mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-04-24 11:21:25 -07:00
bc4ef99533
* openstack: standardize tls params * tower: tower_verify_ssl->validate_certs * docker: use standard tls config params - cacert_path -> ca_cert - cert_path -> client_cert - key_path -> client_key - tls_verify -> validate_certs * k8s: standardize tls connection params - verify_ssl -> validate_certs - ssl_ca_cert -> ca_cert - cert_file -> client_cert - key_file -> client_key * ingate: verify_ssl -> validate_certs * manageiq: standardize tls params - verify_ssl -> validate_certs - ca_bundle_path -> ca_cert * mysql: standardize tls params - ssl_ca -> ca_cert - ssl_cert -> client_cert - ssl_key -> client_key * nios: ssl_verify -> validate_certs * postgresql: ssl_rootcert -> ca_cert * rabbitmq: standardize tls params - cacert -> ca_cert - cert -> client_cert - key -> client_key * rackspace: verify_ssl -> validate_certs * vca: verify_certs -> validate_certs * kubevirt_cdi_upload: upload_host_verify_ssl -> upload_host_validate_certs * lxd: standardize tls params - key_file -> client_key - cert_file -> client_cert * get_certificate: ca_certs -> ca_cert * get_certificate.py: clarify one or more certs in a file Co-Authored-By: jamescassell <code@james.cassell.me> * zabbix: tls_issuer -> ca_cert * bigip_device_auth_ldap: standardize tls params - ssl_check_peer -> validate_certs - ssl_client_cert -> client_cert - ssl_client_key -> client_key - ssl_ca_cert -> ca_cert * vdirect: vdirect_validate_certs -> validate_certs * mqtt: standardize tls params - ca_certs -> ca_cert - certfile -> client_cert - keyfile -> client_key * pulp_repo: standardize tls params remove `importer_ssl` prefix * rhn_register: sslcacert -> ca_cert * yum_repository: standardize tls params The fix for yum_repository is not straightforward since this module is only a thin wrapper for the underlying commands and config. In this case, we add the new values as aliases, keeping the old as primary, only due to the internal structure of the module. Aliases added: - sslcacert -> ca_cert - sslclientcert -> client_cert - sslclientkey -> client_key - sslverify -> validate_certs * gitlab_hook: enable_ssl_verification -> hook_validate_certs * Adjust arguments for docker_swarm inventory plugin. * foreman callback: standardize tls params - ssl_cert -> client_cert - ssl_key -> client_key * grafana_annotations: validate_grafana_certs -> validate_certs * nrdp callback: validate_nrdp_certs -> validate_certs * kubectl connection: standardize tls params - kubectl_cert_file -> client_cert - kubectl_key_file -> client_key - kubectl_ssl_ca_cert -> ca_cert - kubectl_verify_ssl -> validate_certs * oc connection: standardize tls params - oc_cert_file -> client_cert - oc_key_file -> client_key - oc_ssl_ca_cert -> ca_cert - oc_verify_ssl -> validate_certs * psrp connection: cert_trust_path -> ca_cert TODO: cert_validation -> validate_certs (multi-valued vs bool) * k8s inventory: standardize tls params - cert_file -> client_cert - key_file -> client_key - ca_cert -> ca_cert - verify_ssl -> validate_certs * openshift inventory: standardize tls params - cert_file -> client_cert - key_file -> client_key - ca_cert -> ca_cert - verify_ssl -> validate_certs * tower inventory: verify_ssl -> validate_certs * hashi_vault lookup: cacert -> ca_cert * k8s lookup: standardize tls params - cert_file -> client_cert - key_file -> client_key - ca_cert -> ca_cert - verify_ssl -> validate_certs * laps_passord lookup: cacert_file -> ca_cert * changelog for TLS parameter standardization
100 lines
3.6 KiB
Python
100 lines
3.6 KiB
Python
# -*- coding: utf-8 -*-
|
|
|
|
# Copyright: (c) 2014, Hewlett-Packard Development Company, L.P.
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
|
|
class ModuleDocFragment(object):
|
|
|
|
# Standard openstack documentation fragment
|
|
DOCUMENTATION = r'''
|
|
options:
|
|
cloud:
|
|
description:
|
|
- Named cloud or cloud config to operate against.
|
|
If I(cloud) is a string, it references a named cloud config as defined
|
|
in an OpenStack clouds.yaml file. Provides default values for I(auth)
|
|
and I(auth_type). This parameter is not needed if I(auth) is provided
|
|
or if OpenStack OS_* environment variables are present.
|
|
If I(cloud) is a dict, it contains a complete cloud configuration like
|
|
would be in a section of clouds.yaml.
|
|
type: raw
|
|
auth:
|
|
description:
|
|
- Dictionary containing auth information as needed by the cloud's auth
|
|
plugin strategy. For the default I(password) plugin, this would contain
|
|
I(auth_url), I(username), I(password), I(project_name) and any
|
|
information about domains if the cloud supports them. For other plugins,
|
|
this param will need to contain whatever parameters that auth plugin
|
|
requires. This parameter is not needed if a named cloud is provided or
|
|
OpenStack OS_* environment variables are present.
|
|
type: dict
|
|
auth_type:
|
|
description:
|
|
- Name of the auth plugin to use. If the cloud uses something other than
|
|
password authentication, the name of the plugin should be indicated here
|
|
and the contents of the I(auth) parameter should be updated accordingly.
|
|
type: str
|
|
region_name:
|
|
description:
|
|
- Name of the region.
|
|
type: str
|
|
wait:
|
|
description:
|
|
- Should ansible wait until the requested resource is complete.
|
|
type: bool
|
|
default: yes
|
|
timeout:
|
|
description:
|
|
- How long should ansible wait for the requested resource.
|
|
type: int
|
|
default: 180
|
|
api_timeout:
|
|
description:
|
|
- How long should the socket layer wait before timing out for API calls.
|
|
If this is omitted, nothing will be passed to the requests library.
|
|
type: int
|
|
validate_certs:
|
|
description:
|
|
- Whether or not SSL API requests should be verified.
|
|
- Before Ansible 2.3 this defaulted to C(yes).
|
|
type: bool
|
|
default: no
|
|
aliases: [ verify ]
|
|
ca_cert:
|
|
description:
|
|
- A path to a CA Cert bundle that can be used as part of verifying
|
|
SSL API requests.
|
|
type: str
|
|
aliases: [ cacert ]
|
|
client_cert:
|
|
description:
|
|
- A path to a client certificate to use as part of the SSL transaction.
|
|
type: str
|
|
aliases: [ cert ]
|
|
client_key:
|
|
description:
|
|
- A path to a client key to use as part of the SSL transaction.
|
|
type: str
|
|
aliases: [ key ]
|
|
interface:
|
|
description:
|
|
- Endpoint URL type to fetch from the service catalog.
|
|
type: str
|
|
choices: [ admin, internal, public ]
|
|
default: public
|
|
aliases: [ endpoint_type ]
|
|
version_added: "2.3"
|
|
requirements:
|
|
- python >= 2.7
|
|
- openstacksdk
|
|
notes:
|
|
- The standard OpenStack environment variables, such as C(OS_USERNAME)
|
|
may be used instead of providing explicit values.
|
|
- Auth information is driven by openstacksdk, which means that values
|
|
can come from a yaml config file in /etc/ansible/openstack.yaml,
|
|
/etc/openstack/clouds.yaml or ~/.config/openstack/clouds.yaml, then from
|
|
standard environment variables, then finally by explicit parameters in
|
|
plays. More information can be found at
|
|
U(https://docs.openstack.org/openstacksdk/)
|
|
'''
|