search

ansible-collections / community.crypto

The community.crypto collection for Ansible.
https://galaxy.ansible.com/ui/repo/published/community/crypto/
Other
94 stars 86 forks source link

openssl_pkcs12 always changed when only importing a certificate #538

Open ruckc opened 1 year ago

ruckc commented 1 year ago
SUMMARY

openssl_pkcs12 always changed when only importing a certificate

ISSUE TYPE
COMPONENT NAME

openssl_pkcs12

ANSIBLE VERSION
ansible [core 2.14.1]
  config file = /home/ruckc/Projects/tc/ansible-deployment/ansible.cfg
  configured module search path = ['/home/ruckc/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ruckc/.pyenv/versions/3.11.0/lib/python3.11/site-packages/ansible
  ansible collection location = /home/ruckc/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/ruckc/.pyenv/versions/3.11.0/bin/ansible
  python version = 3.11.0 (main, Oct 26 2022, 13:57:22) [GCC 11.3.0] (/home/ruckc/.pyenv/versions/3.11.0/bin/python3.11)
  jinja version = 3.1.2
  libyaml = True
COLLECTION VERSION
# /home/ruckc/.pyenv/versions/3.11.0/lib/python3.11/site-packages/ansible_collections
Collection       Version
---------------- -------
community.crypto 2.9.0
CONFIGURATION
CONFIG_FILE() = /home/ruckc/Projects/tc/ansible-deployment/ansible.cfg
DEFAULT_FORKS(/home/ruckc/Projects/tc/ansible-deployment/ansible.cfg) = 10
DEFAULT_HOST_LIST(/home/ruckc/Projects/tc/ansible-deployment/ansible.cfg) = ['/home/ruckc/Projects/tc/ansible-deployment/hosts']
OS / ENVIRONMENT

Ubuntu 22.04, local apply

STEPS TO REPRODUCE

- hosts: localhost
  connection: local
  gather_facts: false

  vars:
    base: '/tmp/test'

  tasks:
    - name: 'Generate Private Key'
      community.crypto.openssl_privatekey:
        path: '{{ base }}/ca.key'

    - name: 'Generate CSR'
      community.crypto.openssl_csr:
        path: '{{ base }}/ca.csr'
        privatekey_path: '{{ base }}/ca.key'

    - name: 'Generate Certificate'
      community.crypto.x509_certificate:
        provider: selfsigned
        path: '{{ base }}/ca.crt'
        csr_path: '{{ base }}/ca.csr'
        privatekey_path: '{{ base }}/ca.key'
        return_content: true

    - name: truststore.p12  # CHANGES
      community.crypto.openssl_pkcs12:
        action: export
        state: present
        certificate_path: '{{ base }}/ca.crt'
        path: '{{ base }}/truststore.p12'
        passphrase: 'changeit'
        friendly_name: 'ca'

    - name: keypair.p12  # DOESN'T CHANGE
      community.crypto.openssl_pkcs12:
        action: export
        state: present
        certificate_path: '{{ base }}/ca.crt'
        privatekey_path: '{{ base }}/ca.key'
        path: '{{ base }}/keypair.p12'
        passphrase: 'changeit'
        friendly_name: 'ca'
EXPECTED RESULTS

On the 2nd run, I expect changed=0.

ACTUAL RESULTS

changed=1, the truststore.p12 is changed every time.

ansible-playbook [core 2.14.1]
  config file = /home/ruckc/Projects/tc/ansible-deployment/ansible.cfg
  configured module search path = ['/home/ruckc/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ruckc/.pyenv/versions/3.11.0/lib/python3.11/site-packages/ansible
  ansible collection location = /home/ruckc/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/ruckc/.pyenv/versions/3.11.0/bin/ansible-playbook
  python version = 3.11.0 (main, Oct 26 2022, 13:57:22) [GCC 11.3.0] (/home/ruckc/.pyenv/versions/3.11.0/bin/python3.11)
  jinja version = 3.1.2
  libyaml = True
Using /home/ruckc/Projects/tc/ansible-deployment/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/ruckc/Projects/tc/ansible-deployment/hosts as it did not pass its verify_file() method
script declined parsing /home/ruckc/Projects/tc/ansible-deployment/hosts as it did not pass its verify_file() method
auto declined parsing /home/ruckc/Projects/tc/ansible-deployment/hosts as it did not pass its verify_file() method
Set default localhost to localhost
Parsed /home/ruckc/Projects/tc/ansible-deployment/hosts inventory source with ini plugin
Loading collection community.crypto from /home/ruckc/.pyenv/versions/3.11.0/lib/python3.11/site-packages/ansible_collections/community/crypto
Loading callback plugin default of type stdout, v2.0 from /home/ruckc/.pyenv/versions/3.11.0/lib/python3.11/site-packages/ansible/plugins/callback/default.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: test.yml *************************************************************
Positional arguments: test.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
diff: True
inventory: ('/home/ruckc/Projects/tc/ansible-deployment/hosts',)
forks: 10
1 plays in test.yml

