win_certificate_store: Unable to find store 'CertificateAuthority'

[cailen]

SUMMARY

In windows collection v1.5.0, win_certificate_store is unable to add certificates to the Intermediate Certificate Store. This I confirmed not happening in v1.4.0.

ISSUE TYPE

• Bug Report

COMPONENT NAME

win_certificate_store

ANSIBLE VERSION

ansible 2.10.9
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.8/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.8.10 (default, May  4 2021, 18:50:59) [GCC 8.3.0]

ansible-galaxy collection list

# /usr/local/lib/python3.8/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    1.4.1
ansible.netcommon             1.5.0
ansible.posix                 1.2.0
ansible.utils                 2.0.2
ansible.windows               1.5.0
arista.eos                    1.3.0
awx.awx                       17.1.0
azure.azcollection            1.5.0
check_point.mgmt              2.0.0
chocolatey.chocolatey         1.1.0
cisco.aci                     2.0.0
cisco.asa                     1.0.4
cisco.intersight              1.0.12
cisco.ios                     1.3.0
cisco.iosxr                   1.2.1
cisco.meraki                  2.2.1
cisco.mso                     1.1.0
cisco.nso                     1.0.3
cisco.nxos                    1.4.0
cisco.ucs                     1.6.0
cloudscale_ch.cloud           2.1.0
community.aws                 1.4.0
community.azure               1.0.0
community.crypto              1.6.1
community.digitalocean        1.1.1
community.docker              1.5.0
community.fortios             1.0.0
community.general             2.5.1
community.google              1.0.0
community.grafana             1.2.1
community.hashi_vault         1.1.3
community.hrobot              1.1.1
community.kubernetes          1.2.1
community.kubevirt            1.0.0
community.libvirt             1.0.1
community.mongodb             1.2.1
community.mysql               1.4.0
community.network             2.1.1
community.okd                 1.1.2
community.postgresql          1.2.0
community.proxysql            1.0.0
community.rabbitmq            1.0.3
community.routeros            1.1.0
community.skydive             1.0.0
community.sops                1.0.6
community.vmware              1.9.0
community.windows             1.3.0
community.zabbix              1.3.0
containers.podman             1.5.0
cyberark.conjur               1.1.0
cyberark.pas                  1.0.6
dellemc.openmanage            3.2.0
dellemc.os10                  1.1.1
dellemc.os6                   1.0.7
dellemc.os9                   1.0.4
f5networks.f5_modules         1.9.0
fortinet.fortimanager         2.0.1
fortinet.fortios              1.1.9
frr.frr                       1.0.3
gluster.gluster               1.0.1
google.cloud                  1.0.2
hetzner.hcloud                1.4.2
ibm.qradar                    1.0.3
infinidat.infinibox           1.2.4
inspur.sm                     1.1.2
junipernetworks.junos         1.3.0
kubernetes.core               1.2.1
mellanox.onyx                 1.0.0
netapp.aws                    20.9.0
netapp.elementsw              20.11.0
netapp.ontap                  21.4.0
netapp_eseries.santricity     1.2.7
netbox.netbox                 2.1.0
ngine_io.cloudstack           2.1.0
ngine_io.exoscale             1.0.0
ngine_io.vultr                1.1.0
openstack.cloud               1.4.0
openvswitch.openvswitch       1.2.0
ovirt.ovirt                   1.4.1
purestorage.flasharray        1.7.0
purestorage.flashblade        1.5.0
sensu.sensu_go                1.9.4
servicenow.servicenow         1.0.4
splunk.es                     1.0.2
t_systems_mms.icinga_director 1.16.0
theforeman.foreman            1.5.1
vyos.vyos                     1.1.1
wti.remote                    1.0.1

CONFIGURATION

ansible-config dump --only-changed

OS / ENVIRONMENT

python:3.8 docker container

STEPS TO REPRODUCE

ansible-playbook -i inventory test.yml

---
- hosts: windows
  tasks:
    - name: Download Let's Encrypt Staging Intermediate CA
      win_get_url:
        url: https://letsencrypt.org/certs/staging/letsencrypt-stg-int-r3.pem
        dest: 'C:\Windows\Temp\letsencrypt_staging_int_ca.pem'
        force: no
    - name: Import Let's Encrypt Staging Intermediate CA
      win_certificate_store:
        path: 'C:\Windows\Temp\letsencrypt_staging_int_ca.pem'
        state: present
        store_location: LocalMachine
        store_name: CertificateAuthority
        key_storage: machine

EXPECTED RESULTS

The certificate is imported into the Intermediate Certificate Store (this is how it works in 1.4.0)

TASK [tenant-configuration : Download Let's Encrypt Staging Intermediate CA] ***
ok: [windows]
TASK [tenant-configuration : Import Let's Encrypt Staging Intermediate CA] *****
ok: [windows]

ACTUAL RESULTS

The module is unable to find the CertificateAuthority store (in v1.5.0).

TASK [tenant-configuration : Download Let's Encrypt Staging Intermediate CA] ***
ok: [windows]
TASK [tenant-configuration : Import Let's Encrypt Staging Intermediate CA] *****
fatal: [windows]: FAILED! => {"changed": false, "msg": "unable to find store 'CertificateAuthority': (CertOpenStore failed (The system cannot find the file specified, Win32ErrorCode 2 - 0x00000002))", "thumbprints": []}

[cailen]

I just found the relevant issue #216

[jborean93]

Yes sorry for the breakage, I'll be creating a new release sometime this week with the fix for this.