mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-23 13:20:23 -07:00
crypto modules: add missing option types (#52421)
* Add missing crypto option types. * Reorder argument_spec. * Reorder option docs.
This commit is contained in:
parent
9f82f3fd14
commit
1d8e9db4a9
18 changed files with 192 additions and 169 deletions
|
@ -49,6 +49,7 @@ options:
|
|||
deactivated."
|
||||
- "If the state is C(changed_key), the account must exist. The account
|
||||
key will be changed; no other information will be touched."
|
||||
type: str
|
||||
required: true
|
||||
choices:
|
||||
- present
|
||||
|
@ -57,8 +58,8 @@ options:
|
|||
allow_creation:
|
||||
description:
|
||||
- "Whether account creation is allowed (when state is C(present))."
|
||||
default: yes
|
||||
type: bool
|
||||
default: yes
|
||||
contact:
|
||||
description:
|
||||
- "A list of contact URLs."
|
||||
|
@ -67,25 +68,28 @@ options:
|
|||
for what is allowed."
|
||||
- "Must be specified when state is C(present). Will be ignored
|
||||
if state is C(absent) or C(changed_key)."
|
||||
type: list
|
||||
default: []
|
||||
terms_agreed:
|
||||
description:
|
||||
- "Boolean indicating whether you agree to the terms of service document."
|
||||
- "ACME servers can require this to be true."
|
||||
default: no
|
||||
type: bool
|
||||
default: no
|
||||
new_account_key_src:
|
||||
description:
|
||||
- "Path to a file containing the ACME account RSA or Elliptic Curve key to change to."
|
||||
- "Same restrictions apply as to C(account_key_src)."
|
||||
- "Mutually exclusive with C(new_account_key_content)."
|
||||
- "Required if C(new_account_key_content) is not used and state is C(changed_key)."
|
||||
type: path
|
||||
new_account_key_content:
|
||||
description:
|
||||
- "Content of the ACME account RSA or Elliptic Curve key to change to."
|
||||
- "Same restrictions apply as to C(account_key_content)."
|
||||
- "Mutually exclusive with C(new_account_key_src)."
|
||||
- "Required if C(new_account_key_src) is not used and state is C(changed_key)."
|
||||
type: str
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
|
@ -137,17 +141,17 @@ def main():
|
|||
argument_spec=dict(
|
||||
account_key_src=dict(type='path', aliases=['account_key']),
|
||||
account_key_content=dict(type='str', no_log=True),
|
||||
account_uri=dict(required=False, type='str'),
|
||||
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'),
|
||||
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'),
|
||||
validate_certs=dict(required=False, default=True, type='bool'),
|
||||
terms_agreed=dict(required=False, default=False, type='bool'),
|
||||
state=dict(required=True, choices=['absent', 'present', 'changed_key'], type='str'),
|
||||
allow_creation=dict(required=False, default=True, type='bool'),
|
||||
contact=dict(required=False, type='list', elements='str', default=[]),
|
||||
account_uri=dict(type='str'),
|
||||
acme_directory=dict(type='str', default='https://acme-staging.api.letsencrypt.org/directory'),
|
||||
acme_version=dict(type='int', default=1, choices=[1, 2]),
|
||||
validate_certs=dict(type='bool', default=True),
|
||||
terms_agreed=dict(type='bool', default=False),
|
||||
state=dict(type='str', required=True, choices=['absent', 'present', 'changed_key']),
|
||||
allow_creation=dict(type='bool', default=True),
|
||||
contact=dict(type='list', elements='str', default=[]),
|
||||
new_account_key_src=dict(type='path'),
|
||||
new_account_key_content=dict(type='str', no_log=True),
|
||||
select_crypto_backend=dict(required=False, choices=['auto', 'openssl', 'cryptography'], default='auto', type='str'),
|
||||
select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'openssl', 'cryptography']),
|
||||
),
|
||||
required_one_of=(
|
||||
['account_key_src', 'account_key_content'],
|
||||
|
|
|
@ -111,11 +111,11 @@ def main():
|
|||
argument_spec=dict(
|
||||
account_key_src=dict(type='path', aliases=['account_key']),
|
||||
account_key_content=dict(type='str', no_log=True),
|
||||
account_uri=dict(required=False, type='str'),
|
||||
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'),
|
||||
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'),
|
||||
validate_certs=dict(required=False, default=True, type='bool'),
|
||||
select_crypto_backend=dict(required=False, choices=['auto', 'openssl', 'cryptography'], default='auto', type='str'),
|
||||
account_uri=dict(type='str'),
|
||||
acme_directory=dict(type='str', default='https://acme-staging.api.letsencrypt.org/directory'),
|
||||
acme_version=dict(type='int', default=1, choices=[1, 2]),
|
||||
validate_certs=dict(type='bool', default=True),
|
||||
select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'openssl', 'cryptography']),
|
||||
),
|
||||
required_one_of=(
|
||||
['account_key_src', 'account_key_content'],
|
||||
|
|
|
@ -83,19 +83,21 @@ options:
|
|||
used the M(acme_account) module to specify more than one contact
|
||||
for your account, this module will update your account and restrict
|
||||
it to the (at most one) contact email address specified here."
