From d4e2a3f3799b4a6b6b9e9683218de86705ebe4aa Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 21 Aug 2023 14:56:52 +0200 Subject: [PATCH 01/45] Added skeleton of new object --- plugins/module_utils/certs.py | 10 ++++++++++ plugins/modules/cert_info.py | 32 ++++++++++++++++++++++++-------- 2 files changed, 34 insertions(+), 8 deletions(-) diff --git a/plugins/module_utils/certs.py b/plugins/module_utils/certs.py index 5c5eecf0..2c0ca840 100644 --- a/plugins/module_utils/certs.py +++ b/plugins/module_utils/certs.py @@ -194,3 +194,13 @@ def extensions_values_info(self, name, extension): def return_result(self): return self.result + +class CheckCertificatePassphrase(): + def __init__(self, module, result): + self.module = module + self.result = result + self.__passphrase = self.module.params['passphrase'] + self.__path = self.module.params['path'] + self.__cert = None + self.__private_key = None + self.__additional_certs = None diff --git a/plugins/modules/cert_info.py b/plugins/modules/cert_info.py index 3dc5163b..b6614d19 100644 --- a/plugins/modules/cert_info.py +++ b/plugins/modules/cert_info.py @@ -22,7 +22,8 @@ def run_module(): module_args = dict( path=dict(type='str', no_log=True, required=True), - passphrase=dict(type='str', no_log=True, required=False, default=None) + passphrase=dict(type='str', no_log=True, required=False, default=None), + passphrase_check=dict(type='bool', required=False, default=False) ) # seed the result dict @@ -47,13 +48,28 @@ def run_module(): if module.check_mode: module.exit_json(**result) - try: - cert_info = AnalyzeCertificate(module, result) - result = cert_info.return_result() - except ValueError as e: - module.fail_json(msg='ValueError: %s' % to_native(e)) - except Exception as e: - module.fail_json(msg='Exception: %s: %s' % (to_native(type(e)), to_native(e))) + if not module.params['passphrase_check']: + try: + cert_info = AnalyzeCertificate(module, result) + result = cert_info.return_result() + except ValueError as e: + module.fail_json(msg='ValueError: %s' % to_native(e)) + except Exception as e: + module.fail_json(msg='Exception: %s: %s' % ( + to_native(type(e)), + to_native(e)) + ) + else: + try: + passphrase_check = CheckCertificatePassphrase(module, result) + result = passphrase_check.return_result() + except ValueError as e: + module.fail_json(msg='ValueError: %s' % to_native(e)) + except Exception as e: + module.fail_json(msg='Exception: %s: %s' % ( + to_native(type(e)), + to_native(e)) + ) module.exit_json(**result) From d274cd51a50962cab776a1f02ef7b24ad93581da Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 13:01:02 +0200 Subject: [PATCH 02/45] Revert commits --- plugins/module_utils/certs.py | 10 ---------- plugins/modules/cert_info.py | 30 +++++++----------------------- 2 files changed, 7 insertions(+), 33 deletions(-) diff --git a/plugins/module_utils/certs.py b/plugins/module_utils/certs.py index 2c0ca840..5c5eecf0 100644 --- a/plugins/module_utils/certs.py +++ b/plugins/module_utils/certs.py @@ -194,13 +194,3 @@ def extensions_values_info(self, name, extension): def return_result(self): return self.result - -class CheckCertificatePassphrase(): - def __init__(self, module, result): - self.module = module - self.result = result - self.__passphrase = self.module.params['passphrase'] - self.__path = self.module.params['path'] - self.__cert = None - self.__private_key = None - self.__additional_certs = None diff --git a/plugins/modules/cert_info.py b/plugins/modules/cert_info.py index b6614d19..4abdbd23 100644 --- a/plugins/modules/cert_info.py +++ b/plugins/modules/cert_info.py @@ -23,7 +23,6 @@ def run_module(): module_args = dict( path=dict(type='str', no_log=True, required=True), passphrase=dict(type='str', no_log=True, required=False, default=None), - passphrase_check=dict(type='bool', required=False, default=False) ) # seed the result dict @@ -48,28 +47,13 @@ def run_module(): if module.check_mode: module.exit_json(**result) - if not module.params['passphrase_check']: - try: - cert_info = AnalyzeCertificate(module, result) - result = cert_info.return_result() - except ValueError as e: - module.fail_json(msg='ValueError: %s' % to_native(e)) - except Exception as e: - module.fail_json(msg='Exception: %s: %s' % ( - to_native(type(e)), - to_native(e)) - ) - else: - try: - passphrase_check = CheckCertificatePassphrase(module, result) - result = passphrase_check.return_result() - except ValueError as e: - module.fail_json(msg='ValueError: %s' % to_native(e)) - except Exception as e: - module.fail_json(msg='Exception: %s: %s' % ( - to_native(type(e)), - to_native(e)) - ) + try: + cert_info = AnalyzeCertificate(module, result) + result = cert_info.return_result() + except ValueError as e: + module.fail_json(msg='ValueError: %s' % to_native(e)) + except Exception as e: + module.fail_json(msg='Exception: %s: %s' % (to_native(type(e)), to_native(e))) module.exit_json(**result) From a470fde1c275d53ca266a31110dce340529098d2 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 13:01:02 +0200 Subject: [PATCH 03/45] Revert commits --- plugins/module_utils/certs.py | 10 ---------- plugins/modules/cert_info.py | 32 ++++++++------------------------ 2 files changed, 8 insertions(+), 34 deletions(-) diff --git a/plugins/module_utils/certs.py b/plugins/module_utils/certs.py index 2c0ca840..5c5eecf0 100644 --- a/plugins/module_utils/certs.py +++ b/plugins/module_utils/certs.py @@ -194,13 +194,3 @@ def extensions_values_info(self, name, extension): def return_result(self): return self.result - -class CheckCertificatePassphrase(): - def __init__(self, module, result): - self.module = module - self.result = result - self.__passphrase = self.module.params['passphrase'] - self.__path = self.module.params['path'] - self.__cert = None - self.__private_key = None - self.