openssl_certificate: consistent param namings (#28521)

This commit is contained in:
René Moser 2017-08-28 17:29:16 +02:00 committed by GitHub
parent 1c9c16a101
commit c1be5b2389

View file

@ -76,15 +76,17 @@ options:
description: description:
- Digest algorithm to be used when self-signing the certificate - Digest algorithm to be used when self-signing the certificate
selfsigned_notBefore: selfsigned_not_before:
description: description:
- The timestamp at which the certificate starts being valid. The timestamp is formatted as an ASN.1 TIME. - The timestamp at which the certificate starts being valid. The timestamp is formatted as an ASN.1 TIME.
If this value is not specified, certificate will start being valid from now. If this value is not specified, certificate will start being valid from now.
aliases: [ selfsigned_notBefore ]
selfsigned_notAfter: selfsigned_not_after:
description: description:
- The timestamp at which the certificate stops being valid. The timestamp is formatted as an ASN.1 TIME. - The timestamp at which the certificate stops being valid. The timestamp is formatted as an ASN.1 TIME.
If this value is not specified, certificate will stop being valid 10 years from now. If this value is not specified, certificate will stop being valid 10 years from now.
aliases: [ selfsigned_notAfter ]
acme_accountkey: acme_accountkey:
description: description:
@ -129,43 +131,51 @@ options:
description: description:
- The certificate must start to become valid at this point in time. The timestamp is formatted as an ASN.1 TIME. - The certificate must start to become valid at this point in time. The timestamp is formatted as an ASN.1 TIME.
notAfter: not_after:
description: description:
- The certificate must expire at this point in time. The timestamp is formatted as an ASN.1 TIME. - The certificate must expire at this point in time. The timestamp is formatted as an ASN.1 TIME.
aliases: [ notAfter ]
valid_in: valid_in:
description: description:
- The certificate must still be valid in I(valid_in) seconds from now. - The certificate must still be valid in I(valid_in) seconds from now.
keyUsage: key_usage:
description: description:
- The I(keyUsage) extension field must contain all these values. - The I(key_usage) extension field must contain all these values.
aliases: [ keyUsage ]
keyUsage_strict: key_usage_strict:
default: False default: False
type: bool type: bool
description: description:
- If set to True, the I(keyUsage) extension field must contain only these values. - If set to True, the I(key_usage) extension field must contain only these values.
aliases: [ keyUsage_strict ]
extendedKeyUsage: extended_key_usage:
description: description:
- The I(extendedKeyUsage) extension field must contain all these values. - The I(extended_key_usage) extension field must contain all these values.
aliases: [ extendedKeyUsage ]
extendedKeyUsage_strict: extended_key_usage_strict:
default: False default: False
type: bool type: bool
description: description:
- If set to True, the I(extendedKeyUsage) extension field must contain only these values. - If set to True, the I(extended_key_usage) extension field must contain only these values.
aliases: [ extendedKeyUsage_strict ]
subjectAltName: subject_alt_name:
description: description:
- The I(subjectAltName) extension field must contain these values. - The I(subject_alt_name) extension field must contain these values.
aliases: [ subjectAltName ]
subjectAltName_strict: subject_alt_name_strict:
default: False default: False
type: bool type: bool
description: description:
- If set to True, the I(subjectAltName) extension field must contain only these values. - If set to True, the I(subject_alt_name) extension field must contain only these values.
aliases: [ subjectAltName_strict ]
notes: notes:
- All ASN.1 TIME values should be specified following the YYYYMMDDHHMMSSZ pattern. - All ASN.1 TIME values should be specified following the YYYYMMDDHHMMSSZ pattern.
@ -243,32 +253,32 @@ EXAMPLES = '''
openssl_certificate: openssl_certificate:
path: /etc/ssl/crt/example.com.crt path: /etc/ssl/crt/example.com.crt
provider: assertonly provider: assertonly
keyUsage: key_usage:
