standardize TLS connection properties (#54315)

* openstack: standardize tls params

* tower: tower_verify_ssl->validate_certs

* docker: use standard tls config params

- cacert_path -> ca_cert
- cert_path -> client_cert
- key_path -> client_key
- tls_verify -> validate_certs

* k8s: standardize tls connection params

- verify_ssl -> validate_certs
- ssl_ca_cert -> ca_cert
- cert_file -> client_cert
- key_file -> client_key

* ingate: verify_ssl -> validate_certs

* manageiq: standardize tls params

- verify_ssl -> validate_certs
- ca_bundle_path -> ca_cert

* mysql: standardize tls params

- ssl_ca -> ca_cert
- ssl_cert -> client_cert
- ssl_key -> client_key

* nios: ssl_verify -> validate_certs

* postgresql: ssl_rootcert -> ca_cert

* rabbitmq: standardize tls params

- cacert -> ca_cert
- cert -> client_cert
- key -> client_key

* rackspace: verify_ssl -> validate_certs

* vca: verify_certs -> validate_certs

* kubevirt_cdi_upload: upload_host_verify_ssl -> upload_host_validate_certs

* lxd: standardize tls params

- key_file -> client_key
- cert_file -> client_cert

* get_certificate: ca_certs -> ca_cert

* get_certificate.py: clarify one or more certs in a file

Co-Authored-By: jamescassell <code@james.cassell.me>

* zabbix: tls_issuer -> ca_cert

* bigip_device_auth_ldap: standardize tls params

- ssl_check_peer -> validate_certs
- ssl_client_cert -> client_cert
- ssl_client_key -> client_key
- ssl_ca_cert -> ca_cert

* vdirect: vdirect_validate_certs -> validate_certs

* mqtt: standardize tls params

- ca_certs -> ca_cert
- certfile -> client_cert
- keyfile -> client_key

* pulp_repo: standardize tls params

remove `importer_ssl` prefix

* rhn_register: sslcacert -> ca_cert

* yum_repository: standardize tls params

The fix for yum_repository is not straightforward since this module is
only a thin wrapper for the underlying commands and config.  In this
case, we add the new values as aliases, keeping the old as primary,
only due to the internal structure of the module.

Aliases added:
- sslcacert -> ca_cert
- sslclientcert -> client_cert
- sslclientkey -> client_key
- sslverify -> validate_certs

* gitlab_hook: enable_ssl_verification -> hook_validate_certs

* Adjust arguments for docker_swarm inventory plugin.

* foreman callback: standardize tls params

- ssl_cert -> client_cert
- ssl_key -> client_key

* grafana_annotations: validate_grafana_certs -> validate_certs

* nrdp callback: validate_nrdp_certs -> validate_certs

* kubectl connection: standardize tls params

- kubectl_cert_file -> client_cert
- kubectl_key_file -> client_key
- kubectl_ssl_ca_cert -> ca_cert
- kubectl_verify_ssl -> validate_certs

* oc connection: standardize tls params

- oc_cert_file -> client_cert
- oc_key_file -> client_key
- oc_ssl_ca_cert -> ca_cert
- oc_verify_ssl -> validate_certs

* psrp connection: cert_trust_path -> ca_cert

TODO: cert_validation -> validate_certs (multi-valued vs bool)

* k8s inventory: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* openshift inventory: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* tower inventory: verify_ssl -> validate_certs

* hashi_vault lookup: cacert -> ca_cert

* k8s lookup: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* laps_passord lookup: cacert_file -> ca_cert

* changelog for TLS parameter standardization
pull/54606/head
James Cassell 6 years ago committed by Adam Miller
parent 85d836171b
commit bc4ef99533

@ -0,0 +1,13 @@
---
minor_changes:
- |
Modules and plugins have been standardized on a well-defined set of
TLS-related parameters. The old names remain as aliases for compatibility.
In general, the new names will override the old names if both are specified.
The standard names are:
- ``client_cert``: certificate for client identity, might also include the private key
- ``client_key``: private key for ``client_cert``
- ``ca_cert``: public key to validate server's identity, usually a root certificate
- ``validate_certs``: boolean to enable or disable certificate validity checking

