ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-05-11 03:31:29 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

standardize TLS connection properties (#54315)

Browse source 
* openstack: standardize tls params

* tower: tower_verify_ssl->validate_certs

* docker: use standard tls config params

- cacert_path -> ca_cert
- cert_path -> client_cert
- key_path -> client_key
- tls_verify -> validate_certs

* k8s: standardize tls connection params

- verify_ssl -> validate_certs
- ssl_ca_cert -> ca_cert
- cert_file -> client_cert
- key_file -> client_key

* ingate: verify_ssl -> validate_certs

* manageiq: standardize tls params

- verify_ssl -> validate_certs
- ca_bundle_path -> ca_cert

* mysql: standardize tls params

- ssl_ca -> ca_cert
- ssl_cert -> client_cert
- ssl_key -> client_key

* nios: ssl_verify -> validate_certs

* postgresql: ssl_rootcert -> ca_cert

* rabbitmq: standardize tls params

- cacert -> ca_cert
- cert -> client_cert
- key -> client_key

* rackspace: verify_ssl -> validate_certs

* vca: verify_certs -> validate_certs

* kubevirt_cdi_upload: upload_host_verify_ssl -> upload_host_validate_certs

* lxd: standardize tls params

- key_file -> client_key
- cert_file -> client_cert

* get_certificate: ca_certs -> ca_cert

* get_certificate.py: clarify one or more certs in a file

Co-Authored-By: jamescassell <code@james.cassell.me>

* zabbix: tls_issuer -> ca_cert

* bigip_device_auth_ldap: standardize tls params

- ssl_check_peer -> validate_certs
- ssl_client_cert -> client_cert
- ssl_client_key -> client_key
- ssl_ca_cert -> ca_cert

* vdirect: vdirect_validate_certs -> validate_certs

* mqtt: standardize tls params

- ca_certs -> ca_cert
- certfile -> client_cert
- keyfile -> client_key

* pulp_repo: standardize tls params

remove `importer_ssl` prefix

* rhn_register: sslcacert -> ca_cert

* yum_repository: standardize tls params

The fix for yum_repository is not straightforward since this module is
only a thin wrapper for the underlying commands and config.  In this
case, we add the new values as aliases, keeping the old as primary,
only due to the internal structure of the module.

Aliases added:
- sslcacert -> ca_cert
- sslclientcert -> client_cert
- sslclientkey -> client_key
- sslverify -> validate_certs

* gitlab_hook: enable_ssl_verification -> hook_validate_certs

* Adjust arguments for docker_swarm inventory plugin.

* foreman callback: standardize tls params

- ssl_cert -> client_cert
- ssl_key -> client_key

* grafana_annotations: validate_grafana_certs -> validate_certs

* nrdp callback: validate_nrdp_certs -> validate_certs

* kubectl connection: standardize tls params

- kubectl_cert_file -> client_cert
- kubectl_key_file -> client_key
- kubectl_ssl_ca_cert -> ca_cert
- kubectl_verify_ssl -> validate_certs

* oc connection: standardize tls params

- oc_cert_file -> client_cert
- oc_key_file -> client_key
- oc_ssl_ca_cert -> ca_cert
- oc_verify_ssl -> validate_certs

* psrp connection: cert_trust_path -> ca_cert

TODO: cert_validation -> validate_certs (multi-valued vs bool)

* k8s inventory: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* openshift inventory: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* tower inventory: verify_ssl -> validate_certs

* hashi_vault lookup: cacert -> ca_cert

* k8s lookup: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* laps_passord lookup: cacert_file -> ca_cert

* changelog for TLS parameter standardization
This commit is contained in:
James Cassell 2019-03-28 01:19:28 -04:00 committed by Adam Miller
parent 85d836171b
commit bc4ef99533
90 changed files with 556 additions and 411 deletions
Download patch file Download diff file Expand all files Collapse all files

12
lib/ansible/modules/cloud/kubevirt/kubevirt_cdi_upload.py
View file

@ -41,11 +41,12 @@ options:
description:
- URL containing the host and port on which the CDI Upload Proxy is available.
- "More info: U(https://github.com/kubevirt/containerized-data-importer/blob/master/doc/upload.md#expose-cdi-uploadproxy-service)"
upload_host_verify_ssl:
upload_host_validate_certs:
description:
- Whether or not to verify the CDI Upload Proxy's SSL certificates against your system's CA trust store.
default: true
type: bool
aliases: [ upload_host_verify_ssl ]
path:
description:
- Path of local image file to transfer.
@ -71,7 +72,7 @@ EXAMPLES = '''
pvc_namespace: default
pvc_name: pvc-vm1
upload_host: https://localhost:8443
upload_host_verify_ssl: false
upload_host_validate_certs: false
path: /tmp/cirros-0.4.0-x86_64-disk.img
'''
@ -97,9 +98,10 @@ SERVICE_ARG_SPEC = {
'pvc_name': {'required': True},
'pvc_namespace': {'required': True},
'upload_host': {'required': True},
'upload_host_verify_ssl': {
'upload_host_validate_certs': {
'type': 'bool',
'default': True
'default': True,
'aliases': ['upload_host_verify_ssl']
},
'path': {'required': True},
'merge_type': {
@ -135,7 +137,7 @@ class KubeVirtCDIUpload(KubernetesRawModule):
pvc_name = self.params.get('pvc_name')
pvc_namespace = self.params.get('pvc_namespace')
upload_host = self.params.get('upload_host')
upload_host_verify_ssl = self.params.get('upload_host_verify_ssl')
upload_host_verify_ssl = self.params.get('upload_host_validate_certs')
path = self.params.get('path')
definition = defaultdict(defaultdict)

26
lib/ansible/modules/cloud/lxd/lxd_container.py
View file

@ -112,16 +112,18 @@ options:
required: false
default: unix:/var/snap/lxd/common/lxd/unix.socket
version_added: '2.8'
key_file:
client_key:
description:
- The client certificate key file path.
required: false
default: '"{}/.config/lxc/client.key" .format(os.environ["HOME"])'
cert_file:
aliases: [ key_file ]
client_cert:
description:
- The client certificate file path.
required: false
default: '"{}/.config/lxc/client.crt" .format(os.environ["HOME"])'
aliases: [ cert_file ]
trust_password:
description:
- The client trusted password.
@ -204,9 +206,9 @@ EXAMPLES = '''
- name: Restart a container
lxd_container:
url: https://127.0.0.1:8443
# These cert_file and key_file values are equal to the default values.
#cert_file: "{{ lookup('env', 'HOME') }}/.config/lxc/client.crt"
#key_file: "{{ lookup('env', 'HOME') }}/.config/lxc/client.key"
# These client_cert and client_key values are equal to the default values.
#client_cert: "{{ lookup('env', 'HOME') }}/.config/lxc/client.crt"
#client_key: "{{ lookup('env', 'HOME') }}/.config/lxc/client.key"
trust_password: mypassword
name: mycontainer
state: restarted
@ -298,8 +300,8 @@ class LXDContainerManagement(object):
self.force_stop = self.module.params['force_stop']
self.addresses = None
self.key_file = self.module.params.get('key_file', None)
self.cert_file = self.module.params.get('cert_file', None)
self.key_file = self.module.params.get('client_key', None)
self.cert_file = self.module.params.get('client_cert', None)
self.debug = self.module._verbosity >= 4
try:
@ -601,13 +603,15 @@ def main():
type='str',
default='unix:/var/snap/lxd/common/lxd/unix.socket'
),
key_file=dict(
client_key=dict(
type='str',
default='{0}/.config/lxc/client.key'.format(os.environ['HOME'])
default='{0}/.config/lxc/client.key'.format(os.environ['HOME']),
aliases=['key_file']
),
cert_file=dict(
client_cert=dict(
type='str',
default='{0}/.config/lxc/client.crt'.format(os.environ['HOME'])
default='{0}/.config/lxc/client.crt'.format(os.environ['HOME']),
aliases=['cert_file']
),
trust_password=dict(type='str', no_log=True)
),

