archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Make clear which option is used by which provider. (#53208)

Browse Source
pull/53281/head
Felix Fontein 6 years ago committed by ansibot
parent 7011257274
commit 6b948ab031
1 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File

37
lib/ansible/modules/crypto/openssl_certificate.py
Unescape Escape View File

@ -83,6 +83,7 @@ options:
description: description:
- Version of the C(selfsigned) certificate. - Version of the C(selfsigned) certificate.
- Nowadays it should almost always be C(3). - Nowadays it should almost always be C(3).
- This is only used by the C(selfsigned) provider.
type: int type: int
default: 3 default: 3
version_added: "2.5" version_added: "2.5"
@ -90,6 +91,7 @@ options:
selfsigned_digest: selfsigned_digest:
description: description:
- Digest algorithm to be used when self-signing the certificate. - Digest algorithm to be used when self-signing the certificate.
- This is only used by the C(selfsigned) provider.
type: str type: str
default: sha256 default: sha256
@ -102,6 +104,7 @@ options:
+ C([w | d | h | m | s]) (e.g. C(+32w1d2h). + C([w | d | h | m | s]) (e.g. C(+32w1d2h).
- Note that if using relative time this module is NOT idempotent. - Note that if using relative time this module is NOT idempotent.
- If this value is not specified, the certificate will start being valid from now. - If this value is not specified, the certificate will start being valid from now.
- This is only used by the C(selfsigned) provider.
type: str type: str
default: +0s default: +0s
aliases: [ selfsigned_notBefore ] aliases: [ selfsigned_notBefore ]
@ -115,6 +118,7 @@ options:
+ C([w | d | h | m | s]) (e.g. C(+32w1d2h). + C([w | d | h | m | s]) (e.g. C(+32w1d2h).
- Note that if using relative time this module is NOT idempotent. - Note that if using relative time this module is NOT idempotent.
- If this value is not specified, the certificate will stop being valid 10 years from now. - If this value is not specified, the certificate will stop being valid 10 years from now.
- This is only used by the C(selfsigned) provider.
type: str type: str
default: +3650d default: +3650d
aliases: [ selfsigned_notAfter ] aliases: [ selfsigned_notAfter ]
@ -122,24 +126,28 @@ options:
ownca_path: ownca_path:
description: description:
- Remote absolute path of the CA (Certificate Authority) certificate. - Remote absolute path of the CA (Certificate Authority) certificate.
- This is only used by the C(ownca) provider.
type: path type: path
version_added: "2.7" version_added: "2.7"
ownca_privatekey_path: ownca_privatekey_path:
description: description:
- Path to the CA (Certificate Authority) private key to use when signing the certificate. - Path to the CA (Certificate Authority) private key to use when signing the certificate.
- This is only used by the C(ownca) provider.
type: path type: path
version_added: "2.7" version_added: "2.7"
ownca_privatekey_passphrase: ownca_privatekey_passphrase:
description: description:
- The passphrase for the I(ownca_privatekey_path). - The passphrase for the I(ownca_privatekey_path).
- This is only used by the C(ownca) provider.
type: str type: str
version_added: "2.7" version_added: "2.7"
ownca_digest: ownca_digest:
description: description:
- The digest algorithm to be used for the C(ownca) certificate. - The digest algorithm to be used for the C(ownca) certificate.
- This is only used by the C(ownca) provider.
type: str type: str
default: sha256 default: sha256
version_added: "2.7" version_added: "2.7"
@ -148,6 +156,7 @@ options:
description: description:
- The version of the C(ownca) certificate. - The version of the C(ownca) certificate.
- Nowadays it should almost always be C(3). - Nowadays it should almost always be C(3).
- This is only used by the C(ownca) provider.
type: int type: int
default: 3 default: 3
version_added: "2.7" version_added: "2.7"
@ -161,6 +170,7 @@ options:
+ C([w | d | h | m | s]) (e.g. C(+32w1d2h). + C([w | d | h | m | s]) (e.g. C(+32w1d2h).
- Note that if using relative time this module is NOT idempotent. - Note that if using relative time this module is NOT idempotent.
- If this value is not specified, the certificate will start being valid from now. - If this value is not specified, the certificate will start being valid from now.
