Make clear which option is used by which provider. (#53208)

(cherry picked from commit 6b948ab031)
pull/53307/head
Felix Fontein 6 years ago committed by Toshio Kuratomi
parent 03ceec9c78
commit 72f4d1b22b

@ -76,145 +76,178 @@ options:
selfsigned_version: selfsigned_version:
default: 3 default: 3
description: description:
- Version of the C(selfsigned) certificate. Nowadays it should almost always be C(3). - Version of the C(selfsigned) certificate.
- Nowadays it should almost always be C(3).
- This is only used by the C(selfsigned) provider.
version_added: "2.5" version_added: "2.5"
selfsigned_digest: selfsigned_digest:
default: "sha256" default: "sha256"
description: description:
- Digest algorithm to be used when self-signing the certificate - Digest algorithm to be used when self-signing the certificate
- This is only used by the C(selfsigned) provider.
selfsigned_not_before: selfsigned_not_before:
description: description:
- The timestamp at which the certificate starts being valid. The timestamp is formatted as an ASN.1 TIME. - The timestamp at which the certificate starts being valid. The timestamp is formatted as an ASN.1 TIME.
If this value is not specified, certificate will start being valid from now. If this value is not specified, certificate will start being valid from now.
- This is only used by the C(selfsigned) provider.
aliases: [ selfsigned_notBefore ] aliases: [ selfsigned_notBefore ]
selfsigned_not_after: selfsigned_not_after:
description: description:
- The timestamp at which the certificate stops being valid. The timestamp is formatted as an ASN.1 TIME. - The timestamp at which the certificate stops being valid. The timestamp is formatted as an ASN.1 TIME.
If this value is not specified, certificate will stop being valid 10 years from now. If this value is not specified, certificate will stop being valid 10 years from now.
- This is only used by the C(selfsigned) provider.
aliases: [ selfsigned_notAfter ] aliases: [ selfsigned_notAfter ]
ownca_path: ownca_path:
description: description:
- Remote absolute path of the CA (Certificate Authority) certificate. - Remote absolute path of the CA (Certificate Authority) certificate.
- This is only used by the C(ownca) provider.
version_added: "2.7" version_added: "2.7"
ownca_privatekey_path: ownca_privatekey_path:
description: description:
- Path to the CA (Certificate Authority) private key to use when signing the certificate. - Path to the CA (Certificate Authority) private key to use when signing the certificate.
- This is only used by the C(ownca) provider.
version_added: "2.7" version_added: "2.7"
ownca_privatekey_passphrase: ownca_privatekey_passphrase:
description: description:
- The passphrase for the I(ownca_privatekey_path). - The passphrase for the I(ownca_privatekey_path).
- This is only used by the C(ownca) provider.
version_added: "2.7" version_added: "2.7"
ownca_digest: ownca_digest:
default: "sha256" default: "sha256"
description: description:
- Digest algorithm to be used for the C(ownca) certificate. - Digest algorithm to be used for the C(ownca) certificate.
- This is only used by the C(ownca) provider.
version_added: "2.7" version_added: "2.7"
ownca_version: ownca_version:
default: 3 default: 3
description: description:
- Version of the C(ownca) certificate. Nowadays it should almost always be C(3). - Version of the C(ownca) certificate.
- Nowadays it should almost always be C(3).
- This is only used by the C(ownca) provider.
version_added: "2.7" version_added: "2.7"
ownca_not_before: ownca_not_before:
description: description:
- The timestamp at which the certificate starts being valid. The timestamp is formatted as an ASN.1 TIME. - The timestamp at which the certificate starts being valid. The timestamp is formatted as an ASN.1 TIME.
If this value is not specified, certificate will start being valid from now. If this value is not specified, certificate will start being valid from now.
- This is only used by the C(ownca) provider.
version_added: "2.7" version_added: "2.7"
ownca_not_after: ownca_not_after:
description: description:
- The timestamp at which the certificate stops being valid. The timestamp is formatted as an ASN.1 TIME. - The timestamp at which the certificate stops being valid. The timestamp is formatted as an ASN.1 TIME.
If this value is not specified, certificate will stop being valid 10 years from now. If this value is not specified, certificate will stop being valid 10 years from now.
- This is only used by the C(ownca) provider.
version_added: "2.7" version_added: "2.7"
acme_accountkey_path: acme_accountkey_path:
description: description:
- Path to the accountkey for the C(acme) provider - Path to the accountkey for the C(acme) provider
- This is only used by the C(acme) provider.
acme_challenge_path: acme_challenge_path:
description: description:
- Path to the ACME challenge directory that is served on U(http://<HOST>:80/.well-known/acme-challenge/) - Path to the ACME challenge directory that is served on U(http://<HOST>:80/.well-known/acme-challenge/)
- This is only used by the C(acme) provider.
acme_chain: acme_chain:
default: True default: True
description: description:
- Include the intermediate certificate to the generated certificate - Include the intermediate certificate to the generated certificate
- This is only used by the C(acme) provider.
version_added: "2.5" version_added: "2.5"
signature_algorithms: signature_algorithms:
description: description:
- list of algorithms that you would accept the certificate to be signed with - list of algorithms that you would accept the certificate to be signed with
(e.g. ['sha256WithRSAEncryption', 'sha512WithRSAEncryption']). (e.g. ['sha256WithRSAEncryption', 'sha512WithRSAEncryption']).
- This is only used by the C(assertonly) provider.
issuer: issuer:
description: description:
- Key/value pairs that must be present in the issuer name field of the certificate. - Key/value pairs that must be present in the issuer name field of the certificate.
If you need to specify more than one value with the same key, use a list as value. - If you need to specify more than one value with the same key, use a list as value.
