From 1e59017d272eda0125ae200c29bd3c0b3197c9e5 Mon Sep 17 00:00:00 2001 From: coreaut Date: Mon, 18 Nov 2019 20:41:40 +0100 Subject: [PATCH] renamed module tls client auth params to avoid overlaping with fetch_url (#59522) * renamed module tls client auth parameters to avoid overlaping with ansible fetch_url * added version_added info for params * Updated version_added Updated version_added info from 2.9 to 2.10 * Update pulp_repo.py removed version_added for renamed params * Apply suggestions from code review added ca_cert alias and 'version_added' Co-Authored-By: Mark Chappell * Apply suggestions from code review added old behavior for client_cert and client_key which will deprecate in 2.14 Co-Authored-By: Mark Chappell * Update pulp_repo.py fix for linting error ansibot is complaining * added changelog fragment for 59522 * Apply suggestions from code review more informative depreciation warning and changelog fragment Co-Authored-By: Felix Fontein * added mention for changes in client_key and client_cert behavior * fixed too long line (linting) * deprecated ca_cert alias to have consistent module params in Ansible 2.14 * fixed indentation for deprecation warning * changed deprecated alias handling to argument_spec * moved deprecated_aliases insied argument dict, thanks tremble * suggestions from felixfontein Move doc info about client_cert and client_key into its own paragraph Co-Authored-By: Felix Fontein --- ...ms-to-avoid-overlaping-with-fetch_url.yaml | 2 ++ lib/ansible/modules/packaging/os/pulp_repo.py | 35 +++++++++++++------ 2 files changed, 27 insertions(+), 10 deletions(-) create mode 100644 changelogs/fragments/59522-renamed-module-tls-client-auth-params-to-avoid-overlaping-with-fetch_url.yaml diff --git a/changelogs/fragments/59522-renamed-module-tls-client-auth-params-to-avoid-overlaping-with-fetch_url.yaml b/changelogs/fragments/59522-renamed-module-tls-client-auth-params-to-avoid-overlaping-with-fetch_url.yaml new file mode 100644 index 00000000000..ce1c3c0b93c --- /dev/null +++ b/changelogs/fragments/59522-renamed-module-tls-client-auth-params-to-avoid-overlaping-with-fetch_url.yaml @@ -0,0 +1,2 @@ +bugfixes: + - pulp_repo - the ``client_cert`` and ``client_key`` options were used for both requests to pulp.io and for the repo to sync with, resulting in errors when they were used. Use the new options ``feed_client_cert`` and ``feed_client_key`` for client certificates that should only be used for repo synchronisation, and not for communication with pulp.io. (https://github.com/ansible/ansible/issues/59513) diff --git a/lib/ansible/modules/packaging/os/pulp_repo.py b/lib/ansible/modules/packaging/os/pulp_repo.py index 26ccc97b075..e5e626edd3c 100644 --- a/lib/ansible/modules/packaging/os/pulp_repo.py +++ b/lib/ansible/modules/packaging/os/pulp_repo.py @@ -48,13 +48,15 @@ options: type: bool default: 'no' version_added: "2.8" - ca_cert: + feed_ca_cert: description: - CA certificate string used to validate the feed source SSL certificate. This can be the file content or the path to the file. + The ca_cert alias will be removed in Ansible 2.14. type: str - aliases: [ importer_ssl_ca_cert ] - client_cert: + aliases: [ importer_ssl_ca_cert, ca_cert ] + feed_client_cert: + version_added: "2.10" description: - Certificate used as the client certificate when synchronizing the repository. This is used to communicate authentication information to @@ -62,13 +64,18 @@ options: certificate. The specified file may be the certificate itself or a single file containing both the certificate and private key. This can be the file content or the path to the file. + - If not specified the default value will come from client_cert. Which will + change in Ansible 2.14. type: str aliases: [ importer_ssl_client_cert ] - client_key: + feed_client_key: + version_added: "2.10" description: - Private key to the certificate specified in I(importer_ssl_client_cert), assuming it is not included in the certificate file itself. This can be the file content or the path to the file. + - If not specified the default value will come from client_key. Which will + change in Ansible 2.14. type: str aliases: [ importer_ssl_client_key ] name: @@ -535,9 +542,9 @@ def main(): add_export_distributor=dict(default=False, type='bool'), feed=dict(), generate_sqlite=dict(default=False, type='bool'), - ca_cert=dict(aliases=['importer_ssl_ca_cert']), - client_cert=dict(aliases=['importer_ssl_client_cert']), - client_key=dict(aliases=['importer_ssl_client_key']), + feed_ca_cert=dict(aliases=['importer_ssl_ca_cert', 'ca_cert'], deprecated_aliases=[dict(name='ca_cert', version='2.14')]), + feed_client_cert=dict(aliases=['importer_ssl_client_cert']), + feed_client_key=dict(aliases=['importer_ssl_client_key']), name=dict(required=True, aliases=['repo']), proxy_host=dict(), proxy_port=dict(), @@ -561,9 +568,17 @@ def main(): add_export_distributor = module.params['add_export_distributor'] feed = module.params['feed'] generate_sqlite = module.params['generate_sqlite'] - importer_ssl_ca_cert = module.params['ca_cert'] - importer_ssl_client_cert = module.params['client_cert'] - importer_ssl_client_key = module.params['client_key'] + importer_ssl_ca_cert = module.params['feed_ca_cert'] + importer_ssl_client_cert = module.params['feed_client_cert'] + if importer_ssl_client_cert is None and module.params['client_cert'] is not None: + importer_ssl_client_cert = module.params['client_cert'] + module.deprecate(("To specify client certificates to be used with the repo to sync, and not for communication with pulp.io, use the new options " + "`feed_client_cert` and `feed_client_key` (available since Ansible 2.10). Until Ansible 2.14, the default value for " + "`feed_client_cert` will be taken from `client_cert` if only the latter is specified"), version="2.14") + importer_ssl_client_key = module.params['feed_client_key'] + if importer_ssl_client_key is None and module.params['client_key'] is not None: + importer_ssl_client_key = module.params['client_key'] + module.deprecate("In Ansible 2.10 `feed_client_key` option was added. Until 2.14 the default value will come from client_key option", version="2.14") proxy_host = module.params['proxy_host'] proxy_port = module.params['proxy_port'] proxy_username = module.params['proxy_username']