ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-26 14:41:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

crypto modules: add missing option types (#52421)

Browse source 
* Add missing crypto option types.

* Reorder argument_spec.

* Reorder option docs.
This commit is contained in:
Felix Fontein 2019-02-18 11:24:17 +01:00 committed by John R Barker
commit 1d8e9db4a9
18 changed files with 192 additions and 169 deletions
Download patch file Download diff file Expand all files Collapse all files

26
lib/ansible/modules/crypto/acme/acme_account.py
View file

@ -49,6 +49,7 @@ options:
deactivated." deactivated."
- "If the state is C(changed_key), the account must exist. The account - "If the state is C(changed_key), the account must exist. The account
key will be changed; no other information will be touched." key will be changed; no other information will be touched."
type: str
required: true required: true
choices: choices:
- present - present
@ -57,8 +58,8 @@ options:
allow_creation: allow_creation:
description: description:
- "Whether account creation is allowed (when state is C(present))." - "Whether account creation is allowed (when state is C(present))."
default: yes
type: bool type: bool
default: yes
contact: contact:
description: description:
- "A list of contact URLs." - "A list of contact URLs."
@ -67,25 +68,28 @@ options:
for what is allowed." for what is allowed."
- "Must be specified when state is C(present). Will be ignored - "Must be specified when state is C(present). Will be ignored
if state is C(absent) or C(changed_key)." if state is C(absent) or C(changed_key)."
type: list
default: [] default: []
terms_agreed: terms_agreed:
description: description:
- "Boolean indicating whether you agree to the terms of service document." - "Boolean indicating whether you agree to the terms of service document."
- "ACME servers can require this to be true." - "ACME servers can require this to be true."
default: no
type: bool type: bool
default: no
new_account_key_src: new_account_key_src:
description: description:
- "Path to a file containing the ACME account RSA or Elliptic Curve key to change to." - "Path to a file containing the ACME account RSA or Elliptic Curve key to change to."
- "Same restrictions apply as to C(account_key_src)." - "Same restrictions apply as to C(account_key_src)."
- "Mutually exclusive with C(new_account_key_content)." - "Mutually exclusive with C(new_account_key_content)."
- "Required if C(new_account_key_content) is not used and state is C(changed_key)." - "Required if C(new_account_key_content) is not used and state is C(changed_key)."
type: path
new_account_key_content: new_account_key_content:
description: description:
- "Content of the ACME account RSA or Elliptic Curve key to change to." - "Content of the ACME account RSA or Elliptic Curve key to change to."
- "Same restrictions apply as to C(account_key_content)." - "Same restrictions apply as to C(account_key_content)."
- "Mutually exclusive with C(new_account_key_src)." - "Mutually exclusive with C(new_account_key_src)."
- "Required if C(new_account_key_src) is not used and state is C(changed_key)." - "Required if C(new_account_key_src) is not used and state is C(changed_key)."
type: str
''' '''
EXAMPLES = ''' EXAMPLES = '''
@ -137,17 +141,17 @@ def main():
argument_spec=dict( argument_spec=dict(
account_key_src=dict(type='path', aliases=['account_key']), account_key_src=dict(type='path', aliases=['account_key']),
account_key_content=dict(type='str', no_log=True), account_key_content=dict(type='str', no_log=True),
account_uri=dict(required=False, type='str'), account_uri=dict(type='str'),
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'), acme_directory=dict(type='str', default='https://acme-staging.api.letsencrypt.org/directory'),
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'), acme_version=dict(type='int', default=1, choices=[1, 2]),
validate_certs=dict(required=False, default=True, type='bool'), validate_certs=dict(type='bool', default=True),
terms_agreed=dict(required=False, default=False, type='bool'), terms_agreed=dict(type='bool', default=False),
state=dict(required=True, choices=['absent', 'present', 'changed_key'], type='str'), state=dict(type='str', required=True, choices=['absent', 'present', 'changed_key']),
allow_creation=dict(required=False, default=True, type='bool'), allow_creation=dict(type='bool', default=True),
contact=dict(required=False, type='list', elements='str', default=[]), contact=dict(type='list', elements='str', default=[]),
new_account_key_src=dict(type='path'), new_account_key_src=dict(type='path'),
new_account_key_content=dict(type='str', no_log=True), new_account_key_content=dict(type='str', no_log=True),
select_crypto_backend=dict(required=False, choices=['auto', 'openssl', 'cryptography'], default='auto', type='str'), select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'openssl', 'cryptography']),
), ),
required_one_of=( required_one_of=(
['account_key_src', 'account_key_content'], ['account_key_src', 'account_key_content'],

10
lib/ansible/modules/crypto/acme/acme_account_facts.py
View file

@ -111,11 +111,11 @@ def main():
argument_spec=dict( argument_spec=dict(
account_key_src=dict(type='path', aliases=['account_key']), account_key_src=dict(type='path', aliases=['account_key']),
account_key_content=dict(type='str', no_log=True), account_key_content=dict(type='str', no_log=True),
account_uri=dict(required=False, type='str'), account_uri=dict(type='str'),
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'), acme_directory=dict(type='str', default='https://acme-staging.api.letsencrypt.org/directory'),
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'), acme_version=dict(type='int', default=1, choices=[1, 2]),
validate_certs=dict(required=False, default=True, type='bool'), validate_certs=dict(type='bool', default=True),
select_crypto_backend=dict(required=False, choices=['auto', 'openssl', 'cryptography'], default='auto', type='str'), select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'openssl', 'cryptography']),
), ),
required_one_of=( required_one_of=(
['account_key_src', 'account_key_content'], ['account_key_src', 'account_key_content'],

