Skip to content

Commit

Permalink
[5.0.0] iam_server_cerificate - complete deprecation cycle and remove…
Browse files Browse the repository at this point in the history
… support (ansible-collections#1265)

[5.0.0] iam_server_cerificate - complete deprecation cycles

SUMMARY
fixes: ansible-collections#1257
In ansible-collections#735 we deprecated passing filenames and prepared to switch the default value of dup_ok to True.
This PR completes the deprecation cycle (1 release late)
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
iam_server_certificate
ADDITIONAL INFORMATION

Reviewed-by: Alina Buzachis <None>
  • Loading branch information
tremble authored Jun 28, 2022
1 parent ba08f90 commit 058ecff
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 71 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
breaking_changes:
- iam_server_certificate - Passing file names to the ``cert``, ``chain_cert``
and ``key`` parameters has been removed. We recommend using a lookup plugin
to read the files instead, see the documentation for an example
(https://github.com/ansible-collections/community.aws/pull/1265).
- iam_server_certificate - the default value for the ``dup_ok`` parameter has
been changed to ``true``. To preserve the original behaviour explicitly set
the ``dup_ok`` parameter to ``false``
(https://github.com/ansible-collections/community.aws/pull/1265).
79 changes: 14 additions & 65 deletions plugins/modules/iam_server_certificate.py
Original file line number Diff line number Diff line change
Expand Up @@ -55,31 +55,22 @@
type: str
cert_chain:
description:
- The path to, or content of, the CA certificate chain in PEM encoded format.
- If the parameter is not a file, it is assumed to be content.
- Passing a file name is deprecated, and support will be dropped in
version 5.0.0 of this collection.
- The content of the CA certificate chain in PEM encoded format.
type: str
cert:
description:
- The path to, or content of the certificate body in PEM encoded format.
- If the parameter is not a file, it is assumed to be content.
- Passing a file name is deprecated, and support will be dropped in
version 5.0.0 of this collection.
- The content of the certificate body in PEM encoded format.
type: str
key:
description:
- The path to, or content of the private key in PEM encoded format.
If the parameter is not a file, it is assumed to be content.
- Passing a file name is deprecated, and support will be dropped in
version 5.0.0 of this collection.
- The content of the private key in PEM encoded format.
type: str
dup_ok:
description:
- By default the module will not upload a certificate that is already uploaded into AWS.
- If I(dup_ok=True), it will upload the certificate as long as the name is unique.
- Currently defaults to C(false), this will default to C(true) in release
5.0.0.
- The default value for this value changed in release 5.0.0 to C(true).
default: true
type: bool
author: Jonathan I. Davila (@defionscode)
Expand All @@ -97,29 +88,20 @@
key: "{{ lookup('file', 'path/to/key') }}"
cert_chain: "{{ lookup('file', 'path/to/certchain') }}"
- name: Basic server certificate upload
community.aws.iam_server_certificate:
name: very_ssl
state: present
cert: path/to/cert
key: path/to/key
cert_chain: path/to/certchain
- name: Server certificate upload using key string
community.aws.iam_server_certificate:
name: very_ssl
state: present
path: "/a/cert/path/"
cert: body_of_somecert
key: vault_body_of_privcertkey
cert_chain: body_of_myverytrustedchain
cert: "{{ lookup('file', 'path/to/cert') }}"
key: "{{ lookup('file', 'path/to/key') }}"
cert_chain: "{{ lookup('file', 'path/to/certchain') }}"
- name: Basic rename of existing certificate
community.aws.iam_server_certificate:
name: very_ssl
new_name: new_very_ssl
state: present
'''
import os

Expand Down Expand Up @@ -177,8 +159,8 @@ def _compare_cert(cert_a, cert_b):

def update_server_certificate(current_cert):
changed = False

cert, key, cert_chain = load_data()
cert = module.params.get('cert')
cert_chain = module.params.get('cert_chain')

if not _compare_cert(cert, current_cert.get('certificate_body', None)):
module.fail_json(msg='Modifying the certificate body is not supported by AWS')
Expand All @@ -196,7 +178,9 @@ def update_server_certificate(current_cert):


def create_server_certificate():
cert, key, cert_chain = load_data()
cert = module.params.get('cert')
key = module.params.get('key')
cert_chain = module.params.get('cert_chain')

if not module.params.get('dup_ok'):
check_duplicate_cert(cert)
Expand Down Expand Up @@ -309,36 +293,6 @@ def get_server_certificate(name):
return cert


def load_data():
cert = module.params.get('cert')
key = module.params.get('key')
cert_chain = module.params.get('cert_chain')

