openssl_pkcs12: allow to specify certificate bundles in other_certificates (#166)

* Rename identify.py to pem.py. * Move split PEM list code to pem.py crypto module_utils. * Extend and use global certificate splitting code in acme_certificate. * openssl_pkcs12: allow to load multiple certificates from files mentioned in other_certificates. * Add changelog and module_utils redirect. * Remove old check. * Fix typo. * Apply suggestions from code review Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Add example. Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2026-05-06 05:12:54 +00:00 · 2021-01-26 10:21:49 +01:00
parent d8ccebce60
commit c7ef362d7a
12 changed files with 134 additions and 46 deletions
--- a/tests/integration/targets/openssl_pkcs12/tasks/impl.yml
+++ b/tests/integration/targets/openssl_pkcs12/tasks/impl.yml
@@ -39,6 +39,12 @@
      pkey: ansible_pkey2.pem
    - name: ansible3
      pkey: ansible_pkey3.pem
+  - name: Generate concatenated PEM file
+    copy:
+      dest: '{{ output_dir }}/ansible23.crt'
+      content: |
+        {{ lookup("file", output_dir ~ "/ansible2.crt") }}
+        {{ lookup("file", output_dir ~ "/ansible3.crt") }}
  - name: Generate PKCS#12 file
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible.p12'
@@ -113,7 +119,7 @@
      friendly_name: abracadabra
      privatekey_path: '{{ output_dir }}/ansible_pkey.pem'
      certificate_path: '{{ output_dir }}/ansible.crt'
-      ca_certificates:
+      other_certificates:
      - '{{ output_dir }}/ansible2.crt'
      - '{{ output_dir }}/ansible3.crt'
      state: present
@@ -124,7 +130,7 @@
      friendly_name: abracadabra
      privatekey_path: '{{ output_dir }}/ansible_pkey.pem'
      certificate_path: '{{ output_dir }}/ansible.crt'
-      ca_certificates:
+      other_certificates:
      - '{{ output_dir }}/ansible2.crt'
      - '{{ output_dir }}/ansible3.crt'
      state: present
@@ -237,7 +243,7 @@
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible_empty.p12'
      friendly_name: abracadabra
-      ca_certificates:
+      other_certificates:
      - '{{ output_dir }}/ansible2.crt'
      - '{{ output_dir }}/ansible3.crt'
      state: present
@@ -246,11 +252,20 @@
    openssl_pkcs12:
      path: '{{ output_dir }}/ansible_empty.p12'
      friendly_name: abracadabra
-      ca_certificates:
-      - '{{ output_dir }}/ansible2.crt'
+      other_certificates:
      - '{{ output_dir }}/ansible3.crt'
+      - '{{ output_dir }}/ansible2.crt'
      state: present
    register: p12_empty_idem
+  - name: Generate 'empty' PKCS#12 file (idempotent, concatenated other certificates)
+    openssl_pkcs12:
+      path: '{{ output_dir }}/ansible_empty.p12'
+      friendly_name: abracadabra
+      other_certificates:
+      - '{{ output_dir }}/ansible23.crt'
+      other_certificates_parse_all: true
+      state: present
+    register: p12_empty_concat_idem
  - name: Generate 'empty' PKCS#12 file (parse)
    openssl_pkcs12:
      src: '{{ output_dir }}/ansible_empty.p12'
--- a/tests/integration/targets/openssl_pkcs12/tests/validate.yml
+++ b/tests/integration/targets/openssl_pkcs12/tests/validate.yml
@@ -64,4 +64,5 @@
    that:
      - p12_empty is changed
      - p12_empty_idem is not changed
+      - p12_empty_concat_idem is not changed
      - "lookup('file', output_dir ~ '/ansible_empty.pem') == lookup('file', output_dir ~ '/ansible3.crt') ~ '\n' ~ lookup('file', output_dir ~ '/ansible2.crt')"