Add diff support (#150)

* Add diff support to openssl_privatekey. * Add diff support to openssl_csr. * Add diff support to x509_crl. * Add diff support to x509_certificate. * Add diff support to openssl_publickey. * Add changelog fragment. * Prefer one fingerprint for diff infos to reduce noise. * Apply suggestions from code review Co-authored-by: Ajpantuso <ajpantuso@gmail.com> Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
2026-05-06 13:22:58 +00:00 · 2021-05-23 21:25:23 +02:00
parent e9bc7c7163
commit 2bf0bb5fb3
11 changed files with 201 additions and 34 deletions
--- a/plugins/modules/openssl_publickey.py
+++ b/plugins/modules/openssl_publickey.py
@@ -203,6 +203,11 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.support im
    get_fingerprint,
 )

+from ansible_collections.community.crypto.plugins.module_utils.crypto.module_backends.publickey_info import (
+    PublicKeyParseError,
+    get_publickey_info,
+)
+
 MINIMAL_PYOPENSSL_VERSION = '16.0.0'
 MINIMAL_CRYPTOGRAPHY_VERSION = '1.2.3'
 MINIMAL_CRYPTOGRAPHY_VERSION_OPENSSH = '1.4'
@@ -244,6 +249,7 @@ class PublicKey(OpenSSLObject):
            module.params['force'],
            module.check_mode
        )
+        self.module = module
        self.format = module.params['format']
        self.privatekey_path = module.params['privatekey_path']
        self.privatekey_content = module.params['privatekey_content']
@@ -259,6 +265,23 @@ class PublicKey(OpenSSLObject):
        self.backup = module.params['backup']
        self.backup_file = None

+        self.diff_before = self._get_info(None)
+        self.diff_after = self._get_info(None)
+
+    def _get_info(self, data):
+        if data is None:
+            return dict()
+        result = dict(can_parse_key=False)
+        try:
+            result.update(get_publickey_info(
+                self.module, self.backend, content=data, prefer_one_fingerprint=True))
+            result['can_parse_key'] = True
+        except PublicKeyParseError as exc:
+            result.update(exc.result)
+        except Exception as exc:
+            pass
+        return result
+
    def _create_publickey(self, module):
        self.privatekey = load_privatekey(
            path=self.privatekey_path,
@@ -294,6 +317,7 @@ class PublicKey(OpenSSLObject):
        if not self.check(module, perms_required=False) or self.force:
            try:
                publickey_content = self._create_publickey(module)
+                self.diff_after = self._get_info(publickey_content)
                if self.return_content:
                    self.publickey_bytes = publickey_content

@@ -329,6 +353,7 @@ class PublicKey(OpenSSLObject):
            try:
                with open(self.path, 'rb') as public_key_fh:
                    publickey_content = public_key_fh.read()
+                self.diff_before = self.diff_after = self._get_info(publickey_content)
                if self.return_content:
                    self.publickey_bytes = publickey_content
                if self.backend == 'cryptography':
@@ -387,6 +412,11 @@ class PublicKey(OpenSSLObject):
                self.publickey_bytes = load_file_if_exists(self.path, ignore_errors=True)
            result['publickey'] = self.publickey_bytes.decode('utf-8') if self.publickey_bytes else None

+        result['diff'] = dict(
+            before=self.diff_before,
+            after=self.diff_after,
+        )
+
        return result


--- a/plugins/modules/x509_crl.py
+++ b/plugins/modules/x509_crl.py
@@ -409,6 +409,10 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.pem import
    identify_pem_format,
 )

+from ansible_collections.community.crypto.plugins.module_utils.crypto.module_backends.crl_info import (
+    get_crl_info,
+)
+
 MINIMAL_CRYPTOGRAPHY_VERSION = '1.2'

 CRYPTOGRAPHY_IMP_ERR = None
@@ -550,6 +554,19 @@ class CRL(OpenSSLObject):
        except Exception as dummy:
            self.crl_content = None
            self.actual_format = self.format
+            data = None
+
+        self.diff_after = self.diff_before = self._get_info(data)
+
+    def _get_info(self, data):
+        if data is None:
+            return dict()
+        try:
+            result = get_crl_info(self.module, data)
+            result['can_parse_crl'] = True
+            return result
+        except Exception as exc:
+            return dict(can_parse_crl=False)

    def remove(self):
        if self.backup:
@@ -681,6 +698,7 @@ class CRL(OpenSSLObject):
                result = self.crl.public_bytes(Encoding.DER)

        if result is not None:
+            self.diff_after = self._get_info(result)
            if self.return_content:
                if self.format == 'pem':
                    self.crl_content = result
@@ -742,6 +760,10 @@ class CRL(OpenSSLObject):
        if self.return_content:
            result['crl'] = self.crl_content

+        result['diff'] = dict(
+            before=self.diff_before,
+            after=self.diff_after,
+        )
        return result