From 10b3431990f2615b8aa72065d4a107b83c938d58 Mon Sep 17 00:00:00 2001
From: MarkusTeufelberger <mteufelberger@mgit.at>
Date: Thu, 4 Jan 2018 10:43:37 +0100
Subject: [PATCH] expose subject_strict and issuer_strict to users (#34090)

---
 .../modules/crypto/openssl_certificate.py     | 20 +++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/lib/ansible/modules/crypto/openssl_certificate.py b/lib/ansible/modules/crypto/openssl_certificate.py
index 9ebeea3d978..9f64763adce 100644
--- a/lib/ansible/modules/crypto/openssl_certificate.py
+++ b/lib/ansible/modules/crypto/openssl_certificate.py
@@ -112,11 +112,25 @@ options:
             - Key/value pairs that must be present in the issuer name field of the certificate.
               If you need to specify more than one value with the same key, use a list as value.
 
+    issuer_strict:
+        default: False
+        type: bool
+        description:
+            - If set to True, the I(issuer) field must contain only these values.
+        version_added: "2.5"
+
     subject:
         description:
             - Key/value pairs that must be present in the subject name field of the certificate.
               If you need to specify more than one value with the same key, use a list as value.
 
+    subject_strict:
+        default: False
+        type: bool
+        description:
+            - If set to True, the I(subject) field must contain only these values.
+        version_added: "2.5"
+
     has_expired:
         default: False
         type: bool
@@ -479,12 +493,12 @@ class AssertOnlyCertificate(Certificate):
             self.subject = crypto_utils.parse_name_field(module.params['subject'])
         else:
             self.subject = []
-        self.subject_strict = False
+        self.subject_strict = module.params['subject_strict']
         if module.params['issuer']:
             self.issuer = crypto_utils.parse_name_field(module.params['issuer'])
         else:
             self.issuer = []
-        self.issuer_strict = False
+        self.issuer_strict = module.params['issuer_strict']
         self.has_expired = module.params['has_expired']
         self.version = module.params['version']
         self.keyUsage = module.params['keyUsage']
@@ -776,7 +790,9 @@ def main():
             privatekey_passphrase=dict(type='path', no_log=True),
             signature_algorithms=dict(type='list'),
             subject=dict(type='dict'),
+            subject_strict=dict(type='bool', default=False),
             issuer=dict(type='dict'),
+            issuer_strict=dict(type='bool', default=False),
             has_expired=dict(type='bool', default=False),
             version=dict(type='int'),
             keyUsage=dict(type='list', aliases=['key_usage']),