PLAY [localhost] ***************************************************************

TASK [Generate Private Key] ****************************************************
task path: /home/ruckc/Projects/tc/ansible-deployment/test.yml:10
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: ruckc
<localhost> EXEC /bin/sh -c 'echo ~ruckc && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/ruckc/.ansible/tmp `"&& mkdir "` echo /home/ruckc/.ansible/tmp/ansible-tmp-1670466708.838035-143478-158450767513986 `" && echo ansible-tmp-1670466708.838035-143478-158450767513986="` echo /home/ruckc/.ansible/tmp/ansible-tmp-1670466708.838035-143478-158450767513986 `" ) && sleep 0'
<localhost> Attempting python interpreter discovery
<localhost> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'python3.11'"'"'; command -v '"'"'python3.10'"'"'; command -v '"'"'python3.9'"'"'; command -v '"'"'python3.8'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<localhost> EXEC /bin/sh -c '/home/ruckc/.pyenv/versions/3.11.0/bin/python3.11 && sleep 0'
Using module file /home/ruckc/.pyenv/versions/3.11.0/lib/python3.11/site-packages/ansible_collections/community/crypto/plugins/modules/openssl_privatekey.py
<localhost> PUT /home/ruckc/.ansible/tmp/ansible-local-143433x1wm6dy9/tmpzbrow9f_ TO /home/ruckc/.ansible/tmp/ansible-tmp-1670466708.838035-143478-158450767513986/AnsiballZ_openssl_privatekey.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/ruckc/.ansible/tmp/ansible-tmp-1670466708.838035-143478-158450767513986/ /home/ruckc/.ansible/tmp/ansible-tmp-1670466708.838035-143478-158450767513986/AnsiballZ_openssl_privatekey.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python3 /home/ruckc/.ansible/tmp/ansible-tmp-1670466708.838035-143478-158450767513986/AnsiballZ_openssl_privatekey.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/ruckc/.ansible/tmp/ansible-tmp-1670466708.838035-143478-158450767513986/ > /dev/null 2>&1 && sleep 0'
ok: [localhost] => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "diff": {
        "after": {
            "can_parse_key": true,
            "key_is_consistent": null,
            "public_data": {
                "exponent": 65537,
                "modulus": 924584833661220243023619194855799053534193597705926567688841734798836281777223509684959696185636456708767439333742299214256124599127690041588321712784565031124765720899984026441891151782750415020440950579164708489814529052882149593300069500155335810673133029607664058522679101619987162289935267811561564167375854010668701203562179818189767064068662534581994020837855796153568748022631676091220521837032519419218157219491327330151130908061910285149751318847607919373594144973401455031543717914839908964889441398879607430366573303352671729531968695389387293441630764718846459518682491412789779218831070634212851515441922523879609739710935198944760104533717181189751878403777242237263821512609610495516156870971923544286389111209858542086209030062928870676233870651009570094499681176982336541933672215205443643282934601705738725166748367170038101194848914199485716667270944656654769364661929125942368164563324247985063881678906553007431396261015206743044638650774572577173584345061645826921404405795772610806117427518395504260904191506211354504666256544665980604748254133635089544943422355659526316189531752909842728934106320779522123196450909580844151122682344364641151627371053587930952372282557752399127160849846549490144720411264697,
                "size": 4096
            },
            "public_key": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4qI6OZUQMx98WnZG50b9\nQ/mGfaK4HVfl0P52kfRJ80IbWT368vAckVCNAJE+goyJ82rTCy8frd6AASCpdKzq\nubqSRtTYmPSW+OAoyXpQUvA0BeGPkbvrCPwlcwFe7pnSKn+ecrnfbb41Wfa4yZ/J\nvE5MVpJdc6iEf1He7npFgPOgytpCYnjyApgcriZggUJ7pRA9sQIlbAxEilnWupxG\nulqMGGm8tYR7dkbmixPXK+U6Y1h18fCvKESwTH6qCVJd7OBR/ql7aqLk+Zi6LnCQ\nzM3KK5EqmbQOozlLKHYe+1IH61vy3bjTTLPGWUqwfPv+1YI6HzsN9vCTTbyq/+Bj\ntRe8MUWwWnss0ggc8cjcp1c0xPK1fZC3yv0iZsA+GBbNw6UoCT+Wc0hbrtW37Ge4\nvo058pfOVwoNBvSSE3oACgn5sd7g7477fyMxApeywypihQfJrNPCTuuc61/pkN1U\nM7a2GtYsoTA7EMXFjz/9HeHQhw/1zezeeIYaE2eYE33ZfNJEuy0UZ4BqWeYO9jWz\n879mTZ98e7YCvFewgC0rsZLt+IVmGxz+fN7nqVHLmhwog035wS/wGjIGr9RqpO/s\nadVO8abto93Q1ZB+yXwTJJYzeWgqUZuAkdG1Kf3GrzdBfdKpcoiowhcow3M8MXnW\nEdYYlWBzmqdWIfQ4ohvZhrkCAwEAAQ==\n-----END PUBLIC KEY-----\n",
            "public_key_fingerprints": {
                "sha256": "d6:86:b6:26:79:3d:88:7b:83:1a:1d:0c:8b:ed:9f:f7:c2:b3:c1:08:d6:8e:35:16:1c:87:46:41:0b:fa:65:e8"
            },
            "type": "RSA"
        },
        "before": {
            "can_parse_key": true,
            "key_is_consistent": null,
            "public_data": {
                "exponent": 65537,
                "modulus": 924584833661220243023619194855799053534193597705926567688841734798836281777223509684959696185636456708767439333742299214256124599127690041588321712784565031124765720899984026441891151782750415020440950579164708489814529052882149593300069500155335810673133029607664058522679101619987162289935267811561564167375854010668701203562179818189767064068662534581994020837855796153568748022631676091220521837032519419218157219491327330151130908061910285149751318847607919373594144973401455031543717914839908964889441398879607430366573303352671729531968695389387293441630764718846459518682491412789779218831070634212851515441922523879609739710935198944760104533717181189751878403777242237263821512609610495516156870971923544286389111209858542086209030062928870676233870651009570094499681176982336541933672215205443643282934601705738725166748367170038101194848914199485716667270944656654769364661929125942368164563324247985063881678906553007431396261015206743044638650774572577173584345061645826921404405795772610806117427518395504260904191506211354504666256544665980604748254133635089544943422355659526316189531752909842728934106320779522123196450909580844151122682344364641151627371053587930952372282557752399127160849846549490144720411264697,
                "size": 4096
            },
            "public_key": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4qI6OZUQMx98WnZG50b9\nQ/mGfaK4HVfl0P52kfRJ80IbWT368vAckVCNAJE+goyJ82rTCy8frd6AASCpdKzq\nubqSRtTYmPSW+OAoyXpQUvA0BeGPkbvrCPwlcwFe7pnSKn+ecrnfbb41Wfa4yZ/J\nvE5MVpJdc6iEf1He7npFgPOgytpCYnjyApgcriZggUJ7pRA9sQIlbAxEilnWupxG\nulqMGGm8tYR7dkbmixPXK+U6Y1h18fCvKESwTH6qCVJd7OBR/ql7aqLk+Zi6LnCQ\nzM3KK5EqmbQOozlLKHYe+1IH61vy3bjTTLPGWUqwfPv+1YI6HzsN9vCTTbyq/+Bj\ntRe8MUWwWnss0ggc8cjcp1c0xPK1fZC3yv0iZsA+GBbNw6UoCT+Wc0hbrtW37Ge4\nvo058pfOVwoNBvSSE3oACgn5sd7g7477fyMxApeywypihQfJrNPCTuuc61/pkN1U\nM7a2GtYsoTA7EMXFjz/9HeHQhw/1zezeeIYaE2eYE33ZfNJEuy0UZ4BqWeYO9jWz\n879mTZ98e7YCvFewgC0rsZLt+IVmGxz+fN7nqVHLmhwog035wS/wGjIGr9RqpO/s\nadVO8abto93Q1ZB+yXwTJJYzeWgqUZuAkdG1Kf3GrzdBfdKpcoiowhcow3M8MXnW\nEdYYlWBzmqdWIfQ4ohvZhrkCAwEAAQ==\n-----END PUBLIC KEY-----\n",
            "public_key_fingerprints": {
                "sha256": "d6:86:b6:26:79:3d:88:7b:83:1a:1d:0c:8b:ed:9f:f7:c2:b3:c1:08:d6:8e:35:16:1c:87:46:41:0b:fa:65:e8"
            },
            "type": "RSA"
        }
    },
    "filename": "/tmp/test/ca.key",
    "fingerprint": {
        "blake2b": "26:df:4c:f8:b5:a1:68:ac:d8:4f:f8:6d:51:47:8f:02:9d:a3:b1:d7:c4:84:61:6b:bf:a4:7d:6f:e5:01:08:e7:2b:6f:98:02:39:61:15:fc:de:c7:62:03:76:a4:4c:d9:04:e6:c2:90:44:88:a2:b3:71:92:65:dc:88:89:48:41",
        "blake2s": "88:58:87:77:be:cd:7a:78:e0:f5:99:82:16:9a:df:74:0b:3f:41:34:a8:91:5c:82:14:78:66:3d:06:69:6d:df",
        "md5": "2c:2a:57:88:28:ba:ba:ac:f7:a2:72:36:c9:dd:1c:9e",
        "sha1": "07:f2:d5:67:1d:78:8b:ef:09:68:93:9e:e3:95:66:91:1f:21:85:a6",
        "sha224": "be:55:0d:e7:03:1c:52:82:6c:27:68:6c:3d:2b:e5:f8:5e:70:3a:16:16:cf:63:f7:fd:d7:80:04",
        "sha256": "d6:86:b6:26:79:3d:88:7b:83:1a:1d:0c:8b:ed:9f:f7:c2:b3:c1:08:d6:8e:35:16:1c:87:46:41:0b:fa:65:e8",
        "sha384": "82:1d:46:be:ba:2e:3b:3c:bd:df:36:f7:f4:65:4f:ea:c6:b5:0a:cb:c0:6b:cb:67:ed:fa:de:1c:ee:26:d9:76:de:9f:f4:45:97:e1:0d:06:f5:e7:15:59:b0:f1:5f:95",
        "sha3_224": "a8:61:47:85:47:25:c2:0b:a8:3e:2c:73:c0:c9:1e:10:66:19:a4:20:dd:27:d1:30:d3:d8:91:33",
        "sha3_256": "26:fa:d4:e8:ba:19:d6:e7:4f:db:5f:a9:a8:70:5c:4a:9c:8c:5d:e7:9f:ad:ab:ff:b3:e7:d5:cb:0e:21:39:66",
        "sha3_384": "17:47:66:3b:d4:9f:b2:37:f5:be:ef:9c:21:b9:2d:e6:58:2b:3f:d1:9b:96:f8:ef:82:9d:2b:56:9f:d3:cd:34:a1:97:a7:95:72:24:ce:8a:9a:3b:45:d8:bf:ae:22:8b",
        "sha3_512": "96:24:38:6c:8d:a1:42:b8:6d:65:8b:39:14:b8:b0:f1:cb:fc:5c:ab:f1:6b:7f:0c:c7:20:e9:8b:d8:a5:3e:2f:c5:23:40:fd:40:d7:70:3d:f2:d2:43:b0:f5:b8:d0:33:9f:7e:de:9f:41:c3:60:e4:f1:32:ad:99:50:25:d3:10",
        "sha512": "47:85:96:28:18:da:73:66:c0:43:97:35:86:9e:f5:e7:da:ae:88:99:c3:e2:d5:5b:23:41:c4:5e:6d:6d:d6:89:05:51:f6:ef:57:e4:9e:3c:97:17:2a:1a:44:d3:79:7b:02:20:30:38:f1:91:d6:83:f9:91:5b:00:78:21:ce:fc",
        "shake_128": "7d:2b:65:22:4e:5f:90:be:2e:16:45:fd:f6:b7:76:46:d4:d3:9f:21:3e:1f:e8:9d:d2:a2:1b:14:bd:58:ce:b6",
        "shake_256": "a6:4a:25:5c:15:b3:64:fa:ca:61:4d:33:56:1c:e6:84:84:21:2d:da:9c:40:50:c8:d5:83:0d:73:7f:cc:97:32"
    },
    "invocation": {
        "module_args": {
            "attributes": null,
            "backup": false,
            "cipher": null,
            "curve": null,
            "force": false,
            "format": "auto_ignore",
            "format_mismatch": "regenerate",
            "group": null,
            "mode": "0600",
            "owner": null,
            "passphrase": null,
            "path": "/tmp/test/ca.key",
            "regenerate": "full_idempotence",
            "return_content": false,
            "select_crypto_backend": "auto",
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "size": 4096,
            "state": "present",
            "type": "RSA",
            "unsafe_writes": false
        }
    },
    "size": 4096,
    "type": "RSA"
}

