Verify that acme-tiny is present (#35145)

* Verify that acme-tiny is present * Use run_command rather than subprocess for acme-tiny Besides consistency with the rest of the code base, this also add 2 bug fixes: - ansible should no longer show "warning, junk after json" when using the module - it also verify the return code of acme-tiny, and so fail when the verification fail. The previous code didn't check rc, so it would continue with a empty file
7 years ago · f23f277e46
parent fa5adabcbf
commit f23f277e46
1 changed files with 8 additions and 7 deletions
--- a/lib/ansible/modules/crypto/openssl_certificate.py
+++ b/lib/ansible/modules/crypto/openssl_certificate.py
@ -340,7 +340,6 @@ filename:

 from random import randint
 import datetime
-import subprocess
 import os

 from ansible.module_utils import crypto as crypto_utils
@ -748,13 +747,15 @@ class AcmeCertificate(Certificate):
            )

        if not self.check(module, perms_required=False) or self.force:
+            acme_tiny_path = self.module.get_bin_path('acme-tiny', required=True)
+
            try:
-                p = subprocess.Popen([
-                    'acme-tiny',
-                    '--account-key', self.accountkey_path,
-                    '--csr', self.csr_path,
-                    '--acme-dir', self.challenge_path], stdout=subprocess.PIPE)
-                crt = p.communicate()[0]
+                crt = module.run_command("%s --account-key %s --csr %s"
+                                         "--acme-dir %s" % (acme_tiny_path,
+                                                            self.accountkey_path,
+                                                            self.csr_path,
+                                                            self.challenge_path),
+                                         check_rc=True)[1]
                with open(self.path, 'wb') as certfile:
                    certfile.write(str(crt))
            except OSError as exc: