ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-22 12:50:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

standardize TLS connection properties (#54315)

Browse source 
* openstack: standardize tls params

* tower: tower_verify_ssl->validate_certs

* docker: use standard tls config params

- cacert_path -> ca_cert
- cert_path -> client_cert
- key_path -> client_key
- tls_verify -> validate_certs

* k8s: standardize tls connection params

- verify_ssl -> validate_certs
- ssl_ca_cert -> ca_cert
- cert_file -> client_cert
- key_file -> client_key

* ingate: verify_ssl -> validate_certs

* manageiq: standardize tls params

- verify_ssl -> validate_certs
- ca_bundle_path -> ca_cert

* mysql: standardize tls params

- ssl_ca -> ca_cert
- ssl_cert -> client_cert
- ssl_key -> client_key

* nios: ssl_verify -> validate_certs

* postgresql: ssl_rootcert -> ca_cert

* rabbitmq: standardize tls params

- cacert -> ca_cert
- cert -> client_cert
- key -> client_key

* rackspace: verify_ssl -> validate_certs

* vca: verify_certs -> validate_certs

* kubevirt_cdi_upload: upload_host_verify_ssl -> upload_host_validate_certs

* lxd: standardize tls params

- key_file -> client_key
- cert_file -> client_cert

* get_certificate: ca_certs -> ca_cert

* get_certificate.py: clarify one or more certs in a file

Co-Authored-By: jamescassell <code@james.cassell.me>

* zabbix: tls_issuer -> ca_cert

* bigip_device_auth_ldap: standardize tls params

- ssl_check_peer -> validate_certs
- ssl_client_cert -> client_cert
- ssl_client_key -> client_key
- ssl_ca_cert -> ca_cert

* vdirect: vdirect_validate_certs -> validate_certs

* mqtt: standardize tls params

- ca_certs -> ca_cert
- certfile -> client_cert
- keyfile -> client_key

* pulp_repo: standardize tls params

remove `importer_ssl` prefix

* rhn_register: sslcacert -> ca_cert

* yum_repository: standardize tls params

The fix for yum_repository is not straightforward since this module is
only a thin wrapper for the underlying commands and config.  In this
case, we add the new values as aliases, keeping the old as primary,
only due to the internal structure of the module.

Aliases added:
- sslcacert -> ca_cert
- sslclientcert -> client_cert
- sslclientkey -> client_key
- sslverify -> validate_certs

* gitlab_hook: enable_ssl_verification -> hook_validate_certs

* Adjust arguments for docker_swarm inventory plugin.

* foreman callback: standardize tls params

- ssl_cert -> client_cert
- ssl_key -> client_key

* grafana_annotations: validate_grafana_certs -> validate_certs

* nrdp callback: validate_nrdp_certs -> validate_certs

* kubectl connection: standardize tls params

- kubectl_cert_file -> client_cert
- kubectl_key_file -> client_key
- kubectl_ssl_ca_cert -> ca_cert
- kubectl_verify_ssl -> validate_certs

* oc connection: standardize tls params

- oc_cert_file -> client_cert
- oc_key_file -> client_key
- oc_ssl_ca_cert -> ca_cert
- oc_verify_ssl -> validate_certs

* psrp connection: cert_trust_path -> ca_cert

TODO: cert_validation -> validate_certs (multi-valued vs bool)

* k8s inventory: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* openshift inventory: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* tower inventory: verify_ssl -> validate_certs

* hashi_vault lookup: cacert -> ca_cert

* k8s lookup: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* laps_passord lookup: cacert_file -> ca_cert

* changelog for TLS parameter standardization
This commit is contained in:
James Cassell 2019-03-28 01:19:28 -04:00 committed by Adam Miller
commit bc4ef99533
90 changed files with 556 additions and 411 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/ansible/modules/remote_management/manageiq/manageiq_alert_profiles.py
View file

@ -61,7 +61,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Delete an alert profile from ManageIQ
manageiq_alert_profiles:
@ -71,7 +71,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
'''
RETURN = '''

6
lib/ansible/modules/remote_management/manageiq/manageiq_alerts.py
View file

@ -80,7 +80,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Add an alert with a "miq expression" to ManageIQ
manageiq_alerts:
@ -107,7 +107,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Delete an alert from ManageIQ
manageiq_alerts:
@ -117,7 +117,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
'''
RETURN = '''

