From 5f2f20d0d4cd18392e5d15ac0be35d4356b3fc58 Mon Sep 17 00:00:00 2001 From: genofire Date: Wed, 31 Jan 2024 13:31:57 +0100 Subject: [PATCH] fix(pfsense_ca): add certificate_key option --- plugins/modules/pfsense_ca.py | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/plugins/modules/pfsense_ca.py b/plugins/modules/pfsense_ca.py index 9cdd1611..7634d7b2 100644 --- a/plugins/modules/pfsense_ca.py +++ b/plugins/modules/pfsense_ca.py @@ -45,6 +45,12 @@ The certificate for the Certificate Authority. This can be in PEM form or Base64 encoded PEM as a single string (which is how pfSense stores it). type: str + certificate_key: + description: + > + The certificate key for the Certificate Authority. This can be in + Base64 encoded PEM as a single string (which is how pfSense stores it). + type: str crl: description: > @@ -106,6 +112,7 @@ trust=dict(type='bool'), randomserial=dict(type='bool'), certificate=dict(type='str'), + certificate_key=dict(type='str'), crl=dict(default=None, type='str'), crlname=dict(default=None, type='str'), crlrefid=dict(default=None, type='str'), @@ -170,6 +177,8 @@ def _params_to_obj(self): if params['state'] == 'present': if 'certificate' in params and params['certificate'] is not None: obj['crt'] = params['certificate'] + if 'certificate_key' in params and params['certificate_key'] is not None: + obj['prv'] = params['certificate_key'] if params['crl'] is not None: self.crl = {} self.crl['method'] = 'existing' @@ -234,23 +243,21 @@ def _find_crl_by_refid(self, crlrefid): def _create_target(self): """ create the XML target_elt """ elt = self.pfsense.new_element('ca') - # We need this later in _copy_and_add_target() - self.obj['refid'] = self.pfsense.uniqid() - elt.append(self.pfsense.new_element('refid', text=self.obj['refid'])) - # These are default but not enforced values - elt.append(self.pfsense.new_element('randomserial', text='disabled')) - elt.append(self.pfsense.new_element('serial', text='0')) - elt.append(self.pfsense.new_element('trust', text='disabled')) + obj = dict(trust='disabled', randomserial='disabled', serial='0') + self.pfsense.copy_dict_to_element(obj, elt) return elt def _copy_and_add_target(self): """ populate the XML target_elt """ - self.pfsense.copy_dict_to_element(self.obj, self.target_elt) + obj = self.obj + + obj['refid'] = self.pfsense.uniqid() + self.pfsense.copy_dict_to_element(obj, self.target_elt) self.diff['after'] = self.pfsense.element_to_dict(self.target_elt) self.root_elt.insert(self._find_last_ca_index(), self.target_elt) if self.crl is not None: crl_elt = self.pfsense.new_element('crl') - self.crl['caref'] = self.obj['refid'] + self.crl['caref'] = obj['refid'] if 'refid' not in self.crl: self.crl['refid'] = self.pfsense.uniqid() self.pfsense.copy_dict_to_element(self.crl, crl_elt) @@ -260,7 +267,12 @@ def _copy_and_add_target(self): def _copy_and_update_target(self): """ update the XML target_elt """ - (before, changed) = super(PFSenseCAModule, self)._copy_and_update_target() + obj = self.obj + before = self.pfsense.element_to_dict(self.target_elt) + self.diff['before'] = before + + changed = self.pfsense.copy_dict_to_element(obj, self.target_elt) + self.diff['after'] = self.pfsense.element_to_dict(self.target_elt) if self.crl is not None: crl_elt = None