openssl_certificate: consistent param namings (#28521)
This commit is contained in:
parent
1c9c16a101
commit
c1be5b2389
1 changed files with 47 additions and 37 deletions
|
@ -76,15 +76,17 @@ options:
|
||||||
description:
|
description:
|
||||||
- Digest algorithm to be used when self-signing the certificate
|
- Digest algorithm to be used when self-signing the certificate
|
||||||
|
|
||||||
selfsigned_notBefore:
|
selfsigned_not_before:
|
||||||
description:
|
description:
|
||||||
- The timestamp at which the certificate starts being valid. The timestamp is formatted as an ASN.1 TIME.
|
- The timestamp at which the certificate starts being valid. The timestamp is formatted as an ASN.1 TIME.
|
||||||
If this value is not specified, certificate will start being valid from now.
|
If this value is not specified, certificate will start being valid from now.
|
||||||
|
aliases: [ selfsigned_notBefore ]
|
||||||
|
|
||||||
selfsigned_notAfter:
|
selfsigned_not_after:
|
||||||
description:
|
description:
|
||||||
- The timestamp at which the certificate stops being valid. The timestamp is formatted as an ASN.1 TIME.
|
- The timestamp at which the certificate stops being valid. The timestamp is formatted as an ASN.1 TIME.
|
||||||
If this value is not specified, certificate will stop being valid 10 years from now.
|
If this value is not specified, certificate will stop being valid 10 years from now.
|
||||||
|
aliases: [ selfsigned_notAfter ]
|
||||||
|
|
||||||
acme_accountkey:
|
acme_accountkey:
|
||||||
description:
|
description:
|
||||||
|
@ -129,43 +131,51 @@ options:
|
||||||
description:
|
description:
|
||||||
- The certificate must start to become valid at this point in time. The timestamp is formatted as an ASN.1 TIME.
|
- The certificate must start to become valid at this point in time. The timestamp is formatted as an ASN.1 TIME.
|
||||||
|
|
||||||
notAfter:
|
not_after:
|
||||||
description:
|
description:
|
||||||
- The certificate must expire at this point in time. The timestamp is formatted as an ASN.1 TIME.
|
- The certificate must expire at this point in time. The timestamp is formatted as an ASN.1 TIME.
|
||||||
|
aliases: [ notAfter ]
|
||||||
|
|
||||||
|
|
||||||
valid_in:
|
valid_in:
|
||||||
description:
|
description:
|
||||||
- The certificate must still be valid in I(valid_in) seconds from now.
|
- The certificate must still be valid in I(valid_in) seconds from now.
|
||||||
|
|
||||||
keyUsage:
|
key_usage:
|
||||||
description:
|
description:
|
||||||
- The I(keyUsage) extension field must contain all these values.
|
- The I(key_usage) extension field must contain all these values.
|
||||||
|
aliases: [ keyUsage ]
|
||||||
|
|
||||||
keyUsage_strict:
|
key_usage_strict:
|
||||||
default: False
|
default: False
|
||||||
type: bool
|
type: bool
|
||||||
description:
|
description:
|
||||||
- If set to True, the I(keyUsage) extension field must contain only these values.
|
- If set to True, the I(key_usage) extension field must contain only these values.
|
||||||
|
aliases: [ keyUsage_strict ]
|
||||||
|
|
||||||
extendedKeyUsage:
|
extended_key_usage:
|
||||||
description:
|
description:
|
||||||
- The I(extendedKeyUsage) extension field must contain all these values.
|
- The I(extended_key_usage) extension field must contain all these values.
|
||||||
|
aliases: [ extendedKeyUsage ]
|
||||||
|
|
||||||
extendedKeyUsage_strict:
|
extended_key_usage_strict:
|
||||||
default: False
|
default: False
|
||||||
type: bool
|
type: bool
|
||||||
description:
|
description:
|
||||||
- If set to True, the I(extendedKeyUsage) extension field must contain only these values.
|
- If set to True, the I(extended_key_usage) extension field must contain only these values.
|
||||||
|
aliases: [ extendedKeyUsage_strict ]
|
||||||
|
|
||||||
subjectAltName:
|
subject_alt_name:
|
||||||
description:
|
description:
|
||||||
- The I(subjectAltName) extension field must contain these values.
|
- The I(subject_alt_name) extension field must contain these values.
|
||||||
|
aliases: [ subjectAltName ]
|
||||||
|
|
||||||
subjectAltName_strict:
|
subject_alt_name_strict:
|
||||||
default: False
|
default: False
|
||||||
type: bool
|
type: bool
|
||||||
description:
|
description:
|
||||||
- If set to True, the I(subjectAltName) extension field must contain only these values.
|
- If set to True, the I(subject_alt_name) extension field must contain only these values.
|
||||||
|
aliases: [ subjectAltName_strict ]
|
||||||
|
|
||||||
notes:
|
notes:
|
||||||
- All ASN.1 TIME values should be specified following the YYYYMMDDHHMMSSZ pattern.
|
- All ASN.1 TIME values should be specified following the YYYYMMDDHHMMSSZ pattern.
