Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

java_cert: Remove redundant return #52879

Merged
merged 1 commit into from
Mar 13, 2019
Merged

java_cert: Remove redundant return #52879

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
104 changes: 46 additions & 58 deletions lib/ansible/modules/system/java_cert.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,15 @@
---
module: java_cert
version_added: '2.3'
short_description: Uses keytool to import/remove key from java keystore(cacerts)
short_description: Uses keytool to import/remove key from java keystore (cacerts)
description:
- This is a wrapper module around keytool, which can be used to import/remove
certificates from a given java keystore.
options:
cert_url:
description:
- Basic URL to fetch SSL certificate from.
- One of iC(cert_url) or C(cert_path) is required to load certificate.
- One of C(cert_url) or C(cert_path) is required to load certificate.
type: str
cert_port:
description:
Expand All @@ -34,7 +34,7 @@
cert_path:
description:
- Local path to load certificate from.
- One of cert_url or cert_path is required to load certificate.
- One of C(cert_url) or C(cert_path) is required to load certificate.
type: path
cert_alias:
description:
Expand Down Expand Up @@ -158,6 +158,7 @@
'''

import os
import re

# import module snippets
from ansible.module_utils.basic import AnsibleModule
Expand All @@ -166,7 +167,7 @@
def get_keystore_type(keystore_type):
''' Check that custom keystore is presented in parameters '''
if keystore_type:
return (" -storetype '%s'") % (keystore_type)
return " -storetype '%s'" % keystore_type
return ''


Expand All @@ -184,15 +185,14 @@ def check_cert_present(module, executable, keystore_path, keystore_pass, alias,

def import_cert_url(module, executable, url, port, keystore_path, keystore_pass, alias, keystore_type):
''' Import certificate from URL into keystore located at keystore_path '''
import re

https_proxy = os.getenv("https_proxy")
no_proxy = os.getenv("no_proxy")

proxy_opts = ''
if https_proxy is not None:
(proxy_host, proxy_port) = https_proxy.split(':')
proxy_opts = ("-J-Dhttps.proxyHost=%s -J-Dhttps.proxyPort=%s") % (proxy_host, proxy_port)
proxy_opts = "-J-Dhttps.proxyHost=%s -J-Dhttps.proxyPort=%s" % (proxy_host, proxy_port)

if no_proxy is not None:
# For Java's nonProxyHosts property, items are separated by '|',
Expand All @@ -202,17 +202,14 @@ def import_cert_url(module, executable, url, port, keystore_path, keystore_pass,

# The property name is http.nonProxyHosts, there is no
# separate setting for HTTPS.
proxy_opts += (" -J-Dhttp.nonProxyHosts='%s'") % (non_proxy_hosts)
proxy_opts += " -J-Dhttp.nonProxyHosts='%s'" % non_proxy_hosts

fetch_cmd = ("%s -printcert -rfc -sslserver %s %s:%d") % (executable, proxy_opts, url, port)
fetch_cmd = "%s -printcert -rfc -sslserver %s %s:%d" % (executable, proxy_opts, url, port)
import_cmd = ("%s -importcert -noprompt -keystore '%s' "
"-storepass '%s' -alias '%s' %s") % (executable, keystore_path,
keystore_pass, alias,
get_keystore_type(keystore_type))

if module.check_mode:
module.exit_json(changed=True)

# Fetch SSL certificate from remote host.
(_, fetch_out, _) = module.run_command(fetch_cmd, check_rc=True)

Expand All @@ -222,12 +219,12 @@ def import_cert_url(module, executable, url, port, keystore_path, keystore_pass,
check_rc=False)
diff = {'before': '\n', 'after': '%s\n' % alias}
if import_rc == 0:
return module.exit_json(changed=True, msg=import_out,
rc=import_rc, cmd=import_cmd, stdout=import_out,
diff=diff)
module.exit_json(changed=True, msg=import_out,
rc=import_rc, cmd=import_cmd, stdout=import_out,
diff=diff)
else:
return module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd,
error=import_err)
module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd,
error=import_err)


def import_cert_path(module, executable, path, keystore_path, keystore_pass, alias, keystore_type):
Expand All @@ -238,20 +235,17 @@ def import_cert_path(module, executable, path, keystore_path, keystore_pass, ali
keystore_pass, path, alias,
get_keystore_type(keystore_type))

if module.check_mode:
module.exit_json(changed=True)

