search

ansible-collections / netapp.ontap

Ansible collection to support NetApp ONTAP configuration.
https://galaxy.ansible.com/netapp/ontap
GNU General Public License v3.0
56 stars 36 forks source link

Installing multiple intermediate certificates in na_ontap_security_certificates #206

Open joecaruso opened 7 months ago

joecaruso commented 7 months ago

Summary

When using the na_ontap_security_certificates module, if you have two (or more) intermediate certificates as a list of strings and pass them to the intermediate_certificates parameter, the call will fail. The REST API expects a string, so the certificates need to be concatenated together into a single string with a \n in between the certs. Once this is done, the module works as expected. Currently the docs for the module says the intermediate_certificates supports a list of strings. Either the docs should be updated, with info about how to handle if there multiple certificates. Or ideally, the module should handle this automatically and format the strings correctly before sending it to the API.

https://docs.netapp.com/us-en/ontap-restapi-9121/ontap/swagger-ui/index.html#/security/security_certificate_create https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_security_certificates_module.html#parameter-intermediate_certificates

Component Name

na_ontap_security_certificates

Ansible Version

ansible-core 2.15.0
python 3.9.6

ONTAP Collection Version

netapp.ontap 22.9.0

ONTAP Version

ONTAP 9.12.1P4

Playbook

See below

Steps to Reproduce

- name: Install certificates
  netapp.ontap.na_ontap_security_certificates:
    <<: *login
    private_key: "{{ ssl_certificates.json.data.private_key }}"
    intermediate_certificates: "{{ ssl_certificates.json.data.ca_chain }}"
    public_certificate: "{{ ssl_certificates.json.data.certificate }}"
    common_name: "{{ common_name }}"
    name: "{{ common_name }}"
    type: server

Expected Results

Module should handle multiple intermediate certificates passed as a list of strings.

Actual Results

fatal: [netappcluster1]: FAILED! =>
{"changed": false,
 "error_code": "52559977",
 "error_message": "Error \"unable to get local issuer certificate\" while verifying the certificate chain at depth 0.",
 "msg": "Error when calling 'security/certificates': {'target': 'intermediate_certificates'}",
 "response": null, 
 "status_code": 400}
carchi8py commented 1 month ago

@joecaruso hey sorry no one got back to this earlier. I'll have the team look in to this as this looks like a bug. The variable is set to be a list of strings but looking at the code it look like it being used as a string

carchi8py commented 1 month ago

Story (DEVOPS-7087) is open for this