99
1010from automax .core .models import ExecutionContext , PluginResult
1111from automax .plugins .base import BasePlugin
12- from automax .plugins .remote_utils import CHANGE_MARKER , exec_remote , quote , result_from_remote , sudo_prefix
12+ from automax .plugins .remote_utils import CHANGE_MARKER , exec_remote , predicate_result_from_remote , quote , result_from_remote , sudo_prefix
1313
1414
1515
@@ -70,9 +70,15 @@ def manual_commands(self, params: Dict[str, Any], context: ExecutionContext) ->
7070
7171 def execute (self , params : Dict [str , Any ], context : ExecutionContext ) -> PluginResult :
7272 rc , out , err = exec_remote (context , self .manual_commands (params , context )[0 ])
73- if rc != 0 :
74- return PluginResult .failure (rc = rc , stdout = out , stderr = err , message = "security.pki.cert.chain_check failed" )
75- return PluginResult .success (changed = False , rc = rc , stdout = out , stderr = err )
73+ return predicate_result_from_remote (
74+ rc = rc ,
75+ stdout = out ,
76+ stderr = err ,
77+ message = "security.pki.cert.chain_check failed" ,
78+ data_key = "valid" ,
79+ data = {"cert" : str (params ["cert" ]), "ca_file" : str (params ["ca_file" ])},
80+ false_rcs = (1 , 2 ),
81+ )
7682
7783class CertInstallKeypairPlugin (BasePlugin ):
7884 name = "security.pki.cert.install_keypair"
@@ -157,14 +163,14 @@ def execute(self, params: Dict[str, Any], context: ExecutionContext) -> PluginRe
157163
158164class CertMatchesKeyPlugin (BasePlugin ):
159165 name = "security.pki.cert.key_match_check"
160- description = "Assert that a certificate public key matches a private key."
166+ description = "Check whether a certificate public key matches a private key."
161167 required_params = ("cert" , "key" )
162168 optional_params = ("sudo" ,)
163169 opens_remote_session = True
164170 supports_check_mode = True
165171
166172 def diff_preview_reason (self , params : Dict [str , Any ], context : ExecutionContext ) -> str :
167- return "security.pki.cert.key_match_check is a read-only certificate/private-key assertion "
173+ return "security.pki.cert.key_match_check is a read-only certificate/private-key predicate "
168174
169175 def manual_commands (self , params : Dict [str , Any ], context : ExecutionContext ) -> list [str ]:
170176 sudo = sudo_prefix (params , default = True )
@@ -174,21 +180,27 @@ def manual_commands(self, params: Dict[str, Any], context: ExecutionContext) ->
174180
175181 def execute (self , params : Dict [str , Any ], context : ExecutionContext ) -> PluginResult :
176182 rc , out , err = exec_remote (context , self .manual_commands (params , context )[0 ])
177- if rc != 0 :
178- return PluginResult .failure (rc = rc , stdout = out , stderr = err , message = "security.pki.cert.key_match_check failed" )
179- return PluginResult .success (changed = False , rc = rc , stdout = out , stderr = err )
183+ return predicate_result_from_remote (
184+ rc = rc ,
185+ stdout = out ,
186+ stderr = err ,
187+ message = "security.pki.cert.key_match_check failed" ,
188+ data_key = "matches" ,
189+ data = {"cert" : str (params ["cert" ]), "key" : str (params ["key" ])},
190+ false_rcs = (1 , 2 ),
191+ )
180192
181193
182194class CertSanAssertPlugin (BasePlugin ):
183195 name = "security.pki.cert.san_check"
184- description = "Assert that a certificate contains required Subject Alternative Names."
196+ description = "Check whether a certificate contains required Subject Alternative Names."