- digitalSignature - digitalSignature
- keyEncipherment - keyEncipherment
keyUsage_strict: True key_usage_strict: true
- name: Ensure that the existing certificate can be used for client authentication - name: Ensure that the existing certificate can be used for client authentication
openssl_certificate: openssl_certificate:
path: /etc/ssl/crt/example.com.crt path: /etc/ssl/crt/example.com.crt
provider: assertonly provider: assertonly
extendedKeyUsage: extended_key_usage:
- clientAuth - clientAuth
- name: Ensure that the existing certificate can only be used for client authentication and time stamping - name: Ensure that the existing certificate can only be used for client authentication and time stamping
openssl_certificate: openssl_certificate:
path: /etc/ssl/crt/example.com.crt path: /etc/ssl/crt/example.com.crt
provider: assertonly provider: assertonly
extendedKeyUsage: extended_key_usage:
- clientAuth - clientAuth
- 1.3.6.1.5.5.7.3.8 - 1.3.6.1.5.5.7.3.8
extendedKeyUsage: strict extended_key_usage_strict: true
- name: Ensure that the existing certificate has a certain domain in its subjectAltName - name: Ensure that the existing certificate has a certain domain in its subjectAltName
openssl_certificate: openssl_certificate:
path: /etc/ssl/crt/example.com.crt path: /etc/ssl/crt/example.com.crt
provider: assertonly provider: assertonly
subjectAltName: subject_alt_name:
- www.example.com - www.example.com
- test.example.com - test.example.com
''' '''
@ -688,10 +698,10 @@ class AcmeCertificate(Certificate):
def main(): def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=dict( argument_spec=dict(
state=dict(default='present', choices=['present', 'absent'], type='str'), state=dict(type='str', choices=['present', 'absent'], default='present'),
path=dict(required=True, type='path'), path=dict(type='path', required=True),
provider=dict(choices=['selfsigned', 'assertonly', 'acme'], type='str'), provider=dict(type='str', choices=['selfsigned', 'assertonly', 'acme']),
force=dict(default=False, type='bool'), force=dict(type='bool', default=False,),
csr_path=dict(type='path'), csr_path=dict(type='path'),
# General properties of a certificate # General properties of a certificate
@ -700,24 +710,24 @@ def main():
signature_algorithms=dict(type='list'), signature_algorithms=dict(type='list'),
subject=dict(type='dict'), subject=dict(type='dict'),
issuer=dict(type='dict'), issuer=dict(type='dict'),
has_expired=dict(default=False, type='bool'), has_expired=dict(type='bool', default=False),
version=dict(type='int'), version=dict(type='int'),
keyUsage=dict(type='list'), keyUsage=dict(type='list', aliases=['key_usage']),
keyUsage_strict=dict(default=False, type='bool'), keyUsage_strict=dict(type='bool', default=False, aliases=['key_usage_strict']),
extendedKeyUsage=dict(aliases=['extKeyUsage'], type='list'), extendedKeyUsage=dict(type='list', aliases=['extended_key_usage'], ),
extendedKeyUsage_strict=dict(aliases=['extKeyUsage_strict'], default=False, type='bool'), extendedKeyUsage_strict=dict(type='bool', default=False, aliases=['extended_key_usage_strict']),
subjectAltName=dict(type='list'), subjectAltName=dict(type='list', aliases=['subject_alt_name']),
subjectAltName_strict=dict(default=False, type='bool'), subjectAltName_strict=dict(type='bool', default=False, aliases=['subject_alt_name_strict']),
notBefore=dict(type='str'), notBefore=dict(type='str', aliases=['not_before']),
notAfter=dict(type='str'), notAfter=dict(type='str', aliases=['not_after']),
valid_at=dict(type='str'), valid_at=dict(type='str'),
invalid_at=dict(type='str'), invalid_at=dict(type='str'),
valid_in=dict(type='int'), valid_in=dict(type='int'),
# provider: selfsigned # provider: selfsigned
selfsigned_digest=dict(default='sha256', type='str'), selfsigned_digest=dict(type='str', default='sha256'),
selfsigned_notBefore=dict(type='str'), selfsigned_notBefore=dict(type='str', aliases=['selfsigned_not_before']),
selfsigned_notAfter=dict(type='str'), selfsigned_notAfter=dict(type='str', aliases=['selfsigned_not_after']),
# provider: acme # provider: acme
acme_accountkey_path=dict(type='path'), acme_accountkey_path=dict(type='path'),