mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-04-24 11:21:25 -07:00
bc4ef99533
* openstack: standardize tls params * tower: tower_verify_ssl->validate_certs * docker: use standard tls config params - cacert_path -> ca_cert - cert_path -> client_cert - key_path -> client_key - tls_verify -> validate_certs * k8s: standardize tls connection params - verify_ssl -> validate_certs - ssl_ca_cert -> ca_cert - cert_file -> client_cert - key_file -> client_key * ingate: verify_ssl -> validate_certs * manageiq: standardize tls params - verify_ssl -> validate_certs - ca_bundle_path -> ca_cert * mysql: standardize tls params - ssl_ca -> ca_cert - ssl_cert -> client_cert - ssl_key -> client_key * nios: ssl_verify -> validate_certs * postgresql: ssl_rootcert -> ca_cert * rabbitmq: standardize tls params - cacert -> ca_cert - cert -> client_cert - key -> client_key * rackspace: verify_ssl -> validate_certs * vca: verify_certs -> validate_certs * kubevirt_cdi_upload: upload_host_verify_ssl -> upload_host_validate_certs * lxd: standardize tls params - key_file -> client_key - cert_file -> client_cert * get_certificate: ca_certs -> ca_cert * get_certificate.py: clarify one or more certs in a file Co-Authored-By: jamescassell <code@james.cassell.me> * zabbix: tls_issuer -> ca_cert * bigip_device_auth_ldap: standardize tls params - ssl_check_peer -> validate_certs - ssl_client_cert -> client_cert - ssl_client_key -> client_key - ssl_ca_cert -> ca_cert * vdirect: vdirect_validate_certs -> validate_certs * mqtt: standardize tls params - ca_certs -> ca_cert - certfile -> client_cert - keyfile -> client_key * pulp_repo: standardize tls params remove `importer_ssl` prefix * rhn_register: sslcacert -> ca_cert * yum_repository: standardize tls params The fix for yum_repository is not straightforward since this module is only a thin wrapper for the underlying commands and config. In this case, we add the new values as aliases, keeping the old as primary, only due to the internal structure of the module. Aliases added: - sslcacert -> ca_cert - sslclientcert -> client_cert - sslclientkey -> client_key - sslverify -> validate_certs * gitlab_hook: enable_ssl_verification -> hook_validate_certs * Adjust arguments for docker_swarm inventory plugin. * foreman callback: standardize tls params - ssl_cert -> client_cert - ssl_key -> client_key * grafana_annotations: validate_grafana_certs -> validate_certs * nrdp callback: validate_nrdp_certs -> validate_certs * kubectl connection: standardize tls params - kubectl_cert_file -> client_cert - kubectl_key_file -> client_key - kubectl_ssl_ca_cert -> ca_cert - kubectl_verify_ssl -> validate_certs * oc connection: standardize tls params - oc_cert_file -> client_cert - oc_key_file -> client_key - oc_ssl_ca_cert -> ca_cert - oc_verify_ssl -> validate_certs * psrp connection: cert_trust_path -> ca_cert TODO: cert_validation -> validate_certs (multi-valued vs bool) * k8s inventory: standardize tls params - cert_file -> client_cert - key_file -> client_key - ca_cert -> ca_cert - verify_ssl -> validate_certs * openshift inventory: standardize tls params - cert_file -> client_cert - key_file -> client_key - ca_cert -> ca_cert - verify_ssl -> validate_certs * tower inventory: verify_ssl -> validate_certs * hashi_vault lookup: cacert -> ca_cert * k8s lookup: standardize tls params - cert_file -> client_cert - key_file -> client_key - ca_cert -> ca_cert - verify_ssl -> validate_certs * laps_passord lookup: cacert_file -> ca_cert * changelog for TLS parameter standardization
69 lines
2.1 KiB
Python
69 lines
2.1 KiB
Python
# -*- coding: utf-8 -*-
|
|
|
|
# Copyright: (c) 2018, Ingate Systems AB
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
from __future__ import (absolute_import, division, print_function)
|
|
__metaclass__ = type
|
|
|
|
|
|
try:
|
|
from ingate import ingatesdk
|
|
HAS_INGATESDK = True
|
|
except ImportError:
|
|
HAS_INGATESDK = False
|
|
|
|
|
|
def ingate_argument_spec(**kwargs):
|
|
client_options = dict(
|
|
version=dict(choices=['v1'], default='v1'),
|
|
scheme=dict(choices=['http', 'https'], required=True),
|
|
address=dict(type='str', required=True),
|
|
username=dict(type='str', required=True),
|
|
password=dict(type='str', required=True, no_log=True),
|
|
port=dict(type='int'),
|
|
timeout=dict(type='int'),
|
|
validate_certs=dict(default=True, type='bool', aliases=['verify_ssl']),
|
|
)
|
|
argument_spec = dict(
|
|
client=dict(type='dict', required=True,
|
|
options=client_options),
|
|
)
|
|
argument_spec.update(kwargs)
|
|
return argument_spec
|
|
|
|
|
|
def ingate_create_client(**kwargs):
|
|
api_client = ingate_create_client_noauth(**kwargs)
|
|
|
|
# Authenticate and get hold of a security token.
|
|
api_client.authenticate()
|
|
|
|
# Return the client.
|
|
return api_client
|
|
|
|
|
|
def ingate_create_client_noauth(**kwargs):
|
|
client_params = kwargs['client']
|
|
|
|
# Create API client.
|
|
api_client = ingatesdk.Client(client_params['version'],
|
|
client_params['scheme'],
|
|
client_params['address'],
|
|
client_params['username'],
|
|
client_params['password'],
|
|
port=client_params['port'],
|
|
timeout=client_params['timeout'])
|
|
|
|
# Check if we should skip SSL Certificate verification.
|
|
verify_ssl = client_params.get('validate_certs')
|
|
if not verify_ssl:
|
|
api_client.skip_verify_certificate()
|
|
|
|
# Return the client.
|
|
return api_client
|
|
|
|
|
|
def is_ingatesdk_installed(module):
|
|
if not HAS_INGATESDK:
|
|
module.fail_json(msg="The Ingate Python SDK module is required for this module.")
|