__additional_certs = None diff --git a/plugins/modules/cert_info.py b/plugins/modules/cert_info.py index b6614d19..3dc5163b 100644 --- a/plugins/modules/cert_info.py +++ b/plugins/modules/cert_info.py @@ -22,8 +22,7 @@ def run_module(): module_args = dict( path=dict(type='str', no_log=True, required=True), - passphrase=dict(type='str', no_log=True, required=False, default=None), - passphrase_check=dict(type='bool', required=False, default=False) + passphrase=dict(type='str', no_log=True, required=False, default=None) ) # seed the result dict @@ -48,28 +47,13 @@ def run_module(): if module.check_mode: module.exit_json(**result) - if not module.params['passphrase_check']: - try: - cert_info = AnalyzeCertificate(module, result) - result = cert_info.return_result() - except ValueError as e: - module.fail_json(msg='ValueError: %s' % to_native(e)) - except Exception as e: - module.fail_json(msg='Exception: %s: %s' % ( - to_native(type(e)), - to_native(e)) - ) - else: - try: - passphrase_check = CheckCertificatePassphrase(module, result) - result = passphrase_check.return_result() - except ValueError as e: - module.fail_json(msg='ValueError: %s' % to_native(e)) - except Exception as e: - module.fail_json(msg='Exception: %s: %s' % ( - to_native(type(e)), - to_native(e)) - ) + try: + cert_info = AnalyzeCertificate(module, result) + result = cert_info.return_result() + except ValueError as e: + module.fail_json(msg='ValueError: %s' % to_native(e)) + except Exception as e: + module.fail_json(msg='Exception: %s: %s' % (to_native(type(e)), to_native(e))) module.exit_json(**result) From 0a2b82746f0d1bfdb475b465731c781bcd17ad92 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 15:00:47 +0200 Subject: [PATCH 04/45] Added parameter passphrase_check to module --- plugins/modules/cert_info.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/modules/cert_info.py b/plugins/modules/cert_info.py index 3dc5163b..06552cf1 100644 --- a/plugins/modules/cert_info.py +++ b/plugins/modules/cert_info.py @@ -22,7 +22,8 @@ def run_module(): module_args = dict( path=dict(type='str', no_log=True, required=True), - passphrase=dict(type='str', no_log=True, required=False, default=None) + passphrase=dict(type='str', no_log=True, required=False, default=None), + passphrase_check=dict(type='bool', required=False, default=False) ) # seed the result dict From 6dc347e245f6c36e5e252d4aab7dd7d6dfadf8f9 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 15:08:10 +0200 Subject: [PATCH 05/45] Catched wrong passphrases with an exception --- plugins/module_utils/certs.py | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/plugins/module_utils/certs.py b/plugins/module_utils/certs.py index 5c5eecf0..ca41f901 100644 --- a/plugins/module_utils/certs.py +++ b/plugins/module_utils/certs.py @@ -76,6 +76,7 @@ class AnalyzeCertificate(): def __init__(self, module, result): self.module = module self.result = result + self.passphrase_check = self.module.params['passphrase_check'] self.__passphrase = self.module.params['passphrase'] self.__path = self.module.params['path'] self.__cert = None @@ -108,6 +109,9 @@ def load_certificate(self): to_bytes(self.__passphrase), ) loaded = True + except ValueError as e: + if self.passphrase_check: + self.result["passphrase_check"] = False except Exception: self.module.log( msg="Couldn't load certificate without backend. Trying with backend." @@ -115,17 +119,21 @@ def load_certificate(self): # try to load with 3 parameters for # cryptography >= 2.5.x and <= 3.0.x if not loaded: - # create backend object - backend = default_backend() - # call load_key_and_certificates with 3 paramters - __pkcs12_tuple = pkcs12.load_key_and_certificates( - pkcs12_data, - to_bytes(self.__passphrase), - backend - ) - self.module.log( - msg="Loaded certificate with backend." - ) + try: + # create backend object + backend = default_backend() + # call load_key_and_certificates with 3 paramters + __pkcs12_tuple = pkcs12.load_key_and_certificates( + pkcs12_data, + to_bytes(self.__passphrase), + backend + ) + self.module.log( + msg="Loaded certificate with backend." + ) + except ValueError as e: + if self.passphrase_check: + self.result["passphrase_check"] = False # map loaded certificate to object self.__private_key = __pkcs12_tuple[0] self.__cert = __pkcs12_tuple[1] From bb117f10e5a4a67a022e1f3200731baa3cfae16a Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 15:14:19 +0200 Subject: [PATCH 06/45] Added task in molecule tests for passphrase_check --- molecule/plugins/converge.yml | 8 ++++++++ plugins/module_utils/certs.py | 2 ++ 2 files changed, 10 insertions(+) diff --git a/molecule/plugins/converge.yml b/molecule/plugins/converge.yml index d98ed4e4..59ad3de3 100644 --- a/molecule/plugins/converge.yml +++ b/molecule/plugins/converge.yml @@ -42,3 +42,11 @@ - name: Test no parameters cert_info: ignore_errors: true + - name: Test wrong passphrase wit passphrase_check parameter + cert_info: + path: files/es-ca/elastic-stack-ca.p12 + passphrase: PleaseChangeMe-wrong + register: pass_check + - name: Debug + debug: + msg: "{{ pass_check }}" diff --git a/plugins/module_utils/certs.py b/plugins/module_utils/certs.py index ca41f901..33b90402 100644 --- a/plugins/module_utils/certs.py +++ b/plugins/module_utils/certs.py @@ -112,6 +112,7 @@ def load_certificate(self): except ValueError as e: if self.passphrase_check: self.result["passphrase_check"] = False + self.module.exit_json(**self.result) except Exception: self.module.log( msg="Couldn't load certificate without backend. Trying with backend." @@ -134,6 +135,7 @@ def load_certificate(self): except ValueError as e: if self.passphrase_check: self.result["passphrase_check"] = False + self.module.exit_json(**self.result) # map loaded certificate to object self.__private_key = __pkcs12_tuple[0] self.__cert = __pkcs12_tuple[1] From 0bc0a5975a0348f9da1f911d70f223da81a8b8aa Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 15:30:10 +0200 Subject: [PATCH 07/45] Added condition to load certificate info only if passphrase_check is false --- plugins/module_utils/certs.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/module_utils/certs.py b/plugins/module_utils/certs.py index 33b90402..5d72d7ed 100644 --- a/plugins/module_utils/certs.py +++ b/plugins/module_utils/certs.py @@ -83,7 +83,8 @@ def __init__(self, module, result): self.__private_key = None self.__additional_certs = None self.load_certificate() - self.load_info() + if not self.passphrase_check: + self.load_info() def load_certificate(self): # track if module can load pkcs12 From 7d3c4cb898f101b6b3c167932c5093259f70e6d9 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 15:36:39 +0200 Subject: [PATCH 08/45] Added condition to map certificate only if loaded --- plugins/module_utils/certs.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/plugins/module_utils/certs.py b/plugins/module_utils/certs.py index 5d72d7ed..034bb913 100644 --- a/plugins/module_utils/certs.py +++ b/plugins/module_utils/certs.py @@ -133,14 +133,16 @@ def load_certificate(self): self.module.log( msg="Loaded certificate with backend." ) + loaded = True except ValueError as e: if self.passphrase_check: self.result["passphrase_check"] = False self.module.exit_json(**self.result) - # map loaded certificate to object - self.__private_key = __pkcs12_tuple[0] - self.__cert = __pkcs12_tuple[1] - self.__additional_certs = __pkcs12_tuple[2] + if loaded: + # map loaded certificate to object + self.__private_key = __pkcs12_tuple[0] + self.__cert = __pkcs12_tuple[1] + self.__additional_certs = __pkcs12_tuple[2] def load_info(self): self.general_info() From 6cd2807994a3e6af02d8ba48c0cde70cc9c088c4 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 15:41:31 +0200 Subject: [PATCH 09/45] Added passphrase_check parameter to molecule task --- molecule/plugins/converge.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/molecule/plugins/converge.yml b/molecule/plugins/converge.yml index 59ad3de3..a8373fa8 100644 --- a/molecule/plugins/converge.yml +++ b/molecule/plugins/converge.yml @@ -46,6 +46,7 @@ cert_info: path: files/es-ca/elastic-stack-ca.p12 passphrase: PleaseChangeMe-wrong + passphrase_check: True register: pass_check - name: Debug debug: From d88212f468c44da40de106a6daf551e6f7188e22 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 15:50:48 +0200 Subject: [PATCH 10/45] Added a condition to fail module if passphrase_check is false --- plugins/module_utils/certs.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/plugins/module_utils/certs.py b/plugins/module_utils/certs.py index 034bb913..4e591679 100644 --- a/plugins/module_utils/certs.py +++ b/plugins/module_utils/certs.py @@ -114,6 +114,8 @@ def load_certificate(self): if self.passphrase_check: self.result["passphrase_check"] = False self.module.exit_json(**self.result) + else: + self.module.fail_json(msg='ValueError: %s' % to_native(e)) except Exception: self.module.log( msg="Couldn't load certificate without backend. Trying with backend." @@ -138,6 +140,8 @@ def load_certificate(self): if self.passphrase_check: self.result["passphrase_check"] = False self.module.exit_json(**self.result) + else: + self.module.fail_json(msg='ValueError: %s' % to_native(e)) if loaded: # map loaded certificate to object self.__private_key = __pkcs12_tuple[0] From f39d88f41fd9ff44e534b57f53384aacea406b7c Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 15:56:40 +0200 Subject: [PATCH 11/45] Set no_log for new parameter --- plugins/modules/cert_info.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/cert_info.py b/plugins/modules/cert_info.py index 06552cf1..fe16d5b3 100644 --- a/plugins/modules/cert_info.py +++ b/plugins/modules/cert_info.py @@ -23,7 +23,7 @@ def run_module(): module_args = dict( path=dict(type='str', no_log=True, required=True), passphrase=dict(type='str', no_log=True, required=False, default=None), - passphrase_check=dict(type='bool', required=False, default=False) + passphrase_check=dict(type='bool', no_log=True, required=False, default=False) ) # seed the result dict From 932b330b497d7c3be4d4179a0aee0bd5e7fb889c Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 15:58:28 +0200 Subject: [PATCH 12/45] Privatized passphrase_check variable --- plugins/module_utils/certs.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/module_utils/certs.py b/plugins/module_utils/certs.py index 4e591679..7f2068c9 100644 --- a/plugins/module_utils/certs.py +++ b/plugins/module_utils/certs.py @@ -76,14 +76,14 @@ class AnalyzeCertificate(): def __init__(self, module, result): self.module = module self.result = result - self.passphrase_check = self.module.params['passphrase_check'] + self.__passphrase_check = self.module.params['passphrase_check'] self.__passphrase = self.module.params['passphrase'] self.__path = self.module.params['path'] self.__cert = None self.__private_key = None self.__additional_certs = None self.load_certificate() - if not self.passphrase_check: + if not self.__passphrase_check: self.load_info() def load_certificate(self): @@ -111,7 +111,7 @@ def load_certificate(self): ) loaded = True except ValueError as e: - if self.passphrase_check: + if self.__passphrase_check: self.result["passphrase_check"] = False self.module.exit_json(**self.result) else: @@ -137,7 +137,7 @@ def load_certificate(self): ) loaded = True except ValueError as e: - if self.passphrase_check: + if self.__passphrase_check: self.result["passphrase_check"] = False self.module.exit_json(**self.result) else: From 048704e8ad71e08d4a8fe049a85d310b24c3a2be Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 16:00:34 +0200 Subject: [PATCH 13/45] Privatized pkcs12_data variable --- plugins/module_utils/certs.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/module_utils/certs.py b/plugins/module_utils/certs.py index 7f2068c9..75d3aeeb 100644 --- a/plugins/module_utils/certs.py +++ b/plugins/module_utils/certs.py @@ -97,7 +97,7 @@ def load_certificate(self): # read the pkcs12 file try: with open(self.__path, 'rb') as f: - pkcs12_data = f.read() + __pkcs12_data = f.read() except IOError as e: self.module.fail_json( msg='IOError: %s' % (to_native(e)) @@ -106,7 +106,7 @@ def load_certificate(self): # for cryptography >= 3.1.x try: __pkcs12_tuple = pkcs12.load_key_and_certificates( - pkcs12_data, + __pkcs12_data, to_bytes(self.__passphrase), ) loaded = True @@ -128,7 +128,7 @@ def load_certificate(self): backend = default_backend() # call load_key_and_certificates with 3 paramters __pkcs12_tuple = pkcs12.load_key_and_certificates( - pkcs12_data, + __pkcs12_data, to_bytes(self.__passphrase), backend ) From da01eacfc29292e96b17077e7c552caf0f35468c Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 16:06:06 +0200 Subject: [PATCH 14/45] Added passphrase_check key value to result dict seeded for Ansible module --- plugins/modules/cert_info.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/modules/cert_info.py b/plugins/modules/cert_info.py index fe16d5b3..3d1d6608 100644 --- a/plugins/modules/cert_info.py +++ b/plugins/modules/cert_info.py @@ -35,7 +35,8 @@ def run_module(): not_valid_before='', serial_number='', subject='', - version='' + version='', + passphrase_check='' ) # the AnsibleModule object From 0e81e5816f53b6dccf0dc5236ce66bfceedb53ac Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 16:11:58 +0200 Subject: [PATCH 15/45] Corrected key value for passphrase_check in results dict --- plugins/modules/cert_info.