Avoid crash in check mode (#243)

* Do not let AnsibleModule crash when setting permissions on not yet existing files in check mode.

* Add tests.

* Fix bugs.

plugins/module_utils/crypto/support.py

@@ -371,6 +371,8 @@ class OpenSSLObject(object):
 
         def _check_perms(module):
             file_args = module.load_file_common_arguments(module.params)
+            if module.check_file_absent_if_check_mode(file_args['path']):
+                return False
             return not module.set_fs_attributes_if_different(file_args, False)
 
         if not perms_required:

plugins/module_utils/io.py

@@ -92,7 +92,8 @@ def write_file(module, content, default_mode=None, path=None):
         # Move tempfile to final destination
         module.atomic_move(tmp_name, file_args['path'])
         # Try to update permissions again
-        module.set_fs_attributes_if_different(file_args, False)
+        if not module.check_file_absent_if_check_mode(file_args['path']):
+            module.set_fs_attributes_if_different(file_args, False)
     except Exception as e:
         try:
             os.remove(tmp_name)

plugins/module_utils/openssh/backends/keypair_backend.py

@@ -207,6 +207,8 @@ class KeypairBackend(object):
         file_args = self.module.load_file_common_arguments(self.module.params)
         if public_key:
             file_args['path'] = file_args['path'] + '.pub'
+        if self.module.check_file_absent_if_check_mode(file_args['path']):
+            return True
         return self.module.set_fs_attributes_if_different(file_args, False)
 
     @property

plugins/modules/openssh_cert.py

@@ -364,7 +364,9 @@ class Certificate(object):
                 module.fail_json(msg="%s" % to_native(e))
 
         file_args = module.load_file_common_arguments(module.params)
-        if module.set_fs_attributes_if_different(file_args, False):
+        if module.check_file_absent_if_check_mode(file_args['path']):
+            self.changed = True
+        elif module.set_fs_attributes_if_different(file_args, False):
             self.changed = True
 
     def convert_to_datetime(self, module, timestring):

plugins/modules/openssl_csr.py

@@ -286,7 +286,10 @@ class CertificateSigningRequestModule(OpenSSLObject):
             self.changed = True
 
         file_args = module.load_file_common_arguments(module.params)
-        self.changed = module.set_fs_attributes_if_different(file_args, self.changed)
+        if module.check_file_absent_if_check_mode(file_args['path']):
+            self.changed = True
+        else:
+            self.changed = module.set_fs_attributes_if_different(file_args, self.changed)
 
     def remove(self, module):
         self.module_backend.set_existing(None)

plugins/modules/openssl_dhparam.py

@@ -221,9 +221,9 @@ class DHParameterBase(object):
     def _check_fs_attributes(self, module):
         """Checks (and changes if not in check mode!) fs attributes"""
         file_args = module.load_file_common_arguments(module.params)
-        attrs_changed = module.set_fs_attributes_if_different(file_args, False)
-
-        return not attrs_changed
+        if module.check_file_absent_if_check_mode(file_args['path']):
+            return False
+        return not module.set_fs_attributes_if_different(file_args, False)
 
     def dump(self):
         """Serialize the object into a dictionary."""

plugins/modules/openssl_pkcs12.py

@@ -733,7 +733,9 @@ def main():
                     changed = True
 
             file_args = module.load_file_common_arguments(module.params)
-            if module.set_fs_attributes_if_different(file_args, changed):
+            if module.check_file_absent_if_check_mode(file_args['path']):
+                changed = True
+            elif module.set_fs_attributes_if_different(file_args, changed):
                 changed = True
         else:
             if module.check_mode:

plugins/modules/openssl_privatekey.py

@@ -214,7 +214,10 @@ class PrivateKeyModule(OpenSSLObject):
             self.changed = True
 
         file_args = module.load_file_common_arguments(module.params)
-        self.changed = module.set_fs_attributes_if_different(file_args, self.changed)
+        if module.check_file_absent_if_check_mode(file_args['path']):
+            self.changed = True
+        else:
+            self.changed = module.set_fs_attributes_if_different(file_args, self.changed)
 
     def remove(self, module):
         self.module_backend.set_existing(None)

plugins/modules/openssl_publickey.py

@@ -338,7 +338,9 @@ class PublicKey(OpenSSLObject):
             backend=self.backend,
         )
         file_args = module.load_file_common_arguments(module.params)
-        if module.set_fs_attributes_if_different(file_args, False):
+        if module.check_file_absent_if_check_mode(file_args['path']):
+            self.changed = True
+        elif module.set_fs_attributes_if_different(file_args, False):
             self.changed = True
 
     def check(self, module, perms_required=True):

plugins/modules/x509_certificate.py

@@ -472,7 +472,10 @@ class GenericCertificate(OpenSSLObject):
             self.changed = True
 
         file_args = module.load_file_common_arguments(module.params)
-        self.changed = module.set_fs_attributes_if_different(file_args, self.changed)
+        if module.check_file_absent_if_check_mode(file_args['path']):
+            self.changed = True
+        else:
+            self.changed = module.set_fs_attributes_if_different(file_args, self.changed)
 
     def check(self, module, perms_required=True):
         """Ensure the resource is in its desired state."""

plugins/modules/x509_crl.py

@@ -710,7 +710,9 @@ class CRL(OpenSSLObject):
             self.changed = True
 
         file_args = self.module.load_file_common_arguments(self.module.params)
-        if self.module.set_fs_attributes_if_different(file_args, False):
+        if self.module.check_file_absent_if_check_mode(file_args['path']):
+            self.changed = True
+        elif self.module.set_fs_attributes_if_different(file_args, False):
             self.changed = True
 
     def dump(self, check_mode=False):