From ef0f0ce4d862cee8a30d1be3a2871ad3fb02c361 Mon Sep 17 00:00:00 2001 From: Andrew Roth Date: Fri, 14 Jun 2024 15:57:05 -0400 Subject: [PATCH 1/2] fix error in module iam_server_certificate for _compare_cert --- plugins/modules/iam_server_certificate.py | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/plugins/modules/iam_server_certificate.py b/plugins/modules/iam_server_certificate.py index 6a7734acacb..78a56ccece4 100644 --- a/plugins/modules/iam_server_certificate.py +++ b/plugins/modules/iam_server_certificate.py @@ -137,12 +137,8 @@ def _compare_cert(cert_a, cert_b): # Trim out the whitespace before comparing the certs. While this could mean # an invalid cert 'matches' a valid cert, that's better than some stray # whitespace breaking things - cert_a.replace("\r", "") - cert_a.replace("\n", "") - cert_a.replace(" ", "") - cert_b.replace("\r", "") - cert_b.replace("\n", "") - cert_b.replace(" ", "") + cert_a = cert_a.replace("\r", "").replace("\n", "").replace(" ", "") + cert_b = cert_b.replace("\r", "").replace("\n", "").replace(" ", "") return cert_a == cert_b From 7184e0250cb290d0f41d6206b64b5cdeae3065f5 Mon Sep 17 00:00:00 2001 From: Andrew Roth Date: Sat, 15 Jun 2024 08:25:01 -0400 Subject: [PATCH 2/2] add support for updating in iam_server_certificate by deleting and recreating --- plugins/modules/iam_server_certificate.py | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/plugins/modules/iam_server_certificate.py b/plugins/modules/iam_server_certificate.py index 78a56ccece4..9d222a17173 100644 --- a/plugins/modules/iam_server_certificate.py +++ b/plugins/modules/iam_server_certificate.py @@ -11,6 +11,9 @@ short_description: Manage IAM server certificates for use on ELBs and CloudFront description: - Allows for the management of IAM server certificates. + - If a certificate already exists matching the name, but the certificate or chain is different, + the certificate will be deleted and recreated. This will result in the same + I(ServerCertificateName) and I(Arn), but the I(ServerCertificateId) may be different. options: name: description: @@ -144,23 +147,23 @@ def _compare_cert(cert_a, cert_b): def update_server_certificate(current_cert): - changed = False + need_update = False cert = module.params.get("cert") cert_chain = module.params.get("cert_chain") if not _compare_cert(cert, current_cert.get("certificate_body", None)): - module.fail_json(msg="Modifying the certificate body is not supported by AWS") + need_update = True if not _compare_cert(cert_chain, current_cert.get("certificate_chain", None)): - module.fail_json(msg="Modifying the chaining certificate is not supported by AWS") - # We can't compare keys. + need_update = True if module.check_mode: - return changed + return need_update - # For now we can't make any changes. Updates to tagging would go here and - # update 'changed' + if need_update: + return delete_server_certificate(current_cert) and \ + create_server_certificate() - return changed + return False def create_server_certificate():