57
lib/ansible/modules/crypto/acme/acme_certificate.py
View file

@ -83,19 +83,21 @@ options:
used the M(acme_account) module to specify more than one contact used the M(acme_account) module to specify more than one contact
for your account, this module will update your account and restrict for your account, this module will update your account and restrict
it to the (at most one) contact email address specified here." it to the (at most one) contact email address specified here."
type: str
agreement: agreement:
description: description:
- "URI to a terms of service document you agree to when using the - "URI to a terms of service document you agree to when using the
ACME v1 service at C(acme_directory)." ACME v1 service at C(acme_directory)."
- Default is latest gathered from C(acme_directory) URL. - Default is latest gathered from C(acme_directory) URL.
- This option will only be used when C(acme_version) is 1. - This option will only be used when C(acme_version) is 1.
type: str
terms_agreed: terms_agreed:
description: description:
- "Boolean indicating whether you agree to the terms of service document." - "Boolean indicating whether you agree to the terms of service document."
- "ACME servers can require this to be true." - "ACME servers can require this to be true."
- This option will only be used when C(acme_version) is not 1. - This option will only be used when C(acme_version) is not 1.
type: bool type: bool
default: 'no' default: no
version_added: "2.5" version_added: "2.5"
modify_account: modify_account:
description: description:
@ -106,12 +108,13 @@ options:
using an old key if you changed the account key with M(acme_account)." using an old key if you changed the account key with M(acme_account)."
- "If set to C(no), C(terms_agreed) and C(account_email) are ignored." - "If set to C(no), C(terms_agreed) and C(account_email) are ignored."
type: bool type: bool
default: 'yes' default: yes
version_added: "2.6" version_added: "2.6"
challenge: challenge:
description: The challenge to be performed. description: The challenge to be performed.
choices: [ 'http-01', 'dns-01', 'tls-alpn-01' ] type: str
default: 'http-01' default: 'http-01'
choices: [ 'http-01', 'dns-01', 'tls-alpn-01' ]
csr: csr:
description: description:
- "File containing the CSR for the new certificate." - "File containing the CSR for the new certificate."
@ -123,6 +126,7 @@ options:
account key. This is a bad idea from a security point of view, and account key. This is a bad idea from a security point of view, and
the CA should not accept the CSR. The ACME server should return an the CA should not accept the CSR. The ACME server should return an
error in this case." error in this case."
type: path
required: true required: true
aliases: ['src'] aliases: ['src']
data: data:
@ -140,23 +144,27 @@ options:
as it causes error messages to be come unusable, and C(data) does as it causes error messages to be come unusable, and C(data) does
not contain any information which can be used without having not contain any information which can be used without having
access to the account key or which are not public anyway." access to the account key or which are not public anyway."
type: dict
dest: dest:
description: description:
- "The destination file for the certificate." - "The destination file for the certificate."
- "Required if C(fullchain_dest) is not specified." - "Required if C(fullchain_dest) is not specified."
type: path
aliases: ['cert'] aliases: ['cert']
fullchain_dest: fullchain_dest:
description: description:
- "The destination file for the full chain (i.e. certificate followed - "The destination file for the full chain (i.e. certificate followed
by chain of intermediate certificates)." by chain of intermediate certificates)."
- "Required if C(dest) is not specified." - "Required if C(dest) is not specified."
type: path
version_added: 2.5 version_added: 2.5
aliases: ['fullchain'] aliases: ['fullchain']
chain_dest: chain_dest:
description: description:
- If specified, the intermediate certificate will be written to this file. - If specified, the intermediate certificate will be written to this file.
aliases: ['chain'] type: path
version_added: 2.5 version_added: 2.5
aliases: ['chain']
remaining_days: remaining_days:
description: description:
- "The number of days the certificate must have left being valid. - "The number of days the certificate must have left being valid.
@ -165,6 +173,7 @@ options:
include C(challenge_data)." include C(challenge_data)."
- "To make sure that the certificate is renewed in any case, you can - "To make sure that the certificate is renewed in any case, you can
use the C(force) option." use the C(force) option."
type: int
default: 10 default: 10
deactivate_authzs: deactivate_authzs:
description: description:
@ -175,7 +184,7 @@ options:
without having to re-authenticate the domain. This can be a security without having to re-authenticate the domain. This can be a security
concern." concern."
type: bool type: bool
default: 'no' default: no
version_added: 2.6 version_added: 2.6
force: force:
description: description:
@ -184,7 +193,7 @@ options:
- This is especially helpful when having an updated CSR e.g. with - This is especially helpful when having an updated CSR e.g. with
additional domains for which a new certificate is desired. additional domains for which a new certificate is desired.
type: bool type: bool
default: 'no' default: no
version_added: 2.6 version_added: 2.6
''' '''
@ -890,24 +899,24 @@ def main():
argument_spec=dict( argument_spec=dict(
account_key_src=dict(type='path', aliases=['account_key']), account_key_src=dict(type='path', aliases=['account_key']),
account_key_content=dict(type='str', no_log=True), account_key_content=dict(type='str', no_log=True),
account_uri=dict(required=False, type='str'), account_uri=dict(type='str'),
modify_account=dict(required=False, type='bool', default=True), modify_account=dict(type='bool', default=True),
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'), acme_directory=dict(type='str', default='https://acme-staging.api.letsencrypt.org/directory'),
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'), acme_version=dict(type='int', default=1, choices=[1, 2]),
validate_certs=dict(required=False, default=True, type='bool'), validate_certs=dict(default=True, type='bool'),
account_email=dict(required=False, default=None, type='str'), account_email=dict(type='str'),
agreement=dict(required=False, type='str'), agreement=dict(type='str'),
terms_agreed=dict(required=False, default=False, type='bool'), terms_agreed=dict(type='bool', default=False),
challenge=dict(required=False, default='http-01', choices=['http-01', 'dns-01', 'tls-alpn-01'], type='str'), challenge=dict(type='str', default='http-01', choices=['http-01', 'dns-01', 'tls-alpn-01']),
csr=dict(required=True, aliases=['src'], type='path'), csr=dict(type='path', required=True, aliases=['src']),
data=dict(required=False, default=None, type='dict'), data=dict(type='dict'),
dest=dict(aliases=['cert'], type='path'), dest=dict(type='path', aliases=['cert']),
fullchain_dest=dict(aliases=['fullchain'], type='path'), fullchain_dest=dict(type='path', aliases=['fullchain']),
chain_dest=dict(required=False, default=None, aliases=['chain'], type='path'), chain_dest=dict(type='path', aliases=['chain']),
remaining_days=dict(required=False, default=10, type='int'), remaining_days=dict(type='int', default=10),
deactivate_authzs=dict(required=False, default=False, type='bool'), deactivate_authzs=dict(type='bool', default=False),
force=dict(required=False, default=False, type='bool'), force=dict(type='bool', default=False),
select_crypto_backend=dict(required=False, choices=['auto', 'openssl', 'cryptography'], default='auto', type='str'), select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'openssl', 'cryptography']),
), ),
required_one_of=( required_one_of=(
['account_key_src', 'account_key_content'], ['account_key_src', 'account_key_content'],