@ -70,7 +70,7 @@ def tower_auth_config(module):
password = module.params.pop('tower_password', None) password = module.params.pop('tower_password', None)
if password: if password:
auth_config['password'] = password auth_config['password'] = password
verify_ssl = module.params.pop('tower_verify_ssl', None) verify_ssl = module.params.pop('validate_certs', None)
if verify_ssl is not None: if verify_ssl is not None:
auth_config['verify_ssl'] = verify_ssl auth_config['verify_ssl'] = verify_ssl
return auth_config return auth_config
@ -92,7 +92,7 @@ class TowerModule(AnsibleModule):
tower_host=dict(), tower_host=dict(),
tower_username=dict(), tower_username=dict(),
tower_password=dict(no_log=True), tower_password=dict(no_log=True),
tower_verify_ssl=dict(type='bool'), validate_certs=dict(type='bool', aliases=['tower_verify_ssl']),
tower_config_file=dict(type='path'), tower_config_file=dict(type='path'),
) )
args.update(argument_spec) args.update(argument_spec)
@ -102,7 +102,7 @@ class TowerModule(AnsibleModule):
('tower_config_file', 'tower_host'), ('tower_config_file', 'tower_host'),
('tower_config_file', 'tower_username'), ('tower_config_file', 'tower_username'),
('tower_config_file', 'tower_password'), ('tower_config_file', 'tower_password'),
('tower_config_file', 'tower_verify_ssl'), ('tower_config_file', 'validate_certs'),
)) ))
super(TowerModule, self).__init__(argument_spec=args, **kwargs) super(TowerModule, self).__init__(argument_spec=args, **kwargs)

@ -84,19 +84,19 @@ DOCKER_COMMON_ARGS = dict(
tls_hostname=dict(type='str', default=DEFAULT_TLS_HOSTNAME, fallback=(env_fallback, ['DOCKER_TLS_HOSTNAME'])), tls_hostname=dict(type='str', default=DEFAULT_TLS_HOSTNAME, fallback=(env_fallback, ['DOCKER_TLS_HOSTNAME'])),
api_version=dict(type='str', default='auto', fallback=(env_fallback, ['DOCKER_API_VERSION']), aliases=['docker_api_version']), api_version=dict(type='str', default='auto', fallback=(env_fallback, ['DOCKER_API_VERSION']), aliases=['docker_api_version']),
timeout=dict(type='int', default=DEFAULT_TIMEOUT_SECONDS, fallback=(env_fallback, ['DOCKER_TIMEOUT'])), timeout=dict(type='int', default=DEFAULT_TIMEOUT_SECONDS, fallback=(env_fallback, ['DOCKER_TIMEOUT'])),
cacert_path=dict(type='path', aliases=['tls_ca_cert']), ca_cert=dict(type='path', aliases=['tls_ca_cert', 'cacert_path']),
cert_path=dict(type='path', aliases=['tls_client_cert']), client_cert=dict(type='path', aliases=['tls_client_cert', 'cert_path']),
key_path=dict(type='path', aliases=['tls_client_key']), client_key=dict(type='path', aliases=['tls_client_key', 'key_path']),
ssl_version=dict(type='str', fallback=(env_fallback, ['DOCKER_SSL_VERSION'])), ssl_version=dict(type='str', fallback=(env_fallback, ['DOCKER_SSL_VERSION'])),
tls=dict(type='bool', default=DEFAULT_TLS, fallback=(env_fallback, ['DOCKER_TLS'])), tls=dict(type='bool', default=DEFAULT_TLS, fallback=(env_fallback, ['DOCKER_TLS'])),
tls_verify=dict(type='bool', default=DEFAULT_TLS_VERIFY, fallback=(env_fallback, ['DOCKER_TLS_VERIFY'])), validate_certs=dict(type='bool', default=DEFAULT_TLS_VERIFY, fallback=(env_fallback, ['DOCKER_TLS_VERIFY']), aliases=['tls_verify']),
debug=dict(type='bool', default=False) debug=dict(type='bool', default=False)
) )
DOCKER_MUTUALLY_EXCLUSIVE = [] DOCKER_MUTUALLY_EXCLUSIVE = []
DOCKER_REQUIRED_TOGETHER = [ DOCKER_REQUIRED_TOGETHER = [
['cert_path', 'key_path'] ['client_cert', 'client_key']
] ]
DEFAULT_DOCKER_REGISTRY = 'https://index.docker.io/v1/' DEFAULT_DOCKER_REGISTRY = 'https://index.docker.io/v1/'
@ -406,7 +406,7 @@ class AnsibleDockerClient(Client):
if use_tls == 'encrypt': if use_tls == 'encrypt':
params['tls'] = True params['tls'] = True
if use_tls == 'verify': if use_tls == 'verify':
params['tls_verify'] = True params['validate_certs'] = True
result = dict( result = dict(
docker_host=self._get_value('docker_host', params['docker_host'], 'DOCKER_HOST', docker_host=self._get_value('docker_host', params['docker_host'], 'DOCKER_HOST',
@ -415,12 +415,12 @@ class AnsibleDockerClient(Client):
'DOCKER_TLS_HOSTNAME', DEFAULT_TLS_HOSTNAME), 'DOCKER_TLS_HOSTNAME', DEFAULT_TLS_HOSTNAME),
api_version=self._get_value('api_version', params['api_version'], 'DOCKER_API_VERSION', api_version=self._get_value('api_version', params['api_version'], 'DOCKER_API_VERSION',
'auto'), 'auto'),
cacert_path=self._get_value('cacert_path', params['cacert_path'], 'DOCKER_CERT_PATH', None), cacert_path=self._get_value('cacert_path', params['ca_cert'], 'DOCKER_CERT_PATH', None),
cert_path=self._get_value('cert_path', params['cert_path'], 'DOCKER_CERT_PATH', None), cert_path=self._get_value('cert_path', params['client_cert'], 'DOCKER_CERT_PATH', None),
key_path=self._get_value('key_path', params['key_path'], 'DOCKER_CERT_PATH', None), key_path=self._get_value('key_path', params['client_key'], 'DOCKER_CERT_PATH', None),
ssl_version=self._get_value('ssl_version', params['ssl_version'], 'DOCKER_SSL_VERSION', None), ssl_version=self._get_value('ssl_version', params['ssl_version'], 'DOCKER_SSL_VERSION', None),
tls=self._get_value('tls', params['tls'], 'DOCKER_TLS', DEFAULT_TLS), tls=self._get_value('tls', params['tls'], 'DOCKER_TLS', DEFAULT_TLS),
tls_verify=self._get_value('tls_verfy', params['tls_verify'], 'DOCKER_TLS_VERIFY', tls_verify=self._get_value('tls_verfy', params['validate_certs'], 'DOCKER_TLS_VERIFY',
DEFAULT_TLS_VERIFY), DEFAULT_TLS_VERIFY),
timeout=self._get_value('timeout', params['timeout'], 'DOCKER_TIMEOUT', timeout=self._get_value('timeout', params['timeout'], 'DOCKER_TIMEOUT',
DEFAULT_TIMEOUT_SECONDS), DEFAULT_TIMEOUT_SECONDS),