TASK [Generate CSR] ************************************************************
task path: /home/ruckc/Projects/tc/ansible-deployment/test.yml:14
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: ruckc
<localhost> EXEC /bin/sh -c 'echo ~ruckc && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/ruckc/.ansible/tmp `"&& mkdir "` echo /home/ruckc/.ansible/tmp/ansible-tmp-1670466710.2212555-143533-51445133026249 `" && echo ansible-tmp-1670466710.2212555-143533-51445133026249="` echo /home/ruckc/.ansible/tmp/ansible-tmp-1670466710.2212555-143533-51445133026249 `" ) && sleep 0'
Using module file /home/ruckc/.pyenv/versions/3.11.0/lib/python3.11/site-packages/ansible_collections/community/crypto/plugins/modules/openssl_csr.py
<localhost> PUT /home/ruckc/.ansible/tmp/ansible-local-143433x1wm6dy9/tmp5s3mdcn5 TO /home/ruckc/.ansible/tmp/ansible-tmp-1670466710.2212555-143533-51445133026249/AnsiballZ_openssl_csr.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/ruckc/.ansible/tmp/ansible-tmp-1670466710.2212555-143533-51445133026249/ /home/ruckc/.ansible/tmp/ansible-tmp-1670466710.2212555-143533-51445133026249/AnsiballZ_openssl_csr.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python3 /home/ruckc/.ansible/tmp/ansible-tmp-1670466710.2212555-143533-51445133026249/AnsiballZ_openssl_csr.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/ruckc/.ansible/tmp/ansible-tmp-1670466710.2212555-143533-51445133026249/ > /dev/null 2>&1 && sleep 0'
ok: [localhost] => {
    "basicConstraints": null,
    "changed": false,
    "diff": {
        "after": {
            "authority_cert_issuer": null,
            "authority_cert_serial_number": null,
            "authority_key_identifier": null,
            "basic_constraints": null,
            "basic_constraints_critical": false,
            "can_parse_csr": true,
            "extended_key_usage": null,
            "extended_key_usage_critical": false,
            "extensions_by_oid": {},
            "key_usage": null,
            "key_usage_critical": false,
            "name_constraints_critical": false,
            "name_constraints_excluded": null,
            "name_constraints_permitted": null,
            "ocsp_must_staple": null,
            "ocsp_must_staple_critical": false,
            "public_key": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4qI6OZUQMx98WnZG50b9\nQ/mGfaK4HVfl0P52kfRJ80IbWT368vAckVCNAJE+goyJ82rTCy8frd6AASCpdKzq\nubqSRtTYmPSW+OAoyXpQUvA0BeGPkbvrCPwlcwFe7pnSKn+ecrnfbb41Wfa4yZ/J\nvE5MVpJdc6iEf1He7npFgPOgytpCYnjyApgcriZggUJ7pRA9sQIlbAxEilnWupxG\nulqMGGm8tYR7dkbmixPXK+U6Y1h18fCvKESwTH6qCVJd7OBR/ql7aqLk+Zi6LnCQ\nzM3KK5EqmbQOozlLKHYe+1IH61vy3bjTTLPGWUqwfPv+1YI6HzsN9vCTTbyq/+Bj\ntRe8MUWwWnss0ggc8cjcp1c0xPK1fZC3yv0iZsA+GBbNw6UoCT+Wc0hbrtW37Ge4\nvo058pfOVwoNBvSSE3oACgn5sd7g7477fyMxApeywypihQfJrNPCTuuc61/pkN1U\nM7a2GtYsoTA7EMXFjz/9HeHQhw/1zezeeIYaE2eYE33ZfNJEuy0UZ4BqWeYO9jWz\n879mTZ98e7YCvFewgC0rsZLt+IVmGxz+fN7nqVHLmhwog035wS/wGjIGr9RqpO/s\nadVO8abto93Q1ZB+yXwTJJYzeWgqUZuAkdG1Kf3GrzdBfdKpcoiowhcow3M8MXnW\nEdYYlWBzmqdWIfQ4ohvZhrkCAwEAAQ==\n-----END PUBLIC KEY-----\n",
            "public_key_data": {
                "exponent": 65537,
                "modulus": 924584833661220243023619194855799053534193597705926567688841734798836281777223509684959696185636456708767439333742299214256124599127690041588321712784565031124765720899984026441891151782750415020440950579164708489814529052882149593300069500155335810673133029607664058522679101619987162289935267811561564167375854010668701203562179818189767064068662534581994020837855796153568748022631676091220521837032519419218157219491327330151130908061910285149751318847607919373594144973401455031543717914839908964889441398879607430366573303352671729531968695389387293441630764718846459518682491412789779218831070634212851515441922523879609739710935198944760104533717181189751878403777242237263821512609610495516156870971923544286389111209858542086209030062928870676233870651009570094499681176982336541933672215205443643282934601705738725166748367170038101194848914199485716667270944656654769364661929125942368164563324247985063881678906553007431396261015206743044638650774572577173584345061645826921404405795772610806117427518395504260904191506211354504666256544665980604748254133635089544943422355659526316189531752909842728934106320779522123196450909580844151122682344364641151627371053587930952372282557752399127160849846549490144720411264697,
                "size": 4096
            },
            "public_key_fingerprints": {
                "sha256": "d6:86:b6:26:79:3d:88:7b:83:1a:1d:0c:8b:ed:9f:f7:c2:b3:c1:08:d6:8e:35:16:1c:87:46:41:0b:fa:65:e8"
            },
            "public_key_type": "RSA",
            "signature_valid": true,
            "subject": {},
            "subject_alt_name": null,
            "subject_alt_name_critical": false,
            "subject_key_identifier": null,
            "subject_ordered": []
        },
        "before": {
            "authority_cert_issuer": null,
            "authority_cert_serial_number": null,
            "authority_key_identifier": null,
            "basic_constraints": null,
            "basic_constraints_critical": false,
            "can_parse_csr": true,
            "extended_key_usage": null,
            "extended_key_usage_critical": false,
            "extensions_by_oid": {},
            "key_usage": null,
            "key_usage_critical": false,
            "name_constraints_critical": false,
            "name_constraints_excluded": null,
            "name_constraints_permitted": null,
            "ocsp_must_staple": null,
            "ocsp_must_staple_critical": false,
            "public_key": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4qI6OZUQMx98WnZG50b9\nQ/mGfaK4HVfl0P52kfRJ80IbWT368vAckVCNAJE+goyJ82rTCy8frd6AASCpdKzq\nubqSRtTYmPSW+OAoyXpQUvA0BeGPkbvrCPwlcwFe7pnSKn+ecrnfbb41Wfa4yZ/J\nvE5MVpJdc6iEf1He7npFgPOgytpCYnjyApgcriZggUJ7pRA9sQIlbAxEilnWupxG\nulqMGGm8tYR7dkbmixPXK+U6Y1h18fCvKESwTH6qCVJd7OBR/ql7aqLk+Zi6LnCQ\nzM3KK5EqmbQOozlLKHYe+1IH61vy3bjTTLPGWUqwfPv+1YI6HzsN9vCTTbyq/+Bj\ntRe8MUWwWnss0ggc8cjcp1c0xPK1fZC3yv0iZsA+GBbNw6UoCT+Wc0hbrtW37Ge4\nvo058pfOVwoNBvSSE3oACgn5sd7g7477fyMxApeywypihQfJrNPCTuuc61/pkN1U\nM7a2GtYsoTA7EMXFjz/9HeHQhw/1zezeeIYaE2eYE33ZfNJEuy0UZ4BqWeYO9jWz\n879mTZ98e7YCvFewgC0rsZLt+IVmGxz+fN7nqVHLmhwog035wS/wGjIGr9RqpO/s\nadVO8abto93Q1ZB+yXwTJJYzeWgqUZuAkdG1Kf3GrzdBfdKpcoiowhcow3M8MXnW\nEdYYlWBzmqdWIfQ4ohvZhrkCAwEAAQ==\n-----END PUBLIC KEY-----\n",
            "public_key_data": {
                "exponent": 65537,
                "modulus": 924584833661220243023619194855799053534193597705926567688841734798836281777223509684959696185636456708767439333742299214256124599127690041588321712784565031124765720899984026441891151782750415020440950579164708489814529052882149593300069500155335810673133029607664058522679101619987162289935267811561564167375854010668701203562179818189767064068662534581994020837855796153568748022631676091220521837032519419218157219491327330151130908061910285149751318847607919373594144973401455031543717914839908964889441398879607430366573303352671729531968695389387293441630764718846459518682491412789779218831070634212851515441922523879609739710935198944760104533717181189751878403777242237263821512609610495516156870971923544286389111209858542086209030062928870676233870651009570094499681176982336541933672215205443643282934601705738725166748367170038101194848914199485716667270944656654769364661929125942368164563324247985063881678906553007431396261015206743044638650774572577173584345061645826921404405795772610806117427518395504260904191506211354504666256544665980604748254133635089544943422355659526316189531752909842728934106320779522123196450909580844151122682344364641151627371053587930952372282557752399127160849846549490144720411264697,
                "size": 4096
            },
            "public_key_fingerprints": {
                "sha256": "d6:86:b6:26:79:3d:88:7b:83:1a:1d:0c:8b:ed:9f:f7:c2:b3:c1:08:d6:8e:35:16:1c:87:46:41:0b:fa:65:e8"
            },
            "public_key_type": "RSA",
            "signature_valid": true,
            "subject": {},
            "subject_alt_name": null,
            "subject_alt_name_critical": false,
            "subject_key_identifier": null,
            "subject_ordered": []
        }
    },
    "extendedKeyUsage": null,
    "filename": "/tmp/test/ca.csr",
    "invocation": {
        "module_args": {
            "attributes": null,
            "authority_cert_issuer": null,
            "authority_cert_serial_number": null,
            "authority_key_identifier": null,
            "backup": false,
            "basic_constraints": null,
            "basic_constraints_critical": false,
            "common_name": null,
            "country_name": null,
            "create_subject_key_identifier": false,
            "crl_distribution_points": null,
            "digest": "sha256",
            "email_address": null,
            "extended_key_usage": null,
            "extended_key_usage_critical": false,
            "force": false,
            "group": null,
            "key_usage": null,
            "key_usage_critical": false,
            "locality_name": null,
            "mode": null,
            "name_constraints_critical": false,
            "name_constraints_excluded": null,
            "name_constraints_permitted": null,
            "ocsp_must_staple": false,
            "ocsp_must_staple_critical": false,
            "organization_name": null,
            "organizational_unit_name": null,
            "owner": null,
            "path": "/tmp/test/ca.csr",
            "privatekey_content": null,
            "privatekey_passphrase": null,
            "privatekey_path": "/tmp/test/ca.key",
            "return_content": false,
            "select_crypto_backend": "auto",
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "state": "present",
            "state_or_province_name": null,
            "subject": null,
            "subject_alt_name": null,
            "subject_alt_name_critical": false,
            "subject_key_identifier": null,
            "subject_ordered": null,
            "unsafe_writes": false,
            "use_common_name_for_san": true,
            "version": 1
        }
    },
    "keyUsage": null,
    "name_constraints_excluded": [],
    "name_constraints_permitted": [],
    "ocspMustStaple": false,
    "privatekey": "/tmp/test/ca.key",
    "subject": [],
    "subjectAltName": null
}