20
lib/ansible/modules/crypto/acme/acme_certificate_revoke.py
View file

@ -47,6 +47,7 @@ options:
certificate: certificate:
description: description:
- "Path to the certificate to revoke." - "Path to the certificate to revoke."
type: path
required: yes required: yes
account_key_src: account_key_src:
description: description:
@ -57,6 +58,7 @@ options:
private keys in PEM format can be used as well." private keys in PEM format can be used as well."
- "Mutually exclusive with C(account_key_content)." - "Mutually exclusive with C(account_key_content)."
- "Required if C(account_key_content) is not used." - "Required if C(account_key_content) is not used."
type: path
account_key_content: account_key_content:
description: description:
- "Content of the ACME account RSA or Elliptic Curve key." - "Content of the ACME account RSA or Elliptic Curve key."
@ -71,11 +73,13 @@ options:
temporary file. It can still happen that it is written to disk by temporary file. It can still happen that it is written to disk by
Ansible in the process of moving the module with its argument to Ansible in the process of moving the module with its argument to
the node where it is executed." the node where it is executed."
type: str
private_key_src: private_key_src:
description: description:
- "Path to the certificate's private key." - "Path to the certificate's private key."
- "Note that exactly one of C(account_key_src), C(account_key_content), - "Note that exactly one of C(account_key_src), C(account_key_content),
C(private_key_src) or C(private_key_content) must be specified." C(private_key_src) or C(private_key_content) must be specified."
type: path
private_key_content: private_key_content:
description: description:
- "Content of the certificate's private key." - "Content of the certificate's private key."
@ -90,6 +94,7 @@ options:
temporary file. It can still happen that it is written to disk by temporary file. It can still happen that it is written to disk by
Ansible in the process of moving the module with its argument to Ansible in the process of moving the module with its argument to
the node where it is executed." the node where it is executed."
type: str
revoke_reason: revoke_reason:
description: description:
- "One of the revocation reasonCodes defined in - "One of the revocation reasonCodes defined in
@ -99,6 +104,7 @@ options:
C(5) (cessationOfOperation), C(6) (certificateHold), C(5) (cessationOfOperation), C(6) (certificateHold),
C(8) (removeFromCRL), C(9) (privilegeWithdrawn), C(8) (removeFromCRL), C(9) (privilegeWithdrawn),
C(10) (aACompromise)" C(10) (aACompromise)"
type: int
''' '''
EXAMPLES = ''' EXAMPLES = '''
@ -128,15 +134,15 @@ def main():
argument_spec=dict( argument_spec=dict(
account_key_src=dict(type='path', aliases=['account_key']), account_key_src=dict(type='path', aliases=['account_key']),
account_key_content=dict(type='str', no_log=True), account_key_content=dict(type='str', no_log=True),
account_uri=dict(required=False, type='str'), account_uri=dict(type='str'),
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'), acme_directory=dict(type='str', default='https://acme-staging.api.letsencrypt.org/directory'),
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'), acme_version=dict(type='int', default=1, choices=[1, 2]),
validate_certs=dict(required=False, default=True, type='bool'), validate_certs=dict(type='bool', default=True),
private_key_src=dict(type='path'), private_key_src=dict(type='path'),
private_key_content=dict(type='str', no_log=True), private_key_content=dict(type='str', no_log=True),
certificate=dict(required=True, type='path'), certificate=dict(type='path', required=True),
revoke_reason=dict(required=False, type='int'), revoke_reason=dict(type='int'),
select_crypto_backend=dict(required=False, choices=['auto', 'openssl', 'cryptography'], default='auto', type='str'), select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'openssl', 'cryptography']),
), ),
required_one_of=( required_one_of=(
['account_key_src', 'account_key_content', 'private_key_src', 'private_key_content'], ['account_key_src', 'account_key_content', 'private_key_src', 'private_key_content'],

8
lib/ansible/modules/crypto/acme/acme_challenge_cert_helper.py
View file

@ -39,22 +39,26 @@ options:
challenge: challenge:
description: description:
- "The challenge type." - "The challenge type."
type: str
required: yes required: yes
choices: choices:
- tls-alpn-01 - tls-alpn-01
challenge_data: challenge_data:
description: description:
- "The C(challenge_data) entry provided by M(acme_certificate) for the challenge." - "The C(challenge_data) entry provided by M(acme_certificate) for the challenge."
type: dict
required: yes required: yes
private_key_src: private_key_src:
description: description:
- "Path to a file containing the private key file to use for this challenge - "Path to a file containing the private key file to use for this challenge
certificate." certificate."
- "Mutually exclusive with C(private_key_content)." - "Mutually exclusive with C(private_key_content)."
type: path
private_key_content: private_key_content:
description: description:
- "Content of the private key to use for this challenge certificate." - "Content of the private key to use for this challenge certificate."
- "Mutually exclusive with C(private_key_src)." - "Mutually exclusive with C(private_key_src)."
type: str
''' '''
EXAMPLES = ''' EXAMPLES = '''
@ -169,8 +173,8 @@ else:
def main(): def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=dict( argument_spec=dict(
challenge=dict(required=True, choices=['tls-alpn-01'], type='str'), challenge=dict(type='str', required=True, choices=['tls-alpn-01']),
challenge_data=dict(required=True, type='dict'), challenge_data=dict(type='dict', required=True),
private_key_src=dict(type='path'), private_key_src=dict(type='path'),
private_key_content=dict(type='str', no_log=True), private_key_content=dict(type='str', no_log=True),
), ),