26
lib/ansible/modules/cloud/lxd/lxd_profile.py
View file

@ -73,16 +73,18 @@ options:
required: false
default: unix:/var/snap/lxd/common/lxd/unix.socket
version_added: '2.8'
key_file:
client_key:
description:
- The client certificate key file path.
required: false
default: '"{}/.config/lxc/client.key" .format(os.environ["HOME"])'
cert_file:
aliases: [ key_file ]
client_cert:
description:
- The client certificate file path.
required: false
default: '"{}/.config/lxc/client.crt" .format(os.environ["HOME"])'
aliases: [ cert_file ]
trust_password:
description:
- The client trusted password.
@ -123,9 +125,9 @@ EXAMPLES = '''
- name: create macvlan profile
lxd_profile:
url: https://127.0.0.1:8443
# These cert_file and key_file values are equal to the default values.
#cert_file: "{{ lookup('env', 'HOME') }}/.config/lxc/client.crt"
#key_file: "{{ lookup('env', 'HOME') }}/.config/lxc/client.key"
# These client_cert and client_key values are equal to the default values.
#client_cert: "{{ lookup('env', 'HOME') }}/.config/lxc/client.crt"
#client_key: "{{ lookup('env', 'HOME') }}/.config/lxc/client.key"
trust_password: mypassword
name: macvlan
state: present
@ -205,8 +207,8 @@ class LXDProfileManagement(object):
self.state = self.module.params['state']
self.new_name = self.module.params.get('new_name', None)
self.key_file = self.module.params.get('key_file', None)
self.cert_file = self.module.params.get('cert_file', None)
self.key_file = self.module.params.get('client_key', None)
self.cert_file = self.module.params.get('client_cert', None)
self.debug = self.module._verbosity >= 4
try:
@ -370,13 +372,15 @@ def main():
type='str',
default='unix:/var/snap/lxd/common/lxd/unix.socket'
),
key_file=dict(
client_key=dict(
type='str',
default='{0}/.config/lxc/client.key'.format(os.environ['HOME'])
default='{0}/.config/lxc/client.key'.format(os.environ['HOME']),
aliases=['key_file']
),
cert_file=dict(
client_cert=dict(
type='str',
default='{0}/.config/lxc/client.crt'.format(os.environ['HOME'])
default='{0}/.config/lxc/client.crt'.format(os.environ['HOME']),
aliases=['cert_file']
),
trust_password=dict(type='str', no_log=True)
),

27
lib/ansible/modules/clustering/k8s/k8s_auth.py
View file

@ -53,15 +53,17 @@ options:
password:
description:
- Provide a password for authenticating with the API server.
ssl_ca_cert:
ca_cert:
description:
- "Path to a CA certificate file used to verify connection to the API server. The full certificate chain
must be provided to avoid certificate validation errors."
verify_ssl:
aliases: [ ssl_ca_cert ]
validate_certs:
description:
- "Whether or not to verify the API server's SSL certificates."
type: bool
default: true
aliases: [ verify_ssl ]
api_key:
description:
- When C(state) is set to I(absent), this specifies the token to revoke.
@ -78,7 +80,7 @@ EXAMPLES = '''
module_defaults:
group/k8s:
host: https://k8s.example.com/
ssl_ca_cert: ca.pem
ca_cert: ca.pem
tasks:
- block:
# It's good practice to store login credentials in a secure vault and not
@ -124,11 +126,11 @@ k8s_auth:
description: URL for accessing the API server.
returned: success
type: str
ssl_ca_cert:
ca_cert:
description: Path to a CA certificate file used to verify connection to the API server.
returned: success
type: str
verify_ssl:
validate_certs:
description: "Whether or not to verify the API server's SSL certificates."
returned: success
type: bool
@ -172,10 +174,11 @@ K8S_AUTH_ARG_SPEC = {
'host': {'required': True},
'username': {},
'password': {'no_log': True},
'ssl_ca_cert': {'type': 'path'},
'verify_ssl': {
'ca_cert': {'type': 'path', 'aliases': ['ssl_ca_cert']},
'validate_certs': {
'type': 'bool',
'default': True
'default': True,
'aliases': ['verify_ssl']
},
'api_key': {'no_log': True},
}
@ -203,8 +206,8 @@ class KubernetesAuthModule(AnsibleModule):
def execute_module(self):
state = self.params.get('state')
verify_ssl = self.params.get('verify_ssl')
ssl_ca_cert = self.params.get('ssl_ca_cert')
verify_ssl = self.params.get('validate_certs')
ssl_ca_cert = self.params.get('ca_cert')
self.auth_username = self.params.get('username')
self.auth_password = self.params.get('password')
@ -224,8 +227,8 @@ class KubernetesAuthModule(AnsibleModule):
new_api_key = self.openshift_login()
result = dict(
host=self.con_host,
verify_ssl=verify_ssl,
ssl_ca_cert=ssl_ca_cert,
validate_certs=verify_ssl,
ca_cert=ssl_ca_cert,
api_key=new_api_key,
username=self.auth_username,
)

13
lib/ansible/modules/crypto/get_certificate.py
View file

@ -24,11 +24,12 @@ options:
- The host to get the cert for (IP is fine)
type: str
required: true
ca_certs:
ca_cert:
description:
- A PEM file containing a list of root certificates; if present, the cert will be validated against these root certs.
- A PEM file containing one or more root certificates; if present, the cert will be validated against these root certs.
- Note that this only validates the certificate is signed by the chain; not that the cert is valid for the host presenting it.
type: path
aliases: [ ca_certs ]
port:
description:
- The port to connect to
@ -41,7 +42,7 @@ options:
default: 10
notes:
- When using ca_certs on OS X it has been reported that in some conditions the validate will always succeed.
- When using ca_cert on OS X it has been reported that in some conditions the validate will always succeed.
requirements:
- "python >= 2.6"
@ -130,14 +131,14 @@ else:
def main():
module = AnsibleModule(
argument_spec=dict(
ca_certs=dict(type='path'),
ca_cert=dict(type='path', aliases=['ca_certs']),
host=dict(type='str', required=True),
port=dict(type='int', required=True),
timeout=dict(type='int', default=10),
),
)
ca_certs = module.params.get('ca_certs')
ca_certs = module.params.get('ca_cert')
host = module.params.get('host')
port = module.params.get('port')
timeout = module.params.get('timeout')
@ -154,7 +155,7 @@ def main():
if ca_certs:
if not isfile(ca_certs):
module.fail_json(msg="ca_certs file does not exist")
module.fail_json(msg="ca_cert file does not exist")
try:
cert = get_server_certificate((host, port), ca_certs=ca_certs)

12
lib/ansible/modules/database/mysql/mysql_db.py
View file

@ -258,9 +258,9 @@ def main():
collation=dict(type='str', default=''),
target=dict(type='path'),
state=dict(type='str', default='present', choices=['absent', 'dump', 'import', 'present']),
ssl_cert=dict(type='path'),
ssl_key=dict(type='path'),
ssl_ca=dict(type='path'),
client_cert=dict(type='path', aliases=['ssl_cert']),
client_key=dict(type='path', aliases=['ssl_key']),
ca_cert=dict(type='path', aliases=['ssl_ca']),
connect_timeout=dict(type='int', default=30),
config_file=dict(type='path', default='~/.my.cnf'),
single_transaction=dict(type='bool', default=False),
@ -282,9 +282,9 @@ def main():
login_port = module.params["login_port"]
if login_port < 0 or login_port > 65535:
module.fail_json(msg="login_port must be a valid unix port number (0-65535)")
ssl_cert = module.params["ssl_cert"]
ssl_key = module.params["ssl_key"]
ssl_ca = module.params["ssl_ca"]
ssl_cert = module.params["client_cert"]
ssl_key = module.params["client_key"]
ssl_ca = module.params["ca_cert"]
connect_timeout = module.params['connect_timeout']
config_file = module.params['config_file']
login_password = module.params["login_password"]

12
lib/ansible/modules/database/mysql/mysql_replication.py
View file

@ -220,9 +220,9 @@ def main():
master_ssl_cipher=dict(type='str'),
connect_timeout=dict(type='int', default=30),
config_file=dict(type='path', default='~/.my.cnf'),
ssl_cert=dict(type='path'),
ssl_key=dict(type='path'),
ssl_ca=dict(type='path'),
client_cert=dict(type='path', aliases=['ssl_cert']),
client_key=dict(type='path', aliases=['ssl_key']),
ca_cert=dict(type='path', aliases=['ssl_ca']),
)
)
mode = module.params["mode"]
@ -242,9 +242,9 @@ def main():
master_ssl_key = module.params["master_ssl_key"]
master_ssl_cipher = module.params["master_ssl_cipher"]
master_auto_position = module.params["master_auto_position"]
ssl_cert = module.params["ssl_cert"]
ssl_key = module.params["ssl_key"]
ssl_ca = module.params["ssl_ca"]
ssl_cert = module.params["client_cert"]
ssl_key = module.params["client_key"]
ssl_ca = module.params["ca_cert"]
connect_timeout = module.params['connect_timeout']
config_file = module.params['config_file']

12
lib/ansible/modules/database/mysql/mysql_user.py
View file

@ -570,9 +570,9 @@ def main():
connect_timeout=dict(type='int', default=30),
config_file=dict(type='path', default='~/.my.cnf'),
sql_log_bin=dict(type='bool', default=True),
ssl_cert=dict(type='path'),
ssl_key=dict(type='path'),
ssl_ca=dict(type='path'),
client_cert=dict(type='path', aliases=['ssl_cert']),
client_key=dict(type='path', aliases=['ssl_key']),
ca_cert=dict(type='path', aliases=['ssl_ca']),
),
supports_check_mode=True,
)
@ -590,9 +590,9 @@ def main():
config_file = module.params['config_file']
append_privs = module.boolean(module.params["append_privs"])
update_password = module.params['update_password']
ssl_cert = module.params["ssl_cert"]
ssl_key = module.params["ssl_key"]
ssl_ca = module.params["ssl_ca"]
ssl_cert = module.params["client_cert"]
ssl_key = module.params["client_key"]
ssl_ca = module.params["ca_cert"]
db = 'mysql'
sql_log_bin = module.params["sql_log_bin"]