TASK [Generate Certificate] ****************************************************
task path: /home/ruckc/Projects/tc/ansible-deployment/test.yml:19
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: ruckc
<localhost> EXEC /bin/sh -c 'echo ~ruckc && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/ruckc/.ansible/tmp `"&& mkdir "` echo /home/ruckc/.ansible/tmp/ansible-tmp-1670466710.8659413-143571-271581767959628 `" && echo ansible-tmp-1670466710.8659413-143571-271581767959628="` echo /home/ruckc/.ansible/tmp/ansible-tmp-1670466710.8659413-143571-271581767959628 `" ) && sleep 0'
Using module file /home/ruckc/.pyenv/versions/3.11.0/lib/python3.11/site-packages/ansible_collections/community/crypto/plugins/modules/x509_certificate.py
<localhost> PUT /home/ruckc/.ansible/tmp/ansible-local-143433x1wm6dy9/tmpzi5sid6h TO /home/ruckc/.ansible/tmp/ansible-tmp-1670466710.8659413-143571-271581767959628/AnsiballZ_x509_certificate.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/ruckc/.ansible/tmp/ansible-tmp-1670466710.8659413-143571-271581767959628/ /home/ruckc/.ansible/tmp/ansible-tmp-1670466710.8659413-143571-271581767959628/AnsiballZ_x509_certificate.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python3 /home/ruckc/.ansible/tmp/ansible-tmp-1670466710.8659413-143571-271581767959628/AnsiballZ_x509_certificate.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/ruckc/.ansible/tmp/ansible-tmp-1670466710.8659413-143571-271581767959628/ > /dev/null 2>&1 && sleep 0'
ok: [localhost] => {
    "certificate": "-----BEGIN CERTIFICATE-----\nMIIErzCCApegAwIBAgIUIUKh+Yo2t8ZXxNpWn60r6T817OwwDQYJKoZIhvcNAQEL\nBQAwADAeFw0yMjEyMDgwMjIwNDhaFw0zMjEyMDUwMjIwNDhaMAAwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQDiojo5lRAzH3xadkbnRv1D+YZ9orgdV+XQ\n/naR9EnzQhtZPfry8ByRUI0AkT6CjInzatMLLx+t3oABIKl0rOq5upJG1NiY9Jb4\n4CjJelBS8DQF4Y+Ru+sI/CVzAV7umdIqf55yud9tvjVZ9rjJn8m8TkxWkl1zqIR/\nUd7uekWA86DK2kJiePICmByuJmCBQnulED2xAiVsDESKWda6nEa6WowYaby1hHt2\nRuaLE9cr5TpjWHXx8K8oRLBMfqoJUl3s4FH+qXtqouT5mLoucJDMzcorkSqZtA6j\nOUsodh77UgfrW/LduNNMs8ZZSrB8+/7VgjofOw328JNNvKr/4GO1F7wxRbBaeyzS\nCBzxyNynVzTE8rV9kLfK/SJmwD4YFs3DpSgJP5ZzSFuu1bfsZ7i+jTnyl85XCg0G\n9JITegAKCfmx3uDvjvt/IzECl7LDKmKFB8ms08JO65zrX+mQ3VQztrYa1iyhMDsQ\nxcWPP/0d4dCHD/XN7N54hhoTZ5gTfdl80kS7LRRngGpZ5g72NbPzv2ZNn3x7tgK8\nV7CALSuxku34hWYbHP583uepUcuaHCiDTfnBL/AaMgav1Gqk7+xp1U7xpu2j3dDV\nkH7JfBMkljN5aCpRm4CR0bUp/cavN0F90qlyiKjCFyjDczwxedYR1hiVYHOap1Yh\n9DiiG9mGuQIDAQABoyEwHzAdBgNVHQ4EFgQUiWEFs8xUUkILNtXi7204+agE9Lgw\nDQYJKoZIhvcNAQELBQADggIBANEf7O1ScSKZcI5gzHvB6iVDIDrPfpo3UlsQ+j33\nPUjD6ndnUbguebPa4NICriMq36Fev/VSzyzaqxRAONMEoLUPMZYs/6AGaJFu1Jn9\nmDvCuuhEROgpZhFrm/BxA7TeGqp2hyvS6mkI1XinyU4KsHuqJrXXMSaCIHfABieu\nKt0sa+yrPFgVK8ghwtXWbnn/bbNJX9NGPMOr5tAx69JWfDxJbUuQltda4S3ihizB\n2VIZ/1fyST7RbqJZCDYTxOznLOpwhK0+RrebPBzS3zfAst687+7r3ldIICNGLsk6\nVYaTlY/AQIj0BUCBukf+oYkCcfVJ05EToIdlRTJHoiQ8sD+nvF49s8hWia0/1yoR\nQmWXgmvYpyZ+NaGcfGGGYjzRKwtAXEMa5C1P6k497I+1H9ZBmwOKx5KZUhE+WeDV\n12pvz8IMaOfpKvbVNHldh2zwibc8dTwR30y9lhxO5WyhjR76z1jo9PEzT2lkdeYK\nQvOFJ5rzpd8EvIAFzdyyVMXpH1OFUPdP/NGtm/zEfovWuCClNH7bPW+Jgx11sOWO\nIouBTermBVYu//5sYOxvZJviqkOOEftgw9FIc727BeOJEAwMwNzXEfTwIlYgUpAk\n/gxKuqT0wy9Sou0zh6ZAMzp4n0NkhkV1G2LZj/IYb+6t4NlnbiicF6DIYFugQGHC\nuzdf\n-----END CERTIFICATE-----\n",
    "changed": false,
    "csr": "/tmp/test/ca.csr",
    "diff": {
        "after": {
            "authority_cert_issuer": null,
            "authority_cert_serial_number": null,
            "authority_key_identifier": null,
            "basic_constraints": null,
            "basic_constraints_critical": false,
            "can_parse_certificate": true,
            "expired": false,
            "extended_key_usage": null,
            "extended_key_usage_critical": false,
            "extensions_by_oid": {
                "2.5.29.14": {
                    "critical": false,
                    "value": "BBSJYQWzzFRSQgs21eLvbTj5qAT0uA=="
                }
            },
            "fingerprints": {
                "sha256": "dc:a9:20:fe:43:e4:6f:c2:82:b4:19:ae:c9:70:26:42:f6:c1:1d:2a:94:bb:11:e0:2c:63:f5:76:4e:22:26:68"
            },
            "issuer": {},
            "issuer_ordered": [],
            "issuer_uri": null,
            "key_usage": null,
            "key_usage_critical": false,
            "not_after": "20321205022048Z",
            "not_before": "20221208022048Z",
            "ocsp_must_staple": null,
            "ocsp_must_staple_critical": false,
            "ocsp_uri": null,
            "public_key": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4qI6OZUQMx98WnZG50b9\nQ/mGfaK4HVfl0P52kfRJ80IbWT368vAckVCNAJE+goyJ82rTCy8frd6AASCpdKzq\nubqSRtTYmPSW+OAoyXpQUvA0BeGPkbvrCPwlcwFe7pnSKn+ecrnfbb41Wfa4yZ/J\nvE5MVpJdc6iEf1He7npFgPOgytpCYnjyApgcriZggUJ7pRA9sQIlbAxEilnWupxG\nulqMGGm8tYR7dkbmixPXK+U6Y1h18fCvKESwTH6qCVJd7OBR/ql7aqLk+Zi6LnCQ\nzM3KK5EqmbQOozlLKHYe+1IH61vy3bjTTLPGWUqwfPv+1YI6HzsN9vCTTbyq/+Bj\ntRe8MUWwWnss0ggc8cjcp1c0xPK1fZC3yv0iZsA+GBbNw6UoCT+Wc0hbrtW37Ge4\nvo058pfOVwoNBvSSE3oACgn5sd7g7477fyMxApeywypihQfJrNPCTuuc61/pkN1U\nM7a2GtYsoTA7EMXFjz/9HeHQhw/1zezeeIYaE2eYE33ZfNJEuy0UZ4BqWeYO9jWz\n879mTZ98e7YCvFewgC0rsZLt+IVmGxz+fN7nqVHLmhwog035wS/wGjIGr9RqpO/s\nadVO8abto93Q1ZB+yXwTJJYzeWgqUZuAkdG1Kf3GrzdBfdKpcoiowhcow3M8MXnW\nEdYYlWBzmqdWIfQ4ohvZhrkCAwEAAQ==\n-----END PUBLIC KEY-----\n",
            "public_key_data": {
                "exponent": 65537,
                "modulus": 924584833661220243023619194855799053534193597705926567688841734798836281777223509684959696185636456708767439333742299214256124599127690041588321712784565031124765720899984026441891151782750415020440950579164708489814529052882149593300069500155335810673133029607664058522679101619987162289935267811561564167375854010668701203562179818189767064068662534581994020837855796153568748022631676091220521837032519419218157219491327330151130908061910285149751318847607919373594144973401455031543717914839908964889441398879607430366573303352671729531968695389387293441630764718846459518682491412789779218831070634212851515441922523879609739710935198944760104533717181189751878403777242237263821512609610495516156870971923544286389111209858542086209030062928870676233870651009570094499681176982336541933672215205443643282934601705738725166748367170038101194848914199485716667270944656654769364661929125942368164563324247985063881678906553007431396261015206743044638650774572577173584345061645826921404405795772610806117427518395504260904191506211354504666256544665980604748254133635089544943422355659526316189531752909842728934106320779522123196450909580844151122682344364641151627371053587930952372282557752399127160849846549490144720411264697,
                "size": 4096
            },
            "public_key_fingerprints": {
                "sha256": "d6:86:b6:26:79:3d:88:7b:83:1a:1d:0c:8b:ed:9f:f7:c2:b3:c1:08:d6:8e:35:16:1c:87:46:41:0b:fa:65:e8"
            },
            "public_key_type": "RSA",