185197 required_params = ("cert" , "names" )
186198 optional_params = ("sudo" ,)
187199 opens_remote_session = True
188200 supports_check_mode = True
189201
190202 def diff_preview_reason (self , params : Dict [str , Any ], context : ExecutionContext ) -> str :
191- return "security.pki.cert.san_check is a read-only certificate SAN assertion "
203+ return "security.pki.cert.san_check is a read-only certificate SAN predicate "
192204
193205 def manual_commands (self , params : Dict [str , Any ], context : ExecutionContext ) -> list [str ]:
194206 self .validate (params )
@@ -201,51 +213,69 @@ def manual_commands(self, params: Dict[str, Any], context: ExecutionContext) ->
201213
202214 def execute (self , params : Dict [str , Any ], context : ExecutionContext ) -> PluginResult :
203215 rc , out , err = exec_remote (context , " && " .join (self .manual_commands (params , context )))
204- if rc != 0 :
205- return PluginResult .failure (rc = rc , stdout = out , stderr = err , message = "security.pki.cert.san_check failed" )
206- return PluginResult .success (changed = False , rc = rc , stdout = out , stderr = err )
216+ return predicate_result_from_remote (
217+ rc = rc ,
218+ stdout = out ,
219+ stderr = err ,
220+ message = "security.pki.cert.san_check failed" ,
221+ data_key = "matches" ,
222+ data = {"cert" : str (params ["cert" ])},
223+ false_rcs = (1 , 2 ),
224+ )
207225
208226
209227class CertSubjectAssertPlugin (BasePlugin ):
210228 name = "security.pki.cert.subject_check"
211- description = "Assert that a certificate subject contains an expected string."
229+ description = "Check whether a certificate subject contains an expected string."
212230 required_params = ("cert" , "subject" )
213231 optional_params = ("sudo" ,)
214232 opens_remote_session = True
215233 supports_check_mode = True
216234
217235 def diff_preview_reason (self , params : Dict [str , Any ], context : ExecutionContext ) -> str :
218- return "security.pki.cert.subject_check is a read-only certificate subject assertion "
236+ return "security.pki.cert.subject_check is a read-only certificate subject predicate "
219237
220238 def manual_commands (self , params : Dict [str , Any ], context : ExecutionContext ) -> list [str ]:
221239 return [f"{ sudo_prefix (params , default = True )} openssl x509 -in { quote (params ['cert' ])} -noout -subject | grep -F -- { quote (params ['subject' ])} " ]
222240
223241 def execute (self , params : Dict [str , Any ], context : ExecutionContext ) -> PluginResult :
224242 rc , out , err = exec_remote (context , self .manual_commands (params , context )[0 ])
225- if rc != 0 :
226- return PluginResult .failure (rc = rc , stdout = out , stderr = err , message = "security.pki.cert.subject_check failed" )
227- return PluginResult .success (changed = False , rc = rc , stdout = out , stderr = err )
243+ return predicate_result_from_remote (
244+ rc = rc ,
245+ stdout = out ,
246+ stderr = err ,
247+ message = "security.pki.cert.subject_check failed" ,
248+ data_key = "matches" ,
249+ data = {"cert" : str (params ["cert" ]), "subject" : str (params ["subject" ])},
250+ false_rcs = (1 , 2 ),
251+ )
228252
229253
230254class CertIssuerAssertPlugin (BasePlugin ):
231255 name = "security.pki.cert.issuer_check"
232- description = "Assert that a certificate issuer contains an expected string."
256+ description = "Check whether a certificate issuer contains an expected string."
233257 required_params = ("cert" , "issuer" )
234258 optional_params = ("sudo" ,)
235259 opens_remote_session = True
236260 supports_check_mode = True
237261
238262 def diff_preview_reason (self , params : Dict [str , Any ], context : ExecutionContext ) -> str :
239- return "security.pki.cert.issuer_check is a read-only certificate issuer assertion "
263+ return "security.pki.cert.issuer_check is a read-only certificate issuer predicate "
240264
241265 def manual_commands (self , params : Dict [str , Any ], context : ExecutionContext ) -> list [str ]:
242266 return [f"{ sudo_prefix (params , default = True )} openssl x509 -in { quote (params ['cert' ])} -noout -issuer | grep -F -- { quote (params ['issuer' ])} " ]
243267
244268 def execute (self , params : Dict [str , Any ], context : ExecutionContext ) -> PluginResult :
245269 rc , out , err = exec_remote (context , self .manual_commands (params , context )[0 ])
246- if rc != 0 :
247- return PluginResult .failure (rc = rc , stdout = out , stderr = err , message = "security.pki.cert.issuer_check failed" )
248- return PluginResult .success (changed = False , rc = rc , stdout = out , stderr = err )
270+ return predicate_result_from_remote (
271+ rc = rc ,
272+ stdout = out ,
273+ stderr = err ,
274+ message = "security.pki.cert.issuer_check failed" ,
275+ data_key = "matches" ,
276+ data = {"cert" : str (params ["cert" ]), "issuer" : str (params ["issuer" ])},
277+ false_rcs = (1 , 2 ),
278+ )
249279
250280
251281class CertInstallCaBundlePlugin (BasePlugin ):
0 commit comments