- This is only used by the C(ownca) provider.
type: str type: str
default: +0s default: +0s
version_added: "2.7" version_added: "2.7"
@ -174,6 +184,7 @@ options:
+ C([w | d | h | m | s]) (e.g. C(+32w1d2h). + C([w | d | h | m | s]) (e.g. C(+32w1d2h).
- Note that if using relative time this module is NOT idempotent. - Note that if using relative time this module is NOT idempotent.
- If this value is not specified, the certificate will stop being valid 10 years from now. - If this value is not specified, the certificate will stop being valid 10 years from now.
- This is only used by the C(ownca) provider.
type: str type: str
default: +3650d default: +3650d
version_added: "2.7" version_added: "2.7"
@ -181,16 +192,19 @@ options:
acme_accountkey_path: acme_accountkey_path:
description: description:
- The path to the accountkey for the C(acme) provider. - The path to the accountkey for the C(acme) provider.
- This is only used by the C(acme) provider.
type: path type: path
acme_challenge_path: acme_challenge_path:
description: description:
- The path to the ACME challenge directory that is served on U(http://<HOST>:80/.well-known/acme-challenge/) - The path to the ACME challenge directory that is served on U(http://<HOST>:80/.well-known/acme-challenge/)
- This is only used by the C(acme) provider.
type: path type: path
acme_chain: acme_chain:
description: description:
- Include the intermediate certificate to the generated certificate - Include the intermediate certificate to the generated certificate
- This is only used by the C(acme) provider.
type: bool type: bool
default: yes default: yes
version_added: "2.5" version_added: "2.5"
@ -199,17 +213,20 @@ options:
description: description:
- A list of algorithms that you would accept the certificate to be signed with - A list of algorithms that you would accept the certificate to be signed with
(e.g. ['sha256WithRSAEncryption', 'sha512WithRSAEncryption']). (e.g. ['sha256WithRSAEncryption', 'sha512WithRSAEncryption']).
- This is only used by the C(assertonly) provider.
type: list type: list
issuer: issuer:
description: description:
- The key/value pairs that must be present in the issuer name field of the certificate. - The key/value pairs that must be present in the issuer name field of the certificate.
- If you need to specify more than one value with the same key, use a list as value. - If you need to specify more than one value with the same key, use a list as value.
- This is only used by the C(assertonly) provider.
type: dict type: dict
issuer_strict: issuer_strict:
description: description:
- If set to C(yes), the I(issuer) field must contain only these values. - If set to C(yes), the I(issuer) field must contain only these values.
- This is only used by the C(assertonly) provider.
type: bool type: bool
default: no default: no
version_added: "2.5" version_added: "2.5"
@ -218,19 +235,21 @@ options:
description: description:
- The key/value pairs that must be present in the subject name field of the certificate. - The key/value pairs that must be present in the subject name field of the certificate.
- If you need to specify more than one value with the same key, use a list as value. - If you need to specify more than one value with the same key, use a list as value.
- This is only used by the C(assertonly) provider.
type: dict type: dict
subject_strict: subject_strict:
description: description:
- If set to C(yes), the I(subject) field must contain only these values. - If set to C(yes), the I(subject) field must contain only these values.
- This is only used by the C(assertonly) provider.
type: bool type: bool
default: no default: no
version_added: "2.5" version_added: "2.5"
has_expired: has_expired:
description: description:
- Checks if the certificate is expired/not expired at the time the module is executed. This only applies to - Checks if the certificate is expired/not expired at the time the module is executed.
the C(assertonly) provider. - This is only used by the C(assertonly) provider.
type: bool type: bool
default: no default: no
@ -238,24 +257,28 @@ options:
description: description:
- The version of the certificate. - The version of the certificate.
- Nowadays it should almost always be 3. - Nowadays it should almost always be 3.
- This is only used by the C(assertonly) provider.
type: int type: int
valid_at: valid_at:
description: description:
- The certificate must be valid at this point in time. - The certificate must be valid at this point in time.
- The timestamp is formatted as an ASN.1 TIME. - The timestamp is formatted as an ASN.1 TIME.
- This is only used by the C(assertonly) provider.
type: str type: str
invalid_at: invalid_at:
description: description:
- The certificate must be invalid at this point in time. - The certificate must be invalid at this point in time.