12
lib/ansible/modules/database/mysql/mysql_variables.py
View file

@ -119,19 +119,19 @@ def main():
login_unix_socket=dict(type='str'),
variable=dict(type='str'),
value=dict(type='str'),
ssl_cert=dict(type='path'),
ssl_key=dict(type='path'),
ssl_ca=dict(type='path'),
client_cert=dict(type='path', aliases=['ssl_cert']),
client_key=dict(type='path', aliases=['ssl_key']),
ca_cert=dict(type='path', aliases=['ssl_ca']),
connect_timeout=dict(type='int', default=30),
config_file=dict(type='path', default='~/.my.cnf'),
),
)
user = module.params["login_user"]
password = module.params["login_password"]
ssl_cert = module.params["ssl_cert"]
ssl_key = module.params["ssl_key"]
ssl_ca = module.params["ssl_ca"]
connect_timeout = module.params['connect_timeout']
ssl_cert = module.params["client_cert"]
ssl_key = module.params["client_key"]
ssl_ca = module.params["ca_cert"]
config_file = module.params['config_file']
db = 'mysql'

4
lib/ansible/modules/database/postgresql/postgresql_db.py
View file

@ -462,7 +462,7 @@ def main():
"login_password": "password",
"port": "port",
"ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert"
"ca_cert": "sslrootcert"
}
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != '' and v is not None)
@ -479,7 +479,7 @@ def main():
if not raw_connection:
try:
pgutils.ensure_libs(sslrootcert=module.params.get('ssl_rootcert'))
pgutils.ensure_libs(sslrootcert=module.params.get('ca_cert'))
db_connection = psycopg2.connect(database=maintenance_db, **kw)
# Enable autocommit so we can create databases

11
lib/ansible/modules/database/postgresql/postgresql_ext.py
View file

@ -65,13 +65,14 @@ options:
choices: [allow, disable, prefer, require, verify-ca, verify-full]
type: str
version_added: '2.8'
ssl_rootcert:
ca_cert:
description:
- Specifies the name of a file containing SSL certificate authority (CA)
certificate(s). If the file exists, the server's certificate will be
verified to be signed by one of these authorities.
type: path
version_added: '2.8'
aliases: [ ssl_rootcert ]
port:
description:
- Database port to connect to.
@ -225,7 +226,7 @@ def main():
cascade=dict(type='bool', default=False),
ssl_mode=dict(type='str', default='prefer', choices=[
'disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(type="path", default=None),
ca_cert=dict(type="path", default=None, aliases=['ssl_rootcert']),
session_role=dict(type="str"),
)
@ -242,7 +243,7 @@ def main():
schema = module.params["schema"]
state = module.params["state"]
cascade = module.params["cascade"]
sslrootcert = module.params["ssl_rootcert"]
sslrootcert = module.params["ca_cert"]
session_role = module.params["session_role"]
changed = False
@ -256,7 +257,7 @@ def main():
"port": "port",
"db": "database",
"ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert"
"ca_cert": "sslrootcert"
}
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != "" and v is not None)
@ -267,7 +268,7 @@ def main():
kw["host"] = module.params["login_unix_socket"]
if psycopg2.__version__ < '2.4.3' and sslrootcert is not None:
module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ssl_rootcert parameter')
module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter')
try:
db_connection = psycopg2.connect(**kw)

11
lib/ansible/modules/database/postgresql/postgresql_idx.py
View file

@ -75,12 +75,13 @@ options:
type: str
default: prefer
choices: [ allow, disable, prefer, require, verify-ca, verify-full ]
ssl_rootcert:
ca_cert:
description:
- Specifies the name of a file containing SSL certificate authority (CA)
certificate(s). If the file exists, the server's certificate will be
verified to be signed by one of these authorities.
type: str
aliases: [ ssl_rootcert ]
state:
description:
- Index state.
@ -433,7 +434,7 @@ def main():
idxname=dict(type='str', required=True, aliases=['name']),
db=dict(type='str'),
ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(type='str'),
ca_cert=dict(type='str', aliases=['ssl_rootcert']),
state=dict(type='str', default='present', choices=['absent', 'present']),
concurrent=dict(type='bool', default=True),
table=dict(type='str'),
@ -458,7 +459,7 @@ def main():
idxtype = module.params["idxtype"]
columns = module.params["columns"]
cond = module.params["cond"]
sslrootcert = module.params["ssl_rootcert"]
sslrootcert = module.params["ca_cert"]
session_role = module.params["session_role"]
tablespace = module.params["tablespace"]
storage_params = module.params["storage_params"]
@ -495,7 +496,7 @@ def main():
"port": "port",
"db": "database",
"ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert"
"ca_cert": "sslrootcert"
}
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != "" and v is not None)
@ -506,7 +507,7 @@ def main():
kw["host"] = module.params["login_unix_socket"]
if psycopg2.__version__ < '2.4.3' and sslrootcert is not None:
module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ssl_rootcert parameter')
module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter')
if module.check_mode and concurrent:
module.fail_json(msg="Cannot concurrently create or drop index %s "

11
lib/ansible/modules/database/postgresql/postgresql_info.py
View file

@ -80,13 +80,14 @@ options:
type: str
choices: [ allow, disable, prefer, require, verify-ca, verify-full ]
default: prefer
ssl_rootcert:
ca_cert:
description:
- Specifies the name of a file containing SSL certificate authority (CA)
certificate(s).
- If the file exists, the server's certificate will be
verified to be signed by one of these authorities.
type: str
aliases: [ ssl_rootcert ]
notes:
- The default authentication assumes that you are either logging in as or
sudo'ing to the postgres account on the host.
@ -965,7 +966,7 @@ def main():
port=dict(type='int', default=5432, aliases=['login_port']),
filter=dict(type='list'),
ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(type='str'),
ca_cert=dict(type='str', aliases=['ssl_rootcert']),
session_role=dict(type='str'),
)
module = AnsibleModule(
@ -977,7 +978,7 @@ def main():
module.fail_json(msg="The python psycopg2 module is required")
filter_ = module.params["filter"]
sslrootcert = module.params["ssl_rootcert"]
sslrootcert = module.params["ca_cert"]
session_role = module.params["session_role"]
# To use defaults values, keyword arguments must be absent, so
@ -990,7 +991,7 @@ def main():
"port": "port",
"db": "database",
"ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert"
"ca_cert": "sslrootcert"
}
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != "" and v is not None)
@ -1002,7 +1003,7 @@ def main():
if psycopg2.__version__ < '2.4.3' and sslrootcert:
module.fail_json(msg='psycopg2 must be at least 2.4.3 in order '
'to user the ssl_rootcert parameter')
'to user the ca_cert parameter')
db_conn_obj = PgDbConn(module, kw, session_role)

11
lib/ansible/modules/database/postgresql/postgresql_lang.py
View file

@ -101,12 +101,13 @@ options:
default: prefer
choices: ["disable", "allow", "prefer", "require", "verify-ca", "verify-full"]
version_added: '2.8'
ssl_rootcert:
ca_cert:
description:
- Specifies the name of a file containing SSL certificate authority (CA)
certificate(s). If the file exists, the server's certificate will be
verified to be signed by one of these authorities.
version_added: '2.8'
aliases: [ ssl_rootcert ]
notes:
- The default authentication assumes that you are either logging in as or
sudo'ing to the postgres account on the host.
@ -237,7 +238,7 @@ def main():
fail_on_drop=dict(type='bool', default='yes'),
ssl_mode=dict(default='prefer', choices=[
'disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(default=None),
ca_cert=dict(default=None, aliases=['ssl_rootcert']),
session_role=dict(),
),
supports_check_mode=True
@ -250,7 +251,7 @@ def main():
force_trust = module.params["force_trust"]
cascade = module.params["cascade"]
fail_on_drop = module.params["fail_on_drop"]
sslrootcert = module.params["ssl_rootcert"]
sslrootcert = module.params["ca_cert"]
session_role = module.params["session_role"]
if not postgresqldb_found:
@ -266,7 +267,7 @@ def main():
"port": "port",
"db": "database",
"ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert"
"ca_cert": "sslrootcert"
}
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != "" and v is not None)
@ -277,7 +278,7 @@ def main():
kw["host"] = module.params["login_unix_socket"]
if psycopg2.__version__ < '2.4.3' and sslrootcert is not None:
module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ssl_rootcert parameter')
module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter')
try:
db_connection = psycopg2.connect(**kw)