            "serial_number": 189882654612351676984398707823038400242723974380,
            "signature_algorithm": "sha256WithRSAEncryption",
            "subject": {},
            "subject_alt_name": null,
            "subject_alt_name_critical": false,
            "subject_key_identifier": "89:61:05:b3:cc:54:52:42:0b:36:d5:e2:ef:6d:38:f9:a8:04:f4:b8",
            "subject_ordered": [],
            "version": 3
        },
        "before": {
            "authority_cert_issuer": null,
            "authority_cert_serial_number": null,
            "authority_key_identifier": null,
            "basic_constraints": null,
            "basic_constraints_critical": false,
            "can_parse_certificate": true,
            "expired": false,
            "extended_key_usage": null,
            "extended_key_usage_critical": false,
            "extensions_by_oid": {
                "2.5.29.14": {
                    "critical": false,
                    "value": "BBSJYQWzzFRSQgs21eLvbTj5qAT0uA=="
                }
            },
            "fingerprints": {
                "sha256": "dc:a9:20:fe:43:e4:6f:c2:82:b4:19:ae:c9:70:26:42:f6:c1:1d:2a:94:bb:11:e0:2c:63:f5:76:4e:22:26:68"
            },
            "issuer": {},
            "issuer_ordered": [],
            "issuer_uri": null,
            "key_usage": null,
            "key_usage_critical": false,
            "not_after": "20321205022048Z",
            "not_before": "20221208022048Z",
            "ocsp_must_staple": null,
            "ocsp_must_staple_critical": false,
            "ocsp_uri": null,
            "public_key": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4qI6OZUQMx98WnZG50b9\nQ/mGfaK4HVfl0P52kfRJ80IbWT368vAckVCNAJE+goyJ82rTCy8frd6AASCpdKzq\nubqSRtTYmPSW+OAoyXpQUvA0BeGPkbvrCPwlcwFe7pnSKn+ecrnfbb41Wfa4yZ/J\nvE5MVpJdc6iEf1He7npFgPOgytpCYnjyApgcriZggUJ7pRA9sQIlbAxEilnWupxG\nulqMGGm8tYR7dkbmixPXK+U6Y1h18fCvKESwTH6qCVJd7OBR/ql7aqLk+Zi6LnCQ\nzM3KK5EqmbQOozlLKHYe+1IH61vy3bjTTLPGWUqwfPv+1YI6HzsN9vCTTbyq/+Bj\ntRe8MUWwWnss0ggc8cjcp1c0xPK1fZC3yv0iZsA+GBbNw6UoCT+Wc0hbrtW37Ge4\nvo058pfOVwoNBvSSE3oACgn5sd7g7477fyMxApeywypihQfJrNPCTuuc61/pkN1U\nM7a2GtYsoTA7EMXFjz/9HeHQhw/1zezeeIYaE2eYE33ZfNJEuy0UZ4BqWeYO9jWz\n879mTZ98e7YCvFewgC0rsZLt+IVmGxz+fN7nqVHLmhwog035wS/wGjIGr9RqpO/s\nadVO8abto93Q1ZB+yXwTJJYzeWgqUZuAkdG1Kf3GrzdBfdKpcoiowhcow3M8MXnW\nEdYYlWBzmqdWIfQ4ohvZhrkCAwEAAQ==\n-----END PUBLIC KEY-----\n",
            "public_key_data": {
                "exponent": 65537,
                "modulus": 924584833661220243023619194855799053534193597705926567688841734798836281777223509684959696185636456708767439333742299214256124599127690041588321712784565031124765720899984026441891151782750415020440950579164708489814529052882149593300069500155335810673133029607664058522679101619987162289935267811561564167375854010668701203562179818189767064068662534581994020837855796153568748022631676091220521837032519419218157219491327330151130908061910285149751318847607919373594144973401455031543717914839908964889441398879607430366573303352671729531968695389387293441630764718846459518682491412789779218831070634212851515441922523879609739710935198944760104533717181189751878403777242237263821512609610495516156870971923544286389111209858542086209030062928870676233870651009570094499681176982336541933672215205443643282934601705738725166748367170038101194848914199485716667270944656654769364661929125942368164563324247985063881678906553007431396261015206743044638650774572577173584345061645826921404405795772610806117427518395504260904191506211354504666256544665980604748254133635089544943422355659526316189531752909842728934106320779522123196450909580844151122682344364641151627371053587930952372282557752399127160849846549490144720411264697,
                "size": 4096
            },
            "public_key_fingerprints": {
                "sha256": "d6:86:b6:26:79:3d:88:7b:83:1a:1d:0c:8b:ed:9f:f7:c2:b3:c1:08:d6:8e:35:16:1c:87:46:41:0b:fa:65:e8"
            },
            "public_key_type": "RSA",
            "serial_number": 189882654612351676984398707823038400242723974380,
            "signature_algorithm": "sha256WithRSAEncryption",
            "subject": {},
            "subject_alt_name": null,
            "subject_alt_name_critical": false,
            "subject_key_identifier": "89:61:05:b3:cc:54:52:42:0b:36:d5:e2:ef:6d:38:f9:a8:04:f4:b8",
            "subject_ordered": [],
            "version": 3
        }
    },
    "filename": "/tmp/test/ca.crt",
    "invocation": {
        "module_args": {
            "acme_accountkey_path": null,
            "acme_chain": false,
            "acme_challenge_path": null,
            "acme_directory": "https://acme-v02.api.letsencrypt.org/directory",
            "attributes": null,
            "backup": false,
            "csr_content": null,
            "csr_path": "/tmp/test/ca.csr",
            "entrust_api_client_cert_key_path": null,
            "entrust_api_client_cert_path": null,
            "entrust_api_key": null,
            "entrust_api_specification_path": "https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml",
            "entrust_api_user": null,
            "entrust_cert_type": "STANDARD_SSL",
            "entrust_not_after": "+365d",
            "entrust_requester_email": null,
            "entrust_requester_name": null,
            "entrust_requester_phone": null,
            "force": false,
            "group": null,
            "ignore_timestamps": true,
            "mode": null,
            "ownca_content": null,
            "ownca_create_authority_key_identifier": true,
            "ownca_create_subject_key_identifier": "create_if_not_provided",
            "ownca_digest": "sha256",
            "ownca_not_after": "+3650d",
            "ownca_not_before": "+0s",
            "ownca_path": null,
            "ownca_privatekey_content": null,
            "ownca_privatekey_passphrase": null,
            "ownca_privatekey_path": null,
            "ownca_version": 3,
            "owner": null,
            "path": "/tmp/test/ca.crt",
            "privatekey_content": null,
            "privatekey_passphrase": null,
            "privatekey_path": "/tmp/test/ca.key",
            "provider": "selfsigned",
            "return_content": true,
            "select_crypto_backend": "auto",
            "selevel": null,
            "selfsigned_create_subject_key_identifier": "create_if_not_provided",
            "selfsigned_digest": "sha256",
            "selfsigned_not_after": "+3650d",
            "selfsigned_not_before": "+0s",
            "selfsigned_version": 3,
            "serole": null,
            "setype": null,
            "seuser": null,
            "state": "present",
            "unsafe_writes": false
        }
    },
    "notAfter": "20321205022048Z",
    "notBefore": "20221208022048Z",
    "privatekey": "/tmp/test/ca.key",
    "serial_number": 189882654612351676984398707823038400242723974380
}