21
lib/ansible/modules/crypto/acme/acme_inspect.py
View file

@ -63,11 +63,12 @@ options:
and a regular GET request for ACME v1." and a regular GET request for ACME v1."
- "The value C(directory-only) only retrieves the directory, without doing - "The value C(directory-only) only retrieves the directory, without doing
a request." a request."
type: str
default: get
choices: choices:
- get - get
- post - post
- directory-only - directory-only
default: get
content: content:
description: description:
- "An encoded JSON object which will be sent as the content if I(method) - "An encoded JSON object which will be sent as the content if I(method)
@ -259,15 +260,15 @@ def main():
argument_spec=dict( argument_spec=dict(
account_key_src=dict(type='path', aliases=['account_key']), account_key_src=dict(type='path', aliases=['account_key']),
account_key_content=dict(type='str', no_log=True), account_key_content=dict(type='str', no_log=True),
account_uri=dict(required=False, type='str'), account_uri=dict(type='str'),
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'), acme_directory=dict(type='str', default='https://acme-staging.api.letsencrypt.org/directory'),
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'), acme_version=dict(type='int', default=1, choices=[1, 2]),
validate_certs=dict(required=False, default=True, type='bool'), validate_certs=dict(type='bool', default=True),
url=dict(required=False, type='str'), url=dict(type='str'),
method=dict(required=False, type='str', choices=['get', 'post', 'directory-only'], default='get'), method=dict(type='str', choices=['get', 'post', 'directory-only'], default='get'),
content=dict(required=False, type='str'), content=dict(type='str'),
fail_on_acme_error=dict(required=False, type='bool', default=True), fail_on_acme_error=dict(type='bool', default=True),
select_crypto_backend=dict(required=False, choices=['auto', 'openssl', 'cryptography'], default='auto', type='str'), select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'openssl', 'cryptography']),
), ),
mutually_exclusive=( mutually_exclusive=(
['account_key_src', 'account_key_content'], ['account_key_src', 'account_key_content'],

32
lib/ansible/modules/crypto/certificate_complete_chain.py
View file

@ -33,13 +33,12 @@ requirements:
- "cryptography >= 1.5" - "cryptography >= 1.5"
options: options:
input_chain: input_chain:
required: yes
description: description:
- A concatenated set of certificates in PEM format forming a chain. - A concatenated set of certificates in PEM format forming a chain.
- The module will try to complete this chain. - The module will try to complete this chain.
root_certificates: type: str
required: yes required: yes
type: list root_certificates:
description: description:
- "A list of filenames or directories." - "A list of filenames or directories."
- "A filename is assumed to point to a file containing one or more certificates - "A filename is assumed to point to a file containing one or more certificates
@ -49,19 +48,20 @@ options:
subdirectories will be scanned and tried to be parsed as concatenated subdirectories will be scanned and tried to be parsed as concatenated
certificates in PEM format." certificates in PEM format."
- "Symbolic links will be followed." - "Symbolic links will be followed."
type: list
required: yes
intermediate_certificates: intermediate_certificates:
required: no description:
- "A list of filenames or directories."
- "A filename is assumed to point to a file containing one or more certificates
in PEM format. All certificates in this file will be added to the set of
root certificates."
- "If a directory name is given, all files in the directory and its
subdirectories will be scanned and tried to be parsed as concatenated
certificates in PEM format."
- "Symbolic links will be followed."
type: list type: list
default: [] default: []
description:
- "A list of filenames or directories."
- "A filename is assumed to point to a file containing one or more certificates
in PEM format. All certificates in this file will be added to the set of
root certificates."
- "If a directory name is given, all files in the directory and its
subdirectories will be scanned and tried to be parsed as concatenated
certificates in PEM format."
- "Symbolic links will be followed."
''' '''
@ -284,9 +284,9 @@ def format_cert(cert):
def main(): def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=dict( argument_spec=dict(
input_chain=dict(required=True, type='str'), input_chain=dict(type='str', required=True),
root_certificates=dict(required=True, type='list', elements='path'), root_certificates=dict(type='list', required=True, elements='path'),
intermediate_certificates=dict(required=False, type='list', elements='path', default=[]), intermediate_certificates=dict(type='list', default=[], elements='path'),
), ),
supports_check_mode=True, supports_check_mode=True,
) )

18
lib/ansible/modules/crypto/get_certificate.py
View file

@ -22,20 +22,22 @@ options:
host: host:
description: description:
- The host to get the cert for (IP is fine) - The host to get the cert for (IP is fine)
required: True type: str
required: true
ca_certs: ca_certs:
description: description:
- A PEM file containing a list of root certificates; if present, the cert will be validated against these root certs. - A PEM file containing a list of root certificates; if present, the cert will be validated against these root certs.
- Note that this only validates the certificate is signed by the chain; not that the cert is valid for the host presenting it. - Note that this only validates the certificate is signed by the chain; not that the cert is valid for the host presenting it.
required: False type: path
port: port:
description: description:
- The port to connect to - The port to connect to
required: True type: int
required: true
timeout: timeout:
description: description:
- The timeout in seconds - The timeout in seconds
required: False type: int
default: 10 default: 10
notes: notes:
@ -128,10 +130,10 @@ else:
def main(): def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=dict( argument_spec=dict(
ca_certs=dict(required=False, type='path', default=None), ca_certs=dict(type='path'),
host=dict(required=True), host=dict(type='str', required=True),
port=dict(required=True, type='int'), port=dict(type='int', required=True),
timeout=dict(required=False, type='int', default=10), timeout=dict(type='int', default=10),
), ),
) )

17
lib/ansible/modules/crypto/luks_device.py
View file

@ -47,9 +47,9 @@ options:
does not exist it will be created. does not exist it will be created.
Requires I(device) and I(keyfile) options to be provided. If Requires I(device) and I(keyfile) options to be provided. If
container does already exist I(device) or I(name) will suffice." container does already exist I(device) or I(name) will suffice."
type: str
default: present default: present
choices: [present, absent, opened, closed] choices: [present, absent, opened, closed]
type: str
name: name:
description: description:
- "Sets container name when I(state=opened). Can be used - "Sets container name when I(state=opened). Can be used
@ -407,15 +407,12 @@ class ConditionsHandler(Handler):
def run_module(): def run_module():
# available arguments/parameters that a user can pass # available arguments/parameters that a user can pass
module_args = dict( module_args = dict(
state=dict(type='str', state=dict(type='str', default='present', choices=['present', 'absent', 'opened', 'closed']),
choices=['present', 'absent', 'opened', 'closed'], device=dict(type='str'),
required=False, name=dict(type='str'),
default='present'), keyfile=dict(type='path'),
device=dict(type='str', required=False), new_keyfile=dict(type='path'),
name=dict(type='str', required=False), remove_keyfile=dict(type='path')
keyfile=dict(type='path', required=False),
new_keyfile=dict(type='path', required=False),
remove_keyfile=dict(type='path', required=False)
) )
# seed the result dict in the object # seed the result dict in the object

