Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update java_cert module #56778

Open
wants to merge 5 commits into
base: devel
from

Conversation

Projects
None yet
4 participants
@lukepafford
Copy link

commented May 22, 2019

The module previously compared certificates based on the alias name. It will now compare the SHA1 digest of the public certificates to determine if the certificate is present or absent. If the digests are not the same, then the module will overwrite the existing alias in the keystore

SUMMARY

Fixes #43249
Fixes #27982
Fixes #54481
The issue goes into detail as to why this change is neccessary.

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

java_cert

Updated java_cert module
The module previously compared certificates based on the alias name. It will now compare the SHA1 digest of the public certificates to determine if the certificate is present or absent. If the digests are not the same, then the module will overwrite the existing alias in the keystore

@lukepafford lukepafford changed the base branch from stable-2.8 to devel May 22, 2019

@ansibot

This comment has been minimized.

Copy link
Contributor

commented May 22, 2019

@lukepafford

This comment has been minimized.

Copy link
Author

commented May 23, 2019

This handles use cases for cert_path, and pkcs12_path, but not cert_url. I will reopen when I handle this scenario

@sivel sivel removed the needs_triage label May 23, 2019

@lukepafford

This comment has been minimized.

Copy link
Author

commented May 24, 2019

This will also fix issue #54481 as most of the functionality will be rewritten for downloading from a remote source.

Fixes issue #27982, #43249, and #54481
These issues are combined in a single commit because there were so many
modifications to how the module runs while fixing #43249, I discovered
the problems with #27982, and #54481 along the way.

Issue #43249 contains most of the changes. The fix rewrites a lot of
the modules functionality to ensure `state: present` behaves as expected,
so the integration tests should provide some confidence in the changes.

Issue #27982 lets you speicfy `state: absent` by providing only the
cert_alias, and not having to provide a dummy value with cert_path,
pkcs12_path, or cert_url.

Issue #54481 handles a proxy value where the scheme 'https://' is
provided with the host and port.

@lukepafford lukepafford reopened this May 25, 2019

@lukepafford

This comment has been minimized.

Copy link
Author

commented May 25, 2019

My commit history is pretty ugly, I'm not sure if you'll want me to squash everything into a single commit, or if the repository maintainers will handle that. Let me know if its fine.

@ansibot

This comment has been minimized.

Copy link
Contributor

commented May 27, 2019

Components

changelogs/fragments/java_cert-state_changes.yml
support: community
maintainers:

lib/ansible/modules/system/java_cert.py
support: community
maintainers: haad

test/integration/targets/java_cert/defaults/main.yml
support: community
maintainers: haad

test/integration/targets/java_cert/files/setupSSLServer.py
support: community
maintainers: haad

test/integration/targets/java_cert/tasks/main.yml
support: community
maintainers: haad

test/integration/targets/java_cert/tasks/state_change.yml
support: community
maintainers: haad

Metadata

waiting_on: maintainer
changes_requested_by: null
needs_info: False
needs_revision: False
needs_rebase: False
merge_commits: []
too many files or commits: False
mergeable_state: clean
shippable_status: success
maintainer_shipits (module maintainers): 0
community_shipits (namespace maintainers): 0
ansible_shipits (core team members): 0
shipit_actors (maintainer or core team member): []
shipit_actors_other: []
automerge: automerge shipit test failed

click here for bot help

@lukepafford

This comment has been minimized.

Copy link
Author

commented May 27, 2019

ready_for_review

@erickyamanaka

This comment has been minimized.

Copy link

commented May 28, 2019

👀

@ansibot ansibot added the stale_ci label Jun 5, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.