13
lib/ansible/modules/database/postgresql/postgresql_ping.py
View file

@ -57,13 +57,14 @@ options:
type: str
choices: [ allow, disable, prefer, require, verify-ca, verify-full ]
default: prefer
ssl_rootcert:
ca_cert:
description:
- Specifies the name of a file containing SSL certificate authority (CA)
certificate(s).
- If the file exists, the server's certificate will be
verified to be signed by one of these authorities.
type: str
aliases: [ ssl_rootcert ]
notes:
- The default authentication assumes that you are either logging in as or
sudo'ing to the postgres account on the host.
@ -90,7 +91,7 @@ EXAMPLES = r'''
login_host: dbsrv
login_user: secret
login_password: secret_pass
ssl_rootcert: /root/root.crt
ca_cert: /root/root.crt
ssl_mode: verify-full
'''
@ -172,7 +173,7 @@ def main():
argument_spec.update(
db=dict(type='str'),
ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(type='str'),
ca_cert=dict(type='str', aliases=['ssl_rootcert']),
)
module = AnsibleModule(
argument_spec=argument_spec,
@ -182,7 +183,7 @@ def main():
if not HAS_PSYCOPG2:
module.fail_json(msg="The python psycopg2 module is required")
sslrootcert = module.params["ssl_rootcert"]
sslrootcert = module.params["ca_cert"]
# To use defaults values, keyword arguments must be absent, so
# check which values are empty and don't include in the **kw
@ -194,7 +195,7 @@ def main():
"port": "port",
"db": "database",
"ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert"
"ca_cert": "sslrootcert"
}
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != "" and v is not None)
@ -206,7 +207,7 @@ def main():
if psycopg2.__version__ < '2.4.3' and sslrootcert is not None:
module.fail_json(msg='psycopg2 must be at least 2.4.3 in order '
'to user the ssl_rootcert parameter')
'to user the ca_cert parameter')
# Set some default values:
cursor = False

13
lib/ansible/modules/database/postgresql/postgresql_privs.py
View file

@ -128,11 +128,12 @@ options:
default: prefer
choices: [disable, allow, prefer, require, verify-ca, verify-full]
version_added: '2.3'
ssl_rootcert:
ca_cert:
description:
- Specifies the name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be
verified to be signed by one of these authorities.
version_added: '2.3'
aliases: [ ssl_rootcert ]
notes:
- Default authentication assumes that postgresql_privs is run by the
C(postgres) user on the remote host. (Ansible's C(user) or C(sudo-user)).
@ -152,7 +153,7 @@ notes:
specified via I(login). If R has been granted the same privileges by
another user also, R can still access database objects via these privileges.
- When revoking privileges, C(RESTRICT) is assumed (see PostgreSQL docs).
- The ssl_rootcert parameter requires at least Postgres version 8.4 and I(psycopg2) version 2.4.3.
- The ca_cert parameter requires at least Postgres version 8.4 and I(psycopg2) version 2.4.3.
requirements: [psycopg2]
extends_documentation_fragment:
- postgres
@ -412,7 +413,7 @@ class Connection(object):
"port": "port",
"database": "database",
"ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert"
"ca_cert": "sslrootcert"
}
kw = dict((params_map[k], getattr(params, k)) for k in params_map
@ -423,9 +424,9 @@ class Connection(object):
if is_localhost and params.unix_socket != "":
kw["host"] = params.unix_socket
sslrootcert = params.ssl_rootcert
sslrootcert = params.ca_cert
if psycopg2.__version__ < '2.4.3' and sslrootcert is not None:
raise ValueError('psycopg2 must be at least 2.4.3 in order to user the ssl_rootcert parameter')
raise ValueError('psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter')
self.connection = psycopg2.connect(**kw)
self.cursor = self.connection.cursor()
@ -856,7 +857,7 @@ def main():
password=dict(default='', aliases=['login_password'], no_log=True),
ssl_mode=dict(default="prefer",
choices=['disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(default=None),
ca_cert=dict(default=None, aliases=['ssl_rootcert']),
fail_on_role=dict(type='bool', default=True),
),
supports_check_mode=True

11
lib/ansible/modules/database/postgresql/postgresql_query.py
View file

@ -86,13 +86,14 @@ options:
type: str
default: prefer
choices: [ allow, disable, prefer, require, verify-ca, verify-full ]
ssl_rootcert:
ca_cert:
description:
- Specifies the name of a file containing SSL certificate authority (CA)
certificate(s).
- If the file exists, the server's certificate will be
verified to be signed by one of these authorities.
type: str
aliases: [ ssl_rootcert ]
notes:
- The default authentication assumes that you are either logging in as or
sudo'ing to the postgres account on the host.
@ -220,7 +221,7 @@ def main():
query=dict(type='str'),
db=dict(type='str'),
ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(type='str'),
ca_cert=dict(type='str', aliases=['ssl_rootcert']),
positional_args=dict(type='list'),
named_args=dict(type='dict'),
session_role=dict(type='str'),
@ -239,7 +240,7 @@ def main():
query = module.params["query"]
positional_args = module.params["positional_args"]
named_args = module.params["named_args"]
sslrootcert = module.params["ssl_rootcert"]
sslrootcert = module.params["ca_cert"]
session_role = module.params["session_role"]
path_to_script = module.params["path_to_script"]
@ -265,7 +266,7 @@ def main():
"port": "port",
"db": "database",
"ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert"
"ca_cert": "sslrootcert"
}
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != '' and v is not None)
@ -277,7 +278,7 @@ def main():
if psycopg2.__version__ < '2.4.3' and sslrootcert:
module.fail_json(msg='psycopg2 must be at least 2.4.3 '
'in order to user the ssl_rootcert parameter')
'in order to user the ca_cert parameter')
db_connection = connect_to_db(module, kw)
cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor)

11
lib/ansible/modules/database/postgresql/postgresql_schema.py
View file

@ -91,12 +91,13 @@ options:
default: prefer
choices: [ allow, disable, prefer, require, verify-ca, verify-full ]
version_added: '2.8'
ssl_rootcert:
ca_cert:
description:
- Specifies the name of a file containing SSL certificate authority (CA) certificate(s).
- If the file exists, the server's certificate will be verified to be signed by one of these authorities.
type: str
version_added: '2.8'
aliases: [ ssl_rootcert ]
notes:
- This module uses I(psycopg2), a Python PostgreSQL database adapter.
- You must ensure that psycopg2 is installed on the host before using this module.
@ -252,7 +253,7 @@ def main():
state=dict(type="str", default="present", choices=["absent", "present"]),
ssl_mode=dict(type="str", default='prefer', choices=[
'disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(type="str", default=None),
ca_cert=dict(type="str", default=None, aliases=['ssl_rootcert']),
session_role=dict(type="str"),
)
@ -267,7 +268,7 @@ def main():
schema = module.params["schema"]
owner = module.params["owner"]
state = module.params["state"]
sslrootcert = module.params["ssl_rootcert"]
sslrootcert = module.params["ca_cert"]
cascade_drop = module.params["cascade_drop"]
session_role = module.params["session_role"]
changed = False
@ -282,7 +283,7 @@ def main():
"port": "port",
"database": "database",
"ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert"
"ca_cert": "sslrootcert"
}
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != "" and v is not None)
@ -294,7 +295,7 @@ def main():
if psycopg2.__version__ < '2.4.3' and sslrootcert is not None:
module.fail_json(
msg='psycopg2 must be at least 2.4.3 in order to user the ssl_rootcert parameter')
msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter')
try:
db_connection = psycopg2.connect(**kw)

11
lib/ansible/modules/database/postgresql/postgresql_set.py
View file

@ -96,13 +96,14 @@ options:
type: str
choices: [ allow, disable, prefer, require, verify-ca, verify-full ]
default: prefer
ssl_rootcert:
ca_cert:
description:
- Specifies the name of a file containing SSL certificate authority (CA)
certificate(s).
- If the file exists, the server's certificate will be
verified to be signed by one of these authorities.
type: str
aliases: [ ssl_rootcert ]
notes:
- Supported version of PostgreSQL is 9.4 and later.
- Pay attention, change setting with 'postmaster' context can return changed is true
@ -338,7 +339,7 @@ def main():
db=dict(type='str', aliases=['login_db']),
port=dict(type='int', default=5432, aliases=['login_port']),
ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(type='str'),
ca_cert=dict(type='str', aliases=['ssl_rootcert']),
value=dict(type='str'),
reset=dict(type='bool'),
session_role=dict(type='str'),
@ -354,7 +355,7 @@ def main():
name = module.params["name"]
value = module.params["value"]
reset = module.params["reset"]
sslrootcert = module.params["ssl_rootcert"]
sslrootcert = module.params["ca_cert"]
session_role = module.params["session_role"]
# Allow to pass values like 1mb instead of 1MB, etc:
@ -379,7 +380,7 @@ def main():
"port": "port",
"db": "database",
"ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert"
"ca_cert": "sslrootcert"
}
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != '' and v is not None)
@ -394,7 +395,7 @@ def main():
if psycopg2.__version__ < '2.4.3' and sslrootcert:
module.fail_json(msg='psycopg2 must be at least 2.4.3 '
'in order to user the ssl_rootcert parameter')
'in order to user the ca_cert parameter')
db_connection = connect_to_db(module, kw, autocommit=True)
cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor)