TASK [truststore.p12] **********************************************************
task path: /home/ruckc/Projects/tc/ansible-deployment/test.yml:27
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: ruckc
<localhost> EXEC /bin/sh -c 'echo ~ruckc && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/ruckc/.ansible/tmp `"&& mkdir "` echo /home/ruckc/.ansible/tmp/ansible-tmp-1670466711.583553-143597-224439992652194 `" && echo ansible-tmp-1670466711.583553-143597-224439992652194="` echo /home/ruckc/.ansible/tmp/ansible-tmp-1670466711.583553-143597-224439992652194 `" ) && sleep 0'
Using module file /home/ruckc/.pyenv/versions/3.11.0/lib/python3.11/site-packages/ansible_collections/community/crypto/plugins/modules/openssl_pkcs12.py
<localhost> PUT /home/ruckc/.ansible/tmp/ansible-local-143433x1wm6dy9/tmpq1exyvv5 TO /home/ruckc/.ansible/tmp/ansible-tmp-1670466711.583553-143597-224439992652194/AnsiballZ_openssl_pkcs12.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/ruckc/.ansible/tmp/ansible-tmp-1670466711.583553-143597-224439992652194/ /home/ruckc/.ansible/tmp/ansible-tmp-1670466711.583553-143597-224439992652194/AnsiballZ_openssl_pkcs12.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python3 /home/ruckc/.ansible/tmp/ansible-tmp-1670466711.583553-143597-224439992652194/AnsiballZ_openssl_pkcs12.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/ruckc/.ansible/tmp/ansible-tmp-1670466711.583553-143597-224439992652194/ > /dev/null 2>&1 && sleep 0'
changed: [localhost] => {
    "changed": true,
    "filename": "/tmp/test/truststore.p12",
    "invocation": {
        "module_args": {
            "action": "export",
            "attributes": null,
            "backup": false,
            "certificate_path": "/tmp/test/ca.crt",
            "encryption_level": "auto",
            "force": false,
            "friendly_name": "ca",
            "group": null,
            "iter_size": null,
            "maciter_size": null,
            "mode": "0400",
            "other_certificates": null,
            "other_certificates_parse_all": false,
            "owner": null,
            "passphrase": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "path": "/tmp/test/truststore.p12",
            "privatekey_content": null,
            "privatekey_passphrase": null,
            "privatekey_path": null,
            "return_content": false,
            "select_crypto_backend": "auto",
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "state": "present",
            "unsafe_writes": false
        }
    },
    "mode": "0400"
}

