openssl_privkey fails in check mode

[xcorp]

SUMMARY

When generating a new key with openssl_privkey in --check mode it fails with file not found

ISSUE TYPE

• Bug Report

COMPONENT NAME

openssl_privkey

ANSIBLE VERSION

ansible [core 2.11.1] 
  config file = /home/user/git/itops/ansible-playbooks/ansible.cfg
  configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/user/.local/lib/python3.8/site-packages/ansible
  ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.8.5 (default, Jan 27 2021, 15:41:15) [GCC 9.3.0]
  jinja version = 2.11.3
  libyaml = True

CONFIGURATION

ANSIBLE_NOCOWS(env: ANSIBLE_NOCOWS) = True
CALLBACKS_ENABLED(/home/user/git/itops/ansible-playbooks/ansible.cfg) = ['profile_tasks']
DEFAULT_FORKS(/home/user/git/itops/ansible-playbooks/ansible.cfg) = 10
DEFAULT_HASH_BEHAVIOUR(/home/user/git/itops/ansible-playbooks/ansible.cfg) = merge
DEFAULT_HOST_LIST(/home/user/git/itops/ansible-playbooks/ansible.cfg) = ['/home/user/git/itops/ansible-playbooks/inventory']
DEFAULT_LOG_PATH(/home/user/git/itops/ansible-playbooks/ansible.cfg) = /home/user/git/itops/ansible-playbooks/ansible.log
DEFAULT_REMOTE_PORT(/home/user/git/itops/ansible-playbooks/ansible.cfg) = 22
DEFAULT_STRATEGY(/home/user/git/itops/ansible-playbooks/ansible.cfg) = mitogen_linear
DEFAULT_STRATEGY_PLUGIN_PATH(/home/user/git/itops/ansible-playbooks/ansible.cfg) = ['/home/user/git/itops/ansible-playbooks/mitogen/ansible_mitogen/plugins/strategy']
DEFAULT_TIMEOUT(/home/user/git/itops/ansible-playbooks/ansible.cfg) = 20
DEPRECATION_WARNINGS(/home/user/git/itops/ansible-playbooks/ansible.cfg) = False
HOST_KEY_CHECKING(/home/user/git/itops/ansible-playbooks/ansible.cfg) = False
INTERPRETER_PYTHON(/home/user/git/itops/ansible-playbooks/ansible.cfg) = auto_silent
RETRY_FILES_ENABLED(/home/user/git/itops/ansible-playbooks/ansible.cfg) = True

OS / ENVIRONMENT

Ubuntu 20.04.2 LTS

pip list | grep -e ansible -e cryptography
ansible                 4.0.0
ansible-base            2.10.5
ansible-core            2.11.1
ansible-lint            5.0.0
cryptography            3.4.4

STEPS TO REPRODUCE

Try to generate a private key with ansible check mode

ansible-playbook -C generate_openssl_key.yml -i test,

---
- hosts: all
  gather_facts: false
  tasks:

    - name: "Generate private key"
      community.crypto.openssl_privatekey:
        path: "test.key"
        mode: 0600
        backup: no
      delegate_to: localhost
      become: no

EXPECTED RESULTS

Play should just skip task since there is need to generate an actual key in check mode

ACTUAL RESULTS

Play fails with a fatal "File not found" error for the path of the key

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: FileNotFoundError: [Errno 2] No such file or directory: b'test.key'
fatal: [test -> localhost]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"master:/home/user/git/itops/ansible-playbooks/mitogen/ansible_mitogen/runner.py\", line 975, in _run\n    self._run_code(code, mod)\n  File \"master:/home/user/git/itops/ansible-playbooks/mitogen/ansible_mitogen/runner.py\", line 939, in _run_code\n    exec(code, vars(mod))\n  File \"master:/home/user/.local/lib/python3.8/site-packages/ansible_collections/community/crypto/plugins/modules/openssl_privatekey.py\", line 279, in <module>\n  File \"master:/home/user/.local/lib/python3.8/site-packages/ansible_collections/community/crypto/plugins/modules/openssl_privatekey.py\", line 268, in main\n  File \"master:/home/user/.local/lib/python3.8/site-packages/ansible_collections/community/crypto/plugins/modules/openssl_privatekey.py\", line 217, in generate\n  File \"master:/home/user/.local/lib/python3.8/site-packages/ansible/module_utils/basic.py\", line 1168, in set_fs_attributes_if_different\n    changed = self.set_mode_if_different(\n  File \"master:/home/user/.local/lib/python3.8/site-packages/ansible/module_utils/basic.py\", line 885, in set_mode_if_different\n    path_stat = os.lstat(b_path)\nFileNotFoundError: [Errno 2] No such file or directory: b'test.key'\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

[felixfontein]

A readable version of the traceback:

Traceback (most recent call last):
  File "master:/home/user/git/itops/ansible-playbooks/mitogen/ansible_mitogen/runner.py", line 975, in _run
    self._run_code(code, mod)
  File "master:/home/user/git/itops/ansible-playbooks/mitogen/ansible_mitogen/runner.py", line 939, in _run_code
    exec(code, vars(mod))
  File "master:/home/user/.local/lib/python3.8/site-packages/ansible_collections/community/crypto/plugins/modules/openssl_privatekey.py", line 279, in <module>
  File "master:/home/user/.local/lib/python3.8/site-packages/ansible_collections/community/crypto/plugins/modules/openssl_privatekey.py", line 268, in main
  File "master:/home/user/.local/lib/python3.8/site-packages/ansible_collections/community/crypto/plugins/modules/openssl_privatekey.py", line 217, in generate
  File "master:/home/user/.local/lib/python3.8/site-packages/ansible/module_utils/basic.py", line 1168, in set_fs_attributes_if_different
    changed = self.set_mode_if_different(
  File "master:/home/user/.local/lib/python3.8/site-packages/ansible/module_utils/basic.py", line 885, in set_mode_if_different
    path_stat = os.lstat(b_path)
FileNotFoundError: [Errno 2] No such file or directory: b'test.key'

[felixfontein]

This seems to be a bug in ansible-core which has been fixed in ansible/ansible#64279 - unfortunately that hasn't been backported to stable-2.11 or earlier. Since it definitely won't be backported to Ansible 2.9 (which we still support), I guess we have to fix it on our side as well.

[felixfontein]

Should be fixed by #243.