diff --git a/lib/ansible/modules/crypto/openssl_certificate.py b/lib/ansible/modules/crypto/openssl_certificate.py index 03f63eb35d..a28014898b 100644 --- a/lib/ansible/modules/crypto/openssl_certificate.py +++ b/lib/ansible/modules/crypto/openssl_certificate.py @@ -423,6 +423,7 @@ class SelfSignedCertificate(Certificate): self.notAfter = module.params['selfsigned_notAfter'] self.digest = module.params['selfsigned_digest'] self.version = module.params['selfsigned_version'] + self.serial_number = randint(1000, 99999) self.csr = crypto_utils.load_certificate_request(self.csr_path) self.privatekey = crypto_utils.load_privatekey( self.privatekey_path, self.privatekey_passphrase @@ -442,7 +443,7 @@ class SelfSignedCertificate(Certificate): if not self.check(module, perms_required=False) or self.force: cert = crypto.X509() - cert.set_serial_number(randint(1000, 99999)) + cert.set_serial_number(self.serial_number) if self.notBefore: cert.set_notBefore(self.notBefore) else: @@ -474,18 +475,30 @@ class SelfSignedCertificate(Certificate): if module.set_fs_attributes_if_different(file_args, False): self.changed = True - def dump(self): + def dump(self, check_mode=False): result = { 'changed': self.changed, 'filename': self.path, 'privatekey': self.privatekey_path, - 'csr': self.csr_path, - 'notBefore': self.cert.get_notBefore(), - 'notAfter': self.cert.get_notAfter(), - 'serial_number': self.cert.get_serial_number(), + 'csr': self.csr_path } + if check_mode: + now = datetime.datetime.utcnow() + ten = now.replace(now.year + 10) + result.update({ + 'notBefore': self.notBefore if self.notBefore else now.strftime("%Y%m%d%H%M%SZ"), + 'notAfter': self.notAfter if self.notAfter else ten.strftime("%Y%m%d%H%M%SZ"), + 'serial_number': self.serial_number, + }) + else: + result.update({ + 'notBefore': self.cert.get_notBefore(), + 'notAfter': self.cert.get_notAfter(), + 'serial_number': self.cert.get_serial_number(), + }) + return result @@ -708,7 +721,7 @@ class AssertOnlyCertificate(Certificate): return parent_check and assertonly_check - def dump(self): + def dump(self, check_mode=False): result = { 'changed': self.changed, @@ -773,7 +786,7 @@ class AcmeCertificate(Certificate): if module.set_fs_attributes_if_different(file_args, False): self.changed = True - def dump(self): + def dump(self, check_mode=False): result = { 'changed': self.changed, @@ -859,7 +872,7 @@ def main(): if module.params['state'] == 'present': if module.check_mode: - result = certificate.dump() + result = certificate.dump(check_mode=True) result['changed'] = module.params['force'] or not certificate.check(module) module.exit_json(**result) @@ -870,7 +883,7 @@ def main(): else: if module.check_mode: - result = certificate.dump() + result = certificate.dump(check_mode=True) result['changed'] = os.path.exists(module.params['path']) module.exit_json(**result) diff --git a/test/integration/targets/openssl_certificate/tasks/main.yml b/test/integration/targets/openssl_certificate/tasks/main.yml index c049ef47e1..c8b4cc60f6 100644 --- a/test/integration/targets/openssl_certificate/tasks/main.yml +++ b/test/integration/targets/openssl_certificate/tasks/main.yml @@ -28,6 +28,15 @@ selfsigned_digest: sha256 register: selfsigned_certificate_idempotence + - name: Generate selfsigned certificate (check mode) + openssl_certificate: + path: '{{ output_dir }}/cert.pem' + csr_path: '{{ output_dir }}/csr.csr' + privatekey_path: '{{ output_dir }}/privatekey.pem' + provider: selfsigned + selfsigned_digest: sha256 + check_mode: yes + - name: Check selfsigned certificate openssl_certificate: path: '{{ output_dir }}/cert.pem'