|
||||
type: str
|
||||
agreement:
|
||||
description:
|
||||
- "URI to a terms of service document you agree to when using the
|
||||
ACME v1 service at C(acme_directory)."
|
||||
- Default is latest gathered from C(acme_directory) URL.
|
||||
- This option will only be used when C(acme_version) is 1.
|
||||
type: str
|
||||
terms_agreed:
|
||||
description:
|
||||
- "Boolean indicating whether you agree to the terms of service document."
|
||||
- "ACME servers can require this to be true."
|
||||
- This option will only be used when C(acme_version) is not 1.
|
||||
type: bool
|
||||
default: 'no'
|
||||
default: no
|
||||
version_added: "2.5"
|
||||
modify_account:
|
||||
description:
|
||||
|
@ -106,12 +108,13 @@ options:
|
|||
using an old key if you changed the account key with M(acme_account)."
|
||||
- "If set to C(no), C(terms_agreed) and C(account_email) are ignored."
|
||||
type: bool
|
||||
default: 'yes'
|
||||
default: yes
|
||||
version_added: "2.6"
|
||||
challenge:
|
||||
description: The challenge to be performed.
|
||||
choices: [ 'http-01', 'dns-01', 'tls-alpn-01' ]
|
||||
type: str
|
||||
default: 'http-01'
|
||||
choices: [ 'http-01', 'dns-01', 'tls-alpn-01' ]
|
||||
csr:
|
||||
description:
|
||||
- "File containing the CSR for the new certificate."
|
||||
|
@ -123,6 +126,7 @@ options:
|
|||
account key. This is a bad idea from a security point of view, and
|
||||
the CA should not accept the CSR. The ACME server should return an
|
||||
error in this case."
|
||||
type: path
|
||||
required: true
|
||||
aliases: ['src']
|
||||
data:
|
||||
|
@ -140,23 +144,27 @@ options:
|
|||
as it causes error messages to be come unusable, and C(data) does
|
||||
not contain any information which can be used without having
|
||||
access to the account key or which are not public anyway."
|
||||
type: dict
|
||||
dest:
|
||||
description:
|
||||
- "The destination file for the certificate."
|
||||
- "Required if C(fullchain_dest) is not specified."
|
||||
type: path
|
||||
aliases: ['cert']
|
||||
fullchain_dest:
|
||||
description:
|
||||
- "The destination file for the full chain (i.e. certificate followed
|
||||
by chain of intermediate certificates)."
|
||||
- "Required if C(dest) is not specified."
|
||||
type: path
|
||||
version_added: 2.5
|
||||
aliases: ['fullchain']
|
||||
chain_dest:
|
||||
description:
|
||||
- If specified, the intermediate certificate will be written to this file.
|
||||
aliases: ['chain']
|
||||
type: path
|
||||
version_added: 2.5
|
||||
aliases: ['chain']
|
||||
remaining_days:
|
||||
description:
|
||||
- "The number of days the certificate must have left being valid.
|
||||
|
@ -165,6 +173,7 @@ options:
|
|||
include C(challenge_data)."
|
||||
- "To make sure that the certificate is renewed in any case, you can
|
||||
use the C(force) option."
|
||||
type: int
|
||||
default: 10
|
||||
deactivate_authzs:
|
||||
description:
|
||||
|
@ -175,7 +184,7 @@ options:
|
|||
without having to re-authenticate the domain. This can be a security
|
||||
concern."
|
||||
type: bool
|
||||
default: 'no'
|
||||
default: no
|
||||
version_added: 2.6
|
||||
force:
|
||||
description:
|
||||
|
@ -184,7 +193,7 @@ options:
|
|||
- This is especially helpful when having an updated CSR e.g. with
|
||||
additional domains for which a new certificate is desired.