- This is only used by the C(assertonly) provider.
issuer_strict: issuer_strict:
default: False default: False
type: bool type: bool
description: description:
- If set to True, the I(issuer) field must contain only these values. - If set to True, the I(issuer) field must contain only these values.
- This is only used by the C(assertonly) provider.
version_added: "2.5" version_added: "2.5"
subject: subject:
description: description:
- Key/value pairs that must be present in the subject name field of the certificate. - Key/value pairs that must be present in the subject name field of the certificate.
If you need to specify more than one value with the same key, use a list as value. If you need to specify more than one value with the same key, use a list as value.
- This is only used by the C(assertonly) provider.
subject_strict: subject_strict:
default: False default: False
type: bool type: bool
description: description:
- If set to True, the I(subject) field must contain only these values. - If set to True, the I(subject) field must contain only these values.
- This is only used by the C(assertonly) provider.
version_added: "2.5" version_added: "2.5"
has_expired: has_expired:
description: description:
- Checks if the certificate is expired/not expired at the time the module is executed. This only applies to - Checks if the certificate is expired/not expired at the time the module is executed.
the C(assertonly) provider. - This is only used by the C(assertonly) provider.
type: bool type: bool
default: no default: no
version: version:
description: description:
- Version of the certificate. Nowadays it should almost always be 3. - The version of the certificate.
- Nowadays it should almost always be 3.
- This is only used by the C(assertonly) provider.
valid_at: valid_at:
description: description:
- The certificate must be valid at this point in time. The timestamp is formatted as an ASN.1 TIME. - The certificate must be valid at this point in time.
- The timestamp is formatted as an ASN.1 TIME.
- This is only used by the C(assertonly) provider.
invalid_at: invalid_at:
description: description:
- The certificate must be invalid at this point in time. The timestamp is formatted as an ASN.1 TIME. - The certificate must be invalid at this point in time.
- The timestamp is formatted as an ASN.1 TIME.
- This is only used by the C(assertonly) provider.
not_before: not_before:
description: description:
- The certificate must start to become valid at this point in time. The timestamp is formatted as an ASN.1 TIME. - The certificate must start to become valid at this point in time.
- The timestamp is formatted as an ASN.1 TIME.
- This is only used by the C(assertonly) provider.
aliases: [ notBefore ] aliases: [ notBefore ]
not_after: not_after:
description: description:
- The certificate must expire at this point in time. The timestamp is formatted as an ASN.1 TIME. - The certificate must expire at this point in time.
- The timestamp is formatted as an ASN.1 TIME.
- This is only used by the C(assertonly) provider.
aliases: [ notAfter ] aliases: [ notAfter ]
valid_in: valid_in:
description: description:
- The certificate must still be valid in I(valid_in) seconds from now. - The certificate must still be valid in I(valid_in) seconds from now.
- This is only used by the C(assertonly) provider.
key_usage: key_usage:
description: description:
- The I(key_usage) extension field must contain all these values. - The I(key_usage) extension field must contain all these values.
- This is only used by the C(assertonly) provider.
aliases: [ keyUsage ] aliases: [ keyUsage ]
key_usage_strict: key_usage_strict:
@ -222,11 +255,13 @@ options:
type: bool type: bool
description: description:
- If set to True, the I(key_usage) extension field must contain only these values. - If set to True, the I(key_usage) extension field must contain only these values.
- This is only used by the C(assertonly) provider.
aliases: [ keyUsage_strict ] aliases: [ keyUsage_strict ]
extended_key_usage: extended_key_usage:
description: description:
- The I(extended_key_usage) extension field must contain all these values. - The I(extended_key_usage) extension field must contain all these values.
- This is only used by the C(assertonly) provider.
aliases: [ extendedKeyUsage ] aliases: [ extendedKeyUsage ]
extended_key_usage_strict: extended_key_usage_strict:
@ -234,11 +269,13 @@ options:
type: bool type: bool
description: description:
- If set to True, the I(extended_key_usage) extension field must contain only these values. - If set to True, the I(extended_key_usage) extension field must contain only these values.
- This is only used by the C(assertonly) provider.
aliases: [ extendedKeyUsage_strict ] aliases: [ extendedKeyUsage_strict ]
subject_alt_name: subject_alt_name:
description: description:
- The I(subject_alt_name) extension field must contain these values. - The I(subject_alt_name) extension field must contain these values.
- This is only used by the C(assertonly) provider.
aliases: [ subjectAltName ] aliases: [ subjectAltName ]
subject_alt_name_strict: subject_alt_name_strict:
@ -246,6 +283,7 @@ options:
type: bool type: bool
description: description:
- If set to True, the I(subject_alt_name) extension field must contain only these values. - If set to True, the I(subject_alt_name) extension field must contain only these values.
- This is only used by the C(assertonly) provider.
aliases: [ subjectAltName_strict ] aliases: [ subjectAltName_strict ]
extends_documentation_fragment: files extends_documentation_fragment: files
notes: notes:
@ -995,6 +1033,8 @@ def main():
# General properties of a certificate # General properties of a certificate
privatekey_path=dict(type='path'), privatekey_path=dict(type='path'),
privatekey_passphrase=dict(type='str', no_log=True), privatekey_passphrase=dict(type='str', no_log=True),
# provider: assertonly
signature_algorithms=dict(type='list'), signature_algorithms=dict(type='list'),
subject=dict(type='dict'), subject=dict(type='dict'),
subject_strict=dict(type='bool', default=False), subject_strict=dict(type='bool', default=False),

Loading…
Cancel
Save