11
lib/ansible/modules/database/postgresql/postgresql_tablespace.py
View file

@ -112,13 +112,14 @@ options:
type: str
default: prefer
choices: [ allow, disable, prefer, require, verify-ca, verify-full ]
ssl_rootcert:
ca_cert:
description:
- Specifies the name of a file containing SSL certificate authority (CA)
certificate(s).
- If the file exists, the server's certificate will be
verified to be signed by one of these authorities.
type: str
aliases: [ ssl_rootcert ]
notes:
- I(state=absent) and I(state=present) (the second one if the tablespace doesn't exist) do not
support check mode because the corresponding PostgreSQL DROP and CREATE TABLESPACE commands
@ -389,7 +390,7 @@ def main():
db=dict(type='str', aliases=['login_db']),
port=dict(type='int', default=5432, aliases=['login_port']),
ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(type='str'),
ca_cert=dict(type='str', aliases=['ssl_rootcert']),
session_role=dict(type='str'),
)
@ -408,7 +409,7 @@ def main():
owner = module.params["owner"]
rename_to = module.params["rename_to"]
settings = module.params["set"]
sslrootcert = module.params["ssl_rootcert"]
sslrootcert = module.params["ca_cert"]
session_role = module.params["session_role"]
if state == 'absent' and (location or owner or rename_to or settings):
@ -425,7 +426,7 @@ def main():
"port": "port",
"db": "database",
"ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert"
"ca_cert": "sslrootcert"
}
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != '' and v is not None)
@ -437,7 +438,7 @@ def main():
if psycopg2.__version__ < '2.4.3' and sslrootcert:
module.fail_json(msg='psycopg2 must be at least 2.4.3 '
'in order to user the ssl_rootcert parameter')
'in order to user the ca_cert parameter')
db_connection = connect_to_db(module, kw, autocommit=True)
cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor)

13
lib/ansible/modules/database/postgresql/postgresql_user.py
View file

@ -138,12 +138,13 @@ options:
default: prefer
choices: ["disable", "allow", "prefer", "require", "verify-ca", "verify-full"]
version_added: '2.3'
ssl_rootcert:
ca_cert:
description:
- Specifies the name of a file containing SSL certificate authority (CA)
certificate(s). If the file exists, the server's certificate will be
verified to be signed by one of these authorities.
version_added: '2.3'
aliases: [ ssl_rootcert ]
conn_limit:
description:
- Specifies the user (role) connection limit.
@ -163,7 +164,7 @@ notes:
- If you specify PUBLIC as the user (role), then the privilege changes will apply
to all users (roles). You may not specify password or role_attr_flags when the
PUBLIC user is specified.
- The ssl_rootcert parameter requires at least Postgres version 8.4 and
- The ca_cert parameter requires at least Postgres version 8.4 and
I(psycopg2) version 2.4.3.
requirements: [ psycopg2 ]
author: "Ansible Core Team"
@ -759,7 +760,7 @@ def main():
expires=dict(default=None),
ssl_mode=dict(default='prefer', choices=[
'disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(default=None),
ca_cert=dict(default=None, aliases=['ssl_rootcert']),
conn_limit=dict(type='int', default=None),
session_role=dict(),
))
@ -783,7 +784,7 @@ def main():
else:
encrypted = "UNENCRYPTED"
expires = module.params["expires"]
sslrootcert = module.params["ssl_rootcert"]
sslrootcert = module.params["ca_cert"]
conn_limit = module.params["conn_limit"]
if not postgresqldb_found:
@ -799,7 +800,7 @@ def main():
"port": "port",
"db": "database",
"ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert"
"ca_cert": "sslrootcert"
}
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != "" and v is not None)
@ -811,7 +812,7 @@ def main():
if psycopg2.__version__ < '2.4.3' and sslrootcert is not None:
module.fail_json(
msg='psycopg2 must be at least 2.4.3 in order to user the ssl_rootcert parameter')
msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter')
try:
db_connection = psycopg2.connect(**kw)

6
lib/ansible/modules/messaging/rabbitmq/rabbitmq_binding.py
View file

@ -107,9 +107,9 @@ class RabbitMqBinding(object):
self.destination_type = 'q' if self.module.params['destination_type'] == 'queue' else 'e'
self.routing_key = self.module.params['routing_key']
self.arguments = self.module.params['arguments']
self.verify = self.module.params['cacert']
self.cert = self.module.params['cert']
self.key = self.module.params['key']
self.verify = self.module.params['ca_cert']
self.cert = self.module.params['client_cert']
self.key = self.module.params['client_key']
self.props = urllib_parse.quote(self.routing_key) if self.routing_key != '' else '~'
self.base_url = '{0}://{1}:{2}/api/bindings'.format(self.login_protocol,
self.login_host,

8
lib/ansible/modules/messaging/rabbitmq/rabbitmq_exchange.py
View file

@ -127,7 +127,7 @@ def main():
# Check if exchange already exists
r = requests.get(url, auth=(module.params['login_user'], module.params['login_password']),
verify=module.params['cacert'], cert=(module.params['cert'], module.params['key']))
verify=module.params['ca_cert'], cert=(module.params['client_cert'], module.params['client_key']))
if r.status_code == 200:
exchange_exists = True
@ -179,12 +179,12 @@ def main():
"type": module.params['exchange_type'],
"arguments": module.params['arguments']
}),
verify=module.params['cacert'],
cert=(module.params['cert'], module.params['key'])
verify=module.params['ca_cert'],
cert=(module.params['client_cert'], module.params['client_key'])
)
elif module.params['state'] == 'absent':
r = requests.delete(url, auth=(module.params['login_user'], module.params['login_password']),
verify=module.params['cacert'], cert=(module.params['cert'], module.params['key']))
verify=module.params['ca_cert'], cert=(module.params['client_cert'], module.params['client_key']))
# RabbitMQ 3.6.7 changed this response code from 204 to 201
if r.status_code == 204 or r.status_code == 201:

8
lib/ansible/modules/messaging/rabbitmq/rabbitmq_queue.py
View file

@ -141,7 +141,7 @@ def main():
# Check if queue already exists
r = requests.get(url, auth=(module.params['login_user'], module.params['login_password']),
verify=module.params['cacert'], cert=(module.params['cert'], module.params['key']))
verify=module.params['ca_cert'], cert=(module.params['client_cert'], module.params['client_key']))
if r.status_code == 200:
queue_exists = True
@ -228,12 +228,12 @@ def main():
"auto_delete": module.params['auto_delete'],
"arguments": module.params['arguments']
}),
verify=module.params['cacert'],
cert=(module.params['cert'], module.params['key'])
verify=module.params['ca_cert'],
cert=(module.params['client_cert'], module.params['client_key'])
)
elif module.params['state'] == 'absent':
r = requests.delete(url, auth=(module.params['login_user'], module.params['login_password']),
verify=module.params['cacert'], cert=(module.params['cert'], module.params['key']))
verify=module.params['ca_cert'], cert=(module.params['client_cert'], module.params['client_key']))
# RabbitMQ 3.6.7 changed this response code from 204 to 201
if r.status_code == 204 or r.status_code == 201:

7
lib/ansible/modules/monitoring/zabbix/zabbix_host.py
View file

@ -112,11 +112,12 @@ options:
- The preshared key, at least 32 hex digits. Required if either tls_connect or tls_accept has PSK enabled.
- Works only with >= Zabbix 3.0
version_added: '2.5'
tls_issuer:
ca_cert:
description:
- Required certificate issuer.
- Works only with >= Zabbix 3.0
version_added: '2.5'
aliases: [ tls_issuer ]
tls_subject:
description:
- Required certificate subject.
@ -642,7 +643,7 @@ def main():
tls_accept=dict(type='int', default=1),
tls_psk_identity=dict(type='str', required=False),
tls_psk=dict(type='str', required=False),
tls_issuer=dict(type='str', required=False),
ca_cert=dict(type='str', required=False, aliases=['tls_issuer']),
tls_subject=dict(type='str', required=False),
inventory_zabbix=dict(required=False, type='dict'),
timeout=dict(type='int', default=10),
@ -678,7 +679,7 @@ def main():
tls_accept = module.params['tls_accept']
tls_psk_identity = module.params['tls_psk_identity']
tls_psk = module.params['tls_psk']
tls_issuer = module.params['tls_issuer']
tls_issuer = module.params['ca_cert']
tls_subject = module.params['tls_subject']
inventory_zabbix = module.params['inventory_zabbix']
status = module.params['status']

7
lib/ansible/modules/monitoring/zabbix/zabbix_proxy.py
View file

@ -64,10 +64,11 @@ options:
required: false
choices: ['no_encryption','PSK','certificate']
default: 'no_encryption'
tls_issuer:
ca_cert:
description:
- Certificate issuer.
required: false
aliases: [ tls_issuer ]
tls_subject:
description:
- Certificate subject.
@ -248,7 +249,7 @@ def main():
choices=['no_encryption', 'PSK', 'certificate']),
tls_accept=dict(default='no_encryption',
choices=['no_encryption', 'PSK', 'certificate']),
tls_issuer=dict(type='str', required=False, default=None),
ca_cert=dict(type='str', required=False, default=None, aliases=['tls_issuer']),
tls_subject=dict(type='str', required=False, default=None),
tls_psk_identity=dict(type='str', required=False, default=None),
tls_psk=dict(type='str', required=False, default=None),
@ -274,7 +275,7 @@ def main():
status = module.params['status']
tls_connect = module.params['tls_connect']
tls_accept = module.params['tls_accept']
tls_issuer = module.params['tls_issuer']
tls_issuer = module.params['ca_cert']
tls_subject = module.params['tls_subject']
tls_psk_identity = module.params['tls_psk_identity']
tls_psk = module.params['tls_psk']

