Fixed Issue 2435 - bigip_profile_server_ssl fails to create server SSL profile if SSL key is passphrase protected

ansible_collections/f5networks/f5_modules/changelogs/fragments/issue_2435.yaml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - bigip_profile_server_ssl - Fixed bug - create server SSL profile if SSL key is passphrase protected

ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_server_ssl.py

@@ -269,6 +269,7 @@ class Parameters(AnsibleF5Parameters):
         'caFile',
         'authenticateName',
         'tmOptions',
+        'passphrase'
     ]
 
     returnables = [
@@ -440,6 +441,14 @@ def options(self):
             return []
         return options
 
+    @property
+    def passphrase(self):
+        if self._values['passphrase'] is None:
+            return None
+        if self._values['passphrase'] in ['', 'none']:
+            return ''
+        return self._values['passphrase']
+
 
 class Changes(Parameters):
     def to_return(self):
@@ -699,6 +708,7 @@ def create_on_device(self):
             self.client.provider['server'],
             self.client.provider['server_port']
         )
+        params['passphrase'] = self.want.passphrase
         resp = self.client.api.post(uri, json=params)
         try:
             response = resp.json()

ansible_collections/f5networks/f5_modules/tests/unit/modules/network/f5/test_bigip_profile_server_ssl.py

@@ -52,12 +52,14 @@ def test_module_parameters(self):
             name='foo',
             server_name='foo.bar.com',
             secure_renegotiation='require',
+            passphrase="F5site02"
         )
 
         p = ModuleParameters(params=args)
         assert p.name == 'foo'
         assert p.server_name == 'foo.bar.com'
         assert p.secure_renegotiation == 'require'
+        assert p.passphrase == 'F5site02'
 
     def test_api_parameters(self):
         args = load_fixture('load_ltm_profile_serverssl_1.json')

test/integration/targets/bigip_profile_server_ssl/tasks/issue-02435.yaml

@@ -0,0 +1,20 @@
+---
+- name: Create a client SSL profile with a cert/key/chain setting
+  bigip_profile_client_ssl:
+    state: present
+    name: PRD.DEVTTY.LOCAL_CLIENTSSL
+    server_name: prd.devtty.local
+    cert_key_chain:
+      - cert: tc.crt
+        key: tc.key
+        passphrase: "F5site02"
+        true_names: true
+
+- name: Create a new server SSL profile with a cert/key/chain setting
+  bigip_profile_server_ssl:
+    state: present
+    name: PRD.DEVTTY.LOCAL_SERVERSSL
+    server_name: prd.devtty.local
+    certificate: tc.crt
+    key: tc.key
+    passphrase: "F5site02"

test/integration/targets/bigip_profile_server_ssl/tasks/main.yaml

@@ -1,5 +1,4 @@
 ---
-
 - import_tasks: setup.yaml
 
 - name: Create a base server SSL profile
@@ -72,11 +71,10 @@
       - result is not changed
       - result is success
 
-
 - name: Change OCSP - empty - Idempotent check
   bigip_profile_server_ssl:
     name: foo
-    ocsp_profile: ''
+    ocsp_profile: ""
   register: result
 
 - name: Assert Change OCSP - empty - Idempotent check
@@ -461,7 +459,7 @@
 - name: Set server_name - empty - Idempotent check
   bigip_profile_server_ssl:
     name: "{{ profile_2 }}"
-    server_name: ''
+    server_name: ""
   register: result
 
 - name: Assert Set server_name - empty - Idempotent check
@@ -494,3 +492,6 @@
 
 - import_tasks: issue-01609.yaml
   tags: issue-01609
+
+- import_tasks: issue-02435.yaml
+  tags: issue-02435