49
lib/ansible/modules/crypto/openssh_cert.py
View file

@ -26,69 +26,65 @@ requirements:
- "ssh-keygen" - "ssh-keygen"
options: options:
state: state:
required: false
default: "present"
choices: [ 'present', 'absent' ]
description: description:
- Whether the host or user certificate should exist or not, taking action if the state is different from what is stated. - Whether the host or user certificate should exist or not, taking action if the state is different from what is stated.
type: str
default: "present"
choices: [ 'present', 'absent' ]
type: type:
required: true
choices: ['host', 'user']
description: description:
- Whether the module should generate a host or a user certificate. - Whether the module should generate a host or a user certificate.
type: str
required: true
choices: ['host', 'user']
force: force:
required: false
default: false
type: bool
description: description:
- Should the certificate be regenerated even if it already exists and is valid. - Should the certificate be regenerated even if it already exists and is valid.
type: bool
default: false
path: path:
required: true
type: path
description: description:
- Path of the file containing the certificate. - Path of the file containing the certificate.
signing_key:
required: true
type: path type: path
required: true
signing_key:
description: description:
- The path to the private openssh key that is used for signing the public key in order to generate the certificate. - The path to the private openssh key that is used for signing the public key in order to generate the certificate.
public_key:
required: true
type: path type: path
required: true
public_key:
description: description:
- The path to the public key that will be signed with the signing key in order to generate the certificate. - The path to the public key that will be signed with the signing key in order to generate the certificate.
valid_from: type: path
required: true required: true
type: str valid_from:
description: description:
- "The point in time the certificate is valid from. Time can be specified either as relative time or as absolute timestamp. - "The point in time the certificate is valid from. Time can be specified either as relative time or as absolute timestamp.
Time will always be interpreted as UTC. Valid formats are: C([+-]timespec | YYYY-MM-DD | YYYY-MM-DDTHH:MM:SS | YYYY-MM-DD HH:MM:SS | always) Time will always be interpreted as UTC. Valid formats are: C([+-]timespec | YYYY-MM-DD | YYYY-MM-DDTHH:MM:SS | YYYY-MM-DD HH:MM:SS | always)
where timespec can be an integer + C([w | d | h | m | s]) (e.g. C(+32w1d2h). where timespec can be an integer + C([w | d | h | m | s]) (e.g. C(+32w1d2h).
Note that if using relative time this module is NOT idempotent." Note that if using relative time this module is NOT idempotent."
valid_to:
required: true
type: str type: str
required: true
valid_to:
description: description:
- "The point in time the certificate is valid to. Time can be specified either as relative time or as absolute timestamp. - "The point in time the certificate is valid to. Time can be specified either as relative time or as absolute timestamp.
Time will always be interpreted as UTC. Valid formats are: C([+-]timespec | YYYY-MM-DD | YYYY-MM-DDTHH:MM:SS | YYYY-MM-DD HH:MM:SS | forever) Time will always be interpreted as UTC. Valid formats are: C([+-]timespec | YYYY-MM-DD | YYYY-MM-DDTHH:MM:SS | YYYY-MM-DD HH:MM:SS | forever)
where timespec can be an integer + C([w | d | h | m | s]) (e.g. C(+32w1d2h). where timespec can be an integer + C([w | d | h | m | s]) (e.g. C(+32w1d2h).
Note that if using relative time this module is NOT idempotent." Note that if using relative time this module is NOT idempotent."
valid_at:
required: false
type: str type: str
required: true
valid_at:
description: description:
- "Check if the certificate is valid at a certain point in time. If it is not the certificate will be regenerated. - "Check if the certificate is valid at a certain point in time. If it is not the certificate will be regenerated.
Time will always be interpreted as UTC. Mainly to be used with relative timespec for I(valid_from) and / or I(valid_to). Time will always be interpreted as UTC. Mainly to be used with relative timespec for I(valid_from) and / or I(valid_to).
Note that if using relative time this module is NOT idempotent." Note that if using relative time this module is NOT idempotent."
type: str
principals: principals:
required: false
type: list
description: description:
- "Certificates may be limited to be valid for a set of principal (user/host) names. - "Certificates may be limited to be valid for a set of principal (user/host) names.
By default, generated certificates are valid for all users or hosts." By default, generated certificates are valid for all users or hosts."
options:
required: false
type: list type: list
options:
description: description:
- "Specify certificate options when signing a key. The option that are valid for user certificates are:" - "Specify certificate options when signing a key. The option that are valid for user certificates are:"
- "C(clear): Clear all enabled permissions. This is useful for clearing the default set of permissions so permissions may be added individually." - "C(clear): Clear all enabled permissions. This is useful for clearing the default set of permissions so permissions may be added individually."
@ -107,12 +103,11 @@ options:
- "C(source-address=address_list): Restrict the source addresses from which the certificate is considered valid. - "C(source-address=address_list): Restrict the source addresses from which the certificate is considered valid.
The C(address_list) is a comma-separated list of one or more address/netmask pairs in CIDR format." The C(address_list) is a comma-separated list of one or more address/netmask pairs in CIDR format."
- "At present, no options are valid for host keys." - "At present, no options are valid for host keys."
type: list
identifier: identifier:
required: false
type: str
description: description:
- Specify the key identity when signing a public key. The identifier that is logged by the server when the certificate is used for authentication. - Specify the key identity when signing a public key. The identifier that is logged by the server when the certificate is used for authentication.
type: str
extends_documentation_fragment: files extends_documentation_fragment: files
''' '''

