From ee8b03d6b9f60fff9e93774133489984510fa314 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Tue, 28 Jun 2022 10:29:20 +0200 Subject: [PATCH] iam_server_cerificate - complete deprecation cycle and remove support (#1265) [5.0.0] iam_server_cerificate - complete deprecation cycles SUMMARY fixes: #1257 In #735 we deprecated passing filenames and prepared to switch the default value of dup_ok to True. This PR completes the deprecation cycle (1 release late) ISSUE TYPE Feature Pull Request COMPONENT NAME iam_server_certificate ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: https://github.com/ansible-collections/community.aws/commit/058ecffc1eeb6a1e4d63462274b57e17adc22c0c --- plugins/modules/iam_server_certificate.py | 79 ++++--------------- .../iam_server_certificate/tasks/main.yml | 10 +-- 2 files changed, 18 insertions(+), 71 deletions(-) diff --git a/plugins/modules/iam_server_certificate.py b/plugins/modules/iam_server_certificate.py index f027ad3f75b..824c8bd96c7 100644 --- a/plugins/modules/iam_server_certificate.py +++ b/plugins/modules/iam_server_certificate.py @@ -55,31 +55,22 @@ type: str cert_chain: description: - - The path to, or content of, the CA certificate chain in PEM encoded format. - - If the parameter is not a file, it is assumed to be content. - - Passing a file name is deprecated, and support will be dropped in - version 5.0.0 of this collection. + - The content of the CA certificate chain in PEM encoded format. type: str cert: description: - - The path to, or content of the certificate body in PEM encoded format. - - If the parameter is not a file, it is assumed to be content. - - Passing a file name is deprecated, and support will be dropped in - version 5.0.0 of this collection. + - The content of the certificate body in PEM encoded format. type: str key: description: - - The path to, or content of the private key in PEM encoded format. - If the parameter is not a file, it is assumed to be content. - - Passing a file name is deprecated, and support will be dropped in - version 5.0.0 of this collection. + - The content of the private key in PEM encoded format. type: str dup_ok: description: - By default the module will not upload a certificate that is already uploaded into AWS. - If I(dup_ok=True), it will upload the certificate as long as the name is unique. - - Currently defaults to C(false), this will default to C(true) in release - 5.0.0. + - The default value for this value changed in release 5.0.0 to C(true). + default: true type: bool author: Jonathan I. Davila (@defionscode) @@ -97,29 +88,20 @@ key: "{{ lookup('file', 'path/to/key') }}" cert_chain: "{{ lookup('file', 'path/to/certchain') }}" -- name: Basic server certificate upload - community.aws.iam_server_certificate: - name: very_ssl - state: present - cert: path/to/cert - key: path/to/key - cert_chain: path/to/certchain - - name: Server certificate upload using key string community.aws.iam_server_certificate: name: very_ssl state: present path: "/a/cert/path/" - cert: body_of_somecert - key: vault_body_of_privcertkey - cert_chain: body_of_myverytrustedchain + cert: "{{ lookup('file', 'path/to/cert') }}" + key: "{{ lookup('file', 'path/to/key') }}" + cert_chain: "{{ lookup('file', 'path/to/certchain') }}" - name: Basic rename of existing certificate community.aws.iam_server_certificate: name: very_ssl new_name: new_very_ssl state: present - ''' import os @@ -177,8 +159,8 @@ def _compare_cert(cert_a, cert_b): def update_server_certificate(current_cert): changed = False - - cert, key, cert_chain = load_data() + cert = module.params.get('cert') + cert_chain = module.params.get('cert_chain') if not _compare_cert(cert, current_cert.get('certificate_body', None)): module.fail_json(msg='Modifying the certificate body is not supported by AWS') @@ -196,7 +178,9 @@ def update_server_certificate(current_cert): def create_server_certificate(): - cert, key, cert_chain = load_data() + cert = module.params.get('cert') + key = module.params.get('key') + cert_chain = module.params.get('cert_chain') if not module.params.get('dup_ok'): check_duplicate_cert(cert) @@ -309,36 +293,6 @@ def get_server_certificate(name): return cert -def load_data(): - cert = module.params.get('cert') - key = module.params.get('key') - cert_chain = module.params.get('cert_chain') - - # if paths are provided rather than lookups read the files and return the contents - if cert and os.path.isfile(cert): - with open(cert, 'r') as cert_fh: - cert = cert_fh.read().rstrip() - module.deprecate( - 'Passing a file name as the cert argument has been deprecated. ' - 'Please use a lookup instead, see the documentation for examples.', - version='5.0.0', collection_name='community.aws') - if key and os.path.isfile(key): - with open(key, 'r') as key_fh: - key = key_fh.read().rstrip() - module.deprecate( - 'Passing a file name as the key argument has been deprecated. ' - 'Please use a lookup instead, see the documentation for examples.', - version='5.0.0', collection_name='community.aws') - if cert_chain and os.path.isfile(cert_chain): - with open(cert_chain, 'r') as cert_chain_fh: - cert_chain = cert_chain_fh.read() - module.deprecate( - 'Passing a file name as the cert_chain argument has been deprecated. ' - 'Please use a lookup instead, see the documentation for examples.', - version='5.0.0', collection_name='community.aws') - return cert, key, cert_chain - - def compatability_results(current_cert): compat_results = dict() @@ -379,7 +333,7 @@ def main(): new_name=dict(), path=dict(default='/'), new_path=dict(), - dup_ok=dict(type='bool'), + dup_ok=dict(type='bool', default=True), ) module = AnsibleAWSModule( @@ -404,11 +358,6 @@ def main(): new_path = module.params.get('new_path') dup_ok = module.params.get('dup_ok') - if dup_ok is None: - module.deprecate( - 'The dup_ok module currently defaults to false, this will change in ' - 'release 5.0.0 to true.', version='5.0.0', collection_name='community.aws') - current_cert = get_server_certificate(name) results = dict() diff --git a/tests/integration/targets/iam_server_certificate/tasks/main.yml b/tests/integration/targets/iam_server_certificate/tasks/main.yml index 02e88d2cade..320ee4d8f3a 100644 --- a/tests/integration/targets/iam_server_certificate/tasks/main.yml +++ b/tests/integration/targets/iam_server_certificate/tasks/main.yml @@ -336,12 +336,13 @@ ################################################ - - name: Create Certificate with identical cert - check_mode + - name: Create Certificate with identical cert dup_ok=False - check_mode iam_server_certificate: name: '{{ cert_name }}-duplicate' state: present cert: '{{ cert_a_data }}' key: '{{ lookup("file", path_cert_key) }}' + dup_ok: false register: create_duplicate ignore_errors: true @@ -350,12 +351,13 @@ that: - create_duplicate is failed - - name: Create Certificate with identical cert + - name: Create Certificate with identical cert dup_ok=False iam_server_certificate: name: '{{ cert_name }}-duplicate' state: present cert: '{{ cert_a_data }}' key: '{{ lookup("file", path_cert_key) }}' + dup_ok: false register: create_duplicate ignore_errors: true @@ -372,7 +374,6 @@ state: present cert: '{{ cert_a_data }}' key: '{{ lookup("file", path_cert_key) }}' - dup_ok: true register: create_duplicate check_mode: true @@ -388,7 +389,6 @@ state: present cert: '{{ cert_a_data }}' key: '{{ lookup("file", path_cert_key) }}' - dup_ok: true register: create_duplicate - name: check result - Create Certificate with forced identical cert @@ -414,7 +414,6 @@ state: present cert: '{{ cert_a_data }}' key: '{{ lookup("file", path_cert_key) }}' - dup_ok: true register: create_duplicate check_mode: true @@ -430,7 +429,6 @@ state: present cert: '{{ cert_a_data }}' key: '{{ lookup("file", path_cert_key) }}' - dup_ok: true register: create_duplicate - name: check result - Create Certificate with forced identical cert - idempotency