From 84b5d33c62f938754f421dd9a203c11fdf10ec41 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Fri, 21 Jun 2024 19:23:07 +0200
Subject: [PATCH] ansible_freeipa_module: New function
 convert_input_certificates

Certificates given by ansible could have leading and trailing white
space, but also multi line input is possible that also could have
leading and training white space and newlines.

New function:
- convert_input_certificates(module, certs, state)
---
 .../module_utils/ansible_freeipa_module.py    | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py
index 2f0ebff6..36cc4566 100644
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -54,6 +54,7 @@ import tempfile
 import shutil
 import socket
 import base64
+import binascii
 import ast
 import time
 from datetime import datetime
@@ -644,6 +645,7 @@ def encode_certificate(cert):
     Encode a certificate using base64.
 
     It also takes FreeIPA and Python versions into account.
+    This is used to convert the certificates returned by find and show.
     """
     if isinstance(cert, (str, unicode, bytes)):
         encoded = base64.b64encode(cert)
@@ -654,6 +656,33 @@ def encode_certificate(cert):
     return encoded
 
 
+def convert_input_certificates(module, certs, state):
+    """
+    Convert certificates.
+
+    Remove all newlines and white spaces from the certificates.
+    This is used on input parameter certificates of modules.
+    """
+    if certs is None:
+        return None
+
+    _certs = []
+    for cert in certs:
+        try:
+            _cert = base64.b64encode(base64.b64decode(cert)).decode("ascii")
+        except (TypeError, binascii.Error) as e:
+            # Idempotency: Do not fail for an invalid cert for state absent.
+            # The invalid certificate can not be set in FreeIPA.
+            if state == "absent":
+                continue
+            module.fail_json(
+                msg="Certificate %s: Base64 decoding failed: %s" %
+                (repr(cert), str(e)))
+        _certs.append(_cert)
+
+    return _certs
+
+
 def load_cert_from_str(cert):
     cert = cert.strip()
     if not cert.startswith("-----BEGIN CERTIFICATE-----"):
-- 
GitLab