[2.7] openssl_pkcs12: fix ca_certificates path expansion (#50697)

* Expand user and variables in ca_certificates paths.

This is a fix specific for stable-2.7. In devel (and stable-2.8),
this problem is fixed by #48473. That PR adds argument spec
validation for list elements.

* Add changelog.

changelogs/fragments/50697-openssl_pkcs12-ca_certificates.yaml

@@ -0,0 +1,2 @@
+bugfixes:
+- "openssl_pkcs12 - now does proper path expansion for ``ca_certificates``."

lib/ansible/modules/crypto/openssl_pkcs12.py

@@ -222,7 +222,7 @@ class Pkcs(crypto_utils.OpenSSLObject):
             module.fail_json(msg=to_native(exc))
 
         if self.ca_certificates:
-            ca_certs = [crypto_utils.load_certificate(ca_cert) for ca_cert
+            ca_certs = [crypto_utils.load_certificate(os.path.expanduser(os.path.expandvars(ca_cert))) for ca_cert
                         in self.ca_certificates]
             self.pkcs12.set_ca_certificates(ca_certs)
 

test/sanity/code-smell/use-argspec-type-path.py

@@ -23,6 +23,7 @@ def main():
         'lib/ansible/modules/web_infrastructure/jenkins_plugin.py',
         'lib/ansible/modules/cloud/vmware/vmware_deploy_ovf.py',
         'lib/ansible/modules/crypto/certificate_complete_chain.py',  # would need something like type=list(path)
+        'lib/ansible/modules/crypto/openssl_pkcs12.py',  # would need something like type=list(path)
         # fix uses of expanduser in the following modules and remove them from the following list
         'lib/ansible/modules/cloud/rackspace/rax.py',
         'lib/ansible/modules/cloud/rackspace/rax_scaling_group.py',