# if paths are provided rather than lookups read the files and return the contents
if cert and os.path.isfile(cert):
with open(cert, 'r') as cert_fh:
cert = cert_fh.read().rstrip()
module.deprecate(
'Passing a file name as the cert argument has been deprecated. '
'Please use a lookup instead, see the documentation for examples.',
version='5.0.0', collection_name='community.aws')
if key and os.path.isfile(key):
with open(key, 'r') as key_fh:
key = key_fh.read().rstrip()
module.deprecate(
'Passing a file name as the key argument has been deprecated. '
'Please use a lookup instead, see the documentation for examples.',
version='5.0.0', collection_name='community.aws')
if cert_chain and os.path.isfile(cert_chain):
with open(cert_chain, 'r') as cert_chain_fh:
cert_chain = cert_chain_fh.read()
module.deprecate(
'Passing a file name as the cert_chain argument has been deprecated. '
'Please use a lookup instead, see the documentation for examples.',
version='5.0.0', collection_name='community.aws')
return cert, key, cert_chain


def compatability_results(current_cert):
compat_results = dict()

Expand Down Expand Up @@ -379,7 +333,7 @@ def main():
new_name=dict(),
path=dict(default='/'),
new_path=dict(),
dup_ok=dict(type='bool'),
dup_ok=dict(type='bool', default=True),
)

module = AnsibleAWSModule(
Expand All @@ -404,11 +358,6 @@ def main():
new_path = module.params.get('new_path')
dup_ok = module.params.get('dup_ok')

if dup_ok is None:
module.deprecate(
'The dup_ok module currently defaults to false, this will change in '
'release 5.0.0 to true.', version='5.0.0', collection_name='community.aws')

current_cert = get_server_certificate(name)

results = dict()
Expand Down
10 changes: 4 additions & 6 deletions tests/integration/targets/iam_server_certificate/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -336,12 +336,13 @@

################################################

- name: Create Certificate with identical cert - check_mode
- name: Create Certificate with identical cert dup_ok=False - check_mode
iam_server_certificate:
name: '{{ cert_name }}-duplicate'
state: present
cert: '{{ cert_a_data }}'
key: '{{ lookup("file", path_cert_key) }}'
dup_ok: false
register: create_duplicate
ignore_errors: true

Expand All @@ -350,12 +351,13 @@
that:
- create_duplicate is failed

- name: Create Certificate with identical cert
- name: Create Certificate with identical cert dup_ok=False
iam_server_certificate:
name: '{{ cert_name }}-duplicate'
state: present
cert: '{{ cert_a_data }}'
key: '{{ lookup("file", path_cert_key) }}'
dup_ok: false
register: create_duplicate
ignore_errors: true

Expand All @@ -372,7 +374,6 @@
state: present
cert: '{{ cert_a_data }}'
key: '{{ lookup("file", path_cert_key) }}'
dup_ok: true
register: create_duplicate
check_mode: true

Expand All @@ -388,7 +389,6 @@
state: present
cert: '{{ cert_a_data }}'
key: '{{ lookup("file", path_cert_key) }}'
dup_ok: true
register: create_duplicate

- name: check result - Create Certificate with forced identical cert
Expand All @@ -414,7 +414,6 @@
state: present
cert: '{{ cert_a_data }}'
key: '{{ lookup("file", path_cert_key) }}'
dup_ok: true
register: create_duplicate
check_mode: true

Expand All @@ -430,7 +429,6 @@
state: present
cert: '{{ cert_a_data }}'
key: '{{ lookup("file", path_cert_key) }}'
dup_ok: true
register: create_duplicate

- name: check result - Create Certificate with forced identical cert - idempotency
Expand Down

0 comments on commit 058ecff

Please sign in to comment.