fix(pfsense_ca): add certificate_key option

pfsensible · Jan 31, 2024 · 5f2f20d · 5f2f20d
1 parent b3436e2
commit 5f2f20d
Showing 1 changed file with 22 additions and 10 deletions.
diff --git a/plugins/modules/pfsense_ca.py b/plugins/modules/pfsense_ca.py
@@ -45,6 +45,12 @@
         The certificate for the Certificate Authority.  This can be in PEM form or Base64
         encoded PEM as a single string (which is how pfSense stores it).
     type: str
+  certificate_key:
+    description:
+      >
+        The certificate key for the Certificate Authority.  This can be in
+        Base64 encoded PEM as a single string (which is how pfSense stores it).
+    type: str
   crl:
     description:
       >
@@ -106,6 +112,7 @@
     trust=dict(type='bool'),
     randomserial=dict(type='bool'),
     certificate=dict(type='str'),
+    certificate_key=dict(type='str'),
     crl=dict(default=None, type='str'),
     crlname=dict(default=None, type='str'),
     crlrefid=dict(default=None, type='str'),
@@ -170,6 +177,8 @@ def _params_to_obj(self):
         if params['state'] == 'present':
             if 'certificate' in params and params['certificate'] is not None:
                 obj['crt'] = params['certificate']
+            if 'certificate_key' in params and params['certificate_key'] is not None:
+                obj['prv'] = params['certificate_key']
             if params['crl'] is not None:
                 self.crl = {}
                 self.crl['method'] = 'existing'
@@ -234,23 +243,21 @@ def _find_crl_by_refid(self, crlrefid):
     def _create_target(self):
         """ create the XML target_elt """
         elt = self.pfsense.new_element('ca')
-        # We need this later in _copy_and_add_target()
-        self.obj['refid'] = self.pfsense.uniqid()
-        elt.append(self.pfsense.new_element('refid', text=self.obj['refid']))
-        # These are default but not enforced values
-        elt.append(self.pfsense.new_element('randomserial', text='disabled'))
-        elt.append(self.pfsense.new_element('serial', text='0'))
-        elt.append(self.pfsense.new_element('trust', text='disabled'))
+        obj = dict(trust='disabled', randomserial='disabled', serial='0')
+        self.pfsense.copy_dict_to_element(obj, elt)
         return elt
 
     def _copy_and_add_target(self):
         """ populate the XML target_elt """
-        self.pfsense.copy_dict_to_element(self.obj, self.target_elt)
+        obj = self.obj
+
+        obj['refid'] = self.pfsense.uniqid()
+        self.pfsense.copy_dict_to_element(obj, self.target_elt)
         self.diff['after'] = self.pfsense.element_to_dict(self.target_elt)
         self.root_elt.insert(self._find_last_ca_index(), self.target_elt)
         if self.crl is not None:
             crl_elt = self.pfsense.new_element('crl')
-            self.crl['caref'] = self.obj['refid']
+            self.crl['caref'] = obj['refid']
             if 'refid' not in self.crl:
                 self.crl['refid'] = self.pfsense.uniqid()
             self.pfsense.copy_dict_to_element(self.crl, crl_elt)
@@ -260,7 +267,12 @@ def _copy_and_add_target(self):
 
     def _copy_and_update_target(self):
         """ update the XML target_elt """
-        (before, changed) = super(PFSenseCAModule, self)._copy_and_update_target()
+        obj = self.obj
+        before = self.pfsense.element_to_dict(self.target_elt)
+        self.diff['before'] = before
+
+        changed = self.pfsense.copy_dict_to_element(obj, self.target_elt)
+        self.diff['after'] = self.pfsense.element_to_dict(self.target_elt)
 
         if self.crl is not None:
             crl_elt = None