TASK [keypair.p12] *************************************************************
task path: /home/ruckc/Projects/tc/ansible-deployment/test.yml:37
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: ruckc
<localhost> EXEC /bin/sh -c 'echo ~ruckc && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/ruckc/.ansible/tmp `"&& mkdir "` echo /home/ruckc/.ansible/tmp/ansible-tmp-1670466711.9631379-143623-7371710064746 `" && echo ansible-tmp-1670466711.9631379-143623-7371710064746="` echo /home/ruckc/.ansible/tmp/ansible-tmp-1670466711.9631379-143623-7371710064746 `" ) && sleep 0'
Using module file /home/ruckc/.pyenv/versions/3.11.0/lib/python3.11/site-packages/ansible_collections/community/crypto/plugins/modules/openssl_pkcs12.py
<localhost> PUT /home/ruckc/.ansible/tmp/ansible-local-143433x1wm6dy9/tmplb8k_xlg TO /home/ruckc/.ansible/tmp/ansible-tmp-1670466711.9631379-143623-7371710064746/AnsiballZ_openssl_pkcs12.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/ruckc/.ansible/tmp/ansible-tmp-1670466711.9631379-143623-7371710064746/ /home/ruckc/.ansible/tmp/ansible-tmp-1670466711.9631379-143623-7371710064746/AnsiballZ_openssl_pkcs12.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python3 /home/ruckc/.ansible/tmp/ansible-tmp-1670466711.9631379-143623-7371710064746/AnsiballZ_openssl_pkcs12.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/ruckc/.ansible/tmp/ansible-tmp-1670466711.9631379-143623-7371710064746/ > /dev/null 2>&1 && sleep 0'
ok: [localhost] => {
    "changed": false,
    "filename": "/tmp/test/keypair.p12",
    "invocation": {
        "module_args": {
            "action": "export",
            "attributes": null,
            "backup": false,
            "certificate_path": "/tmp/test/ca.crt",
            "encryption_level": "auto",
            "force": false,
            "friendly_name": "ca",
            "group": null,
            "iter_size": null,
            "maciter_size": null,
            "mode": "0400",
            "other_certificates": null,
            "other_certificates_parse_all": false,
            "owner": null,
            "passphrase": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "path": "/tmp/test/keypair.p12",
            "privatekey_content": null,
            "privatekey_passphrase": null,
            "privatekey_path": "/tmp/test/ca.key",
            "return_content": false,
            "select_crypto_backend": "auto",
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "state": "present",
            "unsafe_writes": false
        }
    },
    "mode": "0400",
    "privatekey_path": "/tmp/test/ca.key"
}

