standardize TLS connection properties (#54315)

* openstack: standardize tls params * tower: tower_verify_ssl->validate_certs * docker: use standard tls config params - cacert_path -> ca_cert - cert_path -> client_cert - key_path -> client_key - tls_verify -> validate_certs * k8s: standardize tls connection params - verify_ssl -> validate_certs - ssl_ca_cert -> ca_cert - cert_file -> client_cert - key_file -> client_key * ingate: verify_ssl -> validate_certs * manageiq: standardize tls params - verify_ssl -> validate_certs - ca_bundle_path -> ca_cert * mysql: standardize tls params - ssl_ca -> ca_cert - ssl_cert -> client_cert - ssl_key -> client_key * nios: ssl_verify -> validate_certs * postgresql: ssl_rootcert -> ca_cert * rabbitmq: standardize tls params - cacert -> ca_cert - cert -> client_cert - key -> client_key * rackspace: verify_ssl -> validate_certs * vca: verify_certs -> validate_certs * kubevirt_cdi_upload: upload_host_verify_ssl -> upload_host_validate_certs * lxd: standardize tls params - key_file -> client_key - cert_file -> client_cert * get_certificate: ca_certs -> ca_cert * get_certificate.py: clarify one or more certs in a file Co-Authored-By: jamescassell <code@james.cassell.me> * zabbix: tls_issuer -> ca_cert * bigip_device_auth_ldap: standardize tls params - ssl_check_peer -> validate_certs - ssl_client_cert -> client_cert - ssl_client_key -> client_key - ssl_ca_cert -> ca_cert * vdirect: vdirect_validate_certs -> validate_certs * mqtt: standardize tls params - ca_certs -> ca_cert - certfile -> client_cert - keyfile -> client_key * pulp_repo: standardize tls params remove `importer_ssl` prefix * rhn_register: sslcacert -> ca_cert * yum_repository: standardize tls params The fix for yum_repository is not straightforward since this module is only a thin wrapper for the underlying commands and config. In this case, we add the new values as aliases, keeping the old as primary, only due to the internal structure of the module. Aliases added: - sslcacert -> ca_cert - sslclientcert -> client_cert - sslclientkey -> client_key - sslverify -> validate_certs * gitlab_hook: enable_ssl_verification -> hook_validate_certs * Adjust arguments for docker_swarm inventory plugin. * foreman callback: standardize tls params - ssl_cert -> client_cert - ssl_key -> client_key * grafana_annotations: validate_grafana_certs -> validate_certs * nrdp callback: validate_nrdp_certs -> validate_certs * kubectl connection: standardize tls params - kubectl_cert_file -> client_cert - kubectl_key_file -> client_key - kubectl_ssl_ca_cert -> ca_cert - kubectl_verify_ssl -> validate_certs * oc connection: standardize tls params - oc_cert_file -> client_cert - oc_key_file -> client_key - oc_ssl_ca_cert -> ca_cert - oc_verify_ssl -> validate_certs * psrp connection: cert_trust_path -> ca_cert TODO: cert_validation -> validate_certs (multi-valued vs bool) * k8s inventory: standardize tls params - cert_file -> client_cert - key_file -> client_key - ca_cert -> ca_cert - verify_ssl -> validate_certs * openshift inventory: standardize tls params - cert_file -> client_cert - key_file -> client_key - ca_cert -> ca_cert - verify_ssl -> validate_certs * tower inventory: verify_ssl -> validate_certs * hashi_vault lookup: cacert -> ca_cert * k8s lookup: standardize tls params - cert_file -> client_cert - key_file -> client_key - ca_cert -> ca_cert - verify_ssl -> validate_certs * laps_passord lookup: cacert_file -> ca_cert * changelog for TLS parameter standardization
2025-05-05 00:31:37 -07:00 · 2019-03-28 01:19:28 -04:00 · 2019-03-28 01:19:28 -04:00 · bc4ef99533
commit bc4ef99533
parent 85d836171b
90 changed files with 556 additions and 411 deletions
--- a/test/integration/targets/get_certificate/tests/validate.yml
+++ b/test/integration/targets/get_certificate/tests/validate.yml
@ -56,7 +56,7 @@
      - result is not changed
      - result is failed
      # We got the correct response from the module
-      - "'ca_certs file does not exist' == result.msg"
+      - "'ca_cert file does not exist' == result.msg"

 - name: Download CA Cert as pem from server
  get_url:
--- a/test/integration/targets/lookup_hashi_vault/lookup_hashi_vault/tasks/tests.yml
+++ b/test/integration/targets/lookup_hashi_vault/lookup_hashi_vault/tasks/tests.yml
@ -17,7 +17,7 @@
    - name: 'test {{ auth_type }} auth with certs (validation enabled, lookup parameters)'
      include_tasks: '{{ auth_type }}_test.yml'
      vars:
-        conn_params: 'url=https://localhost:8201 cacert={{ local_temp_dir }}/cert.pem validate_certs=True '
+        conn_params: 'url=https://localhost:8201 ca_cert={{ local_temp_dir }}/cert.pem validate_certs=True '