6
lib/ansible/modules/remote_management/manageiq/manageiq_group.py
View file

@ -104,7 +104,7 @@ EXAMPLES = '''
url: 'https://manageiq_server'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Create a group in ManageIQ with the role EvmRole-user and tenant with tenant_id 4
manageiq_group:
@ -115,7 +115,7 @@ EXAMPLES = '''
url: 'https://manageiq_server'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name:
- Create or update a group in ManageIQ with the role EvmRole-user and tenant my_tenant.
@ -141,7 +141,7 @@ EXAMPLES = '''
url: 'https://manageiq_server'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Delete a group in ManageIQ
manageiq_group:

6
lib/ansible/modules/remote_management/manageiq/manageiq_policies.py
View file

@ -62,7 +62,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Unassign a policy_profile for a provider in ManageIQ
manageiq_policies:
@ -75,7 +75,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: List current policy_profile and policies for a provider in ManageIQ
manageiq_policies:
@ -86,7 +86,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
'''
RETURN = '''

42
lib/ansible/modules/remote_management/manageiq/manageiq_provider.py
View file

@ -82,7 +82,7 @@ options:
description: Provider's api endpoint authentication password. defaults to None.
auth_key:
description: Provider's api endpoint authentication bearer token. defaults to None.
verify_ssl:
validate_certs:
description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True.
type: bool
default: 'yes'
@ -106,7 +106,7 @@ options:
description: Provider's api endpoint authentication password. defaults to None.
auth_key:
description: Provider's api endpoint authentication bearer token. defaults to None.
verify_ssl:
validate_certs:
description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True.
type: bool
default: 'yes'
@ -133,7 +133,7 @@ options:
description: Provider's api endpoint authentication password. defaults to None.
auth_key:
description: Provider's api endpoint authentication bearer token. defaults to None.
verify_ssl:
validate_certs:
description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True.
default: true
security_protocol:
@ -165,7 +165,7 @@ EXAMPLES = '''
auth_key: 'topSecret'
hostname: 'example.com'
port: 8443
verify_ssl: true
validate_certs: true
security_protocol: 'ssl-with-validation-custom-ca'
certificate_authority: |
-----BEGIN CERTIFICATE-----
@ -191,7 +191,7 @@ EXAMPLES = '''
role: 'hawkular'
hostname: 'example.com'
port: 443
verify_ssl: true
validate_certs: true
security_protocol: 'ssl-with-validation-custom-ca'
certificate_authority: |
-----BEGIN CERTIFICATE-----
@ -216,7 +216,7 @@ EXAMPLES = '''
url: 'https://127.0.0.1:80'
username: 'admin'
password: 'password'
verify_ssl: true
validate_certs: true
- name: Update an existing provider named 'EngLab' (defaults to 'Prometheus' metrics)
@ -228,7 +228,7 @@ EXAMPLES = '''
auth_key: 'topSecret'
hostname: 'next.example.com'
port: 8443
verify_ssl: true
validate_certs: true
security_protocol: 'ssl-with-validation-custom-ca'
certificate_authority: |
-----BEGIN CERTIFICATE-----
@ -253,7 +253,7 @@ EXAMPLES = '''
auth_key: 'topSecret'
hostname: 'next.example.com'
port: 443
verify_ssl: true
validate_certs: true
security_protocol: 'ssl-with-validation-custom-ca'
certificate_authority: |
-----BEGIN CERTIFICATE-----
@ -278,7 +278,7 @@ EXAMPLES = '''
url: 'https://127.0.0.1'
username: 'admin'
password: 'password'
verify_ssl: true
validate_certs: true
- name: Delete a provider in ManageIQ
@ -290,7 +290,7 @@ EXAMPLES = '''
url: 'https://127.0.0.1'
username: 'admin'
password: 'password'
verify_ssl: true
validate_certs: true
- name: Create a new Amazon provider in ManageIQ using token authentication
@ -305,7 +305,7 @@ EXAMPLES = '''
manageiq_connection:
url: 'https://127.0.0.1'
token: 'VeryLongToken'
verify_ssl: true
validate_certs: true
- name: Create a new oVirt provider in ManageIQ
@ -317,7 +317,7 @@ EXAMPLES = '''
hostname: 'rhev01.example.com'
userid: 'admin@internal'
password: 'password'
verify_ssl: true
validate_certs: true
certificate_authority: |
-----BEGIN CERTIFICATE-----
FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
@ -342,7 +342,7 @@ EXAMPLES = '''
path: 'ovirt_engine_history'
userid: 'user_id_metrics'
password: 'password_metrics'
verify_ssl: true
validate_certs: true
certificate_authority: |
-----BEGIN CERTIFICATE-----
FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
@ -366,7 +366,7 @@ EXAMPLES = '''
url: 'https://127.0.0.1'
username: 'admin'
password: 'password'
verify_ssl: true
validate_certs: true
- name: Create a new VMware provider in ManageIQ
manageiq_provider:
@ -382,7 +382,7 @@ EXAMPLES = '''
manageiq_connection:
url: 'https://127.0.0.1'
token: 'VeryLongToken'
verify_ssl: true
validate_certs: true
- name: Create a new Azure provider in ManageIQ
manageiq_provider:
@ -400,7 +400,7 @@ EXAMPLES = '''
url: 'https://cf-6af0.rhpds.opentlc.com'
username: 'admin'
password: 'password'
verify_ssl: false
validate_certs: false
- name: Create a new OpenStack Director provider in ManageIQ with rsa keypair
manageiq_provider:
@ -413,7 +413,7 @@ EXAMPLES = '''
userid: 'admin'
password: 'password'
security_protocol: 'ssl-with-validation'
verify_ssl: 'true'
validate_certs: 'true'
certificate_authority: |
-----BEGIN CERTIFICATE-----
FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
@ -452,7 +452,7 @@ EXAMPLES = '''
userid: 'admin'
password: 'password'
security_protocol: 'ssl-with-validation'
verify_ssl: 'true'
validate_certs: 'true'
certificate_authority: |
-----BEGIN CERTIFICATE-----
FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
@ -491,7 +491,7 @@ EXAMPLES = '''
provider:
hostname: 'gce.example.com'
auth_key: 'google_json_key'
verify_ssl: 'false'
validate_certs: 'false'
'''
RETURN = '''
@ -551,7 +551,7 @@ def endpoint_argument_spec():
role=dict(),
hostname=dict(required=True),
port=dict(type='int'),
verify_ssl=dict(default=True, type='bool'),
validate_certs=dict(default=True, type='bool', aliases=['verify_ssl']),
certificate_authority=dict(),
security_protocol=dict(
choices=[
@ -662,7 +662,7 @@ class ManageIQProvider(object):
'role': role,
'hostname': endpoint.get('hostname'),
'port': endpoint.get('port'),
'verify_ssl': [0, 1][endpoint.get('verify_ssl', True)],
'verify_ssl': [0, 1][endpoint.get('validate_certs', True)],
'security_protocol': endpoint.get('security_protocol'),
'certificate_authority': endpoint.get('certificate_authority'),
'path': endpoint.get('path'),

6
lib/ansible/modules/remote_management/manageiq/manageiq_tags.py
View file

@ -65,7 +65,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Remove tags for a provider in ManageIQ
manageiq_tags:
@ -81,7 +81,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: List current tags for a provider in ManageIQ
manageiq_tags:
@ -92,7 +92,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
'''
RETURN = '''

10
lib/ansible/modules/remote_management/manageiq/manageiq_tenant.py
View file

@ -86,7 +86,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Create a tenant in ManageIQ
manageiq_tenant:
@ -97,7 +97,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Delete a tenant in ManageIQ
manageiq_tenant:
@ -108,7 +108,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Set tenant quota for cpu_allocated, mem_allocated, remove quota for vms_allocated
manageiq_tenant:
@ -122,7 +122,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Delete a tenant in ManageIQ using a token
@ -133,7 +133,7 @@ EXAMPLES = '''
manageiq_connection:
url: 'http://127.0.0.1:3000'
token: 'sometoken'
verify_ssl: False
validate_certs: False
'''
RETURN = '''

12
lib/ansible/modules/remote_management/manageiq/manageiq_user.py
View file

@ -79,7 +79,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Create a new user in ManageIQ using a token
manageiq_user:
@ -91,7 +91,7 @@ EXAMPLES = '''
manageiq_connection:
url: 'http://127.0.0.1:3000'
token: 'sometoken'
verify_ssl: False
validate_certs: False
- name: Delete a user in ManageIQ
manageiq_user:
@ -101,7 +101,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Delete a user in ManageIQ using a token
manageiq_user:
@ -110,7 +110,7 @@ EXAMPLES = '''
manageiq_connection:
url: 'http://127.0.0.1:3000'
token: 'sometoken'
verify_ssl: False
validate_certs: False
- name: Update email of user in ManageIQ
manageiq_user:
@ -120,7 +120,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000'
username: 'admin'
password: 'smartvm'
verify_ssl: False
validate_certs: False
- name: Update email of user in ManageIQ using a token
manageiq_user:
@ -129,7 +129,7 @@ EXAMPLES = '''
manageiq_connection:
url: 'http://127.0.0.1:3000'
token: 'sometoken'
verify_ssl: False
validate_certs: False
'''
RETURN = '''