@ -106,17 +106,21 @@ AUTH_ARG_SPEC = {
'password': { 'password': {
'no_log': True, 'no_log': True,
}, },
'verify_ssl': { 'validate_certs': {
'type': 'bool', 'type': 'bool',
'aliases': ['verify_ssl'],
}, },
'ssl_ca_cert': { 'ca_cert': {
'type': 'path', 'type': 'path',
'aliases': ['ssl_ca_cert'],
}, },
'cert_file': { 'client_cert': {
'type': 'path', 'type': 'path',
'aliases': ['cert_file'],
}, },
'key_file': { 'client_key': {
'type': 'path', 'type': 'path',
'aliases': ['key_file'],
}, },
} }

@ -47,8 +47,8 @@ def manageiq_argument_spec():
username=dict(default=os.environ.get('MIQ_USERNAME', None)), username=dict(default=os.environ.get('MIQ_USERNAME', None)),
password=dict(default=os.environ.get('MIQ_PASSWORD', None), no_log=True), password=dict(default=os.environ.get('MIQ_PASSWORD', None), no_log=True),
token=dict(default=os.environ.get('MIQ_TOKEN', None), no_log=True), token=dict(default=os.environ.get('MIQ_TOKEN', None), no_log=True),
verify_ssl=dict(default=True, type='bool'), validate_certs=dict(default=True, type='bool', aliases=['verify_ssl']),
ca_bundle_path=dict(required=False, default=None), ca_cert=dict(required=False, default=None, aliases=['ca_bundle_path']),
) )
return dict( return dict(
@ -103,8 +103,8 @@ class ManageIQ(object):
username = params['username'] username = params['username']
password = params['password'] password = params['password']
token = params['token'] token = params['token']
verify_ssl = params['verify_ssl'] verify_ssl = params['validate_certs']
ca_bundle_path = params['ca_bundle_path'] ca_bundle_path = params['ca_cert']
self._module = module self._module = module
self._api_url = url + '/api' self._api_url = url + '/api'