32
lib/ansible/modules/crypto/openssh_keypair.py
View file

@ -28,40 +28,40 @@ requirements:
- "ssh-keygen" - "ssh-keygen"
options: options:
state: state:
required: false
default: present
choices: [ present, absent ]
description: description:
- Whether the private and public keys should exist or not, taking action if the state is different from what is stated. - Whether the private and public keys should exist or not, taking action if the state is different from what is stated.
type: str
default: present
choices: [ present, absent ]
size: size:
required: false
description: description:
- "Specifies the number of bits in the private key to create. For RSA keys, the minimum size is 1024 bits and the default is 4096 bits. - "Specifies the number of bits in the private key to create. For RSA keys, the minimum size is 1024 bits and the default is 4096 bits.
Generally, 2048 bits is considered sufficient. DSA keys must be exactly 1024 bits as specified by FIPS 186-2. Generally, 2048 bits is considered sufficient. DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
For ECDSA keys, size determines the key length by selecting from one of three elliptic curve sizes: 256, 384 or 521 bits. For ECDSA keys, size determines the key length by selecting from one of three elliptic curve sizes: 256, 384 or 521 bits.
Attempting to use bit lengths other than these three values for ECDSA keys will cause this module to fail. Attempting to use bit lengths other than these three values for ECDSA keys will cause this module to fail.
Ed25519 keys have a fixed length and the size will be ignored." Ed25519 keys have a fixed length and the size will be ignored."
type: int
type: type:
required: false
default: rsa
choices: ['rsa', 'dsa', 'rsa1', 'ecdsa', 'ed25519']
description: description:
- "The algorithm used to generate the SSH private key. C(rsa1) is for protocol version 1. - "The algorithm used to generate the SSH private key. C(rsa1) is for protocol version 1.
C(rsa1) is deprecated and may not be supported by every version of ssh-keygen." C(rsa1) is deprecated and may not be supported by every version of ssh-keygen."
type: str
default: rsa
choices: ['rsa', 'dsa', 'rsa1', 'ecdsa', 'ed25519']
force: force:
required: false
default: false
type: bool
description: description:
- Should the key be regenerated even if it already exists - Should the key be regenerated even if it already exists
type: bool
default: false
path: path:
required: true
description: description:
- Name of the files containing the public and private key. The file containing the public key will have the extension C(.pub). - Name of the files containing the public and private key. The file containing the public key will have the extension C(.pub).
type: path
required: true
comment: comment:
required: false
description: description:
- Provides a new comment to the public key. When checking if the key is in the correct state this will be ignored. - Provides a new comment to the public key. When checking if the key is in the correct state this will be ignored.
type: str
extends_documentation_fragment: files extends_documentation_fragment: files
''' '''
@ -260,11 +260,11 @@ def main():
# Define Ansible Module # Define Ansible Module
module = AnsibleModule( module = AnsibleModule(
argument_spec=dict( argument_spec=dict(
state=dict(default='present', choices=['present', 'absent'], type='str'), state=dict(type='str', default='present', choices=['present', 'absent']),
size=dict(type='int'), size=dict(type='int'),
type=dict(default='rsa', choices=['rsa', 'dsa', 'rsa1', 'ecdsa', 'ed25519'], type='str'), type=dict(type='str', default='rsa', choices=['rsa', 'dsa', 'rsa1', 'ecdsa', 'ed25519']),
force=dict(default=False, type='bool'), force=dict(type='bool', default=False),
path=dict(required=True, type='path'), path=dict(type='path', required=True),
comment=dict(type='str'), comment=dict(type='str'),
), ),
supports_check_mode=True, supports_check_mode=True,

13
lib/ansible/modules/crypto/openssl_certificate.py
View file

@ -40,8 +40,8 @@ options:
description: description:
- Whether the certificate should exist or not, taking action if the state is different from what is stated. - Whether the certificate should exist or not, taking action if the state is different from what is stated.
type: str type: str
choices: [ absent, present ]
default: present default: present
choices: [ absent, present ]
path: path:
description: description:
@ -53,8 +53,8 @@ options:
description: description:
- Name of the provider to use to generate/retrieve the OpenSSL certificate. - Name of the provider to use to generate/retrieve the OpenSSL certificate.
- The C(assertonly) provider will not generate files and fail if the certificate file is missing. - The C(assertonly) provider will not generate files and fail if the certificate file is missing.
required: true
type: str type: str
required: true
choices: [ acme, assertonly, ownca, selfsigned ] choices: [ acme, assertonly, ownca, selfsigned ]
force: force:
@ -312,6 +312,7 @@ options:
type: bool type: bool
default: no default: no
aliases: [ subjectAltName_strict ] aliases: [ subjectAltName_strict ]
extends_documentation_fragment: files extends_documentation_fragment: files
notes: notes:
- All ASN.1 TIME values should be specified following the YYYYMMDDHHMMSSZ pattern. - All ASN.1 TIME values should be specified following the YYYYMMDDHHMMSSZ pattern.
@ -1051,7 +1052,7 @@ class AcmeCertificate(Certificate):
def main(): def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=dict( argument_spec=dict(
state=dict(type='str', choices=['present', 'absent'], default='present'), state=dict(type='str', default='present', choices=['present', 'absent']),
path=dict(type='path', required=True), path=dict(type='path', required=True),
provider=dict(type='str', choices=['acme', 'assertonly', 'ownca', 'selfsigned']), provider=dict(type='str', choices=['acme', 'assertonly', 'ownca', 'selfsigned']),
force=dict(type='bool', default=False,), force=dict(type='bool', default=False,),
@ -1082,10 +1083,8 @@ def main():
# provider: selfsigned # provider: selfsigned
selfsigned_version=dict(type='int', default=3), selfsigned_version=dict(type='int', default=3),
selfsigned_digest=dict(type='str', default='sha256'), selfsigned_digest=dict(type='str', default='sha256'),
selfsigned_not_before=dict( selfsigned_not_before=dict(type='str', default='+0s', aliases=['selfsigned_notBefore']),
type='str', default='+0s', aliases=['selfsigned_notBefore']), selfsigned_not_after=dict(type='str', default='+3650d', aliases=['selfsigned_notAfter']),
selfsigned_not_after=dict(
type='str', default='+3650d', aliases=['selfsigned_notAfter']),
# provider: ownca # provider: ownca
ownca_path=dict(type='path'), ownca_path=dict(type='path'),

