From 89da98908d264e1ce7e6f690d7d1a31dc497ed58 Mon Sep 17 00:00:00 2001 From: francescolovecchio Date: Thu, 9 May 2024 20:24:48 +0200 Subject: [PATCH] ecs_certificate: allow to request renewal without csr (#740) * renew request CSR validation * Create 740-ecs_certificate-renewal-without-csr * Rename 740-ecs_certificate-renewal-without-csr to 740-ecs_certificate-renewal-without-csr.yml --------- Co-authored-by: flovecchio --- .../fragments/740-ecs_certificate-renewal-without-csr.yml | 2 ++ plugins/modules/ecs_certificate.py | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/740-ecs_certificate-renewal-without-csr.yml diff --git a/changelogs/fragments/740-ecs_certificate-renewal-without-csr.yml b/changelogs/fragments/740-ecs_certificate-renewal-without-csr.yml new file mode 100644 index 000000000..bb7f15b0d --- /dev/null +++ b/changelogs/fragments/740-ecs_certificate-renewal-without-csr.yml @@ -0,0 +1,2 @@ +bugfixes: + - "ecs_certificate - fixed ``csr`` option to be empty and allow renewal of a specific certificate according to the Renewal Information specification (https://github.com/ansible-collections/community.crypto/pull/740)." diff --git a/plugins/modules/ecs_certificate.py b/plugins/modules/ecs_certificate.py index 2c1238d48..0276556ab 100644 --- a/plugins/modules/ecs_certificate.py +++ b/plugins/modules/ecs_certificate.py @@ -938,8 +938,8 @@ def main(): module.fail_json(msg='The cert_expiry field is invalid when request_type="reissue".') elif module.params['cert_lifetime']: module.fail_json(msg='The cert_lifetime field is invalid when request_type="reissue".') - # Only a reissued request can omit the CSR - else: + # Reissued or renew request can omit the CSR + elif module.params['request_type'] != 'renew': module_params_csr = module.params['csr'] if module_params_csr is None: module.fail_json(msg='The csr field is required when request_type={0}'.format(module.params['request_type']))