standardize TLS connection properties (#54315)

mirror of https://github.com/ansible-collections/community.general.git synced 2025-04-25 03:41:25 -07:00

* openstack: standardize tls params

* tower: tower_verify_ssl->validate_certs

* docker: use standard tls config params

- cacert_path -> ca_cert
- cert_path -> client_cert
- key_path -> client_key
- tls_verify -> validate_certs

* k8s: standardize tls connection params

- verify_ssl -> validate_certs
- ssl_ca_cert -> ca_cert
- cert_file -> client_cert
- key_file -> client_key

* ingate: verify_ssl -> validate_certs

* manageiq: standardize tls params

- verify_ssl -> validate_certs
- ca_bundle_path -> ca_cert

* mysql: standardize tls params

- ssl_ca -> ca_cert
- ssl_cert -> client_cert
- ssl_key -> client_key

* nios: ssl_verify -> validate_certs

* postgresql: ssl_rootcert -> ca_cert

* rabbitmq: standardize tls params

- cacert -> ca_cert
- cert -> client_cert
- key -> client_key

* rackspace: verify_ssl -> validate_certs

* vca: verify_certs -> validate_certs

* kubevirt_cdi_upload: upload_host_verify_ssl -> upload_host_validate_certs

* lxd: standardize tls params

- key_file -> client_key
- cert_file -> client_cert

* get_certificate: ca_certs -> ca_cert

* get_certificate.py: clarify one or more certs in a file

Co-Authored-By: jamescassell <code@james.cassell.me>

* zabbix: tls_issuer -> ca_cert

* bigip_device_auth_ldap: standardize tls params

- ssl_check_peer -> validate_certs
- ssl_client_cert -> client_cert
- ssl_client_key -> client_key
- ssl_ca_cert -> ca_cert

* vdirect: vdirect_validate_certs -> validate_certs

* mqtt: standardize tls params

- ca_certs -> ca_cert
- certfile -> client_cert
- keyfile -> client_key

* pulp_repo: standardize tls params

remove `importer_ssl` prefix

* rhn_register: sslcacert -> ca_cert

* yum_repository: standardize tls params

The fix for yum_repository is not straightforward since this module is
only a thin wrapper for the underlying commands and config.  In this
case, we add the new values as aliases, keeping the old as primary,
only due to the internal structure of the module.

Aliases added:
- sslcacert -> ca_cert
- sslclientcert -> client_cert
- sslclientkey -> client_key
- sslverify -> validate_certs

* gitlab_hook: enable_ssl_verification -> hook_validate_certs

* Adjust arguments for docker_swarm inventory plugin.

* foreman callback: standardize tls params

- ssl_cert -> client_cert
- ssl_key -> client_key

* grafana_annotations: validate_grafana_certs -> validate_certs

* nrdp callback: validate_nrdp_certs -> validate_certs

* kubectl connection: standardize tls params

- kubectl_cert_file -> client_cert
- kubectl_key_file -> client_key
- kubectl_ssl_ca_cert -> ca_cert
- kubectl_verify_ssl -> validate_certs

* oc connection: standardize tls params

- oc_cert_file -> client_cert
- oc_key_file -> client_key
- oc_ssl_ca_cert -> ca_cert
- oc_verify_ssl -> validate_certs

* psrp connection: cert_trust_path -> ca_cert

TODO: cert_validation -> validate_certs (multi-valued vs bool)

* k8s inventory: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* openshift inventory: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* tower inventory: verify_ssl -> validate_certs

* hashi_vault lookup: cacert -> ca_cert

* k8s lookup: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* laps_passord lookup: cacert_file -> ca_cert

* changelog for TLS parameter standardization

This commit is contained in:

James Cassell

2019-03-28 01:19:28 -04:00

• committed by

Adam Miller

parent 85d836171b

commit bc4ef99533

90 changed files with 556 additions and 411 deletions

									
										13

lib/ansible/plugins/doc_fragments/openstack.py
									
										View file
										
				@ -54,26 +54,29 @@ options:

				      - How long should the socket layer wait before timing out for API calls.

				        If this is omitted, nothing will be passed to the requests library.

				    type: int

				  verify:

				  validate_certs:

				    description:

				      - Whether or not SSL API requests should be verified.

				      - Before Ansible 2.3 this defaulted to C(yes).

				    type: bool

				    default: no

				    aliases: [ validate_certs ]

				  cacert:

				    aliases: [ verify ]

				  ca_cert:

				    description:

				      - A path to a CA Cert bundle that can be used as part of verifying

				        SSL API requests.

				    type: str

				  cert:

				    aliases: [ cacert ]

				  client_cert:

				    description:

				      - A path to a client certificate to use as part of the SSL transaction.

				    type: str

				  key:

				    aliases: [ cert ]

				  client_key:

				    description:

				      - A path to a client key to use as part of the SSL transaction.

				    type: str

				    aliases: [ key ]

				  interface:

				    description:

				        - Endpoint URL type to fetch from the service catalog.

Rows
Columns

standardize TLS connection properties (#54315)

13 lib/ansible/plugins/doc_fragments/openstack.py Unescape Escape View file

13

lib/ansible/plugins/doc_fragments/openstack.py

View file