Exception when certificate does not belong to the specified private key

[twouters]

SUMMARY

Ansible module throws an exception when a certificate does not match a specified private key.
Works fine if they do match.

Example below: domain1.crt.tmp belongs to domain1.key.tmp and succeeds.
domain2.crt.tmp does not belong to domain2.key.tmp.

- name: Validate certificate & key
  community.crypto.x509_certificate:
    path: "/tmp/{{ item }}.crt.tmp"
    privatekey_path: "/tmp/{{ item }}.key.tmp"
    provider: assertonly
  check_mode: no
  loop:
    - domain1
    - domain2

The full traceback is:
Traceback (most recent call last):
  File "/home/combell/twouters/.ansible/tmp/ansible-tmp-1622617686.6430984-72160-37957725581513/AnsiballZ_x509_certificate.py", line 100, in <module>
    _ansiballz_main()
  File "/home/combell/twouters/.ansible/tmp/ansible-tmp-1622617686.6430984-72160-37957725581513/AnsiballZ_x509_certificate.py", line 92, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/home/combell/twouters/.ansible/tmp/ansible-tmp-1622617686.6430984-72160-37957725581513/AnsiballZ_x509_certificate.py", line 41, in invoke_module
    run_name='__main__', alter_sys=True)
  File "/usr/lib/python2.7/runpy.py", line 188, in run_module
    fname, loader, pkg_name)
  File "/usr/lib/python2.7/runpy.py", line 82, in _run_module_code
    mod_name, mod_fname, mod_loader, pkg_name)
  File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "/tmp/ansible_openssl_certificate_payload_EzbMG2/ansible_openssl_certificate_payload.zip/ansible_collections/community/crypto/plugins/modules/x509_certificate.py", line 555, in <module>
  File "/tmp/ansible_openssl_certificate_payload_EzbMG2/ansible_openssl_certificate_payload.zip/ansible_collections/community/crypto/plugins/modules/x509_certificate.py", line 546, in main
  File "/tmp/ansible_openssl_certificate_payload_EzbMG2/ansible_openssl_certificate_payload.zip/ansible_collections/community/crypto/plugins/modules/x509_certificate.py", line 465, in generate
  File "/tmp/ansible_openssl_certificate_payload_EzbMG2/ansible_openssl_certificate_payload.zip/ansible_collections/community/crypto/plugins/module_utils/crypto/module_backends/certificate_assertonly.py", line 320, in needs_regeneration
  File "/tmp/ansible_openssl_certificate_payload_EzbMG2/ansible_openssl_certificate_payload.zip/ansible_collections/community/crypto/plugins/module_utils/crypto/module_backends/certificate_assertonly.py", line 181, in assertonly
AttributeError: 'AssertOnlyCertificateBackendCryptography' object has no attribute 'path'

ISSUE TYPE

• Bug Report

COMPONENT NAME

community.crypto.x509_certificate

ANSIBLE VERSION

ansible [core 2.11.1] 
  config file = /home/twouters/ansible/ansible.cfg
  configured module search path = ['/home/twouters/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/twouters/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.5 (default, May 24 2021, 12:50:35) [GCC 11.1.0]
  jinja version = 3.0.1
  libyaml = True

CONFIGURATION

DEFAULT_BECOME_FLAGS(/home/twouters/ansible/ansible.cfg) = -H -S
DEFAULT_LOG_PATH(/home/twouters/ansible/ansible.cfg) = /home/twouters/ansible/cm/ansible/log.txt
DEFAULT_ROLES_PATH(/home/twouters/ansible/ansible.cfg) = ['/home/twouters/ansible/cm/ansible/roles', '/home/twouters/ansible/cm/ansible/roles-ext', '/home/twouters/ansible/cm/ansible/roles-mnt', '/home/twouters/ansible/cm/ansible/roles-test']
DEFAULT_VAULT_PASSWORD_FILE(/home/twouters/ansible/ansible.cfg) = /home/twouters/ansible/cm/ansible/secret
HOST_KEY_CHECKING(/home/twouters/ansible/ansible.cfg) = False

OS / ENVIRONMENT

Arch Linux

STEPS TO REPRODUCE

See description

EXPECTED RESULTS

No exception is thrown.

ACTUAL RESULTS

See description

[felixfontein]

Should be fixed by #241.

[twouters]

fix works for me (earlier comments failed because of github outage :))