15
lib/ansible/modules/crypto/openssl_csr.py
View file

@ -31,9 +31,8 @@ options:
description: description:
- Whether the certificate signing request should exist or not, taking action if the state is different from what is stated. - Whether the certificate signing request should exist or not, taking action if the state is different from what is stated.
type: str type: str
required: false
choices: [ absent, present ]
default: present default: present
choices: [ absent, present ]
digest: digest:
description: description:
- The digest used when signing the certificate signing request with the private key. - The digest used when signing the certificate signing request with the private key.
@ -127,8 +126,8 @@ options:
C(subject_alt_name) with C(DNS:) prefix if no SAN is specified. C(subject_alt_name) with C(DNS:) prefix if no SAN is specified.
type: bool type: bool
default: yes default: yes
aliases: [ useCommonNameForSAN ]
version_added: '2.8' version_added: '2.8'
aliases: [ useCommonNameForSAN ]
key_usage: key_usage:
description: description:
- This defines the purpose (e.g. encipherment, signature, certificate signing) - This defines the purpose (e.g. encipherment, signature, certificate signing)
@ -155,21 +154,21 @@ options:
description: description:
- Indicates basic constraints, such as if the certificate is a CA. - Indicates basic constraints, such as if the certificate is a CA.
type: list type: list
aliases: [ basicConstraints ]
version_added: '2.5' version_added: '2.5'
aliases: [ basicConstraints ]
basic_constraints_critical: basic_constraints_critical:
description: description:
- Should the basicConstraints extension be considered as critical. - Should the basicConstraints extension be considered as critical.
type: bool type: bool
aliases: [ basicConstraints_critical ]
version_added: '2.5' version_added: '2.5'
aliases: [ basicConstraints_critical ]
ocsp_must_staple: ocsp_must_staple:
description: description:
- Indicates that the certificate should contain the OCSP Must Staple - Indicates that the certificate should contain the OCSP Must Staple
extension (U(https://tools.ietf.org/html/rfc7633)). extension (U(https://tools.ietf.org/html/rfc7633)).
type: bool type: bool
aliases: [ ocspMustStaple ]
version_added: '2.5' version_added: '2.5'
aliases: [ ocspMustStaple ]
ocsp_must_staple_critical: ocsp_must_staple_critical:
description: description:
- Should the OCSP Must Staple extension be considered as critical - Should the OCSP Must Staple extension be considered as critical
@ -178,8 +177,8 @@ options:
are required to reject such certificates are required to reject such certificates
(see U(https://tools.ietf.org/html/rfc7633#section-4)). (see U(https://tools.ietf.org/html/rfc7633#section-4)).
type: bool type: bool
aliases: [ ocspMustStaple_critical ]
version_added: '2.5' version_added: '2.5'
aliases: [ ocspMustStaple_critical ]
select_crypto_backend: select_crypto_backend:
description: description:
- Determines which crypto backend to use. - Determines which crypto backend to use.
@ -187,8 +186,8 @@ options:
- If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library. - If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library.
- If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library. - If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library.
type: str type: str
choices: [ auto, cryptography, pyopenssl ]
default: auto default: auto
choices: [ auto, cryptography, pyopenssl ]
version_added: '2.8' version_added: '2.8'
extends_documentation_fragment: extends_documentation_fragment:
- files - files

2
lib/ansible/modules/crypto/openssl_dhparam.py
View file

@ -29,8 +29,8 @@ options:
- Whether the parameters should exist or not, - Whether the parameters should exist or not,
taking action if the state is different from what is stated. taking action if the state is different from what is stated.
type: str type: str
choices: [ absent, present ]
default: present default: present
choices: [ absent, present ]
size: size:
description: description:
- Size (in bits) of the generated DH-params. - Size (in bits) of the generated DH-params.

6
lib/ansible/modules/crypto/openssl_pkcs12.py
View file

@ -26,8 +26,9 @@ options:
action: action:
description: description:
- C(export) or C(parse) a PKCS#12. - C(export) or C(parse) a PKCS#12.
choices: [ export, parse ] type: str
default: export default: export
choices: [ export, parse ]
ca_certificates: ca_certificates:
description: description:
- List of CA certificate to include. - List of CA certificate to include.
@ -65,7 +66,7 @@ options:
description: description:
- Filename to write the PKCS#12 file to. - Filename to write the PKCS#12 file to.
type: path type: path
required: True required: true
privatekey_passphrase: privatekey_passphrase:
description: description:
- Passphrase source to decrypt any input private keys with. - Passphrase source to decrypt any input private keys with.
@ -80,6 +81,7 @@ options:
All parameters except C(path) are ignored when state is C(absent). All parameters except C(path) are ignored when state is C(absent).
choices: [ absent, present ] choices: [ absent, present ]
default: present default: present
type: str
src: src:
description: description:
- PKCS#12 file path to parse. - PKCS#12 file path to parse.

24
lib/ansible/modules/crypto/openssl_privatekey.py
View file

@ -37,8 +37,8 @@ options:
description: description:
- Whether the private key should exist or not, taking action if the state is different from what is stated. - Whether the private key should exist or not, taking action if the state is different from what is stated.
type: str type: str
choices: [ absent, present ]
default: present default: present
choices: [ absent, present ]
size: size:
description: description:
- Size (in bits) of the TLS/SSL key to generate. - Size (in bits) of the TLS/SSL key to generate.
@ -50,9 +50,9 @@ options:
- Note that C(ECC) requires the C(cryptography) backend. - Note that C(ECC) requires the C(cryptography) backend.
- Depending on the curve, you need a newer version of the cryptography backend. - Depending on the curve, you need a newer version of the cryptography backend.
type: str type: str
default: RSA
#choices: [ DSA, ECC, RSA, X448, X25519 ] #choices: [ DSA, ECC, RSA, X448, X25519 ]
choices: [ DSA, ECC, RSA ] choices: [ DSA, ECC, RSA ]
default: RSA
curve: curve:
description: description:
- Note that not all curves are supported by all versions of C(cryptography). - Note that not all curves are supported by all versions of C(cryptography).
@ -108,8 +108,8 @@ options:
- If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library. - If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library.
- If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library. - If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library.
type: str type: str
choices: [ auto, cryptography, pyopenssl ]
default: auto default: auto
choices: [ auto, cryptography, pyopenssl ]
version_added: "2.8" version_added: "2.8"
extends_documentation_fragment: extends_documentation_fragment:
- files - files
@ -551,25 +551,25 @@ def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=dict( argument_spec=dict(
state=dict(default='present', choices=['present', 'absent'], type='str'), state=dict(type='str', default='present', choices=['present', 'absent']),
size=dict(default=4096, type='int'), size=dict(type='int', default=4096),
type=dict(default='RSA', choices=[ type=dict(type='str', default='RSA', choices=[
'RSA', 'DSA', 'ECC', 'RSA', 'DSA', 'ECC',
# x25519 is missing serialization functions: https://github.com/pyca/cryptography/issues/4386 # x25519 is missing serialization functions: https://github.com/pyca/cryptography/issues/4386
# x448 is also missing it: https://github.com/pyca/cryptography/pull/4580#issuecomment-437913340 # x448 is also missing it: https://github.com/pyca/cryptography/pull/4580#issuecomment-437913340
# 'X448', 'X25519', # 'X448', 'X25519',
], type='str'), ]),
curve=dict(choices=[ curve=dict(type='str', choices=[
'secp384r1', 'secp521r1', 'secp224r1', 'secp192r1', 'secp256k1', 'secp384r1', 'secp521r1', 'secp224r1', 'secp192r1', 'secp256k1',
'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1',
'sect571k1', 'sect409k1', 'sect283k1', 'sect233k1', 'sect163k1', 'sect571k1', 'sect409k1', 'sect283k1', 'sect233k1', 'sect163k1',
'sect571r1', 'sect409r1', 'sect283r1', 'sect233r1', 'sect163r2', 'sect571r1', 'sect409r1', 'sect283r1', 'sect233r1', 'sect163r2',
], type='str'), ]),
force=dict(default=False, type='bool'), force=dict(type='bool', default=False),
path=dict(required=True, type='path'), path=dict(type='path', required=True),
passphrase=dict(type='str', no_log=True), passphrase=dict(type='str', no_log=True),
cipher=dict(type='str'), cipher=dict(type='str'),
select_crypto_backend=dict(required=False, choices=['auto', 'pyopenssl', 'cryptography'], default='auto', type='str'), select_crypto_backend=dict(type='str', choices=['auto', 'pyopenssl', 'cryptography'], default='auto'),
), ),
supports_check_mode=True, supports_check_mode=True,
add_file_common_args=True, add_file_common_args=True,

4
lib/ansible/modules/crypto/openssl_publickey.py
View file

@ -30,8 +30,8 @@ options:
description: description:
- Whether the public key should exist or not, taking action if the state is different from what is stated. - Whether the public key should exist or not, taking action if the state is different from what is stated.
type: str type: str
choices: [ absent, present ]
default: present default: present
choices: [ absent, present ]
force: force:
description: description:
- Should the key be regenerated even it it already exists. - Should the key be regenerated even it it already exists.
@ -41,8 +41,8 @@ options:
description: description:
- The format of the public key. - The format of the public key.
type: str type: str
choices: [ OpenSSH, PEM ]
default: PEM default: PEM
choices: [ OpenSSH, PEM ]
version_added: "2.4" version_added: "2.4"
path: path:
description: description:

7
lib/ansible/plugins/doc_fragments/acme.py
View file

@ -33,6 +33,7 @@ options:
private keys in PEM format can be used as well." private keys in PEM format can be used as well."
- "Mutually exclusive with C(account_key_content)." - "Mutually exclusive with C(account_key_content)."
- "Required if C(account_key_content) is not used." - "Required if C(account_key_content) is not used."
type: path
aliases: [ account_key ] aliases: [ account_key ]
account_key_content: account_key_content:
description: description:
@ -48,18 +49,21 @@ options:
temporary file. It can still happen that it is written to disk by temporary file. It can still happen that it is written to disk by
Ansible in the process of moving the module with its argument to Ansible in the process of moving the module with its argument to
the node where it is executed." the node where it is executed."
type: str
version_added: "2.5" version_added: "2.5"
account_uri: account_uri:
description: description:
- "If specified, assumes that the account URI is as given. If the - "If specified, assumes that the account URI is as given. If the
account key does not match this account, or an account with this account key does not match this account, or an account with this
URI does not exist, the module fails." URI does not exist, the module fails."
type: str
version_added: "2.7" version_added: "2.7"
acme_version: acme_version:
description: description:
- "The ACME version of the endpoint." - "The ACME version of the endpoint."
- "Must be 1 for the classic Let's Encrypt ACME endpoint, or 2 for the - "Must be 1 for the classic Let's Encrypt ACME endpoint, or 2 for the
new standardized ACME v2 endpoint." new standardized ACME v2 endpoint."
type: int
default: 1 default: 1
choices: [1, 2] choices: [1, 2]
version_added: "2.5" version_added: "2.5"
@ -78,6 +82,7 @@ options:
- "I(Warning): So far, the module has only been tested against Let's Encrypt - "I(Warning): So far, the module has only been tested against Let's Encrypt
(staging and production) and against the (staging and production) and against the
L(Pebble testing server,https://github.com/letsencrypt/Pebble)." L(Pebble testing server,https://github.com/letsencrypt/Pebble)."
type: str
default: https://acme-staging.api.letsencrypt.org/directory default: https://acme-staging.api.letsencrypt.org/directory
validate_certs: validate_certs:
description: description:
@ -85,7 +90,7 @@ options:
- "I(Warning): Should I(only ever) be set to C(no) for testing purposes, - "I(Warning): Should I(only ever) be set to C(no) for testing purposes,
for example when testing against a local Pebble server." for example when testing against a local Pebble server."
type: bool type: bool
default: 'yes' default: yes
version_added: "2.5" version_added: "2.5"
select_crypto_backend: select_crypto_backend:
description: description: