Make cert expiration check independent of locale

.config/pep8.cfg

@@ -0,0 +1,4 @@
+[pep8]
+ignore = E402, E123
+# It's fine to have line-length of 99
+max-line-length = 99

.github/workflows/test_full_stack.yml

@@ -50,6 +50,7 @@ jobs:
           - debian10
         scenario:
           - elasticstack_default
+          - plugins
         release:
           - 7
           - 8

.github/workflows/test_plugins.yml

@@ -0,0 +1,223 @@
+---
+name: Test Plugins
+on:
+  workflow_dispatch:
+    inputs:
+      logLevel:
+        description: 'Log level'
+        required: true
+        default: 'warning'
+        type: choice
+        options:
+          - info
+          - warning
+          - debug
+  push:
+    branches:
+      - 'feature/**'
+      - 'fix/**'
+      - '!doc/**'
+    paths:
+      - 'plugins/**'
+      - '.github/workflows/test_plugins.yml'
+      - 'molecule/plugins/**'
+      - '.config/pep8.yml'
+      - 'tests/**'
+  pull_request:
+    branches:
+      - 'feature/**'
+      - 'fix/**'
+      - '!doc/**'
+    paths:
+      - 'plugins/**'
+      - '.github/workflows/test_plugins.yml'
+      - 'molecule/plugins/**'
+      - '.config/pep8.yml'
+      - 'tests/**'
+
+jobs:
+  pep8:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v3
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: |
+          python3 -m pip install --upgrade pip
+          python3 -m pip install pep8
+
+      - name: Lint code.
+        run: |
+          pep8 plugins/ --config=.config/pep8.cfg --statistics --count
+
+  unit-test:
+    needs: pep8
+    runs-on: ubuntu-20.04
+
+    env:
+      COLLECTION_NAMESPACE: netways
+      COLLECTION_NAME: elasticstack
+
+    strategy:
+      fail-fast: false
+      max-parallel: 1
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Set up Python 3.9.14
+        uses: actions/setup-python@v3
+        with:
+          python-version: 3.9.14
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install install ansible
+
+      - name: Install collection
+        run: |
+          mkdir -p ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE
+          cp -a ../ansible-collection-$COLLECTION_NAME ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME
+
+      - name: Test `cert_info` module
+        run: |
+          python tests/unit/plugins/modules/test_cert_info.py
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+
+      - name: Test `certs` module util
+        run: |
+          python tests/unit/plugins/module_utils/test_certs.py
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+
+  python:
+    needs: unit-test
+    runs-on: ubuntu-20.04
+
+    env:
+      COLLECTION_NAMESPACE: netways
+      COLLECTION_NAME: elasticstack
+
+    strategy:
+      fail-fast: false
+      max-parallel: 1
+      matrix:
+        python_version: [ 2.7.18, 3.5.10, 3.6.15, 3.7.13, 3.8.16, 3.10.10 ]
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Set up Python ${{ matrix.python_version }}
+        uses: actions/setup-python@v3
+        with:
+          python-version: ${{ matrix.python_version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install install ansible
+
+      - name: Install collection
+        run: |
+          mkdir -p ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE
+          cp -a ../ansible-collection-$COLLECTION_NAME ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME
+
+      - name: Test with ansible-playbook
+        run: |
+          ansible-playbook molecule/plugins/converge.yml
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+
+  ansible-core:
+    needs: python
+    runs-on: ubuntu-20.04
+
+    env:
+      COLLECTION_NAMESPACE: netways
+      COLLECTION_NAME: elasticstack
+
+    strategy:
+      fail-fast: false
+      max-parallel: 1
+      matrix:
+        ansible_core_version: [ 2.11.12, 2.12.10, 2.13.8, 2.14.4 ]
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Set up Python 3.9.14
+        uses: actions/setup-python@v3
+        with:
+          python-version: 3.9.14
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install install ansible-core==${{ matrix.ansible_core_version }}
+
+      - name: Install collection
+        run: |
+          mkdir -p ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE
+          cp -a ../ansible-collection-$COLLECTION_NAME ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME
+
+      - name: Test with ansible-playbook
+        run: |
+          ansible-playbook molecule/plugins/converge.yml
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+
+  python-cryptography:
+    needs: ansible-core
+    runs-on: ubuntu-20.04
+
+    env:
+      COLLECTION_NAMESPACE: netways
+      COLLECTION_NAME: elasticstack
+
+    strategy:
+      fail-fast: false
+      max-parallel: 1
+      matrix:
+        python_cryptography_version: [ 2.5, 3.0, 3.1, 3.2, 3.3, 3.4, 35.0.0, 36.0.0, 38.0.0, 40.0.1]
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Set up Python 3.9.14
+        uses: actions/setup-python@v3
+        with:
+          python-version: 3.9.14
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install install cryptography==${{ matrix.python_cryptography_version }}
+          python -m pip install install ansible
+
+      - name: Install collection
+        run: |
+          mkdir -p ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE
+          cp -a ../ansible-collection-$COLLECTION_NAME ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME
+
+      - name: Test with ansible-playbook
+        run: |
+          ansible-playbook molecule/plugins/converge.yml
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'

.gitignore

@@ -1,2 +1,3 @@
 .cache
 *.swp
+__pycache__*

molecule/plugins/converge.yml

@@ -0,0 +1,44 @@
+---
+# The workaround for arbitrarily named role directory is important because the git repo has one name and the role within it another
+# Found at: https://github.com/ansible-community/molecule/issues/1567#issuecomment-436876722
+- name: Converge
+  collections:
+    - netways.elasticstack
+  hosts: localhost
+  tasks:
+    #
+    # Test modules
+    #
+    - name: Test
+      cert_info:
+        path: files/es-ca/elastic-stack-ca.p12
+        passphrase: PleaseChangeMe
+      register: test
+    - name: Debug
+      debug:
+        msg: "{{ test }}"
+    - name: Test required parameters (missing path)
+      cert_info:
+        passphrase: PleaseChangeMe
+      ignore_errors: true
+    - name: Test wrong path
+      cert_info:
+        path: es-ca-wrong
+        passphrase: PleaseChangeMe
+      ignore_errors: true
+    - name: Debug with to_datetime() - (( test.not_valid_after | to_datetime()) - (ansible_date_time.date | to_datetime('%Y-%m-%d'))).days
+      debug:
+        msg: >-
+          "{{ (( test.not_valid_after | to_datetime()) - (ansible_date_time.date | to_datetime('%Y-%m-%d'))).days }}"
+    - name: Test wrong passphrase
+      cert_info:
+        path: files/es-ca/elastic-stack-ca.p12
+        passphrase: PleaseChangeMe-wrong
+      ignore_errors: true
+    - name: Test no passphrase
+      cert_info:
+        path: files/es-ca/elastic-stack-ca.p12
+      ignore_errors: true
+    - name: Test no parameters
+      cert_info:
+      ignore_errors: true

molecule/plugins/files/es-ca/ca.crt

@@ -0,0 +1,25 @@
+Bag Attributes
+    friendlyName: ca
+    2.16.840.1.113894.746875.1.1: <Unsupported tag 6>
+subject=CN = Elastic Certificate Tool Autogenerated CA
+issuer=CN = Elastic Certificate Tool Autogenerated CA
+-----BEGIN CERTIFICATE-----
+MIIDSTCCAjGgAwIBAgIUfhOfRtiBlwFsDhK9aaQoF9Vzk6gwDQYJKoZIhvcNAQEL
+BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
+cmF0ZWQgQ0EwHhcNMjMwMzI5MDE1ODAyWhcNMjYwMzI4MDE1ODAyWjA0MTIwMAYD
+VQQDEylFbGFzdGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANr2qXV6Lxm26yeqkCWVu9E6
+sGqms3nxH6ThVT20u4dcwi0doibKdBzideN37XRE+txv6bAhzoAIe8+ahOx/DQu1
+OPXIESPW+8FZcWtrFQs/uhrjBKLj09bKI46JODbsfse70454t63fwUn1D1kw9l//
+UrxAS7MSceeGfrcJ+XZjMWuTuqqKhal6dA4wji3BJ/LY8rAD2G1o7uk5xHaGyLUy
+h6ilJX0UbwVGAPCHZR0pQSFp5rQVUvm2QuvfOtwidPytX/9WmSB1A9nqEeKNJAMe
+92VDFgOcUstuKwqs7ZgfdKLscgNuQSCGHR7mwBi3L6RDpgw6JJ+lBA2TPi1/a/kC
+AwEAAaNTMFEwHQYDVR0OBBYEFIJTIBHHc6deKnfB3yLkI7TEULrPMB8GA1UdIwQY
+MBaAFIJTIBHHc6deKnfB3yLkI7TEULrPMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAGavr5FxsXeQZVt0I51wZgS2M+fUNFhprFYxFo9ZDK1fa3IT
+xQ5CRzbHYjajXqBlNxlxker0eCXdYGVI6o909H4t1ZagDGYjPjXXzL6JHnoWL2b5
+dDlinlaQWmemd7esBy93lLamNpEsCx4X9b0TtewpNNxDf21y1FGT/68rJUXENjNV
+GSM8hMxveRHolvGtvXbW3r38VCpl/VwE2fCUSTX+VTbSFGfsVpQE9ZZnNa/FFIPs
+nu18bOAk3fRW1HL7E0ZoUfLIxANrqBxDkJZh0qzcOUoTpk/jT6mb07Btvi25g1DJ
+pC1XUcSmHwoeeaQ3HNNNFlyW4rQoi9j+LJnMvcY=
+-----END CERTIFICATE-----

plugins/module_utils/README.md

@@ -0,0 +1,38 @@
+# Documentation: netways.elasticstack module_utils
+
+## Overview
+- [`certs` module_util](#cert_info-module)
+
+## `netways.elasticstack.certs` function
+
+### `bytes_to_hex()` function
+
+Since binascii.hexlify doesn't support a second parameter, which would define a seperator (e.g. ":") for hex strings in older Python versions like 2.6 and 2.7, we implemeted a small function to get similar results.
+
+**Parameter:** A __bytes__ object that represent a hexadecimal value (e.g. b'\\x82S \\x11\\xc7s\\xa7^*w\\xc1\\xdf\"\\xe4#\\xb4\\xc4P\\xba\\xcf')
+
+**Return:** A hexadecimal __string__ seperated by colons (e.g. "82:53:20:11:C7:73:A7:5E:2A:77:C1:DF:22:E4:23:B4:C4:50:BA:CF") 
+
+### `check_supported_extensions()` function
+
+A function to check if the extension is supported. Returns true if extension name is found in `SUPPORTED_EXTENSIONS` dict.
+
+**Parameter:** The extension name as __string__.
+
+**Return:** Returns a __bool__.
+
+### `check_supported_keys` function
+
+A function to check if the extensions key is supported. Returns true if extensions key is found in `SUPPORTED_EXTENSIONS` dict.
+
+**Parameter:** The key name as __string__.
+
+**Return:** Returns a __bool__.
+
+### `AnalyzeCertificate()` object
+
+An object to load the certificate and to gather information about it.
+
+**Parameter:** The path (required) to the certificate and the passphrase (optional), both as __string__.
+
+**Return:** Returns the result dict to the Ansible module.