@ -67,7 +67,7 @@ NIOS_PROVIDER_SPEC = {
'host': dict(fallback=(env_fallback, ['INFOBLOX_HOST'])), 'host': dict(fallback=(env_fallback, ['INFOBLOX_HOST'])),
'username': dict(fallback=(env_fallback, ['INFOBLOX_USERNAME'])), 'username': dict(fallback=(env_fallback, ['INFOBLOX_USERNAME'])),
'password': dict(fallback=(env_fallback, ['INFOBLOX_PASSWORD']), no_log=True), 'password': dict(fallback=(env_fallback, ['INFOBLOX_PASSWORD']), no_log=True),
'ssl_verify': dict(type='bool', default=False, fallback=(env_fallback, ['INFOBLOX_SSL_VERIFY'])), 'validate_certs': dict(type='bool', default=False, fallback=(env_fallback, ['INFOBLOX_SSL_VERIFY']), aliases=['ssl_verify']),
'silent_ssl_warnings': dict(type='bool', default=True), 'silent_ssl_warnings': dict(type='bool', default=True),
'http_request_timeout': dict(type='int', default=10, fallback=(env_fallback, ['INFOBLOX_HTTP_REQUEST_TIMEOUT'])), 'http_request_timeout': dict(type='int', default=10, fallback=(env_fallback, ['INFOBLOX_HTTP_REQUEST_TIMEOUT'])),
'http_pool_connections': dict(type='int', default=10), 'http_pool_connections': dict(type='int', default=10),
@ -89,7 +89,7 @@ def get_connector(*args, **kwargs):
'to be installed. It can be installed using the ' 'to be installed. It can be installed using the '
'command `pip install infoblox-client`') 'command `pip install infoblox-client`')
if not set(kwargs.keys()).issubset(NIOS_PROVIDER_SPEC.keys()): if not set(kwargs.keys()).issubset(list(NIOS_PROVIDER_SPEC.keys()) + ['ssl_verify']):
raise Exception('invalid or unsupported keyword argument for connector') raise Exception('invalid or unsupported keyword argument for connector')
for key, value in iteritems(NIOS_PROVIDER_SPEC): for key, value in iteritems(NIOS_PROVIDER_SPEC):
if key not in kwargs: if key not in kwargs:
@ -104,6 +104,10 @@ def get_connector(*args, **kwargs):
if env in os.environ: if env in os.environ:
kwargs[key] = os.environ.get(env) kwargs[key] = os.environ.get(env)
if 'validate_certs' in kwargs.keys():
kwargs['ssl_verify'] = kwargs['validate_certs']
kwargs.pop('validate_certs', None)
return Connector(kwargs) return Connector(kwargs)

@ -23,7 +23,7 @@ def ingate_argument_spec(**kwargs):
password=dict(type='str', required=True, no_log=True), password=dict(type='str', required=True, no_log=True),
port=dict(type='int'), port=dict(type='int'),
timeout=dict(type='int'), timeout=dict(type='int'),
verify_ssl=dict(default=True, type='bool'), validate_certs=dict(default=True, type='bool', aliases=['verify_ssl']),
) )
argument_spec = dict( argument_spec = dict(
client=dict(type='dict', required=True, client=dict(type='dict', required=True,
@ -56,7 +56,7 @@ def ingate_create_client_noauth(**kwargs):
timeout=client_params['timeout']) timeout=client_params['timeout'])
# Check if we should skip SSL Certificate verification. # Check if we should skip SSL Certificate verification.
verify_ssl = client_params.get('verify_ssl') verify_ssl = client_params.get('validate_certs')
if not verify_ssl: if not verify_ssl:
api_client.skip_verify_certificate() api_client.skip_verify_certificate()

@ -81,10 +81,10 @@ def openstack_full_argument_spec(**kwargs):
auth=dict(default=None, type='dict', no_log=True), auth=dict(default=None, type='dict', no_log=True),
region_name=dict(default=None), region_name=dict(default=None),
availability_zone=dict(default=None), availability_zone=dict(default=None),
verify=dict(default=None, type='bool', aliases=['validate_certs']), validate_certs=dict(default=None, type='bool', aliases=['verify']),
cacert=dict(default=None), ca_cert=dict(default=None, aliases=['cacert']),
cert=dict(default=None), client_cert=dict(default=None, aliases=['cert']),
key=dict(default=None, no_log=True), client_key=dict(default=None, no_log=True, aliases=['key']),
wait=dict(default=True, type='bool'), wait=dict(default=True, type='bool'),
timeout=dict(default=180, type='int'), timeout=dict(default=180, type='int'),
api_timeout=dict(default=None, type='int'), api_timeout=dict(default=None, type='int'),
@ -133,8 +133,8 @@ def openstack_cloud_from_module(module, min_version='0.12.0'):
" config dict is provided, {param} should be" " config dict is provided, {param} should be"
" excluded.") " excluded.")
for param in ( for param in (
'auth', 'region_name', 'verify', 'auth', 'region_name', 'validate_certs',
'cacert', 'key', 'api_timeout', 'auth_type'): 'ca_cert', 'client_key', 'api_timeout', 'auth_type'):
if module.params[param] is not None: if module.params[param] is not None:
module.fail_json(msg=fail_message.format(param=param)) module.fail_json(msg=fail_message.format(param=param))
# For 'interface' parameter, fail if we receive a non-default value # For 'interface' parameter, fail if we receive a non-default value
@ -147,9 +147,9 @@ def openstack_cloud_from_module(module, min_version='0.12.0'):
auth_type=module.params['auth_type'], auth_type=module.params['auth_type'],
auth=module.params['auth'], auth=module.params['auth'],
region_name=module.params['region_name'], region_name=module.params['region_name'],
verify=module.params['verify'], verify=module.params['validate_certs'],
cacert=module.params['cacert'], cacert=module.params['ca_cert'],
key=module.params['key'], key=module.params['client_key'],
api_timeout=module.params['api_timeout'], api_timeout=module.params['api_timeout'],
interface=module.params['interface'], interface=module.params['interface'],
) )

