openssl_pkcs12 : TypeError when other_certificates is an empty list

[jdelafon]

SUMMARY

TypeError: 'NoneType' object is not iterable in openssl_pkcs12 when the keystore already exists and other_certificates is an empty list.

ISSUE TYPE

• Bug Report

COMPONENT NAME

community.crypto.openssl_pkcs12

ANSIBLE VERSION

ansible [core 2.12.6]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['xxxx/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  ansible collection location = xxxx/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.9.13 (main, May 28 2022, 14:03:04) [GCC 10.2.1 20210110]
  jinja version = 3.1.2
  libyaml = True

COLLECTION VERSION

Collection       Version
---------------- -------
community.crypto 2.3.2

CONFIGURATION

ANSIBLE_FORCE_COLOR(/etc/ansible/ansible.cfg) = True
DEFAULT_TIMEOUT(/etc/ansible/ansible.cfg) = 180
DEFAULT_VAULT_PASSWORD_FILE(/etc/ansible/ansible.cfg) = .../.vault_pass.txt
GALAXY_SERVER(/etc/ansible/ansible.cfg) = .../nexus/repository/galaxy.ansible.com/

OS / ENVIRONMENT

RHEL 7, Python 3.6

STEPS TO REPRODUCE

Run twice the task below : the first time it creates the keystore successfully, the second time it throws a TypeError

community.crypto.openssl_pkcs12:
            path: "{{ target_keystore_file }}"
            passphrase: "{{ keystore_conf.keystore_passphrase }}"
            friendly_name: "{{ keystore_conf.alias }}"
            certificate_path: "{{ keystore_conf.alias }}.pem"
            privatekey_content: "{{ keystore_conf.private_key }}"
            other_certificates: "{{ [] }}"  # <---- HERE

EXPECTED RESULTS

No changes should happen to the existing keystore. Empty lists should be iterable.

ACTUAL RESULTS

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: TypeError: 'NoneType' object is not iterable
fatal: [xxxx]: FAILED! => {"changed": false, "module_stderr": "Shared connection to xxxxx closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n  File \"xxxx/.ansible/tmp/ansible-tmp-1657104240.382261-3050-153904700789114/AnsiballZ_openssl_pkcs12.py\", line 107, in <module>\r\n    _ansiballz_main()\r\n  File \"xxxx/.ansible/tmp/ansible-tmp-1657104240.382261-3050-153904700789114/AnsiballZ_openssl_pkcs12.py\", line 99, in _ansiballz_main\r\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n  File \"xxxx/.ansible/tmp/ansible-tmp-1657104240.382261-3050-153904700789114/AnsiballZ_openssl_pkcs12.py\", line 48, in invoke_module\r\n    run_name='__main__', alter_sys=True)\r\n  File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\r\n    return _run_module_code(code, init_globals, run_name, mod_spec)\r\n  File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\r\n    mod_name, mod_spec, pkg_name, script_name)\r\n  File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\r\n    exec(code, run_globals)\r\n  File \"/tmp/ansible_community.crypto.openssl_pkcs12_payload_o0zgl8ve/ansible_community.crypto.openssl_pkcs12_payload.zip/ansible_collections/community/crypto/plugins/modules/openssl_pkcs12.py\", line 785, in <module>\r\n  File \"/tmp/ansible_community.crypto.openssl_pkcs12_payload_o0zgl8ve/ansible_community.crypto.openssl_pkcs12_payload.zip/ansible_collections/community/crypto/plugins/modules/openssl_pkcs12.py\", line 745, in main\r\n  File \"/tmp/ansible_community.crypto.openssl_pkcs12_payload_o0zgl8ve/ansible_community.crypto.openssl_pkcs12_payload.zip/ansible_collections/community/crypto/plugins/modules/openssl_pkcs12.py\", line 432, in check\r\n  File \"/tmp/ansible_community.crypto.openssl_pkcs12_payload_o0zgl8ve/ansible_community.crypto.openssl_pkcs12_payload.zip/ansible_collections/community/crypto/plugins/modules/openssl_pkcs12.py\", line 564, in _dump_other_certificates\r\nTypeError: 'NoneType' object is not iterable\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

[felixfontein]

#487 should fix this.