param pkcs12_alias and cert_alias to be optional in java_cert module (#9970)

* changed pkcs12_alias and cert_alias to be optional when importing pkcs12 certificate in keystore * Add changelog fragment * Update changelogs/fragments/9970-pkcs12_alias_cert_alias_optional.yml Co-authored-by: Felix Fontein <felix@fontein.de> * Update changelogs/fragments/9970-pkcs12_alias_cert_alias_optional.yml Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Felix Fontein <felix@fontein.de>
2025-04-18 20:44:16 +03:00 · 2025-04-16 20:52:11 +02:00 · 2025-04-16 20:52:11 +02:00 · 42a161abf5
commit 42a161abf5
parent 216e7dc06b
3 changed files with 29 additions and 7 deletions
--- a/changelogs/fragments/9970-pkcs12_alias_cert_alias_optional.yml
+++ b/changelogs/fragments/9970-pkcs12_alias_cert_alias_optional.yml
@ -0,0 +1,2 @@
+bugfixes:
+  - java_cert - the module no longer fails if the optional parameters ``pkcs12_alias`` and ``cert_alias`` are not provided (https://github.com/ansible-collections/community.general/pull/9970).
--- a/plugins/modules/java_cert.py
+++ b/plugins/modules/java_cert.py
@ -315,12 +315,13 @@ def _export_public_cert_from_pkcs12(module, executable, pkcs_file, alias, passwo
        "-noprompt",
        "-keystore",
        pkcs_file,
-        "-alias",
-        alias,
        "-storetype",
        "pkcs12",
        "-rfc"
    ]
+    # Append optional alias
+    if alias:
+        export_cmd.extend(["-alias", alias])
    (export_rc, export_stdout, export_err) = module.run_command(export_cmd, data=password, check_rc=False)

    if export_rc != 0:
@ -393,6 +394,10 @@ def import_pkcs12_path(module, executable, pkcs12_path, pkcs12_pass, pkcs12_alia
                       keystore_path, keystore_pass, keystore_alias, keystore_type):
    ''' Import pkcs12 from path into keystore located on
        keystore_path as alias '''
+    optional_aliases = {
+        "-destalias": keystore_alias,
+        "-srcalias": pkcs12_alias
+    }
    import_cmd = [
        executable,
        "-importkeystore",
@ -401,13 +406,14 @@ def import_pkcs12_path(module, executable, pkcs12_path, pkcs12_pass, pkcs12_alia
        "pkcs12",
        "-srckeystore",
        pkcs12_path,
-        "-srcalias",
-        pkcs12_alias,
        "-destkeystore",
        keystore_path,
-        "-destalias",
-        keystore_alias
    ]
+    # Append optional aliases
+    for flag, value in optional_aliases.items():
+        if value:
+            import_cmd.extend([flag, value])
+
    import_cmd += _get_keystore_type_keytool_parameters(keystore_type)

    secret_data = "%s\n%s" % (keystore_pass, pkcs12_pass)
--- a/tests/integration/targets/java_cert/tasks/main.yml
+++ b/tests/integration/targets/java_cert/tasks/main.yml
@ -10,7 +10,6 @@

 - when: has_java_keytool
  block:
-
    - name: prep pkcs12 file
      ansible.builtin.copy:
        src: "{{ test_pkcs12_path }}"
@ -33,6 +32,21 @@
        that:
        - result_success is successful

+    - name: import pkcs12 without alias params
+      community.general.java_cert:
+        pkcs12_path: "{{ remote_tmp_dir }}/{{ test_pkcs12_path }}"
+        pkcs12_password: changeit
+        keystore_path: "{{ remote_tmp_dir }}/{{ test_keystore_path }}"
+        keystore_pass: changeme_keystore
+        keystore_create: true
+        state: present
+      register: result_success_excl_aliases
+
+    - name: verify success
+      ansible.builtin.assert:
+        that:
+        - result_success_excl_aliases is successful
+
    - name: import pkcs12 with wrong password
      community.general.java_cert:
        pkcs12_path: "{{ remote_tmp_dir }}/{{ test_pkcs12_path }}"