Add ignore_timestamps option. (#317)

2026-05-07 05:43:06 +00:00 · 2021-10-30 16:34:27 +02:00
parent eb8dabce84
commit 4ab2ed8b77
5 changed files with 36 additions and 2 deletions
--- a/plugins/module_utils/crypto/module_backends/certificate.py
+++ b/plugins/module_utils/crypto/module_backends/certificate.py
@@ -63,6 +63,7 @@ class CertificateBackend(object):
        self.backend = backend

        self.force = module.params['force']
+        self.ignore_timestamps = module.params['ignore_timestamps']
        self.privatekey_path = module.params['privatekey_path']
        self.privatekey_content = module.params['privatekey_content']
        if self.privatekey_content is not None:
@@ -223,7 +224,7 @@ class CertificateBackend(object):
                return False
        return True

-    def needs_regeneration(self):
+    def needs_regeneration(self, not_before=None, not_after=None):
        """Check whether a regeneration is necessary."""
        if self.force or self.existing_certificate_bytes is None:
            return True
@@ -247,6 +248,15 @@ class CertificateBackend(object):
        if self.create_subject_key_identifier != 'never_create' and not self._check_subject_key_identifier():
            return True

+        # Check not before
+        if not_before is not None and not self.ignore_timestamps:
+            if self.existing_certificate.not_valid_before != not_before:
+                return True
+
+        # Check not after
+        if not_after is not None and not self.ignore_timestamps:
+            if self.existing_certificate.not_valid_after != not_after:
+                return True
        return False

    def dump(self, include_certificate):
@@ -328,6 +338,7 @@ def get_certificate_argument_spec():
            force=dict(type='bool', default=False,),
            csr_path=dict(type='path'),
            csr_content=dict(type='str'),
+            ignore_timestamps=dict(type='bool', default=True),
            select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'cryptography']),

            # General properties of a certificate
--- a/plugins/module_utils/crypto/module_backends/certificate_ownca.py
+++ b/plugins/module_utils/crypto/module_backends/certificate_ownca.py
@@ -169,7 +169,7 @@ class OwnCACertificateBackendCryptography(CertificateBackend):
        return self.cert.public_bytes(Encoding.PEM)

    def needs_regeneration(self):
-        if super(OwnCACertificateBackendCryptography, self).needs_regeneration():
+        if super(OwnCACertificateBackendCryptography, self).needs_regeneration(not_before=self.notBefore, not_after=self.notAfter):
            return True

        # Check AuthorityKeyIdentifier
--- a/plugins/module_utils/crypto/module_backends/certificate_selfsigned.py
+++ b/plugins/module_utils/crypto/module_backends/certificate_selfsigned.py
@@ -134,6 +134,10 @@ class SelfSignedCertificateBackendCryptography(CertificateBackend):
        """Return bytes for self.cert."""
        return self.cert.public_bytes(Encoding.PEM)

+    def needs_regeneration(self):
+        return super(SelfSignedCertificateBackendCryptography, self).needs_regeneration(
+            not_before=self.notBefore, not_after=self.notAfter)
+
    def dump(self, include_certificate):
        result = super(SelfSignedCertificateBackendCryptography, self).dump(include_certificate)