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/cert_info.py b/plugins/modules/cert_info.py index 3d1d6608..9e597f44 100644 --- a/plugins/modules/cert_info.py +++ b/plugins/modules/cert_info.py @@ -36,7 +36,7 @@ def run_module(): serial_number='', subject='', version='', - passphrase_check='' + passphrase_check=True ) # the AnsibleModule object From 6267d8798c1eefc75c5b487525ee85da6e6c715a Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 16:19:13 +0200 Subject: [PATCH 16/45] Added task to molecule scenario to check correct passphrase in passphrase_check mode --- molecule/plugins/converge.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/molecule/plugins/converge.yml b/molecule/plugins/converge.yml index a8373fa8..f37679f0 100644 --- a/molecule/plugins/converge.yml +++ b/molecule/plugins/converge.yml @@ -46,7 +46,16 @@ cert_info: path: files/es-ca/elastic-stack-ca.p12 passphrase: PleaseChangeMe-wrong - passphrase_check: True + passphrase_check: true + register: pass_check + - name: Debug + debug: + msg: "{{ pass_check }}" + - name: Test correct passphrase wit passphrase_check parameter + cert_info: + path: files/es-ca/elastic-stack-ca.p12 + passphrase: PleaseChangeMe + passphrase_check: true register: pass_check - name: Debug debug: From ea70b6d313b3640fe133f028bf0285216a963db1 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 16:33:48 +0200 Subject: [PATCH 17/45] Set passphrase_check result if mode is disabled --- plugins/module_utils/certs.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/module_utils/certs.py b/plugins/module_utils/certs.py index 75d3aeeb..6f04df2a 100644 --- a/plugins/module_utils/certs.py +++ b/plugins/module_utils/certs.py @@ -115,6 +115,7 @@ def load_certificate(self): self.result["passphrase_check"] = False self.module.exit_json(**self.result) else: + self.result["passphrase_check"] = False self.module.fail_json(msg='ValueError: %s' % to_native(e)) except Exception: self.module.log( @@ -141,6 +142,7 @@ def load_certificate(self): self.result["passphrase_check"] = False self.module.exit_json(**self.result) else: + self.result["passphrase_check"] = False self.module.fail_json(msg='ValueError: %s' % to_native(e)) if loaded: # map loaded certificate to object From 5b543cb58643d03591a1291bb22301c434a723c1 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 16:35:55 +0200 Subject: [PATCH 18/45] Only map certificate if passphrase_check mode is disabled --- plugins/module_utils/certs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/module_utils/certs.py b/plugins/module_utils/certs.py index 6f04df2a..0eeed473 100644 --- a/plugins/module_utils/certs.py +++ b/plugins/module_utils/certs.py @@ -144,7 +144,7 @@ def load_certificate(self): else: self.result["passphrase_check"] = False self.module.fail_json(msg='ValueError: %s' % to_native(e)) - if loaded: + if loaded and not self.__passphrase_check: # map loaded certificate to object self.__private_key = __pkcs12_tuple[0] self.__cert = __pkcs12_tuple[1] From 630fb4a6364b655616255d9b6307fb8f8865da87 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Mon, 28 Aug 2023 16:37:44 +0200 Subject: [PATCH 19/45] Optimized code by 2 lines --- plugins/module_utils/certs.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/plugins/module_utils/certs.py b/plugins/module_utils/certs.py index 0eeed473..542e0891 100644 --- a/plugins/module_utils/certs.py +++ b/plugins/module_utils/certs.py @@ -111,11 +111,10 @@ def load_certificate(self): ) loaded = True except ValueError as e: + self.result["passphrase_check"] = False if self.__passphrase_check: - self.result["passphrase_check"] = False self.module.exit_json(**self.result) else: - self.result["passphrase_check"] = False self.module.fail_json(msg='ValueError: %s' % to_native(e)) except Exception: self.module.log( @@ -138,11 +137,10 @@ def load_certificate(self): ) loaded = True except ValueError as e: + self.result["passphrase_check"] = False if self.__passphrase_check: - self.result["passphrase_check"] = False self.module.exit_json(**self.result) else: - self.result["passphrase_check"] = False self.module.fail_json(msg='ValueError: %s' % to_native(e)) if loaded and not self.__passphrase_check: # map loaded certificate to object From b3535e10147a7c33fa797fdd5c273d754aac477e Mon Sep 17 00:00:00 2001 From: DanOPT Date: Tue, 29 Aug 2023 15:12:23 +0200 Subject: [PATCH 20/45] Added unit tests --- tests/unit/plugins/modules/test_cert_info.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/unit/plugins/modules/test_cert_info.py b/tests/unit/plugins/modules/test_cert_info.py index 4151576e..92131a48 100644 --- a/tests/unit/plugins/modules/test_cert_info.py +++ b/tests/unit/plugins/modules/test_cert_info.py @@ -131,6 +131,23 @@ def test_module_exit_when_path_and_password_correct(self): }) cert_info.main() + def test_module_exit_when_password_wrong_with_passphrase_check(self): + with self.assertRaises(AnsibleExitJson): + set_module_args({ + 'path': 'molecule/plugins/files/es-ca/elastic-stack-ca.p12', + 'passphrase': 'PleaseChangeMe-Wrong', + 'passphrase_check': True + }) + cert_info.main() + + def test_module_exit_when_password_correct_with_passphrase_check(self): + with self.assertRaises(AnsibleExitJson): + set_module_args({ + 'path': 'molecule/plugins/files/es-ca/elastic-stack-ca.p12', + 'passphrase': 'PleaseChangeMe', + 'passphrase_check': True + }) + cert_info.main() if __name__ == '__main__': unittest.main() From 47b1f4d54b481289a89bb70381e63179887b270c Mon Sep 17 00:00:00 2001 From: DanOPT Date: Wed, 30 Aug 2023 11:53:51 +0200 Subject: [PATCH 21/45] Revert last commit --- tests/unit/plugins/modules/test_cert_info.py | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/tests/unit/plugins/modules/test_cert_info.py b/tests/unit/plugins/modules/test_cert_info.py index 92131a48..4151576e 100644 --- a/tests/unit/plugins/modules/test_cert_info.py +++ b/tests/unit/plugins/modules/test_cert_info.py @@ -131,23 +131,6 @@ def test_module_exit_when_path_and_password_correct(self): }) cert_info.main() - def test_module_exit_when_password_wrong_with_passphrase_check(self): - with self.assertRaises(AnsibleExitJson): - set_module_args({ - 'path': 'molecule/plugins/files/es-ca/elastic-stack-ca.p12', - 'passphrase': 'PleaseChangeMe-Wrong', - 'passphrase_check': True - }) - cert_info.main() - - def test_module_exit_when_password_correct_with_passphrase_check(self): - with self.assertRaises(AnsibleExitJson): - set_module_args({ - 'path': 'molecule/plugins/files/es-ca/elastic-stack-ca.p12', - 'passphrase': 'PleaseChangeMe', - 'passphrase_check': True - }) - cert_info.main() if __name__ == '__main__': unittest.main() From 0c50189e820b8ae361b539d88bfa463b08c6548c Mon Sep 17 00:00:00 2001 From: DanOPT Date: Wed, 30 Aug 2023 15:31:11 +0200 Subject: [PATCH 22/45] Redesigned checks in unit tests --- tests/unit/plugins/modules/test_cert_info.py | 38 +++++++++++++++++--- 1 file changed, 33 insertions(+), 5 deletions(-) diff --git a/tests/unit/plugins/modules/test_cert_info.py b/tests/unit/plugins/modules/test_cert_info.py index 4151576e..99710072 100644 --- a/tests/unit/plugins/modules/test_cert_info.py +++ b/tests/unit/plugins/modules/test_cert_info.py @@ -70,12 +70,22 @@ def exit_json(*args, **kwargs): checks_passed = True - # check every item in certificate if it matches with the result - # and if that fails, don't catch the Exception, so the test will fail - for item in certificate: - if certificate[item] != kwargs[item]: + # only if passphrase_check mode is disabled + if args['passphrase_check'] is False: + # check every item in certificate if it matches with the result + # and if that fails, don't catch the Exception, so the test will fail + for item in certificate: + if certificate[item] != kwargs[item]: + checks_passed = False + # if passphrase_check mode is enabled + else: + # fail checks, if passphrase is wrong and passphrase_check kwarg is not False + if args['passphrase'] is 'PleaseChangeMe-Wrong' and kwargs['passphrase_check'] is not False: checks_passed = False - + # fail checks, if passphrase is correct and passphrase_check kwarg is not True + if args['passphrase'] is 'PleaseChangeMe' and kwargs['passphrase_check'] is not True: + checks_passed = False + if checks_passed: raise AnsibleExitJson(kwargs) @@ -131,6 +141,24 @@ def test_module_exit_when_path_and_password_correct(self): }) cert_info.main() + def test_module_exit_when_password_wrong_with_passphrase_check(self): + with self.assertRaises(AnsibleExitJson): + set_module_args({ + 'path': 'molecule/plugins/files/es-ca/elastic-stack-ca.p12', + 'passphrase': 'PleaseChangeMe-Wrong', + 'passphrase_check': True + }) + cert_info.main() + + def test_module_exit_when_password_correct_with_passphrase_check(self): + with self.assertRaises(AnsibleExitJson): + set_module_args({ + 'path': 'molecule/plugins/files/es-ca/elastic-stack-ca.p12', + 'passphrase': 'PleaseChangeMe', + 'passphrase_check': True + }) + cert_info.main() + if __name__ == '__main__': unittest.main() From 9b7ebbf493eb834c45b715fd331cc0eb4653ae42 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Wed, 30 Aug 2023 15:32:28 +0200 Subject: [PATCH 23/45] Typo --- tests/unit/plugins/modules/test_cert_info.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/unit/plugins/modules/test_cert_info.py b/tests/unit/plugins/modules/test_cert_info.py index 99710072..a9b7b811 100644 --- a/tests/unit/plugins/modules/test_cert_info.py +++ b/tests/unit/plugins/modules/test_cert_info.py @@ -55,6 +55,7 @@ class AnsibleExitJson(Exception): """Exception class to be raised by module.exit_json and caught by the test case""" pass + class AnsibleFailJson(Exception): """Exception class to be raised by module.fail_json and caught by the test case""" pass From 8ce9d6a1530311a39148dccae74416bf64b479f6 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Wed, 30 Aug 2023 15:35:59 +0200 Subject: [PATCH 24/45] Debug --- tests/unit/plugins/modules/test_cert_info.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/unit/plugins/modules/test_cert_info.py b/tests/unit/plugins/modules/test_cert_info.py index a9b7b811..d6348c81 100644 --- a/tests/unit/plugins/modules/test_cert_info.py +++ b/tests/unit/plugins/modules/test_cert_info.py @@ -71,6 +71,7 @@ def exit_json(*args, **kwargs): checks_passed = True + print(args) # only if passphrase_check mode is disabled if args['passphrase_check'] is False: # check every item in certificate if it matches with the result From a78a42b3181fab2d9cc451f04b8f287427ed957b Mon Sep 17 00:00:00 2001 From: DanOPT Date: Wed, 30 Aug 2023 15:40:23 +0200 Subject: [PATCH 25/45] Debug --- tests/unit/plugins/modules/test_cert_info.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit/plugins/modules/test_cert_info.py b/tests/unit/plugins/modules/test_cert_info.py index d6348c81..00be8a9d 100644 --- a/tests/unit/plugins/modules/test_cert_info.py +++ b/tests/unit/plugins/modules/test_cert_info.py @@ -71,7 +71,7 @@ def exit_json(*args, **kwargs): checks_passed = True - print(args) + print(args[0]) # only if passphrase_check mode is disabled if args['passphrase_check'] is False: # check every item in certificate if it matches with the result From 64eb7c9ce3d80399536155fd421f1123d87929b7 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Wed, 30 Aug 2023 15:43:05 +0200 Subject: [PATCH 26/45] Debug --- tests/unit/plugins/modules/test_cert_info.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/unit/plugins/modules/test_cert_info.py b/tests/unit/plugins/modules/test_cert_info.py index 00be8a9d..2e4c5bad 100644 --- a/tests/unit/plugins/modules/test_cert_info.py +++ b/tests/unit/plugins/modules/test_cert_info.py @@ -82,10 +82,10 @@ def exit_json(*args, **kwargs): # if passphrase_check mode is enabled else: # fail checks, if passphrase is wrong and passphrase_check kwarg is not False - if args['passphrase'] is 'PleaseChangeMe-Wrong' and kwargs['passphrase_check'] is not False: + if args['passphrase'] == 'PleaseChangeMe-Wrong' and kwargs['passphrase_check'] is not False: checks_passed = False # fail checks, if passphrase is correct and passphrase_check kwarg is not True - if args['passphrase'] is 'PleaseChangeMe' and kwargs['passphrase_check'] is not True: + if args['passphrase'] == 'PleaseChangeMe' and kwargs['passphrase_check'] is not True: checks_passed = False if checks_passed: From a4e27b89bb68dc4c79279448d0135db5f8be3e7d Mon Sep 17 00:00:00 2001 From: DanOPT Date: Wed, 30 Aug 2023 15:47:46 +0200 Subject: [PATCH 27/45] Debug --- tests/unit/plugins/modules/test_cert_info.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit/plugins/modules/test_cert_info.py b/tests/unit/plugins/modules/test_cert_info.py index 2e4c5bad..3ee8ce77 100644 --- a/tests/unit/plugins/modules/test_cert_info.py +++ b/tests/unit/plugins/modules/test_cert_info.py @@ -71,7 +71,7 @@ def exit_json(*args, **kwargs): checks_passed = True - print(args[0]) + print(**args[0]) # only if passphrase_check mode is disabled if args['passphrase_check'] is False: # check every item in certificate if it matches with the result From 521be995c0b4fb565fb8c6c6e2b69c836c696cd0 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Wed, 30 Aug 2023 15:50:38 +0200 Subject: [PATCH 28/45] Debug --- tests/unit/plugins/modules/test_cert_info.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit/plugins/modules/test_cert_info.py b/tests/unit/plugins/modules/test_cert_info.py index 3ee8ce77..2e4c5bad 100644 --- a/tests/unit/plugins/modules/test_cert_info.py +++ b/tests/unit/plugins/modules/test_cert_info.py @@ -71,7 +71,7 @@ def exit_json(*args, **kwargs): checks_passed = True - print(**args[0]) + print(args[0]) # only if passphrase_check mode is disabled if args['passphrase_check'] is False: # check every item in certificate if it matches with the result From ceacd1d9a7948f4e1e236e89e05732f577323c1e Mon Sep 17 00:00:00 2001 From: DanOPT Date: Thu, 31 Aug 2023 11:57:40 +0200 Subject: [PATCH 29/45] Fixed argument check --- tests/unit/plugins/modules/test_cert_info.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/unit/plugins/modules/test_cert_info.py b/tests/unit/plugins/modules/test_cert_info.py index 2e4c5bad..b4d9b34a 100644 --- a/tests/unit/plugins/modules/test_cert_info.py +++ b/tests/unit/plugins/modules/test_cert_info.py @@ -4,6 +4,7 @@ from unittest.mock import patch from ansible.module_utils import basic from ansible.module_utils.common.text.converters import to_bytes + sys.path.append('/home/runner/.ansible/collections/') from ansible_collections.netways.elasticstack.plugins.modules import cert_info @@ -73,7 +74,7 @@ def exit_json(*args, **kwargs): print(args[0]) # only if passphrase_check mode is disabled - if args['passphrase_check'] is False: + if args[0].params['passphrase_check'] is False: # check every item in certificate if it matches with the result # and if that fails, don't catch the Exception, so the test will fail for item in certificate: @@ -82,10 +83,10 @@ def exit_json(*args, **kwargs): # if passphrase_check mode is enabled else: # fail checks, if passphrase is wrong and passphrase_check kwarg is not False - if args['passphrase'] == 'PleaseChangeMe-Wrong' and kwargs['passphrase_check'] is not False: + if args[0].params['passphrase'] == 'PleaseChangeMe-Wrong' and kwargs['passphrase_check'] is not False: checks_passed = False # fail checks, if passphrase is correct and passphrase_check kwarg is not True - if args['passphrase'] == 'PleaseChangeMe' and kwargs['passphrase_check'] is not True: + if args[0].params['passphrase'] == 'PleaseChangeMe' and kwargs['passphrase_check'] is not True: checks_passed = False if checks_passed: From e25fe8fe86717a9a02c346fe2d1d48eff3888620 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Thu, 31 Aug 2023 11:58:19 +0200 Subject: [PATCH 30/45] Removed print statement --- tests/unit/plugins/modules/test_cert_info.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/unit/plugins/modules/test_cert_info.py b/tests/unit/plugins/modules/test_cert_info.py index b4d9b34a..dfc8c4a6 100644 --- a/tests/unit/plugins/modules/test_cert_info.py +++ b/tests/unit/plugins/modules/test_cert_info.py @@ -72,7 +72,6 @@ def exit_json(*args, **kwargs): checks_passed = True - print(args[0]) # only if passphrase_check mode is disabled if args[0].params['passphrase_check'] is False: # check every item in certificate if it matches with the result From 70d8dce79c44d95486e056243bc4403a7f4f3be1 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Thu, 31 Aug 2023 12:22:57 +0200 Subject: [PATCH 31/45] Removed redundant exceptions in cert_info module --- plugins/modules/cert_info.py | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/plugins/modules/cert_info.py b/plugins/modules/cert_info.py index 9e597f44..57cc8855 100644 --- a/plugins/modules/cert_info.py +++ b/plugins/modules/cert_info.py @@ -49,13 +49,8 @@ def run_module(): if module.check_mode: module.exit_json(**result) - try: - cert_info = AnalyzeCertificate(module, result) - result = cert_info.return_result() - except ValueError as e: - module.fail_json(msg='ValueError: %s' % to_native(e)) - except Exception as e: - module.fail_json(msg='Exception: %s: %s' % (to_native(type(e)), to_native(e))) + cert_info = AnalyzeCertificate(module, result) + result = cert_info.return_result() module.exit_json(**result) From fbe587196e424b79bd4088b74ea0915d19021ca4 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Thu, 31 Aug 2023 12:42:50 +0200 Subject: [PATCH 32/45] Test functionallity of unit test again --- tests/unit/plugins/modules/test_cert_info.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/unit/plugins/modules/test_cert_info.py b/tests/unit/plugins/modules/test_cert_info.py index dfc8c4a6..2ffd9b92 100644 --- a/tests/unit/plugins/modules/test_cert_info.py +++ b/tests/unit/plugins/modules/test_cert_info.py @@ -73,7 +73,7 @@ def exit_json(*args, **kwargs): checks_passed = True # only if passphrase_check mode is disabled - if args[0].params['passphrase_check'] is False: + if args[0].params['passphrase_check'] is not True: # check every item in certificate if it matches with the result # and if that fails, don't catch the Exception, so the test will fail for item in certificate: @@ -82,10 +82,10 @@ def exit_json(*args, **kwargs): # if passphrase_check mode is enabled else: # fail checks, if passphrase is wrong and passphrase_check kwarg is not False - if args[0].params['passphrase'] == 'PleaseChangeMe-Wrong' and kwargs['passphrase_check'] is not False: + if args[0].params['passphrase'] == 'PleaseChangeMe-Wrong' and kwargs['passphrase_check'] is True: checks_passed = False # fail checks, if passphrase is correct and passphrase_check kwarg is not True - if args[0].params['passphrase'] == 'PleaseChangeMe' and kwargs['passphrase_check'] is not True: + if args[0].params['passphrase'] == 'PleaseChangeMe' and kwargs['passphrase_check'] is not False: checks_passed = False if checks_passed: From e6b11f329f900f461ceda9ea01353fb1d8de9208 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Thu, 31 Aug 2023 12:46:08 +0200 Subject: [PATCH 33/45] Removed debug test --- tests/unit/plugins/modules/test_cert_info.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit/plugins/modules/test_cert_info.py b/tests/unit/plugins/modules/test_cert_info.py index 2ffd9b92..963e663b 100644 --- a/tests/unit/plugins/modules/test_cert_info.py +++ b/tests/unit/plugins/modules/test_cert_info.py @@ -85,7 +85,7 @@ def exit_json(*args, **kwargs): if args[0].params['passphrase'] == 'PleaseChangeMe-Wrong' and kwargs['passphrase_check'] is True: checks_passed = False # fail checks, if passphrase is correct and passphrase_check kwarg is not True - if args[0].params['passphrase'] == 'PleaseChangeMe' and kwargs['passphrase_check'] is not False: + if args[0].params['passphrase'] == 'PleaseChangeMe' and kwargs['passphrase_check'] is False: checks_passed = False if checks_passed: From e85a6b8e16879797b628ca36c44632c26ed52eeb Mon Sep 17 00:00:00 2001 From: DanOPT Date: Thu, 31 Aug 2023 13:11:38 +0200 Subject: [PATCH 34/45] Added documentation for new parameter --- plugins/README.md | 28 ++-------------------- plugins/modules/README.md | 49 +++++++++++++++++++++++++++++++++++---- 2 files changed, 47 insertions(+), 30 deletions(-) diff --git a/plugins/README.md b/plugins/README.md index 29aa3195..78ce9c53 100644 --- a/plugins/README.md +++ b/plugins/README.md @@ -1,31 +1,7 @@ # Collections Plugins Directory -This directory can be used to ship various plugins inside an Ansible collection. Each plugin is placed in a folder that -is named after the type of plugin it is in. It can also include the `module_utils` and `modules` directory that -would contain module utils and modules respectively. - -Here is an example directory of the majority of plugins currently supported by Ansible: - ``` └── plugins - ├── action - ├── become - ├── cache - ├── callback - ├── cliconf - ├── connection - ├── filter - ├── httpapi - ├── inventory - ├── lookup - ├── module_utils - ├── modules - ├── netconf - ├── shell - ├── strategy - ├── terminal - ├── test - └── vars + ├── [module_utils](https://github.com/NETWAYS/ansible-collection-elasticstack/tree/main/plugins/module_utils) + └── [modules](https://github.com/NETWAYS/ansible-collection-elasticstack/tree/main/plugins/modules) ``` - -A full list of plugin types can be found at [Working With Plugins](https://docs.ansible.com/ansible-core/2.13/plugins/plugins.html). diff --git a/plugins/modules/README.md b/plugins/modules/README.md index 18f7344d..8d118e70 100644 --- a/plugins/modules/README.md +++ b/plugins/modules/README.md @@ -14,7 +14,7 @@ ## `cert_info` module -The netways.elasticstack.cert_info module gathers information about pkcs12 certificates generated by the Elastic stack cert util. +The netways.elasticstack.cert_info module gathers information about pkcs12 certificates generated by the Elasticstack cert util. ### Dependencies - python-cryptography >= 2.5.0 on the remote node @@ -71,9 +71,11 @@ Currently, the information of the following extensions and values will be return `path`: Absolute path to certificate. (**Default:** undefined, required) -`password`: -The password of the pkcs12 certificate. (**Default:** No default, optional) +`passphrase`: +The passphrase of the pkcs12 certificate. (**Default:** No default, optional) +`passphrase_check`: +This will only check the passphrase and returns a bool in the results. If enabled it won't return any certificate information, only the passphrase_check result. (**Default:** False, optional) ### Returns All keys and values that will be returned with the results variable of the module: @@ -101,12 +103,15 @@ The serial number of the certificate as **str** which represents an integer. - `critical`: The value of critical as **str** which represents a bool. - `values`: The keys and their values of the extension as **str**. (See: Supported extensions) +`passphrase_check`: +A **bool** that will be `True` if the passphrase check was positive and `False`, if not. It's also possible that it returns `False` if the certificate is corrupted, since Python can't differentiate it and handles exceptions like this as a "VauleError". + ### Example ``` - name: Test cert_info: path: /opt/es-ca/elasticsearch-ca.pkcs12 - password: PleaseChangeMe + passphrase: PleaseChangeMe register: test - name: Debug @@ -156,3 +161,39 @@ ok: [localhost] => { } } ``` + +### Example of passphrase_check +``` +- name: Test correct passphrase wit passphrase_check parameter + cert_info: + path: /opt/es-ca/elasticsearch-ca.pkcs12 + passphrase: PleaseChangeMe + passphrase_check: True + register: test + +- name: Debug + debug: + msg: "{{ test }}" +``` + +**Output**: +``` +TASK [Test correct passphrase wit passphrase_check parameter] ****************** +ok: [localhost] + +TASK [Debug] ******************************************************************* +ok: [localhost] => { + "msg": { + "changed": false, + "extensions": {}, + "failed": false, + "issuer": "", + "not_valid_after": "", + "not_valid_before": "", + "passphrase_check": true, + "serial_number": "", + "subject": "", + "version": "" + } +} +``` \ No newline at end of file From 3d6190445c832f5fc48a9fd543d151064f18e991 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Thu, 31 Aug 2023 13:16:36 +0200 Subject: [PATCH 35/45] Updated plugins overview --- plugins/README.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/plugins/README.md b/plugins/README.md index 78ce9c53..fa75fae6 100644 --- a/plugins/README.md +++ b/plugins/README.md @@ -1,7 +1,8 @@ # Collections Plugins Directory -``` -└── plugins - ├── [module_utils](https://github.com/NETWAYS/ansible-collection-elasticstack/tree/main/plugins/module_utils) - └── [modules](https://github.com/NETWAYS/ansible-collection-elasticstack/tree/main/plugins/modules) -``` +## Overview +- [module_utils](https://github.com/NETWAYS/ansible-collection-elasticstack/tree/main/plugins/module_utils) + - [`certs` module util]https://github.com/NETWAYS/ansible-collection-elasticstack/tree/main/plugins/module_utils +- [modules](https://github.com/NETWAYS/ansible-collection-elasticstack/tree/main/plugins/modules) + - [`cert_info` module](https://github.com/NETWAYS/ansible-collection-elasticstack/tree/main/plugins/modules) + \ No newline at end of file From 002f6d2b8dff8057757849e02681a6f5176bac14 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Thu, 31 Aug 2023 13:17:44 +0200 Subject: [PATCH 36/45] Fixed typo --- plugins/module_utils/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/module_utils/README.md b/plugins/module_utils/README.md index 405b9c68..16e77383 100644 --- a/plugins/module_utils/README.md +++ b/plugins/module_utils/README.md @@ -9,7 +9,7 @@ Since binascii.hexlify doesn't support a second parameter, which would define a seperator (e.g. ":") for hex strings in older Python versions like 2.6 and 2.7, we implemeted a small function to get similar results. -**Parameter:** A __bytes__ object that represent a hexadecimal value (e.g. b'\\x82S \\x11\\xc7s\\xa7^*w\\xc1\\xdf\"\\xe4#\\xb4\\xc4P\\xba\\xcf') +**Parameter:** A __bytes__ string that represent a hexadecimal value (e.g. b'\\x82S \\x11\\xc7s\\xa7^*w\\xc1\\xdf\"\\xe4#\\xb4\\xc4P\\xba\\xcf') **Return:** A hexadecimal __string__ seperated by colons (e.g. "82:53:20:11:C7:73:A7:5E:2A:77:C1:DF:22:E4:23:B4:C4:50:BA:CF") From 8773c0702dff1d9a382783bbd925c1b67ecf75ba Mon Sep 17 00:00:00 2001 From: DanOPT Date: Thu, 31 Aug 2023 13:18:55 +0200 Subject: [PATCH 37/45] Fixed typo --- plugins/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/README.md b/plugins/README.md index fa75fae6..e984d5ed 100644 --- a/plugins/README.md +++ b/plugins/README.md @@ -2,7 +2,7 @@ ## Overview - [module_utils](https://github.com/NETWAYS/ansible-collection-elasticstack/tree/main/plugins/module_utils) - - [`certs` module util]https://github.com/NETWAYS/ansible-collection-elasticstack/tree/main/plugins/module_utils + - [`certs` module util](https://github.com/NETWAYS/ansible-collection-elasticstack/tree/main/plugins/module_utils) - [modules](https://github.com/NETWAYS/ansible-collection-elasticstack/tree/main/plugins/modules) - [`cert_info` module](https://github.com/NETWAYS/ansible-collection-elasticstack/tree/main/plugins/modules) \ No newline at end of file From 1ed7144deffe7841070570ac2c346469209b47d0 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Thu, 31 Aug 2023 13:19:46 +0200 Subject: [PATCH 38/45] Fixed typo --- plugins/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/README.md b/plugins/README.md index e984d5ed..6b2da9ee 100644 --- a/plugins/README.md +++ b/plugins/README.md @@ -1,4 +1,4 @@ -# Collections Plugins Directory +# `netways.elasticstack` Plugins Directory ## Overview - [module_utils](https://github.com/NETWAYS/ansible-collection-elasticstack/tree/main/plugins/module_utils) From 75a64bbf406370651ec04c18e426dcfaaf2b8707 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Thu, 31 Aug 2023 13:20:38 +0200 Subject: [PATCH 39/45] Fixed typo --- plugins/module_utils/README.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/plugins/module_utils/README.md b/plugins/module_utils/README.md index 16e77383..4b7a2693 100644 --- a/plugins/module_utils/README.md +++ b/plugins/module_utils/README.md @@ -1,9 +1,6 @@ # Documentation: netways.elasticstack module_utils -## Overview -- [`certs` module_util](#cert_info-module) - -## `netways.elasticstack.certs` function +## `netways.elasticstack.certs` functions ### `bytes_to_hex()` function From 6ef199cf8ff704bad9440b22cf7c5896bb8c0ddb Mon Sep 17 00:00:00 2001 From: DanOPT Date: Thu, 31 Aug 2023 13:22:08 +0200 Subject: [PATCH 40/45] Fixed typo --- molecule/plugins/converge.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/molecule/plugins/converge.yml b/molecule/plugins/converge.yml index a3ab3f09..e45a9b55 100644 --- a/molecule/plugins/converge.yml +++ b/molecule/plugins/converge.yml @@ -42,7 +42,7 @@ - name: Test no parameters cert_info: ignore_errors: true - - name: Test wrong passphrase wit passphrase_check parameter + - name: Test wrong passphrase with passphrase_check parameter cert_info: path: files/es-ca/elastic-stack-ca.p12 passphrase: PleaseChangeMe-wrong @@ -51,7 +51,7 @@ - name: Debug debug: msg: "{{ pass_check }}" - - name: Test correct passphrase wit passphrase_check parameter + - name: Test correct passphrase with passphrase_check parameter cert_info: path: files/es-ca/elastic-stack-ca.p12 passphrase: PleaseChangeMe From 10050290e8a0bd47e6b04a5fd95d2d3dba35fc19 Mon Sep 17 00:00:00 2001 From: Daniel Patrick Date: Mon, 11 Sep 2023 12:44:11 +0200 Subject: [PATCH 41/45] Typo - Update README.md --- plugins/modules/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/modules/README.md b/plugins/modules/README.md index 8d118e70..53807182 100644 --- a/plugins/modules/README.md +++ b/plugins/modules/README.md @@ -14,7 +14,7 @@ ## `cert_info` module -The netways.elasticstack.cert_info module gathers information about pkcs12 certificates generated by the Elasticstack cert util. +The netways.elasticstack.cert_info module gathers information about pkcs12 certificates generated by the Elastic Stack cert util. ### Dependencies - python-cryptography >= 2.5.0 on the remote node @@ -196,4 +196,4 @@ ok: [localhost] => { "version": "" } } -``` \ No newline at end of file +``` From e2fab52516e954f36be0ae32b3ae1db3029dcfbe Mon Sep 17 00:00:00 2001 From: Daniel Patrick Date: Mon, 11 Sep 2023 12:47:51 +0200 Subject: [PATCH 42/45] Added comment to unit tests --- tests/unit/plugins/modules/test_cert_info.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/unit/plugins/modules/test_cert_info.py b/tests/unit/plugins/modules/test_cert_info.py index 963e663b..0b84ee4d 100644 --- a/tests/unit/plugins/modules/test_cert_info.py +++ b/tests/unit/plugins/modules/test_cert_info.py @@ -143,6 +143,7 @@ def test_module_exit_when_path_and_password_correct(self): }) cert_info.main() + # Tests with passphrase_check mode set to True (default is False) def test_module_exit_when_password_wrong_with_passphrase_check(self): with self.assertRaises(AnsibleExitJson): set_module_args({ From 7f7ce1507580cde547152431c2768e74845e7dd7 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Thu, 28 Sep 2023 13:57:08 +0200 Subject: [PATCH 43/45] Added merge_group to GitHub Action --- .github/workflows/test_plugins.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test_plugins.yml b/.github/workflows/test_plugins.yml index 75de6cc5..707fc229 100644 --- a/.github/workflows/test_plugins.yml +++ b/.github/workflows/test_plugins.yml @@ -34,6 +34,7 @@ on: - 'molecule/plugins/**' - '.config/pep8.yml' - 'tests/**' + merge_group: jobs: pep8: From d70cb58339ef62199dfeda0af1cbf5ae517a0d2a Mon Sep 17 00:00:00 2001 From: DanOPT Date: Tue, 10 Oct 2023 16:12:54 +0200 Subject: [PATCH 44/45] Specified branch in merge_group --- .github/workflows/test_plugins.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test_plugins.yml b/.github/workflows/test_plugins.yml index 5833f423..8fc40e0c 100644 --- a/.github/workflows/test_plugins.yml +++ b/.github/workflows/test_plugins.yml @@ -35,6 +35,7 @@ on: - '.config/pep8.yml' - 'tests/**' merge_group: + branches: [ main ] jobs: pep8: From 69ac9019da7d8cd2ce1ba0db572942617d0bd911 Mon Sep 17 00:00:00 2001 From: DanOPT Date: Tue, 10 Oct 2023 16:34:39 +0200 Subject: [PATCH 45/45] Removed merge_group from test_plugins.yml --- .github/workflows/test_plugins.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/test_plugins.yml b/.github/workflows/test_plugins.yml index 8fc40e0c..3bd80ab0 100644 --- a/.github/workflows/test_plugins.yml +++ b/.github/workflows/test_plugins.yml @@ -34,8 +34,6 @@ on: - 'molecule/plugins/**' - '.config/pep8.yml' - 'tests/**' - merge_group: - branches: [ main ] jobs: pep8: