standardize TLS connection properties (#54315)

* openstack: standardize tls params

* tower: tower_verify_ssl->validate_certs

* docker: use standard tls config params

- cacert_path -> ca_cert
- cert_path -> client_cert
- key_path -> client_key
- tls_verify -> validate_certs

* k8s: standardize tls connection params

- verify_ssl -> validate_certs
- ssl_ca_cert -> ca_cert
- cert_file -> client_cert
- key_file -> client_key

* ingate: verify_ssl -> validate_certs

* manageiq: standardize tls params

- verify_ssl -> validate_certs
- ca_bundle_path -> ca_cert

* mysql: standardize tls params

- ssl_ca -> ca_cert
- ssl_cert -> client_cert
- ssl_key -> client_key

* nios: ssl_verify -> validate_certs

* postgresql: ssl_rootcert -> ca_cert

* rabbitmq: standardize tls params

- cacert -> ca_cert
- cert -> client_cert
- key -> client_key

* rackspace: verify_ssl -> validate_certs

* vca: verify_certs -> validate_certs

* kubevirt_cdi_upload: upload_host_verify_ssl -> upload_host_validate_certs

* lxd: standardize tls params

- key_file -> client_key
- cert_file -> client_cert

* get_certificate: ca_certs -> ca_cert

* get_certificate.py: clarify one or more certs in a file

Co-Authored-By: jamescassell <code@james.cassell.me>

* zabbix: tls_issuer -> ca_cert

* bigip_device_auth_ldap: standardize tls params

- ssl_check_peer -> validate_certs
- ssl_client_cert -> client_cert
- ssl_client_key -> client_key
- ssl_ca_cert -> ca_cert

* vdirect: vdirect_validate_certs -> validate_certs

* mqtt: standardize tls params

- ca_certs -> ca_cert
- certfile -> client_cert
- keyfile -> client_key

* pulp_repo: standardize tls params

remove `importer_ssl` prefix

* rhn_register: sslcacert -> ca_cert

* yum_repository: standardize tls params

The fix for yum_repository is not straightforward since this module is
only a thin wrapper for the underlying commands and config.  In this
case, we add the new values as aliases, keeping the old as primary,
only due to the internal structure of the module.

Aliases added:
- sslcacert -> ca_cert
- sslclientcert -> client_cert
- sslclientkey -> client_key
- sslverify -> validate_certs

* gitlab_hook: enable_ssl_verification -> hook_validate_certs

* Adjust arguments for docker_swarm inventory plugin.

* foreman callback: standardize tls params

- ssl_cert -> client_cert
- ssl_key -> client_key

* grafana_annotations: validate_grafana_certs -> validate_certs

* nrdp callback: validate_nrdp_certs -> validate_certs

* kubectl connection: standardize tls params

- kubectl_cert_file -> client_cert
- kubectl_key_file -> client_key
- kubectl_ssl_ca_cert -> ca_cert
- kubectl_verify_ssl -> validate_certs

* oc connection: standardize tls params

- oc_cert_file -> client_cert
- oc_key_file -> client_key
- oc_ssl_ca_cert -> ca_cert
- oc_verify_ssl -> validate_certs

* psrp connection: cert_trust_path -> ca_cert

TODO: cert_validation -> validate_certs (multi-valued vs bool)

* k8s inventory: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* openshift inventory: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* tower inventory: verify_ssl -> validate_certs

* hashi_vault lookup: cacert -> ca_cert

* k8s lookup: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* laps_passord lookup: cacert_file -> ca_cert

* changelog for TLS parameter standardization

lib/ansible/modules/remote_management/manageiq/manageiq_provider.py

@@ -82,7 +82,7 @@ options:
         description: Provider's api endpoint authentication password. defaults to None.
       auth_key:
         description: Provider's api endpoint authentication bearer token. defaults to None.
-      verify_ssl:
+      validate_certs:
         description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True.
         type: bool
         default: 'yes'
@@ -106,7 +106,7 @@ options:
         description: Provider's api endpoint authentication password. defaults to None.
       auth_key:
         description: Provider's api endpoint authentication bearer token. defaults to None.
-      verify_ssl:
+      validate_certs:
         description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True.
         type: bool
         default: 'yes'
@@ -133,7 +133,7 @@ options:
         description: Provider's api endpoint authentication password. defaults to None.
       auth_key:
         description: Provider's api endpoint authentication bearer token. defaults to None.
-      verify_ssl:
+      validate_certs:
         description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True.
         default: true
       security_protocol:
@@ -165,7 +165,7 @@ EXAMPLES = '''
       auth_key: 'topSecret'
       hostname: 'example.com'
       port: 8443
-      verify_ssl: true
+      validate_certs: true
       security_protocol: 'ssl-with-validation-custom-ca'
       certificate_authority: |
         -----BEGIN CERTIFICATE-----
@@ -191,7 +191,7 @@ EXAMPLES = '''
       role: 'hawkular'
       hostname: 'example.com'
       port: 443
-      verify_ssl: true
+      validate_certs: true
       security_protocol: 'ssl-with-validation-custom-ca'
       certificate_authority: |
         -----BEGIN CERTIFICATE-----
@@ -216,7 +216,7 @@ EXAMPLES = '''
       url: 'https://127.0.0.1:80'
       username: 'admin'
       password: 'password'
-      verify_ssl: true
+      validate_certs: true
 
 
 - name: Update an existing provider named 'EngLab' (defaults to 'Prometheus' metrics)
@@ -228,7 +228,7 @@ EXAMPLES = '''
       auth_key: 'topSecret'
       hostname: 'next.example.com'
       port: 8443
-      verify_ssl: true
+      validate_certs: true
       security_protocol: 'ssl-with-validation-custom-ca'
       certificate_authority: |
         -----BEGIN CERTIFICATE-----
@@ -253,7 +253,7 @@ EXAMPLES = '''
       auth_key: 'topSecret'
       hostname: 'next.example.com'
       port: 443
-      verify_ssl: true
+      validate_certs: true
       security_protocol: 'ssl-with-validation-custom-ca'
       certificate_authority: |
         -----BEGIN CERTIFICATE-----
@@ -278,7 +278,7 @@ EXAMPLES = '''
       url: 'https://127.0.0.1'
       username: 'admin'
       password: 'password'
-      verify_ssl: true
+      validate_certs: true
 
 
 - name: Delete a provider in ManageIQ
@@ -290,7 +290,7 @@ EXAMPLES = '''
       url: 'https://127.0.0.1'
       username: 'admin'
       password: 'password'
-      verify_ssl: true
+      validate_certs: true
 
 
 - name: Create a new Amazon provider in ManageIQ using token authentication
@@ -305,7 +305,7 @@ EXAMPLES = '''
     manageiq_connection:
       url: 'https://127.0.0.1'
       token: 'VeryLongToken'
-      verify_ssl: true
+      validate_certs: true
 
 
 - name: Create a new oVirt provider in ManageIQ
@@ -317,7 +317,7 @@ EXAMPLES = '''
       hostname: 'rhev01.example.com'
       userid: 'admin@internal'
       password: 'password'
-      verify_ssl: true
+      validate_certs: true
       certificate_authority: |
         -----BEGIN CERTIFICATE-----
         FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
@@ -342,7 +342,7 @@ EXAMPLES = '''
       path: 'ovirt_engine_history'
       userid: 'user_id_metrics'
       password: 'password_metrics'
-      verify_ssl: true
+      validate_certs: true
       certificate_authority: |
         -----BEGIN CERTIFICATE-----
         FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
@@ -366,7 +366,7 @@ EXAMPLES = '''
       url: 'https://127.0.0.1'
       username: 'admin'
       password: 'password'
-      verify_ssl: true
+      validate_certs: true
 
 - name: Create a new VMware provider in ManageIQ
   manageiq_provider:
@@ -382,7 +382,7 @@ EXAMPLES = '''
     manageiq_connection:
       url: 'https://127.0.0.1'
       token: 'VeryLongToken'
-      verify_ssl: true
+      validate_certs: true
 
 - name: Create a new Azure provider in ManageIQ
   manageiq_provider:
@@ -400,7 +400,7 @@ EXAMPLES = '''
       url: 'https://cf-6af0.rhpds.opentlc.com'
       username: 'admin'
       password: 'password'
-      verify_ssl: false
+      validate_certs: false
 
 - name: Create a new OpenStack Director provider in ManageIQ with rsa keypair
   manageiq_provider:
@@ -413,7 +413,7 @@ EXAMPLES = '''
       userid: 'admin'
       password: 'password'
       security_protocol: 'ssl-with-validation'
-      verify_ssl: 'true'
+      validate_certs: 'true'
       certificate_authority: |
         -----BEGIN CERTIFICATE-----
         FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
@@ -452,7 +452,7 @@ EXAMPLES = '''
       userid: 'admin'
       password: 'password'
       security_protocol: 'ssl-with-validation'
-      verify_ssl: 'true'
+      validate_certs: 'true'
       certificate_authority: |
         -----BEGIN CERTIFICATE-----
         FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
@@ -491,7 +491,7 @@ EXAMPLES = '''
     provider:
       hostname: 'gce.example.com'
       auth_key: 'google_json_key'
-      verify_ssl: 'false'
+      validate_certs: 'false'
 '''
 
 RETURN = '''
@@ -551,7 +551,7 @@ def endpoint_argument_spec():
         role=dict(),
         hostname=dict(required=True),
         port=dict(type='int'),
-        verify_ssl=dict(default=True, type='bool'),
+        validate_certs=dict(default=True, type='bool', aliases=['verify_ssl']),
         certificate_authority=dict(),
         security_protocol=dict(
             choices=[
@@ -662,7 +662,7 @@ class ManageIQProvider(object):
                         'role': role,
                         'hostname': endpoint.get('hostname'),
                         'port': endpoint.get('port'),
-                        'verify_ssl': [0, 1][endpoint.get('verify_ssl', True)],
+                        'verify_ssl': [0, 1][endpoint.get('validate_certs', True)],
                         'security_protocol': endpoint.get('security_protocol'),
                         'certificate_authority': endpoint.get('certificate_authority'),
                         'path': endpoint.get('path'),