44
lib/ansible/modules/network/f5/bigip_device_auth_ldap.py
View file

@ -87,26 +87,30 @@ options:
- "yes"
- "no"
- start-tls
ssl_ca_cert:
ca_cert:
description:
- Specifies the name of an SSL certificate from a certificate authority (CA).
- To remove this value, use the reserved value C(none).
type: str
ssl_client_key:
aliases: [ ssl_ca_cert ]
client_key:
description:
- Specifies the name of an SSL client key.
- To remove this value, use the reserved value C(none).
type: str
ssl_client_cert:
aliases: [ ssl_client_key ]
client_cert:
description:
- Specifies the name of an SSL client certificate.
- To remove this value, use the reserved value C(none).
type: str
ssl_check_peer:
aliases: [ ssl_client_cert ]
validate_certs:
description:
- Specifies whether the system checks an SSL peer, as a result of which the
system requires and verifies the server certificate.
type: bool
aliases: [ ssl_check_peer ]
login_ldap_attr:
description:
- Specifies the LDAP directory attribute containing the local user name that is
@ -196,22 +200,22 @@ ssl:
returned: changed
type: str
sample: start-tls
ssl_ca_cert:
ca_cert:
description: The name of an SSL certificate from a certificate authority.
returned: changed
type: str
sample: My-Trusted-CA-Bundle.crt
ssl_client_key:
client_key:
description: The name of an SSL client key.
returned: changed
type: str
sample: MyKey.key
ssl_client_cert:
client_cert:
description: The name of an SSL client certificate.
returned: changed
type: str
sample: MyCert.crt
ssl_check_peer:
validate_certs:
description: Indicates if the system checks an SSL peer.
returned: changed
type: bool
@ -257,10 +261,10 @@ class Parameters(AnsibleF5Parameters):
'userTemplate': 'user_template',
'fallback': 'fallback_to_local',
'loginAttribute': 'login_ldap_attr',
'sslCheckPeer': 'ssl_check_peer',
'sslClientCert': 'ssl_client_cert',
'sslClientKey': 'ssl_client_key',
'sslCaCertFile': 'ssl_ca_cert',
'sslCheckPeer': 'validate_certs',
'sslClientCert': 'client_cert',
'sslClientKey': 'client_key',
'sslCaCertFile': 'ca_cert',
'checkRolesGroup': 'check_member_attr',
'searchBaseDn': 'remote_directory_tree',
}
@ -293,10 +297,10 @@ class Parameters(AnsibleF5Parameters):
'scope',
'servers',
'ssl',
'ssl_ca_cert',
'ssl_check_peer',
'ssl_client_cert',
'ssl_client_key',
'ca_cert',
'validate_certs',
'client_cert',
'client_key',
'user_template',
]
@ -803,10 +807,10 @@ class ArgumentSpec(object):
ssl=dict(
choices=['yes', 'no', 'start-tls']
),
ssl_ca_cert=dict(),
ssl_client_key=dict(),
ssl_client_cert=dict(),
ssl_check_peer=dict(type='bool'),
ca_cert=dict(aliases=['ssl_ca_cert']),
client_key=dict(aliases=['ssl_client_key']),
client_cert=dict(aliases=['ssl_client_cert']),
validate_certs=dict(type='bool', aliases=['ssl_check_peer']),
login_ldap_attr=dict(),
fallback_to_local=dict(type='bool'),
update_password=dict(

9
lib/ansible/modules/network/radware/vdirect_commit.py
View file

@ -82,13 +82,14 @@ options:
- may be set as C(VDIRECT_HTTPS) or C(VDIRECT_USE_SSL) environment variable.
type: bool
default: 'yes'
vdirect_validate_certs:
validate_certs:
description:
- If C(no), SSL certificates will not be validated,
- may be set as C(VDIRECT_VALIDATE_CERTS) or C(VDIRECT_VERIFY) environment variable.
- This should only set to C(no) used on personally controlled sites using self-signed certificates.
type: bool
default: 'yes'
aliases: [ vdirect_validate_certs ]
devices:
description:
- List of Radware Alteon device names for commit operations.
@ -172,9 +173,9 @@ meta_args = dict(
vdirect_timeout=dict(
required=False, fallback=(env_fallback, ['VDIRECT_TIMEOUT']),
default=60, type='int'),
vdirect_validate_certs=dict(
validate_certs=dict(
required=False, fallback=(env_fallback, ['VDIRECT_VERIFY', 'VDIRECT_VALIDATE_CERTS']),
default=True, type='bool'),
default=True, type='bool', aliases=['vdirect_validate_certs']),
vdirect_https_port=dict(
required=False, fallback=(env_fallback, ['VDIRECT_HTTPS_PORT']),
default=2189, type='int'),
@ -219,7 +220,7 @@ class VdirectCommit(object):
http_port=params['vdirect_http_port'],
timeout=params['vdirect_timeout'],
https=params['vdirect_use_ssl'],
verify=params['vdirect_validate_certs'])
verify=params['validate_certs'])
self.devices = params['devices']
self.apply = params['apply']
self.save = params['save']

9
lib/ansible/modules/network/radware/vdirect_file.py
View file

@ -76,13 +76,14 @@ options:
- may be set as VDIRECT_HTTPS or VDIRECT_USE_SSL environment variable.
type: bool
default: 'yes'
vdirect_validate_certs:
validate_certs:
description:
- If C(no), SSL certificates will not be validated,
- may be set as VDIRECT_VALIDATE_CERTS or VDIRECT_VERIFY environment variable.
- This should only set to C(no) used on personally controlled sites using self-signed certificates.
type: bool
default: 'yes'
aliases: [ vdirect_validate_certs ]
file_name:
description:
- vDirect runnable file name to be uploaded.
@ -148,9 +149,9 @@ meta_args = dict(
vdirect_timeout=dict(
required=False, fallback=(env_fallback, ['VDIRECT_TIMEOUT']),
default=60, type='int'),
vdirect_validate_certs=dict(
validate_certs=dict(
required=False, fallback=(env_fallback, ['VDIRECT_VERIFY', 'VDIRECT_VALIDATE_CERTS']),
default=True, type='bool'),
default=True, type='bool', aliases=['vdirect_validate_certs']),
vdirect_https_port=dict(
required=False, fallback=(env_fallback, ['VDIRECT_HTTPS_PORT']),
default=2189, type='int'),
@ -187,7 +188,7 @@ class VdirectFile(object):
http_port=params['vdirect_http_port'],
timeout=params['vdirect_timeout'],
https=params['vdirect_use_ssl'],
verify=params['vdirect_validate_certs'])
verify=params['validate_certs'])
def upload(self, fqn):
if fqn.endswith(TEMPLATE_EXTENSION):

9
lib/ansible/modules/network/radware/vdirect_runnable.py
View file

@ -76,13 +76,14 @@ options:
- may be set as C(VDIRECT_HTTPS) or C(VDIRECT_USE_SSL) environment variable.
type: bool
default: 'yes'
vdirect_validate_certs:
validate_certs:
description:
- If C(no), SSL certificates will not be validated,
- may be set as C(VDIRECT_VALIDATE_CERTS) or C(VDIRECT_VERIFY) environment variable.
- This should only set to C(no) used on personally controlled sites using self-signed certificates.
type: bool
default: 'yes'
aliases: [ vdirect_validate_certs ]
runnable_type:
description:
- vDirect runnable type.
@ -160,9 +161,9 @@ meta_args = dict(
vdirect_timeout=dict(
required=False, fallback=(env_fallback, ['VDIRECT_TIMEOUT']),
default=60, type='int'),
vdirect_validate_certs=dict(
validate_certs=dict(
required=False, fallback=(env_fallback, ['VDIRECT_VERIFY', 'VDIRECT_VALIDATE_CERTS']),
default=True, type='bool'),
default=True, type='bool', aliases=['vdirect_validate_certs']),
vdirect_https_port=dict(
required=False, fallback=(env_fallback, ['VDIRECT_HTTPS_PORT']),
default=2189, type='int'),
@ -222,7 +223,7 @@ class VdirectRunnable(object):
http_port=params['vdirect_http_port'],
timeout=params['vdirect_timeout'],
https=params['vdirect_use_ssl'],
verify=params['vdirect_validate_certs'])
verify=params['validate_certs'])
self.params = params
self.type = self.params['runnable_type']
self.name = self.params['runnable_name']

