From 070ea3270ce0534367404b1a022e3c08dd848eb4 Mon Sep 17 00:00:00 2001
From: MarkusTeufelberger <mteufelberger@mgit.at>
Date: Thu, 21 Dec 2017 04:38:15 +0100
Subject: [PATCH] add usage example for the assertonly provider (#34092)

---
 .../modules/crypto/openssl_certificate.py     | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/lib/ansible/modules/crypto/openssl_certificate.py b/lib/ansible/modules/crypto/openssl_certificate.py
index c28bac1b4b..9ebeea3d97 100644
--- a/lib/ansible/modules/crypto/openssl_certificate.py
+++ b/lib/ansible/modules/crypto/openssl_certificate.py
@@ -218,6 +218,28 @@ EXAMPLES = '''
     force: True
 
 # Examples for some checks one could use the assertonly provider for:
+
+# How to use the assertonly provider to implement and trigger your own custom certificate generation workflow:
+- name: Check if a certificate is currently still valid, ignoring failures
+  openssl_certificate:
+    path: /etc/ssl/crt/example.com.crt
+    provider: assertonly
+    has_expired: False
+  ignore_errors: True
+  register: validity_check
+
+- name: Run custom task(s) to get a new, valid certificate in case the initial check failed
+  command: superspecialSSL recreate /etc/ssl/crt/example.com.crt
+  when: validity_check.failed
+
+- name: Check the new certificate again for validity with the same parameters, this time failing the play if it is still invalid
+  openssl_certificate:
+    path: /etc/ssl/crt/example.com.crt
+    provider: assertonly
+    has_expired: False
+  when: validity_check.failed
+
+# Some other checks that assertonly could be used for:
 - name: Verify that an existing certificate was issued by the Let's Encrypt CA and is currently still valid
   openssl_certificate:
     path: /etc/ssl/crt/example.com.crt