|
||||||
|
@ -243,32 +253,32 @@ EXAMPLES = '''
|
||||||
openssl_certificate:
|
openssl_certificate:
|
||||||
path: /etc/ssl/crt/example.com.crt
|
path: /etc/ssl/crt/example.com.crt
|
||||||
provider: assertonly
|
provider: assertonly
|
||||||
keyUsage:
|
key_usage:
|
||||||
- digitalSignature
|
- digitalSignature
|
||||||
- keyEncipherment
|
- keyEncipherment
|
||||||
keyUsage_strict: True
|
key_usage_strict: true
|
||||||
|
|
||||||
- name: Ensure that the existing certificate can be used for client authentication
|
- name: Ensure that the existing certificate can be used for client authentication
|
||||||
openssl_certificate:
|
openssl_certificate:
|
||||||
path: /etc/ssl/crt/example.com.crt
|
path: /etc/ssl/crt/example.com.crt
|
||||||
provider: assertonly
|
provider: assertonly
|
||||||
extendedKeyUsage:
|
extended_key_usage:
|
||||||
- clientAuth
|
- clientAuth
|
||||||
|
|
||||||
- name: Ensure that the existing certificate can only be used for client authentication and time stamping
|
- name: Ensure that the existing certificate can only be used for client authentication and time stamping
|
||||||
openssl_certificate:
|
openssl_certificate:
|
||||||
path: /etc/ssl/crt/example.com.crt
|
path: /etc/ssl/crt/example.com.crt
|
||||||
provider: assertonly
|
provider: assertonly
|
||||||
extendedKeyUsage:
|
extended_key_usage:
|
||||||
- clientAuth
|
- clientAuth
|
||||||
- 1.3.6.1.5.5.7.3.8
|
- 1.3.6.1.5.5.7.3.8
|
||||||
extendedKeyUsage: strict
|
extended_key_usage_strict: true
|
||||||
|
|
||||||
- name: Ensure that the existing certificate has a certain domain in its subjectAltName
|
- name: Ensure that the existing certificate has a certain domain in its subjectAltName
|
||||||
openssl_certificate:
|
openssl_certificate:
|
||||||
path: /etc/ssl/crt/example.com.crt
|
path: /etc/ssl/crt/example.com.crt
|
||||||
provider: assertonly
|
provider: assertonly
|
||||||
subjectAltName:
|
subject_alt_name:
|
||||||
- www.example.com
|
- www.example.com
|
||||||
- test.example.com
|
- test.example.com
|
||||||
'''
|
'''
|
||||||
|
@ -688,10 +698,10 @@ class AcmeCertificate(Certificate):
|
||||||
def main():
|
def main():
|
||||||
module = AnsibleModule(
|
module = AnsibleModule(
|
||||||
argument_spec=dict(
|
argument_spec=dict(
|
||||||
state=dict(default='present', choices=['present', 'absent'], type='str'),
|
state=dict(type='str', choices=['present', 'absent'], default='present'),
|
||||||
path=dict(required=True, type='path'),
|
path=dict(type='path', required=True),
|
||||||
provider=dict(choices=['selfsigned', 'assertonly', 'acme'], type='str'),
|
provider=dict(type='str', choices=['selfsigned', 'assertonly', 'acme']),
|
||||||
force=dict(default=False, type='bool'),
|
force=dict(type='bool', default=False,),
|
||||||
csr_path=dict(type='path'),
|
csr_path=dict(type='path'),
|
||||||
|
|
||||||
# General properties of a certificate
|
# General properties of a certificate
|
||||||
|
@ -700,24 +710,24 @@ def main():
|
||||||
signature_algorithms=dict(type='list'),
|
signature_algorithms=dict(type='list'),
|
||||||
subject=dict(type='dict'),
|
subject=dict(type='dict'),
|
||||||
issuer=dict(type='dict'),
|
issuer=dict(type='dict'),
|
||||||
has_expired=dict(default=False, type='bool'),
|
has_expired=dict(type='bool', default=False),
|
||||||
version=dict(type='int'),
|
version=dict(type='int'),
|
||||||
keyUsage=dict(type='list'),
|
keyUsage=dict(type='list', aliases=['key_usage']),
|
||||||
keyUsage_strict=dict(default=False, type='bool'),
|
keyUsage_strict=dict(type='bool', default=False, aliases=['key_usage_strict']),
|
||||||
extendedKeyUsage=dict(aliases=['extKeyUsage'], type='list'),
|
extendedKeyUsage=dict(type='list', aliases=['extended_key_usage'], ),
|
||||||
extendedKeyUsage_strict=dict(aliases=['extKeyUsage_strict'], default=False, type='bool'),
|
extendedKeyUsage_strict=dict(type='bool', default=False, aliases=['extended_key_usage_strict']),
|
||||||
subjectAltName=dict(type='list'),
|
subjectAltName=dict(type='list', aliases=['subject_alt_name']),
|
||||||
subjectAltName_strict=dict(default=False, type='bool'),
|
subjectAltName_strict=dict(type='bool', default=False, aliases=['subject_alt_name_strict']),
|
||||||
notBefore=dict(type='str'),
|
notBefore=dict(type='str', aliases=['not_before']),
|
||||||
notAfter=dict(type='str'),
|
notAfter=dict(type='str', aliases=['not_after']),
|
||||||
valid_at=dict(type='str'),
|
valid_at=dict(type='str'),
|
||||||
invalid_at=dict(type='str'),
|
invalid_at=dict(type='str'),
|
||||||
valid_in=dict(type='int'),
|
valid_in=dict(type='int'),
|
||||||
|
|
||||||
# provider: selfsigned
|
# provider: selfsigned
|
||||||
selfsigned_digest=dict(default='sha256', type='str'),
|
selfsigned_digest=dict(type='str', default='sha256'),
|
||||||
selfsigned_notBefore=dict(type='str'),
|
selfsigned_notBefore=dict(type='str', aliases=['selfsigned_not_before']),
|
||||||
selfsigned_notAfter=dict(type='str'),
|
selfsigned_notAfter=dict(type='str', aliases=['selfsigned_not_after']),
|
||||||
|
|
||||||
# provider: acme
|
# provider: acme
|
||||||
acme_accountkey_path=dict(type='path'),
|
acme_accountkey_path=dict(type='path'),
|
||||||
|
|
Loading…
Reference in a new issue