@ -43,7 +43,7 @@ def ensure_libs(sslrootcert=None):
if not HAS_PSYCOPG2: if not HAS_PSYCOPG2:
raise LibraryError('psycopg2 is not installed. we need psycopg2.') raise LibraryError('psycopg2 is not installed. we need psycopg2.')
if sslrootcert and psycopg2.__version__ < '2.4.3': if sslrootcert and psycopg2.__version__ < '2.4.3':
raise LibraryError('psycopg2 must be at least 2.4.3 in order to use the ssl_rootcert parameter') raise LibraryError('psycopg2 must be at least 2.4.3 in order to use the ca_cert parameter')
# no problems # no problems
return None return None
@ -57,5 +57,5 @@ def postgres_common_argument_spec():
login_unix_socket=dict(default=''), login_unix_socket=dict(default=''),
port=dict(type='int', default=5432), port=dict(type='int', default=5432),
ssl_mode=dict(default='prefer', choices=['disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']), ssl_mode=dict(default='prefer', choices=['disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(), ca_cert=dict(aliases=['ssl_rootcert']),
) )

@ -32,9 +32,9 @@ def rabbitmq_argument_spec():
login_host=dict(type='str', default='localhost'), login_host=dict(type='str', default='localhost'),
login_port=dict(type='str', default='15672'), login_port=dict(type='str', default='15672'),
login_protocol=dict(type='str', default='http', choices=['http', 'https']), login_protocol=dict(type='str', default='http', choices=['http', 'https']),
cacert=dict(type='path'), ca_cert=dict(type='path', aliases=['cacert']),
cert=dict(type='path'), client_cert=dict(type='path', aliases=['cert']),
key=dict(type='path'), client_key=dict(type='path', aliases=['key']),
vhost=dict(type='str', default='/'), vhost=dict(type='str', default='/'),
) )

@ -251,7 +251,7 @@ def rax_argument_spec():
tenant_id=dict(type='str'), tenant_id=dict(type='str'),
tenant_name=dict(type='str'), tenant_name=dict(type='str'),
username=dict(type='str'), username=dict(type='str'),
verify_ssl=dict(type='bool'), validate_certs=dict(type='bool', aliases=['verify_ssl']),
) )
@ -275,7 +275,7 @@ def setup_rax_module(module, rax_module, region_required=True):
tenant_id = module.params.get('tenant_id') tenant_id = module.params.get('tenant_id')
tenant_name = module.params.get('tenant_name') tenant_name = module.params.get('tenant_name')
username = module.params.get('username') username = module.params.get('username')
verify_ssl = module.params.get('verify_ssl') verify_ssl = module.params.get('validate_certs')
if env is not None: if env is not None:
rax_module.set_environment(env) rax_module.set_environment(env)

@ -53,7 +53,7 @@ def vca_argument_spec():
service_type=dict(default=DEFAULT_SERVICE_TYPE, choices=SERVICE_MAP.keys()), service_type=dict(default=DEFAULT_SERVICE_TYPE, choices=SERVICE_MAP.keys()),
vdc_name=dict(), vdc_name=dict(),
gateway_name=dict(default='gateway'), gateway_name=dict(default='gateway'),
verify_certs=dict(type='bool', default=True) validate_certs=dict(type='bool', default=True, aliases=['verify_certs'])
) )
@ -130,7 +130,7 @@ class VcaAnsibleModule(AnsibleModule):
if service_type == 'vchs': if service_type == 'vchs':
version = '5.6' version = '5.6'
verify = self.params.get('verify_certs') verify = self.params.get('validate_certs')
return VCA(host=host, username=username, return VCA(host=host, username=username,
service_type=SERVICE_MAP[service_type], service_type=SERVICE_MAP[service_type],
@ -293,7 +293,7 @@ def vca_login(module):
vdc_name = module.params.get('vdc_name') vdc_name = module.params.get('vdc_name')
service = module.params.get('service_id') service = module.params.get('service_id')
version = module.params.get('api_version') version = module.params.get('api_version')
verify = module.params.get('verify_certs') verify = module.params.get('validate_certs')
_validate_module(module) _validate_module(module)

