mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-04-27 21:01:27 -07:00
bc4ef99533
* openstack: standardize tls params * tower: tower_verify_ssl->validate_certs * docker: use standard tls config params - cacert_path -> ca_cert - cert_path -> client_cert - key_path -> client_key - tls_verify -> validate_certs * k8s: standardize tls connection params - verify_ssl -> validate_certs - ssl_ca_cert -> ca_cert - cert_file -> client_cert - key_file -> client_key * ingate: verify_ssl -> validate_certs * manageiq: standardize tls params - verify_ssl -> validate_certs - ca_bundle_path -> ca_cert * mysql: standardize tls params - ssl_ca -> ca_cert - ssl_cert -> client_cert - ssl_key -> client_key * nios: ssl_verify -> validate_certs * postgresql: ssl_rootcert -> ca_cert * rabbitmq: standardize tls params - cacert -> ca_cert - cert -> client_cert - key -> client_key * rackspace: verify_ssl -> validate_certs * vca: verify_certs -> validate_certs * kubevirt_cdi_upload: upload_host_verify_ssl -> upload_host_validate_certs * lxd: standardize tls params - key_file -> client_key - cert_file -> client_cert * get_certificate: ca_certs -> ca_cert * get_certificate.py: clarify one or more certs in a file Co-Authored-By: jamescassell <code@james.cassell.me> * zabbix: tls_issuer -> ca_cert * bigip_device_auth_ldap: standardize tls params - ssl_check_peer -> validate_certs - ssl_client_cert -> client_cert - ssl_client_key -> client_key - ssl_ca_cert -> ca_cert * vdirect: vdirect_validate_certs -> validate_certs * mqtt: standardize tls params - ca_certs -> ca_cert - certfile -> client_cert - keyfile -> client_key * pulp_repo: standardize tls params remove `importer_ssl` prefix * rhn_register: sslcacert -> ca_cert * yum_repository: standardize tls params The fix for yum_repository is not straightforward since this module is only a thin wrapper for the underlying commands and config. In this case, we add the new values as aliases, keeping the old as primary, only due to the internal structure of the module. Aliases added: - sslcacert -> ca_cert - sslclientcert -> client_cert - sslclientkey -> client_key - sslverify -> validate_certs * gitlab_hook: enable_ssl_verification -> hook_validate_certs * Adjust arguments for docker_swarm inventory plugin. * foreman callback: standardize tls params - ssl_cert -> client_cert - ssl_key -> client_key * grafana_annotations: validate_grafana_certs -> validate_certs * nrdp callback: validate_nrdp_certs -> validate_certs * kubectl connection: standardize tls params - kubectl_cert_file -> client_cert - kubectl_key_file -> client_key - kubectl_ssl_ca_cert -> ca_cert - kubectl_verify_ssl -> validate_certs * oc connection: standardize tls params - oc_cert_file -> client_cert - oc_key_file -> client_key - oc_ssl_ca_cert -> ca_cert - oc_verify_ssl -> validate_certs * psrp connection: cert_trust_path -> ca_cert TODO: cert_validation -> validate_certs (multi-valued vs bool) * k8s inventory: standardize tls params - cert_file -> client_cert - key_file -> client_key - ca_cert -> ca_cert - verify_ssl -> validate_certs * openshift inventory: standardize tls params - cert_file -> client_cert - key_file -> client_key - ca_cert -> ca_cert - verify_ssl -> validate_certs * tower inventory: verify_ssl -> validate_certs * hashi_vault lookup: cacert -> ca_cert * k8s lookup: standardize tls params - cert_file -> client_cert - key_file -> client_key - ca_cert -> ca_cert - verify_ssl -> validate_certs * laps_passord lookup: cacert_file -> ca_cert * changelog for TLS parameter standardization
133 lines
7 KiB
Python
133 lines
7 KiB
Python
# -*- coding: utf-8 -*-
|
|
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
|
|
class ModuleDocFragment(object):
|
|
|
|
# Docker doc fragment
|
|
DOCUMENTATION = r'''
|
|
|
|
options:
|
|
docker_host:
|
|
description:
|
|
- The URL or Unix socket path used to connect to the Docker API. To connect to a remote host, provide the
|
|
TCP connection string. For example, C(tcp://192.0.2.23:2376). If TLS is used to encrypt the connection,
|
|
the module will automatically replace C(tcp) in the connection URL with C(https).
|
|
- If the value is not specified in the task, the value of environment variable C(DOCKER_HOST) will be used
|
|
instead. If the environment variable is not set, the default value will be used.
|
|
type: str
|
|
default: unix://var/run/docker.sock
|
|
aliases: [ docker_url ]
|
|
tls_hostname:
|
|
description:
|
|
- When verifying the authenticity of the Docker Host server, provide the expected name of the server.
|
|
- If the value is not specified in the task, the value of environment variable C(DOCKER_TLS_HOSTNAME) will
|
|
be used instead. If the environment variable is not set, the default value will be used.
|
|
type: str
|
|
default: localhost
|
|
api_version:
|
|
description:
|
|
- The version of the Docker API running on the Docker Host.
|
|
- Defaults to the latest version of the API supported by Docker SDK for Python and the docker daemon.
|
|
- If the value is not specified in the task, the value of environment variable C(DOCKER_API_VERSION) will be
|
|
used instead. If the environment variable is not set, the default value will be used.
|
|
type: str
|
|
default: auto
|
|
aliases: [ docker_api_version ]
|
|
timeout:
|
|
description:
|
|
- The maximum amount of time in seconds to wait on a response from the API.
|
|
- If the value is not specified in the task, the value of environment variable C(DOCKER_TIMEOUT) will be used
|
|
instead. If the environment variable is not set, the default value will be used.
|
|
type: int
|
|
default: 60
|
|
ca_cert:
|
|
description:
|
|
- Use a CA certificate when performing server verification by providing the path to a CA certificate file.
|
|
- If the value is not specified in the task and the environment variable C(DOCKER_CERT_PATH) is set,
|
|
the file C(ca.pem) from the directory specified in the environment variable C(DOCKER_CERT_PATH) will be used.
|
|
type: path
|
|
aliases: [ tls_ca_cert, cacert_path ]
|
|
client_cert:
|
|
description:
|
|
- Path to the client's TLS certificate file.
|
|
- If the value is not specified in the task and the environment variable C(DOCKER_CERT_PATH) is set,
|
|
the file C(cert.pem) from the directory specified in the environment variable C(DOCKER_CERT_PATH) will be used.
|
|
type: path
|
|
aliases: [ tls_client_cert, cert_path ]
|
|
client_key:
|
|
description:
|
|
- Path to the client's TLS key file.
|
|
- If the value is not specified in the task and the environment variable C(DOCKER_CERT_PATH) is set,
|
|
the file C(key.pem) from the directory specified in the environment variable C(DOCKER_CERT_PATH) will be used.
|
|
type: path
|
|
aliases: [ tls_client_key, key_path ]
|
|
ssl_version:
|
|
description:
|
|
- Provide a valid SSL version number. Default value determined by ssl.py module.
|
|
- If the value is not specified in the task, the value of environment variable C(DOCKER_SSL_VERSION) will be
|
|
used instead.
|
|
type: str
|
|
tls:
|
|
description:
|
|
- Secure the connection to the API by using TLS without verifying the authenticity of the Docker host
|
|
server. Note that if C(tls_verify) is set to C(yes) as well, it will take precedence.
|
|
- If the value is not specified in the task, the value of environment variable C(DOCKER_TLS) will be used
|
|
instead. If the environment variable is not set, the default value will be used.
|
|
type: bool
|
|
default: no
|
|
validate_certs:
|
|
description:
|
|
- Secure the connection to the API by using TLS and verifying the authenticity of the Docker host server.
|
|
- If the value is not specified in the task, the value of environment variable C(DOCKER_TLS_VERIFY) will be
|
|
used instead. If the environment variable is not set, the default value will be used.
|
|
type: bool
|
|
default: no
|
|
aliases: [ tls_verify ]
|
|
debug:
|
|
description:
|
|
- Debug mode
|
|
type: bool
|
|
default: no
|
|
|
|
notes:
|
|
- Connect to the Docker daemon by providing parameters with each task or by defining environment variables.
|
|
You can define C(DOCKER_HOST), C(DOCKER_TLS_HOSTNAME), C(DOCKER_API_VERSION), C(DOCKER_CERT_PATH), C(DOCKER_SSL_VERSION),
|
|
C(DOCKER_TLS), C(DOCKER_TLS_VERIFY) and C(DOCKER_TIMEOUT). If you are using docker machine, run the script shipped
|
|
with the product that sets up the environment. It will set these variables for you. See
|
|
U(https://docker-py.readthedocs.io/en/stable/machine/) for more details.
|
|
- When connecting to Docker daemon with TLS, you might need to install additional Python packages.
|
|
For the Docker SDK for Python, version 2.4 or newer, this can be done by installing C(docker[tls]) with M(pip).
|
|
- Note that the Docker SDK for Python only allows to specify the path to the Docker configuration for very few functions.
|
|
In general, it will use C($HOME/.docker/config.json) if the C(DOCKER_CONFIG) environment variable is not specified,
|
|
and use C($DOCKER_CONFIG/config.json) otherwise.
|
|
'''
|
|
|
|
# Additional, more specific stuff for minimal Docker SDK for Python version < 2.0
|
|
|
|
DOCKER_PY_1_DOCUMENTATION = r'''
|
|
options: {}
|
|
requirements:
|
|
- "Docker SDK for Python: Please note that the L(docker-py,https://pypi.org/project/docker-py/)
|
|
Python module has been superseded by L(docker,https://pypi.org/project/docker/)
|
|
(see L(here,https://github.com/docker/docker-py/issues/1310) for details).
|
|
For Python 2.6, C(docker-py) must be used. Otherwise, it is recommended to
|
|
install the C(docker) Python module. Note that both modules should I(not)
|
|
be installed at the same time. Also note that when both modules are installed
|
|
and one of them is uninstalled, the other might no longer function and a
|
|
reinstall of it is required."
|
|
'''
|
|
|
|
# Additional, more specific stuff for minimal Docker SDK for Python version >= 2.0.
|
|
# Note that Docker SDK for Python >= 2.0 requires Python 2.7 or newer.
|
|
|
|
DOCKER_PY_2_DOCUMENTATION = r'''
|
|
options: {}
|
|
requirements:
|
|
- "Python >= 2.7"
|
|
- "Docker SDK for Python: Please note that the L(docker-py,https://pypi.org/project/docker-py/)
|
|
Python module has been superseded by L(docker,https://pypi.org/project/docker/)
|
|
(see L(here,https://github.com/docker/docker-py/issues/1310) for details).
|
|
This module does I(not) work with docker-py."
|
|
'''
|