|
||||
type: bool
|
||||
default: 'no'
|
||||
default: no
|
||||
version_added: 2.6
|
||||
'''
|
||||
|
||||
|
@ -890,24 +899,24 @@ def main():
|
|||
argument_spec=dict(
|
||||
account_key_src=dict(type='path', aliases=['account_key']),
|
||||
account_key_content=dict(type='str', no_log=True),
|
||||
account_uri=dict(required=False, type='str'),
|
||||
modify_account=dict(required=False, type='bool', default=True),
|
||||
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'),
|
||||
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'),
|
||||
validate_certs=dict(required=False, default=True, type='bool'),
|
||||
account_email=dict(required=False, default=None, type='str'),
|
||||
agreement=dict(required=False, type='str'),
|
||||
terms_agreed=dict(required=False, default=False, type='bool'),
|
||||
challenge=dict(required=False, default='http-01', choices=['http-01', 'dns-01', 'tls-alpn-01'], type='str'),
|
||||
csr=dict(required=True, aliases=['src'], type='path'),
|
||||
data=dict(required=False, default=None, type='dict'),
|
||||
dest=dict(aliases=['cert'], type='path'),
|
||||
fullchain_dest=dict(aliases=['fullchain'], type='path'),
|
||||
chain_dest=dict(required=False, default=None, aliases=['chain'], type='path'),
|
||||
remaining_days=dict(required=False, default=10, type='int'),
|
||||
deactivate_authzs=dict(required=False, default=False, type='bool'),
|
||||
force=dict(required=False, default=False, type='bool'),
|
||||
select_crypto_backend=dict(required=False, choices=['auto', 'openssl', 'cryptography'], default='auto', type='str'),
|
||||
account_uri=dict(type='str'),
|
||||
modify_account=dict(type='bool', default=True),
|
||||
acme_directory=dict(type='str', default='https://acme-staging.api.letsencrypt.org/directory'),
|
||||
acme_version=dict(type='int', default=1, choices=[1, 2]),
|
||||
validate_certs=dict(default=True, type='bool'),
|
||||
account_email=dict(type='str'),
|
||||
agreement=dict(type='str'),
|
||||
terms_agreed=dict(type='bool', default=False),
|
||||
challenge=dict(type='str', default='http-01', choices=['http-01', 'dns-01', 'tls-alpn-01']),
|
||||
csr=dict(type='path', required=True, aliases=['src']),
|
||||
data=dict(type='dict'),
|
||||
dest=dict(type='path', aliases=['cert']),
|
||||
fullchain_dest=dict(type='path', aliases=['fullchain']),
|
||||
chain_dest=dict(type='path', aliases=['chain']),
|
||||
remaining_days=dict(type='int', default=10),
|
||||
deactivate_authzs=dict(type='bool', default=False),
|
||||
force=dict(type='bool', default=False),
|
||||
select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'openssl', 'cryptography']),
|
||||
),
|
||||
required_one_of=(
|
||||
['account_key_src', 'account_key_content'],
|
||||
|
|
|
@ -47,6 +47,7 @@ options:
|
|||
certificate:
|
||||
description:
|
||||
- "Path to the certificate to revoke."
|
||||
type: path
|
||||
required: yes
|
||||
account_key_src:
|
||||
description:
|
||||
|
@ -57,6 +58,7 @@ options:
|
|||
private keys in PEM format can be used as well."
|
||||
- "Mutually exclusive with C(account_key_content)."
|
||||
- "Required if C(account_key_content) is not used."
|
||||
type: path
|
||||
account_key_content:
|
||||
description:
|
||||
- "Content of the ACME account RSA or Elliptic Curve key."
|
||||
|
@ -71,11 +73,13 @@ options:
|
|||
temporary file. It can still happen that it is written to disk by
|
||||
Ansible in the process of moving the module with its argument to
|
||||
the node where it is executed."
|
||||
type: str
|
||||
private_key_src:
|
||||
description:
|
||||
- "Path to the certificate's private key."
|
||||
- "Note that exactly one of C(account_key_src), C(account_key_content),
|
||||
C(private_key_src) or C(private_key_content) must be specified."
|
||||
type: path
|
||||
private_key_content:
|
||||
description:
|
||||
- "Content of the certificate's private key."
|
||||
|
@ -90,6 +94,7 @@ options:
|
|||
temporary file. It can still happen that it is written to disk by
|
||||
Ansible in the process of moving the module with its argument to
|
||||
the node where it is executed."
