Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssl_pkcs12 parse action: always changed in check mode #143

Closed
Normo opened this issue Nov 16, 2020 · 3 comments · Fixed by #145
Closed

openssl_pkcs12 parse action: always changed in check mode #143

Normo opened this issue Nov 16, 2020 · 3 comments · Fixed by #145

Comments

@Normo
Copy link
Contributor

Normo commented Nov 16, 2020

SUMMARY

When dumping / parsing a PKCS#12 file in check mode the corresponding task always results in 'changed' state.

ISSUE TYPE
  • Bug Report
COMPONENT NAME
  • community.crypto.openssl_pkcs12
ANSIBLE VERSION
ansible 2.10.3
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/dist-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.6.9 (default, Oct  8 2020, 12:12:24) [GCC 8.4.0]
CONFIGURATION
OS / ENVIRONMENT
  • Ubuntu 20.04
STEPS TO REPRODUCE
- name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
  community.crypto.openssl_privatekey:
    path: /etc/ssl/private/ansible.com.pem

- name: Generate an OpenSSL Certificate Signing Request
  community.crypto.openssl_csr:
    path: /etc/ssl/private/www.ansible.com.csr
    privatekey_path: /etc/ssl/private/ansible.com.pem
    common_name: www.ansible.com

- name: Generate a Self Signed OpenSSL certificate
  community.crypto.x509_certificate:
    path: /etc/ssl/private/ansible.com.crt
    privatekey_path: /etc/ssl/private/ansible.com.pem
    csr_path: /etc/ssl/private/www.ansible.com.csr
    provider: selfsigned

- name: Generate PKCS#12 file
  community.crypto.openssl_pkcs12:
    action: export
    path: /etc/ssl/private/ansible.p12
    friendly_name: raclette
    privatekey_path: /etc/ssl/private/ansible.com.pem
    certificate_path: /etc/ssl/private/ansible.com.crt
    state: present

- name: Dump/Parse PKCS#12 file
  community.crypto.openssl_pkcs12:
    action: parse
    src: /etc/ssl/private/ansible.p12
    path: /etc/ssl/private/ansible.pem
    state: present
EXPECTED RESULTS
    TASK [my_test : Dump/Parse PKCS#12 file] ***************************************
    ok: [instance]
ACTUAL RESULTS
    
    TASK [my_test : Dump/Parse PKCS#12 file] ***************************************
    changed: [instance]
@felixfontein
Copy link
Contributor

That's apparently intended by the code: https://github.com/ansible-collections/community.crypto/blob/main/plugins/modules/openssl_pkcs12.py#L306

@Normo
Copy link
Contributor Author

Normo commented Nov 19, 2020

@felixfontein I wonder, is there a good reason for this?

@felixfontein
Copy link
Contributor

@Normo I don't think so.

@Normo Normo mentioned this issue Nov 20, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

openssl_pkcs12: Add a check for parsed pkcs12 files Normo/community.crypto
2 participants
@Normo @felixfontein