PLAY RECAP *********************************************************************
localhost                  : ok=5    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
felixfontein commented 1 year ago

The problem is that you specify no private key. The interface with OpenSSL that cryptography and PyOpenSSL use to handle PKCS12 files is very limited and will extract the main certificate (the one with the friendly name) as an 'other' certificate if there is no private key present. Thus the module sees that you provided a main certificate, but the PKCS12 file has no main certificate, and treats this as a mismatch.

So we have basically two choices (when a main certificate is provided, but no private key):

  1. Either do not recreate the PKCS12 file if only the friendly name changes,
  2. Or try to make sure that friendly name in the PKCS12 file is what was specified to the module (basically by always treating the file as changed).

Right now we do 2., which causes the file to be regenerated in your case.

ruckc commented 1 year ago

In my use case, i'm trying to build a PKCS12 truststore for a Java application. While using keytool would work, its much slower, and it would require us to install and maintain/patch a JRE outside of a container... just to insert a certificate into a PKCS12 store.

hille721 commented 5 months ago

This issues seems to be also appear if other_certificates is used :/

EDIT: I can't reproduce my issue with a generic playbook like used in this issue. Thus forget my comment here, I will check what is wrong on my target system.

EDIT2: ok it is related to other_certificates , but only with the old cryptography==3.2.1 version.