21
lib/ansible/modules/notification/mqtt.py
View file

@ -61,7 +61,7 @@ options:
retained message immediately.
type: bool
default: 'no'
ca_certs:
ca_cert:
description:
- The path to the Certificate Authority certificate files that are to be
treated as trusted by this client. If this is the only option given
@ -72,18 +72,21 @@ options:
network encryption but may not be sufficient depending on how the broker
is configured.
version_added: 2.3
certfile:
aliases: [ ca_certs ]
client_cert:
description:
- The path pointing to the PEM encoded client certificate. If this is not
None it will be used as client information for TLS based
authentication. Support for this feature is broker dependent.
version_added: 2.3
keyfile:
aliases: [ certfile ]
client_key:
description:
- The path pointing to the PEM encoded client private key. If this is not
None it will be used as client information for TLS based
authentication. Support for this feature is broker dependent.
version_added: 2.3
aliases: [ keyfile ]
# informational: requirements for nodes
@ -141,9 +144,9 @@ def main():
retain=dict(default=False, type='bool'),
username=dict(default=None),
password=dict(default=None, no_log=True),
ca_certs=dict(default=None, type='path'),
certfile=dict(default=None, type='path'),
keyfile=dict(default=None, type='path'),
ca_cert=dict(default=None, type='path', aliases=['ca_certs']),
client_cert=dict(default=None, type='path', aliases=['certfile']),
client_key=dict(default=None, type='path', aliases=['keyfile']),
),
supports_check_mode=True
)
@ -160,9 +163,9 @@ def main():
retain = module.params.get("retain")
username = module.params.get("username", None)
password = module.params.get("password", None)
ca_certs = module.params.get("ca_certs", None)
certfile = module.params.get("certfile", None)
keyfile = module.params.get("keyfile", None)
ca_certs = module.params.get("ca_cert", None)
certfile = module.params.get("client_cert", None)
keyfile = module.params.get("client_key", None)
if client_id is None:
client_id = "%s_%s" % (socket.getfqdn(), os.getpid())

24
lib/ansible/modules/packaging/os/pulp_repo.py
View file

@ -48,11 +48,13 @@ options:
type: bool
default: 'no'
version_added: "2.8"
importer_ssl_ca_cert:
ca_cert:
description:
- CA certificate string used to validate the feed source SSL certificate.
This can be the file content or the path to the file.
importer_ssl_client_cert:
type: str
aliases: [ importer_ssl_ca_cert ]
client_cert:
description:
- Certificate used as the client certificate when synchronizing the
repository. This is used to communicate authentication information to
@ -60,11 +62,15 @@ options:
certificate. The specified file may be the certificate itself or a
single file containing both the certificate and private key. This can be
the file content or the path to the file.
importer_ssl_client_key:
type: str
aliases: [ importer_ssl_client_cert ]
client_key:
description:
- Private key to the certificate specified in I(importer_ssl_client_cert),
assuming it is not included in the certificate file itself. This can be
the file content or the path to the file.
type: str
aliases: [ importer_ssl_client_key ]
name:
description:
- Name of the repo to add or remove. This correlates to repo-id in Pulp.
@ -529,9 +535,9 @@ def main():
add_export_distributor=dict(default=False, type='bool'),
feed=dict(),
generate_sqlite=dict(default=False, type='bool'),
importer_ssl_ca_cert=dict(),
importer_ssl_client_cert=dict(),
importer_ssl_client_key=dict(),
ca_cert=dict(aliases=['importer_ssl_ca_cert']),
client_cert=dict(aliases=['importer_ssl_client_cert']),
client_key=dict(aliases=['importer_ssl_client_key']),
name=dict(required=True, aliases=['repo']),
proxy_host=dict(),
proxy_port=dict(),
@ -555,9 +561,9 @@ def main():
add_export_distributor = module.params['add_export_distributor']
feed = module.params['feed']
generate_sqlite = module.params['generate_sqlite']
importer_ssl_ca_cert = module.params['importer_ssl_ca_cert']
importer_ssl_client_cert = module.params['importer_ssl_client_cert']
importer_ssl_client_key = module.params['importer_ssl_client_key']
importer_ssl_ca_cert = module.params['ca_cert']
importer_ssl_client_cert = module.params['client_cert']
importer_ssl_client_key = module.params['client_key']
proxy_host = module.params['proxy_host']
proxy_port = module.params['proxy_port']
proxy_username = module.params['proxy_username']

7
lib/ansible/modules/packaging/os/rhn_register.py
View file

@ -55,11 +55,12 @@ options:
- Supply an profilename for use with registration.
type: str
version_added: "2.0"
sslcacert:
ca_cert:
description:
- Supply a custom ssl CA certificate file for use with registration.
type: path
version_added: "2.1"
aliases: [ sslcacert ]
systemorgid:
description:
- Supply an organizational id for use with registration.
@ -350,7 +351,7 @@ def main():
server_url=dict(type='str'),
activationkey=dict(type='str', no_log=True),
profilename=dict(type='str'),
sslcacert=dict(type='path'),
ca_cert=dict(type='path', aliases=['sslcacert']),
systemorgid=dict(type='str'),
enable_eus=dict(type='bool', default=False),
nopackages=dict(type='bool', default=False),
@ -374,7 +375,7 @@ def main():
state = module.params['state']
activationkey = module.params['activationkey']
profilename = module.params['profilename']
sslcacert = module.params['sslcacert']
sslcacert = module.params['ca_cert']
systemorgid = module.params['systemorgid']
channels = module.params['channels']
enable_eus = module.params['enable_eus']

12
lib/ansible/modules/packaging/os/yum_repository.py
View file

@ -273,19 +273,23 @@ options:
description:
- Path to the directory containing the databases of the certificate
authorities yum should use to verify SSL certificates.
aliases: [ ca_cert ]
sslclientcert:
description:
- Path to the SSL client certificate yum should use to connect to
repos/remote sites.
aliases: [ client_cert ]
sslclientkey:
description:
- Path to the SSL client key yum should use to connect to repos/remote
sites.
aliases: [ client_key ]
sslverify:
description:
- Defines whether yum should verify SSL certificates/hosts at all.
type: bool
default: 'yes'
aliases: [ validate_certs ]
state:
description:
- State of the repo file.
@ -593,11 +597,11 @@ def main():
retries=dict(),
s3_enabled=dict(type='bool'),
skip_if_unavailable=dict(type='bool'),
sslcacert=dict(),
sslcacert=dict(aliases=['ca_cert']),
ssl_check_cert_permissions=dict(type='bool'),
sslclientcert=dict(),
sslclientkey=dict(),
sslverify=dict(type='bool'),
sslclientcert=dict(aliases=['client_cert']),
sslclientkey=dict(aliases=['client_key']),
sslverify=dict(type='bool', aliases=['validate_certs']),
state=dict(choices=['present', 'absent'], default='present'),
throttle=dict(),
timeout=dict(),

4
lib/ansible/modules/remote_management/manageiq/manageiq_alert_profiles.py
View file

@ -61,7 +61,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Delete an alert profile from ManageIQ
manageiq_alert_profiles:
@ -71,7 +71,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
'''
RETURN = '''

6
lib/ansible/modules/remote_management/manageiq/manageiq_alerts.py
View file

@ -80,7 +80,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Add an alert with a "miq expression" to ManageIQ
manageiq_alerts:
@ -107,7 +107,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Delete an alert from ManageIQ
manageiq_alerts:
@ -117,7 +117,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
'''
RETURN = '''

6
lib/ansible/modules/remote_management/manageiq/manageiq_group.py
View file

@ -104,7 +104,7 @@ EXAMPLES = '''
url: 'https://manageiq_server'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Create a group in ManageIQ with the role EvmRole-user and tenant with tenant_id 4
manageiq_group:
@ -115,7 +115,7 @@ EXAMPLES = '''
url: 'https://manageiq_server'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name:
- Create or update a group in ManageIQ with the role EvmRole-user and tenant my_tenant.
@ -141,7 +141,7 @@ EXAMPLES = '''
url: 'https://manageiq_server'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Delete a group in ManageIQ
manageiq_group:

6
lib/ansible/modules/remote_management/manageiq/manageiq_policies.py
View file

@ -62,7 +62,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Unassign a policy_profile for a provider in ManageIQ
manageiq_policies:
@ -75,7 +75,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: List current policy_profile and policies for a provider in ManageIQ
manageiq_policies:
@ -86,7 +86,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
'''
RETURN = '''

