: (Removal, {{select_crypto_backend}}) Generate selfsigned certificate + openssl_certificate: + path: '{{ output_dir }}/removal_cert.pem' + csr_path: '{{ output_dir }}/removal_csr.csr' + privatekey_path: '{{ output_dir }}/removal_privatekey.pem' + provider: selfsigned + selfsigned_digest: sha256 + select_crypto_backend: '{{ select_crypto_backend }}' + +- name: "(Removal, {{select_crypto_backend}}) Check that file is not gone" + stat: + path: "{{ output_dir }}/removal_cert.pem" + register: removal_1_prestat + +- name: "(Removal, {{select_crypto_backend}}) Remove certificate" + openssl_certificate: + path: "{{ output_dir }}/removal_cert.pem" + state: absent + select_crypto_backend: '{{ select_crypto_backend }}' + register: removal_1 + +- name: "(Removal, {{select_crypto_backend}}) Check that file is gone" + stat: + path: "{{ output_dir }}/removal_cert.pem" + register: removal_1_poststat + +- name: "(Removal, {{select_crypto_backend}}) Remove certificate (idempotent)" + openssl_certificate: + path: "{{ output_dir }}/removal_cert.pem" + state: absent + select_crypto_backend: '{{ select_crypto_backend }}' + register: removal_2 + +- name: (Removal, {{select_crypto_backend}}) Ensure removal worked + assert: + that: + - removal_1_prestat.stat.exists + - removal_1 is changed + - not removal_1_poststat.stat.exists + - removal_2 is not changed