# Use local certificate from local path and import it to a java keystore
(import_rc, import_out, import_err) = module.run_command(import_cmd,
check_rc=False)

diff = {'before': '\n', 'after': '%s\n' % alias}
if import_rc == 0:
return module.exit_json(changed=True, msg=import_out,
rc=import_rc, cmd=import_cmd, stdout=import_out,
error=import_err, diff=diff)
module.exit_json(changed=True, msg=import_out,
rc=import_rc, cmd=import_cmd, stdout=import_out,
error=import_err, diff=diff)
else:
return module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd)
module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd)


def import_pkcs12_path(module, executable, path, keystore_path, keystore_pass, pkcs12_pass, pkcs12_alias, alias, keystore_type):
Expand All @@ -263,45 +257,37 @@ def import_pkcs12_path(module, executable, path, keystore_path, keystore_pass, p
keystore_pass, path, pkcs12_pass, pkcs12_alias,
alias, get_keystore_type(keystore_type))

if module.check_mode:
module.exit_json(changed=True)

# Use local certificate from local path and import it to a java keystore
(import_rc, import_out, import_err) = module.run_command(import_cmd,
check_rc=False)

diff = {'before': '\n', 'after': '%s\n' % alias}
if import_rc == 0:
return module.exit_json(changed=True, msg=import_out,
rc=import_rc, cmd=import_cmd, stdout=import_out,
error=import_err, diff=diff)
module.exit_json(changed=True, msg=import_out,
rc=import_rc, cmd=import_cmd, stdout=import_out,
error=import_err, diff=diff)
else:
return module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd)
module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd)


def delete_cert(module, executable, keystore_path, keystore_pass, alias, keystore_type):
''' Delete certificate identified with alias from keystore on keystore_path '''
del_cmd = ("%s -delete -keystore '%s' -storepass '%s' "
"-alias '%s' %s") % (executable, keystore_path, keystore_pass, alias, get_keystore_type(keystore_type))

if module.check_mode:
module.exit_json(changed=True)

# Delete SSL certificate from keystore
(del_rc, del_out, del_err) = module.run_command(del_cmd, check_rc=True)

diff = {'before': '%s\n' % alias, 'after': None}

return module.exit_json(changed=True, msg=del_out,
rc=del_rc, cmd=del_cmd, stdout=del_out,
error=del_err, diff=diff)
module.exit_json(changed=True, msg=del_out,
rc=del_rc, cmd=del_cmd, stdout=del_out,
error=del_err, diff=diff)


def test_keytool(module, executable):
''' Test if keytool is actuall executable or not '''
test_cmd = "%s" % (executable)

module.run_command(test_cmd, check_rc=True)
''' Test if keytool is actually executable or not '''
module.run_command("%s" % executable, check_rc=True)


def test_keystore(module, keystore_path):
Expand All @@ -311,9 +297,7 @@ def test_keystore(module, keystore_path):

if not os.path.exists(keystore_path) and not os.path.isfile(keystore_path):
# Keystore doesn't exist we want to create it
return module.fail_json(changed=False,
msg="Module require existing keystore at keystore_path '%s'"
% (keystore_path))
module.fail_json(changed=False, msg="Module require existing keystore at keystore_path '%s'" % keystore_path)


def main():
Expand Down Expand Up @@ -363,7 +347,7 @@ def main():
if path and not cert_alias:
module.fail_json(changed=False,
msg="Using local path import from %s requires alias argument."
% (keystore_path))
% keystore_path)

test_keytool(module, executable)

Expand All @@ -373,23 +357,27 @@ def main():
cert_present = check_cert_present(module, executable, keystore_path,
keystore_pass, cert_alias, keystore_type)

if state == 'absent':
if cert_present:
delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type)
if state == 'absent' and cert_present:
if module.check_mode:
module.exit_json(changed=True)

delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type)

elif state == 'present' and not cert_present:
if module.check_mode:
module.exit_json(changed=True)

elif state == 'present':
if not cert_present:
if pkcs12_path:
import_pkcs12_path(module, executable, pkcs12_path, keystore_path,
keystore_pass, pkcs12_pass, pkcs12_alias, cert_alias, keystore_type)
if pkcs12_path:
import_pkcs12_path(module, executable, pkcs12_path, keystore_path,
keystore_pass, pkcs12_pass, pkcs12_alias, cert_alias, keystore_type)

if path:
import_cert_path(module, executable, path, keystore_path,
keystore_pass, cert_alias, keystore_type)
if path:
import_cert_path(module, executable, path, keystore_path,
keystore_pass, cert_alias, keystore_type)

if url:
import_cert_url(module, executable, url, port, keystore_path,
keystore_pass, cert_alias, keystore_type)
if url:
import_cert_url(module, executable, url, port, keystore_path,
keystore_pass, cert_alias, keystore_type)

module.exit_json(changed=False)

Expand Down