42
lib/ansible/modules/remote_management/manageiq/manageiq_provider.py
View file

@ -82,7 +82,7 @@ options:
description: Provider's api endpoint authentication password. defaults to None.
auth_key:
description: Provider's api endpoint authentication bearer token. defaults to None.
verify_ssl:
validate_certs:
description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True.
type: bool
default: 'yes'
@ -106,7 +106,7 @@ options:
description: Provider's api endpoint authentication password. defaults to None.
auth_key:
description: Provider's api endpoint authentication bearer token. defaults to None.
verify_ssl:
validate_certs:
description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True.
type: bool
default: 'yes'
@ -133,7 +133,7 @@ options:
description: Provider's api endpoint authentication password. defaults to None.
auth_key:
description: Provider's api endpoint authentication bearer token. defaults to None.
verify_ssl:
validate_certs:
description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True.
default: true
security_protocol:
@ -165,7 +165,7 @@ EXAMPLES = '''
auth_key: 'topSecret'
hostname: 'example.com'
port: 8443
verify_ssl: true
validate_certs: true
security_protocol: 'ssl-with-validation-custom-ca'
certificate_authority: |
-----BEGIN CERTIFICATE-----
@ -191,7 +191,7 @@ EXAMPLES = '''
role: 'hawkular'
hostname: 'example.com'
port: 443
verify_ssl: true
validate_certs: true
security_protocol: 'ssl-with-validation-custom-ca'
certificate_authority: |
-----BEGIN CERTIFICATE-----
@ -216,7 +216,7 @@ EXAMPLES = '''
url: 'https://127.0.0.1:80'
username: 'admin'
password: 'password'
verify_ssl: true
validate_certs: true
- name: Update an existing provider named 'EngLab' (defaults to 'Prometheus' metrics)
@ -228,7 +228,7 @@ EXAMPLES = '''
auth_key: 'topSecret'
hostname: 'next.example.com'
port: 8443
verify_ssl: true
validate_certs: true
security_protocol: 'ssl-with-validation-custom-ca'
certificate_authority: |
-----BEGIN CERTIFICATE-----
@ -253,7 +253,7 @@ EXAMPLES = '''
auth_key: 'topSecret'
hostname: 'next.example.com'
port: 443
verify_ssl: true
validate_certs: true
security_protocol: 'ssl-with-validation-custom-ca'
certificate_authority: |
-----BEGIN CERTIFICATE-----
@ -278,7 +278,7 @@ EXAMPLES = '''
url: 'https://127.0.0.1'
username: 'admin'
password: 'password'
verify_ssl: true
validate_certs: true
- name: Delete a provider in ManageIQ
@ -290,7 +290,7 @@ EXAMPLES = '''
url: 'https://127.0.0.1'
username: 'admin'
password: 'password'
verify_ssl: true
validate_certs: true
- name: Create a new Amazon provider in ManageIQ using token authentication
@ -305,7 +305,7 @@ EXAMPLES = '''
manageiq_connection:
url: 'https://127.0.0.1'
token: 'VeryLongToken'
verify_ssl: true
validate_certs: true
- name: Create a new oVirt provider in ManageIQ
@ -317,7 +317,7 @@ EXAMPLES = '''
hostname: 'rhev01.example.com'
userid: 'admin@internal'
password: 'password'
verify_ssl: true
validate_certs: true
certificate_authority: |
-----BEGIN CERTIFICATE-----
FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
@ -342,7 +342,7 @@ EXAMPLES = '''
path: 'ovirt_engine_history'
userid: 'user_id_metrics'
password: 'password_metrics'
verify_ssl: true
validate_certs: true
certificate_authority: |
-----BEGIN CERTIFICATE-----
FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
@ -366,7 +366,7 @@ EXAMPLES = '''
url: 'https://127.0.0.1'
username: 'admin'
password: 'password'
verify_ssl: true
validate_certs: true
- name: Create a new VMware provider in ManageIQ
manageiq_provider:
@ -382,7 +382,7 @@ EXAMPLES = '''
manageiq_connection:
url: 'https://127.0.0.1'
token: 'VeryLongToken'
verify_ssl: true
validate_certs: true
- name: Create a new Azure provider in ManageIQ
manageiq_provider:
@ -400,7 +400,7 @@ EXAMPLES = '''
url: 'https://cf-6af0.rhpds.opentlc.com'
username: 'admin'
password: 'password'
verify_ssl: false
validate_certs: false
- name: Create a new OpenStack Director provider in ManageIQ with rsa keypair
manageiq_provider:
@ -413,7 +413,7 @@ EXAMPLES = '''
userid: 'admin'
password: 'password'
security_protocol: 'ssl-with-validation'
verify_ssl: 'true'
validate_certs: 'true'
certificate_authority: |
-----BEGIN CERTIFICATE-----
FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
@ -452,7 +452,7 @@ EXAMPLES = '''
userid: 'admin'
password: 'password'
security_protocol: 'ssl-with-validation'
verify_ssl: 'true'
validate_certs: 'true'
certificate_authority: |
-----BEGIN CERTIFICATE-----
FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
@ -491,7 +491,7 @@ EXAMPLES = '''
provider:
hostname: 'gce.example.com'
auth_key: 'google_json_key'
verify_ssl: 'false'
validate_certs: 'false'
'''
RETURN = '''
@ -551,7 +551,7 @@ def endpoint_argument_spec():
role=dict(),
hostname=dict(required=True),
port=dict(type='int'),
verify_ssl=dict(default=True, type='bool'),
validate_certs=dict(default=True, type='bool', aliases=['verify_ssl']),
certificate_authority=dict(),
security_protocol=dict(
choices=[
@ -662,7 +662,7 @@ class ManageIQProvider(object):
'role': role,
'hostname': endpoint.get('hostname'),
'port': endpoint.get('port'),
'verify_ssl': [0, 1][endpoint.get('verify_ssl', True)],
'verify_ssl': [0, 1][endpoint.get('validate_certs', True)],
'security_protocol': endpoint.get('security_protocol'),
'certificate_authority': endpoint.get('certificate_authority'),
'path': endpoint.get('path'),

6
lib/ansible/modules/remote_management/manageiq/manageiq_tags.py
View file

@ -65,7 +65,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Remove tags for a provider in ManageIQ
manageiq_tags:
@ -81,7 +81,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: List current tags for a provider in ManageIQ
manageiq_tags:
@ -92,7 +92,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
'''
RETURN = '''

10
lib/ansible/modules/remote_management/manageiq/manageiq_tenant.py
View file

@ -86,7 +86,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Create a tenant in ManageIQ
manageiq_tenant:
@ -97,7 +97,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Delete a tenant in ManageIQ
manageiq_tenant:
@ -108,7 +108,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Set tenant quota for cpu_allocated, mem_allocated, remove quota for vms_allocated
manageiq_tenant:
@ -122,7 +122,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Delete a tenant in ManageIQ using a token
@ -133,7 +133,7 @@ EXAMPLES = '''
manageiq_connection:
url: 'http://127.0.0.1:3000'
token: 'sometoken'
verify_ssl: False
validate_certs: False
'''
RETURN = '''

12
lib/ansible/modules/remote_management/manageiq/manageiq_user.py
View file

@ -79,7 +79,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Create a new user in ManageIQ using a token
manageiq_user:
@ -91,7 +91,7 @@ EXAMPLES = '''
manageiq_connection:
url: 'http://127.0.0.1:3000'
token: 'sometoken'
verify_ssl: False
validate_certs: False
- name: Delete a user in ManageIQ
manageiq_user:
@ -101,7 +101,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Delete a user in ManageIQ using a token
manageiq_user:
@ -110,7 +110,7 @@ EXAMPLES = '''
manageiq_connection:
url: 'http://127.0.0.1:3000'
token: 'sometoken'
verify_ssl: False
validate_certs: False
- name: Update email of user in ManageIQ
manageiq_user:
@ -120,7 +120,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Update email of user in ManageIQ using a token
manageiq_user:
@ -129,7 +129,7 @@ EXAMPLES = '''
manageiq_connection:
url: 'http://127.0.0.1:3000'
token: 'sometoken'
verify_ssl: False
validate_certs: False
'''
RETURN = '''

9
lib/ansible/modules/source_control/gitlab_hook.py
View file

@ -95,11 +95,12 @@ options:
- Trigger hook on wiki events
type: bool
default: no
enable_ssl_verification:
hook_validate_certs:
description:
- Whether GitLab will do SSL verification when triggering the hook
type: bool
default: no
aliases: [ enable_ssl_verification ]
token:
description:
- Secret token to validate hook messages at the receiver.
@ -119,7 +120,7 @@ EXAMPLES = '''
state: present
push_events: yes
tag_push_events: yes
enable_ssl_verification: no
hook_validate_certs: no
token: "my-super-secret-token-that-my-ci-server-will-check"
- name: "Delete the previous hook"
@ -315,7 +316,7 @@ def main():
job_events=dict(type='bool', default=False),
pipeline_events=dict(type='bool', default=False),
wiki_page_events=dict(type='bool', default=False),
enable_ssl_verification=dict(type='bool', default=False),
hook_validate_certs=dict(type='bool', default=False, aliases=['enable_ssl_verification']),
token=dict(type='str', no_log=True),
))
@ -353,7 +354,7 @@ def main():
job_events = module.params['job_events']
pipeline_events = module.params['pipeline_events']
wiki_page_events = module.params['wiki_page_events']
enable_ssl_verification = module.params['enable_ssl_verification']
enable_ssl_verification = module.params['hook_validate_certs']
hook_token = module.params['token']
if not HAS_GITLAB_PACKAGE:

5
lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential_type.py
View file

@ -58,11 +58,12 @@ options:
required: False
default: "present"
choices: ["present", "absent"]
tower_verify_ssl:
validate_certs:
description:
- Tower option to avoid certificates check.
required: False
type: bool
aliases: [ tower_verify_ssl ]
extends_documentation_fragment: tower
'''
@ -75,7 +76,7 @@ EXAMPLES = '''
inputs: "{{ lookup('file', 'tower_credential_inputs_nexus.json') }}"
injectors: {'extra_vars': {'nexus_credential': 'test' }}
state: present
tower_verify_ssl: false
validate_certs: false
- tower_credential_type:
name: Nexus

5
lib/ansible/modules/web_infrastructure/ansible_tower/tower_inventory_source.py
View file

@ -138,10 +138,11 @@ options:
- Desired state of the resource.
default: "present"
choices: ["present", "absent"]
tower_verify_ssl:
validate_certs:
description:
- Tower option to avoid certificates check.
type: bool
aliases: [ tower_verify_ssl ]
extends_documentation_fragment: tower
'''
@ -158,7 +159,7 @@ EXAMPLES = '''
overwrite: true
source_vars: '{ private: false }'
state: present
tower_verify_ssl: false
validate_certs: false
'''