- The timestamp is formatted as an ASN.1 TIME. - The timestamp is formatted as an ASN.1 TIME.
- This is only used by the C(assertonly) provider.
type: str type: str
not_before: not_before:
description: description:
- The certificate must start to become valid at this point in time. - The certificate must start to become valid at this point in time.
- The timestamp is formatted as an ASN.1 TIME. - The timestamp is formatted as an ASN.1 TIME.
- This is only used by the C(assertonly) provider.
type: str type: str
aliases: [ notBefore ] aliases: [ notBefore ]
@ -263,6 +286,7 @@ options:
description: description:
- The certificate must expire at this point in time. - The certificate must expire at this point in time.
- The timestamp is formatted as an ASN.1 TIME. - The timestamp is formatted as an ASN.1 TIME.
- This is only used by the C(assertonly) provider.
type: str type: str
aliases: [ notAfter ] aliases: [ notAfter ]
@ -273,17 +297,20 @@ options:
- Valid format is C([+-]timespec | number_of_seconds) where timespec can be an integer - Valid format is C([+-]timespec | number_of_seconds) where timespec can be an integer
+ C([w | d | h | m | s]) (e.g. C(+32w1d2h). + C([w | d | h | m | s]) (e.g. C(+32w1d2h).
- Note that if using this parameter, this module is NOT idempotent. - Note that if using this parameter, this module is NOT idempotent.
- This is only used by the C(assertonly) provider.
type: str type: str
key_usage: key_usage:
description: description:
- The I(key_usage) extension field must contain all these values. - The I(key_usage) extension field must contain all these values.
- This is only used by the C(assertonly) provider.
type: list type: list
aliases: [ keyUsage ] aliases: [ keyUsage ]
key_usage_strict: key_usage_strict:
description: description:
- If set to C(yes), the I(key_usage) extension field must contain only these values. - If set to C(yes), the I(key_usage) extension field must contain only these values.
- This is only used by the C(assertonly) provider.
type: bool type: bool
default: no default: no
aliases: [ keyUsage_strict ] aliases: [ keyUsage_strict ]
@ -291,12 +318,14 @@ options:
extended_key_usage: extended_key_usage:
description: description:
- The I(extended_key_usage) extension field must contain all these values. - The I(extended_key_usage) extension field must contain all these values.
- This is only used by the C(assertonly) provider.
type: list type: list
aliases: [ extendedKeyUsage ] aliases: [ extendedKeyUsage ]
extended_key_usage_strict: extended_key_usage_strict:
description: description:
- If set to C(yes), the I(extended_key_usage) extension field must contain only these values. - If set to C(yes), the I(extended_key_usage) extension field must contain only these values.
- This is only used by the C(assertonly) provider.
type: bool type: bool
default: no default: no
aliases: [ extendedKeyUsage_strict ] aliases: [ extendedKeyUsage_strict ]
@ -304,12 +333,14 @@ options:
subject_alt_name: subject_alt_name:
description: description:
- The I(subject_alt_name) extension field must contain these values. - The I(subject_alt_name) extension field must contain these values.
- This is only used by the C(assertonly) provider.
type: list type: list
aliases: [ subjectAltName ] aliases: [ subjectAltName ]
subject_alt_name_strict: subject_alt_name_strict:
description: description:
- If set to C(yes), the I(subject_alt_name) extension field must contain only these values. - If set to C(yes), the I(subject_alt_name) extension field must contain only these values.
- This is only used by the C(assertonly) provider.
type: bool type: bool
default: no default: no
aliases: [ subjectAltName_strict ] aliases: [ subjectAltName_strict ]
@ -1069,6 +1100,8 @@ def main():
# General properties of a certificate # General properties of a certificate
privatekey_path=dict(type='path'), privatekey_path=dict(type='path'),
privatekey_passphrase=dict(type='str', no_log=True), privatekey_passphrase=dict(type='str', no_log=True),
# provider: assertonly
signature_algorithms=dict(type='list', elements='str'), signature_algorithms=dict(type='list', elements='str'),
subject=dict(type='dict'), subject=dict(type='dict'),
subject_strict=dict(type='bool', default=False), subject_strict=dict(type='bool', default=False),

Write Preview
Loading…
Cancel
Save