@ -41,11 +41,12 @@ options:
description: description:
- URL containing the host and port on which the CDI Upload Proxy is available. - URL containing the host and port on which the CDI Upload Proxy is available.
- "More info: U(https://github.com/kubevirt/containerized-data-importer/blob/master/doc/upload.md#expose-cdi-uploadproxy-service)" - "More info: U(https://github.com/kubevirt/containerized-data-importer/blob/master/doc/upload.md#expose-cdi-uploadproxy-service)"
upload_host_verify_ssl: upload_host_validate_certs:
description: description:
- Whether or not to verify the CDI Upload Proxy's SSL certificates against your system's CA trust store. - Whether or not to verify the CDI Upload Proxy's SSL certificates against your system's CA trust store.
default: true default: true
type: bool type: bool
aliases: [ upload_host_verify_ssl ]
path: path:
description: description:
- Path of local image file to transfer. - Path of local image file to transfer.
@ -71,7 +72,7 @@ EXAMPLES = '''
pvc_namespace: default pvc_namespace: default
pvc_name: pvc-vm1 pvc_name: pvc-vm1
upload_host: https://localhost:8443 upload_host: https://localhost:8443
upload_host_verify_ssl: false upload_host_validate_certs: false
path: /tmp/cirros-0.4.0-x86_64-disk.img path: /tmp/cirros-0.4.0-x86_64-disk.img
''' '''
@ -97,9 +98,10 @@ SERVICE_ARG_SPEC = {
'pvc_name': {'required': True}, 'pvc_name': {'required': True},
'pvc_namespace': {'required': True}, 'pvc_namespace': {'required': True},
'upload_host': {'required': True}, 'upload_host': {'required': True},
'upload_host_verify_ssl': { 'upload_host_validate_certs': {
'type': 'bool', 'type': 'bool',
'default': True 'default': True,
'aliases': ['upload_host_verify_ssl']
}, },
'path': {'required': True}, 'path': {'required': True},
'merge_type': { 'merge_type': {
@ -135,7 +137,7 @@ class KubeVirtCDIUpload(KubernetesRawModule):
pvc_name = self.params.get('pvc_name') pvc_name = self.params.get('pvc_name')
pvc_namespace = self.params.get('pvc_namespace') pvc_namespace = self.params.get('pvc_namespace')
upload_host = self.params.get('upload_host') upload_host = self.params.get('upload_host')
upload_host_verify_ssl = self.params.get('upload_host_verify_ssl') upload_host_verify_ssl = self.params.get('upload_host_validate_certs')
path = self.params.get('path') path = self.params.get('path')
definition = defaultdict(defaultdict) definition = defaultdict(defaultdict)

@ -112,16 +112,18 @@ options:
required: false required: false
default: unix:/var/snap/lxd/common/lxd/unix.socket default: unix:/var/snap/lxd/common/lxd/unix.socket
version_added: '2.8' version_added: '2.8'
key_file: client_key:
description: description:
- The client certificate key file path. - The client certificate key file path.
required: false required: false
default: '"{}/.config/lxc/client.key" .format(os.environ["HOME"])' default: '"{}/.config/lxc/client.key" .format(os.environ["HOME"])'
cert_file: aliases: [ key_file ]
client_cert:
description: description:
- The client certificate file path. - The client certificate file path.
required: false required: false
default: '"{}/.config/lxc/client.crt" .format(os.environ["HOME"])' default: '"{}/.config/lxc/client.crt" .format(os.environ["HOME"])'
aliases: [ cert_file ]
trust_password: trust_password:
description: description:
- The client trusted password. - The client trusted password.
@ -204,9 +206,9 @@ EXAMPLES = '''
- name: Restart a container - name: Restart a container
lxd_container: lxd_container:
url: https://127.0.0.1:8443 url: https://127.0.0.1:8443
# These cert_file and key_file values are equal to the default values. # These client_cert and client_key values are equal to the default values.
#cert_file: "{{ lookup('env', 'HOME') }}/.config/lxc/client.crt" #client_cert: "{{ lookup('env', 'HOME') }}/.config/lxc/client.crt"
#key_file: "{{ lookup('env', 'HOME') }}/.config/lxc/client.key" #client_key: "{{ lookup('env', 'HOME') }}/.config/lxc/client.key"
trust_password: mypassword trust_password: mypassword
name: mycontainer name: mycontainer
state: restarted state: restarted
@ -298,8 +300,8 @@ class LXDContainerManagement(object):
self.force_stop = self.module.params['force_stop'] self.force_stop = self.module.params['force_stop']
self.addresses = None self.addresses = None
self.key_file = self.module.params.get('key_file', None) self.key_file = self.module.params.get('client_key', None)
self.cert_file = self.module.params.get('cert_file', None) self.cert_file = self.module.params.get('client_cert', None)
self.debug = self.module._verbosity >= 4 self.debug = self.module._verbosity >= 4
try: try:
@ -601,13 +603,15 @@ def main():
type='str', type='str',
default='unix:/var/snap/lxd/common/lxd/unix.socket' default='unix:/var/snap/lxd/common/lxd/unix.socket'
), ),
key_file=dict( client_key=dict(
type='str', type='str',
default='{0}/.config/lxc/client.key'.format(os.environ['HOME']) default='{0}/.config/lxc/client.key'.format(os.environ['HOME']),
aliases=['key_file']
), ),
cert_file=dict( client_cert=dict(
type='str', type='str',
default='{0}/.config/lxc/client.crt'.format(os.environ['HOME']) default='{0}/.config/lxc/client.crt'.format(os.environ['HOME']),
aliases=['cert_file']
), ),
trust_password=dict(type='str', no_log=True) trust_password=dict(type='str', no_log=True)
), ),