    - name: 'test {{ auth_type }} auth with certs (validation enabled, environment variables)'
      include_tasks: '{{ auth_type }}_test.yml'
--- a/test/integration/targets/tower_user/tasks/main.yml
+++ b/test/integration/targets/tower_user/tasks/main.yml
@ -83,7 +83,7 @@
    password: "{{ 65535 | random | to_uuid }}"
    email: joe@example.org
    state: present
-    tower_verify_ssl: true
+    validate_certs: true
    tower_host: http://foo.invalid
  ignore_errors: true
  register: result
--- a/test/integration/targets/tower_workflow_launch/tests/validate.yml
+++ b/test/integration/targets/tower_workflow_launch/tests/validate.yml
@ -1,6 +1,6 @@
 - name: Run a workflow with no parameters
  tower_workflow_launch:
-    tower_verify_ssl: False
+    validate_certs: False
  ignore_errors: true
  register: result1

@ -12,7 +12,7 @@
 - name: Fail no connect to Tower server
  tower_workflow_launch:
    tower_host: 127.0.0.1:22
-    tower_verify_ssl: False
+    validate_certs: False
    workflow_template: "Here"
  ignore_errors: True
  register: result2
@ -24,7 +24,7 @@

 - name: Connect to Tower server but request an invalid workflow
  tower_workflow_launch:
-    tower_verify_ssl: False
+    validate_certs: False
    workflow_template: "Does Not Exist"
  ignore_errors: true
  register: result3
@ -36,7 +36,7 @@

 - name: Connect to Tower in check_mode with a valid workflow name
  tower_workflow_launch:
-    tower_verify_ssl: False
+    validate_certs: False
    workflow_template: "Success Workflow"
  check_mode: True
  ignore_errors: true
@ -49,7 +49,7 @@

 - name: Connect to Tower in check_mode with a valid workflow id
  tower_workflow_launch:
-    tower_verify_ssl: False
+    validate_certs: False
    workflow_template: 9999999
  check_mode: True
  ignore_errors: true
@ -62,7 +62,7 @@

 - name: Run the workflow without waiting (this should just give us back a job ID)
  tower_workflow_launch:
-    tower_verify_ssl: False
+    validate_certs: False
    workflow_template: "Success Workflow"
    wait: False
  ignore_errors: True
@ -75,7 +75,7 @@

 - name: Kick off a workflow and wait for it
  tower_workflow_launch:
-    tower_verify_ssl: False
+    validate_certs: False
    workflow_template: "Success Workflow"
  ignore_errors: True
  register: result7
@ -87,7 +87,7 @@

 - name: Kick off a workflow and wait for it, but only for a second
  tower_workflow_launch:
-    tower_verify_ssl: False
+    validate_certs: False
    workflow_template: "Success Workflow"
    timeout: 1
  ignore_errors: True
--- a/test/units/module_utils/net_tools/nios/test_api.py
+++ b/test/units/module_utils/net_tools/nios/test_api.py
@ -30,7 +30,7 @@ class TestNiosApi(unittest.TestCase):
        self.mock_connector.stop()

    def test_get_provider_spec(self):
-        provider_options = ['host', 'username', 'password', 'ssl_verify', 'silent_ssl_warnings',
+        provider_options = ['host', 'username', 'password', 'validate_certs', 'silent_ssl_warnings',
                            'http_request_timeout', 'http_pool_connections',
                            'http_pool_maxsize', 'max_retries', 'wapi_version', 'max_results']
        res = api.WapiBase.provider_spec
--- a/test/units/modules/network/radware/test_vdirect_commit.py
+++ b/test/units/modules/network/radware/test_vdirect_commit.py
@ -26,7 +26,7 @@ from units.compat.mock import patch
 BASE_PARAMS = {'vdirect_ip': None, 'vdirect_user': None, 'vdirect_password': None,
               'vdirect_wait': None, 'vdirect_secondary_ip': None,
               'vdirect_https_port': None, 'vdirect_http_port': None,
-               'vdirect_timeout': None, 'vdirect_use_ssl': None, 'vdirect_validate_certs': None}
+               'vdirect_timeout': None, 'vdirect_use_ssl': None, 'validate_certs': None}

 COMMIT_PARAMS = {'devices': ['adc', 'defensepro', 'vx', 'appwall'], 'apply': True, 'save': True, 'sync': True}

--- a/test/units/modules/network/radware/test_vdirect_file.py
+++ b/test/units/modules/network/radware/test_vdirect_file.py
@ -31,7 +31,7 @@ RESP_DATA = 3
 NONE_PARAMS = {'vdirect_ip': None, 'vdirect_user': None, 'vdirect_password': None,
               'vdirect_wait': None, 'vdirect_secondary_ip': None,
               'vdirect_https_port': None, 'vdirect_http_port': None,
-               'vdirect_timeout': None, 'vdirect_use_ssl': None, 'vdirect_validate_certs': None}
+               'vdirect_timeout': None, 'vdirect_use_ssl': None, 'validate_certs': None}


@patch('vdirect_client.rest_client.RestClient')
--- a/test/units/modules/network/radware/test_vdirect_runnable.py
+++ b/test/units/modules/network/radware/test_vdirect_runnable.py
@ -26,7 +26,7 @@ from units.compat.mock import patch
 BASE_PARAMS = {'vdirect_ip': None, 'vdirect_user': None, 'vdirect_password': None,
               'vdirect_wait': None, 'vdirect_secondary_ip': None,
               'vdirect_https_port': None, 'vdirect_http_port': None,
-               'vdirect_timeout': None, 'vdirect_use_ssl': None, 'vdirect_validate_certs': None}
+               'vdirect_timeout': None, 'vdirect_use_ssl': None, 'validate_certs': None}

 RUNNABLE_PARAMS = {'runnable_type': 'ConfigurationTemplate', 'runnable_name': 'runnable',
                   'action_name': None, 'parameters': None}