From ae4363f6d104a5ea211d5e35848a8f98150e2306 Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Tue, 3 Dec 2019 14:08:26 +0100
Subject: [PATCH] openssl_csr: make sure privatekey_path is specified when
 state is present (#65435)

* Make sure privatekey_path is specified when state is present.

* Add changelog.
---
 .../fragments/65435-openssl_csr-privatekey_path-required.yml | 2 ++
 lib/ansible/modules/crypto/openssl_csr.py                    | 5 +++--
 2 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 changelogs/fragments/65435-openssl_csr-privatekey_path-required.yml

diff --git a/changelogs/fragments/65435-openssl_csr-privatekey_path-required.yml b/changelogs/fragments/65435-openssl_csr-privatekey_path-required.yml
new file mode 100644
index 00000000000..e7bb5a15d1e
--- /dev/null
+++ b/changelogs/fragments/65435-openssl_csr-privatekey_path-required.yml
@@ -0,0 +1,2 @@
+bugfixes:
+- "openssl_csr - the module will now enforce that ``privatekey_path`` is specified when ``state=present``."
diff --git a/lib/ansible/modules/crypto/openssl_csr.py b/lib/ansible/modules/crypto/openssl_csr.py
index 9655c953fc9..2a72cac9c8d 100644
--- a/lib/ansible/modules/crypto/openssl_csr.py
+++ b/lib/ansible/modules/crypto/openssl_csr.py
@@ -48,8 +48,8 @@ options:
     privatekey_path:
         description:
             - The path to the private key to use when signing the certificate signing request.
+            - Required if I(state) is C(present).
         type: path
-        required: true
     privatekey_passphrase:
         description:
             - The passphrase for the private key.
@@ -1002,7 +1002,7 @@ def main():
         argument_spec=dict(
             state=dict(type='str', default='present', choices=['absent', 'present']),
             digest=dict(type='str', default='sha256'),
-            privatekey_path=dict(type='path', require=True),
+            privatekey_path=dict(type='path'),
             privatekey_passphrase=dict(type='str', no_log=True),
             version=dict(type='int', default=1),
             force=dict(type='bool', default=False),
@@ -1035,6 +1035,7 @@ def main():
             select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'cryptography', 'pyopenssl']),
         ),
         required_together=[('authority_cert_issuer', 'authority_cert_serial_number')],
+        required_if=[('state', 'present', ['privatekey_path'])],
         add_file_common_args=True,
         supports_check_mode=True,
     )