@ -73,16 +73,18 @@ options:
required: false required: false
default: unix:/var/snap/lxd/common/lxd/unix.socket default: unix:/var/snap/lxd/common/lxd/unix.socket
version_added: '2.8' version_added: '2.8'
key_file: client_key:
description: description:
- The client certificate key file path. - The client certificate key file path.
required: false required: false
default: '"{}/.config/lxc/client.key" .format(os.environ["HOME"])' default: '"{}/.config/lxc/client.key" .format(os.environ["HOME"])'
cert_file: aliases: [ key_file ]
client_cert:
description: description:
- The client certificate file path. - The client certificate file path.
required: false required: false
default: '"{}/.config/lxc/client.crt" .format(os.environ["HOME"])' default: '"{}/.config/lxc/client.crt" .format(os.environ["HOME"])'
aliases: [ cert_file ]
trust_password: trust_password:
description: description:
- The client trusted password. - The client trusted password.
@ -123,9 +125,9 @@ EXAMPLES = '''
- name: create macvlan profile - name: create macvlan profile
lxd_profile: lxd_profile:
url: https://127.0.0.1:8443 url: https://127.0.0.1:8443
# These cert_file and key_file values are equal to the default values. # These client_cert and client_key values are equal to the default values.
#cert_file: "{{ lookup('env', 'HOME') }}/.config/lxc/client.crt" #client_cert: "{{ lookup('env', 'HOME') }}/.config/lxc/client.crt"
#key_file: "{{ lookup('env', 'HOME') }}/.config/lxc/client.key" #client_key: "{{ lookup('env', 'HOME') }}/.config/lxc/client.key"
trust_password: mypassword trust_password: mypassword
name: macvlan name: macvlan
state: present state: present
@ -205,8 +207,8 @@ class LXDProfileManagement(object):
self.state = self.module.params['state'] self.state = self.module.params['state']
self.new_name = self.module.params.get('new_name', None) self.new_name = self.module.params.get('new_name', None)
self.key_file = self.module.params.get('key_file', None) self.key_file = self.module.params.get('client_key', None)
self.cert_file = self.module.params.get('cert_file', None) self.cert_file = self.module.params.get('client_cert', None)
self.debug = self.module._verbosity >= 4 self.debug = self.module._verbosity >= 4
try: try:
@ -370,13 +372,15 @@ def main():
type='str', type='str',
default='unix:/var/snap/lxd/common/lxd/unix.socket' default='unix:/var/snap/lxd/common/lxd/unix.socket'
), ),
key_file=dict( client_key=dict(
type='str', type='str',
default='{0}/.config/lxc/client.key'.format(os.environ['HOME']) default='{0}/.config/lxc/client.key'.format(os.environ['HOME']),
aliases=['key_file']
), ),
cert_file=dict( client_cert=dict(
type='str', type='str',
default='{0}/.config/lxc/client.crt'.format(os.environ['HOME']) default='{0}/.config/lxc/client.crt'.format(os.environ['HOME']),
aliases=['cert_file']
), ),
trust_password=dict(type='str', no_log=True) trust_password=dict(type='str', no_log=True)
), ),