|
||||
type: str
|
||||
revoke_reason:
|
||||
description:
|
||||
- "One of the revocation reasonCodes defined in
|
||||
|
@ -99,6 +104,7 @@ options:
|
|||
C(5) (cessationOfOperation), C(6) (certificateHold),
|
||||
C(8) (removeFromCRL), C(9) (privilegeWithdrawn),
|
||||
C(10) (aACompromise)"
|
||||
type: int
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
|
@ -128,15 +134,15 @@ def main():
|
|||
argument_spec=dict(
|
||||
account_key_src=dict(type='path', aliases=['account_key']),
|
||||
account_key_content=dict(type='str', no_log=True),
|
||||
account_uri=dict(required=False, type='str'),
|
||||
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'),
|
||||
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'),
|
||||
validate_certs=dict(required=False, default=True, type='bool'),
|
||||
account_uri=dict(type='str'),
|
||||
acme_directory=dict(type='str', default='https://acme-staging.api.letsencrypt.org/directory'),
|
||||
acme_version=dict(type='int', default=1, choices=[1, 2]),
|
||||
validate_certs=dict(type='bool', default=True),
|
||||
private_key_src=dict(type='path'),
|
||||
private_key_content=dict(type='str', no_log=True),
|
||||
certificate=dict(required=True, type='path'),
|
||||
revoke_reason=dict(required=False, type='int'),
|
||||
select_crypto_backend=dict(required=False, choices=['auto', 'openssl', 'cryptography'], default='auto', type='str'),
|
||||
certificate=dict(type='path', required=True),
|
||||
revoke_reason=dict(type='int'),
|
||||
select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'openssl', 'cryptography']),
|
||||
),
|
||||
required_one_of=(
|
||||
['account_key_src', 'account_key_content', 'private_key_src', 'private_key_content'],
|
||||
|
|
|
@ -39,22 +39,26 @@ options:
|
|||
challenge:
|
||||
description:
|
||||
- "The challenge type."
|
||||
type: str
|
||||
required: yes
|
||||
choices:
|
||||
- tls-alpn-01
|
||||
challenge_data:
|
||||
description:
|
||||
- "The C(challenge_data) entry provided by M(acme_certificate) for the challenge."
|
||||
type: dict
|
||||
required: yes
|
||||
private_key_src:
|
||||
description:
|
||||
- "Path to a file containing the private key file to use for this challenge
|
||||
certificate."
|
||||
- "Mutually exclusive with C(private_key_content)."
|
||||
type: path
|
||||
private_key_content:
|
||||
description:
|
||||
- "Content of the private key to use for this challenge certificate."
|
||||
- "Mutually exclusive with C(private_key_src)."
|
||||
type: str
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
|
@ -169,8 +173,8 @@ else:
|
|||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
challenge=dict(required=True, choices=['tls-alpn-01'], type='str'),
|
||||
challenge_data=dict(required=True, type='dict'),
|
||||
challenge=dict(type='str', required=True, choices=['tls-alpn-01']),
|
||||
challenge_data=dict(type='dict', required=True),
|
||||
private_key_src=dict(type='path'),
|
||||
private_key_content=dict(type='str', no_log=True),
|
||||
),
|
||||
|
|
|
@ -63,11 +63,12 @@ options:
|
|||
and a regular GET request for ACME v1."
|
||||
- "The value C(directory-only) only retrieves the directory, without doing
|
||||
a request."
|
||||
type: str
|
||||
default: get
|
||||
choices:
|
||||
- get
|
||||
- post
|
||||
- directory-only
|
||||
default: get
|
||||
content:
|
||||
description:
|
||||
- "An encoded JSON object which will be sent as the content if I(method)
|
||||
|
@ -259,15 +260,15 @@ def main():
|
|||
argument_spec=dict(
|
||||
account_key_src=dict(type='path', aliases=['account_key']),
|
||||
account_key_content=dict(type='str', no_log=True),
|
||||
account_uri=dict(required=False, type='str'),
|
||||
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'),
|
||||
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'),
|
||||
validate_certs=dict(required=False, default=True, type='bool'),
|
||||
url=dict(required=False, type='str'),
|
||||
method=dict(required=False, type='str', choices=['get', 'post', 'directory-only'], default='get'),
|
||||
content=dict(required=False, type='str'),
|
||||
fail_on_acme_error=dict(required=False, type='bool', default=True),
|
||||
select_crypto_backend=dict(required=False, choices=['auto', 'openssl', 'cryptography'], default='auto', type='str'),
|
||||
account_uri=dict(type='str'),
|
||||
acme_directory=dict(type='str', default='https://acme-staging.api.letsencrypt.org/directory'),
|
||||
acme_version=dict(type='int', default=1, choices=[1, 2]),
|
||||
validate_certs=dict(type='bool', default=True),
|
||||
url=dict(type='str'),
|
||||
method=dict(type='str', choices=['get', 'post', 'directory-only'], default='get'),
|
||||
content=dict(type='str'),
|
||||
fail_on_acme_error=dict(type='bool', default=True),
|
||||
select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'openssl', 'cryptography']),
|
||||
),
|
||||
mutually_exclusive=(
|
||||
['account_key_src', 'account_key_content'],
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue