Fix documentation about mode in openssl_privatekey (#32664)

This fixes adds documentation about undocumented parameter
'mode'. Also, adds logic to specify mode in custom symbolic permissions.

Fixes: #32616

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
pull/33665/head
Abhijeet Kasurde 7 years ago committed by ansibot
parent 78858a5b12
commit d78d044142

@ -22,8 +22,7 @@ short_description: Generate OpenSSL private keys.
description: description:
- "This module allows one to (re)generate OpenSSL private keys. It uses - "This module allows one to (re)generate OpenSSL private keys. It uses
the pyOpenSSL python library to interact with openssl. One can generate the pyOpenSSL python library to interact with openssl. One can generate
either RSA or DSA private keys. Keys are generated in PEM format. either RSA or DSA private keys. Keys are generated in PEM format."
This module uses file common arguments to specify generated file permissions."
requirements: requirements:
- "python-pyOpenSSL" - "python-pyOpenSSL"
options: options:
@ -64,6 +63,7 @@ options:
description: description:
- The cipher to encrypt the private key. (cipher can be found by running `openssl list-cipher-algorithms`) - The cipher to encrypt the private key. (cipher can be found by running `openssl list-cipher-algorithms`)
version_added: "2.4" version_added: "2.4"
extends_documentation_fragment: files
''' '''
EXAMPLES = ''' EXAMPLES = '''
@ -125,6 +125,7 @@ fingerprint:
''' '''
import os import os
import traceback
try: try:
from OpenSSL import crypto from OpenSSL import crypto
@ -136,6 +137,7 @@ else:
from ansible.module_utils import crypto as crypto_utils from ansible.module_utils import crypto as crypto_utils
from ansible.module_utils._text import to_native, to_bytes from ansible.module_utils._text import to_native, to_bytes
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.six import string_types
class PrivateKeyError(crypto_utils.OpenSSLObjectError): class PrivateKeyError(crypto_utils.OpenSSLObjectError):
@ -157,9 +159,9 @@ class PrivateKey(crypto_utils.OpenSSLObject):
self.privatekey = None self.privatekey = None
self.fingerprint = {} self.fingerprint = {}
self.mode = module.params['mode'] self.mode = module.params.get('mode', None)
if not self.mode: if self.mode is None:
self.mode = int('0600', 8) self.mode = 0o600
self.type = crypto.TYPE_RSA self.type = crypto.TYPE_RSA
if module.params['type'] == 'DSA': if module.params['type'] == 'DSA':
@ -177,10 +179,19 @@ class PrivateKey(crypto_utils.OpenSSLObject):
raise PrivateKeyError(exc) raise PrivateKeyError(exc)
try: try:
privatekey_file = os.open(self.path, privatekey_file = os.open(self.path, os.O_WRONLY | os.O_CREAT | os.O_TRUNC)
os.O_WRONLY | os.O_CREAT | os.O_TRUNC, os.close(privatekey_file)
self.mode) if isinstance(self.mode, string_types):
try:
self.mode = int(self.mode, 8)
except ValueError as e:
try:
st = os.lstat(self.path)
self.mode = AnsibleModule._symbolic_mode_to_octal(st, self.mode)
except ValueError as e:
module.fail_json(msg="%s" % to_native(e), exception=traceback.format_exc())
os.chmod(self.path, self.mode)
privatekey_file = os.open(self.path, os.O_WRONLY | os.O_CREAT | os.O_TRUNC, self.mode)
if self.cipher and self.passphrase: if self.cipher and self.passphrase:
os.write(privatekey_file, crypto.dump_privatekey(crypto.FILETYPE_PEM, self.privatekey, os.write(privatekey_file, crypto.dump_privatekey(crypto.FILETYPE_PEM, self.privatekey,
self.cipher, to_bytes(self.passphrase))) self.cipher, to_bytes(self.passphrase)))

Loading…
Cancel
Save