@ -53,15 +53,17 @@ options:
password: password:
description: description:
- Provide a password for authenticating with the API server. - Provide a password for authenticating with the API server.
ssl_ca_cert: ca_cert:
description: description:
- "Path to a CA certificate file used to verify connection to the API server. The full certificate chain - "Path to a CA certificate file used to verify connection to the API server. The full certificate chain
must be provided to avoid certificate validation errors." must be provided to avoid certificate validation errors."
verify_ssl: aliases: [ ssl_ca_cert ]
validate_certs:
description: description:
- "Whether or not to verify the API server's SSL certificates." - "Whether or not to verify the API server's SSL certificates."
type: bool type: bool
default: true default: true
aliases: [ verify_ssl ]
api_key: api_key:
description: description:
- When C(state) is set to I(absent), this specifies the token to revoke. - When C(state) is set to I(absent), this specifies the token to revoke.
@ -78,7 +80,7 @@ EXAMPLES = '''
module_defaults: module_defaults:
group/k8s: group/k8s:
host: https://k8s.example.com/ host: https://k8s.example.com/
ssl_ca_cert: ca.pem ca_cert: ca.pem
tasks: tasks:
- block: - block:
# It's good practice to store login credentials in a secure vault and not # It's good practice to store login credentials in a secure vault and not
@ -124,11 +126,11 @@ k8s_auth:
description: URL for accessing the API server. description: URL for accessing the API server.
returned: success returned: success
type: str type: str
ssl_ca_cert: ca_cert:
description: Path to a CA certificate file used to verify connection to the API server. description: Path to a CA certificate file used to verify connection to the API server.
returned: success returned: success
type: str type: str
verify_ssl: validate_certs:
description: "Whether or not to verify the API server's SSL certificates." description: "Whether or not to verify the API server's SSL certificates."
returned: success returned: success
type: bool type: bool
@ -172,10 +174,11 @@ K8S_AUTH_ARG_SPEC = {
'host': {'required': True}, 'host': {'required': True},
'username': {}, 'username': {},
'password': {'no_log': True}, 'password': {'no_log': True},
'ssl_ca_cert': {'type': 'path'}, 'ca_cert': {'type': 'path', 'aliases': ['ssl_ca_cert']},
'verify_ssl': { 'validate_certs': {
'type': 'bool', 'type': 'bool',
'default': True 'default': True,
'aliases': ['verify_ssl']
}, },
'api_key': {'no_log': True}, 'api_key': {'no_log': True},
} }
@ -203,8 +206,8 @@ class KubernetesAuthModule(AnsibleModule):
def execute_module(self): def execute_module(self):
state = self.params.get('state') state = self.params.get('state')
verify_ssl = self.params.get('verify_ssl') verify_ssl = self.params.get('validate_certs')
ssl_ca_cert = self.params.get('ssl_ca_cert') ssl_ca_cert = self.params.get('ca_cert')
self.auth_username = self.params.get('username') self.auth_username = self.params.get('username')
self.auth_password = self.params.get('password') self.auth_password = self.params.get('password')
@ -224,8 +227,8 @@ class KubernetesAuthModule(AnsibleModule):
new_api_key = self.openshift_login() new_api_key = self.openshift_login()
result = dict( result = dict(
host=self.con_host, host=self.con_host,
verify_ssl=verify_ssl, validate_certs=verify_ssl,
ssl_ca_cert=ssl_ca_cert, ca_cert=ssl_ca_cert,
api_key=new_api_key, api_key=new_api_key,
username=self.auth_username, username=self.auth_username,
) )

@ -24,11 +24,12 @@ options:
- The host to get the cert for (IP is fine) - The host to get the cert for (IP is fine)
type: str type: str
required: true required: true
ca_certs: ca_cert:
description: description:
- A PEM file containing a list of root certificates; if present, the cert will be validated against these root certs. - A PEM file containing one or more root certificates; if present, the cert will be validated against these root certs.
- Note that this only validates the certificate is signed by the chain; not that the cert is valid for the host presenting it. - Note that this only validates the certificate is signed by the chain; not that the cert is valid for the host presenting it.
type: path type: path
aliases: [ ca_certs ]
port: port:
description: description:
- The port to connect to - The port to connect to
@ -41,7 +42,7 @@ options:
default: 10 default: 10
notes: notes:
- When using ca_certs on OS X it has been reported that in some conditions the validate will always succeed. - When using ca_cert on OS X it has been reported that in some conditions the validate will always succeed.
requirements: requirements:
- "python >= 2.6" - "python >= 2.6"
@ -130,14 +131,14 @@ else:
def main(): def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=dict( argument_spec=dict(
ca_certs=dict(type='path'), ca_cert=dict(type='path', aliases=['ca_certs']),
host=dict(type='str', required=True), host=dict(type='str', required=True),
port=dict(type='int', required=True), port=dict(type='int', required=True),
timeout=dict(type='int', default=10), timeout=dict(type='int', default=10),
), ),
) )
ca_certs = module.params.get('ca_certs') ca_certs = module.params.get('ca_cert')
host = module.params.get('host') host = module.params.get('host')
port = module.params.get('port') port = module.params.get('port')
timeout = module.params.get('timeout') timeout = module.params.get('timeout')
@ -154,7 +155,7 @@ def main():
if ca_certs: if ca_certs:
if not isfile(ca_certs): if not isfile(ca_certs):
module.fail_json(msg="ca_certs file does not exist") module.fail_json(msg="ca_cert file does not exist")
try: try:
cert = get_server_certificate((host, port), ca_certs=ca_certs) cert = get_server_certificate((host, port), ca_certs=ca_certs)

@ -258,9 +258,9 @@ def main():
collation=dict(type='str', default=''), collation=dict(type='str', default=''),
target=dict(type='path'), target=dict(type='path'),
state=dict(type='str', default='present', choices=['absent', 'dump', 'import', 'present']), state=dict(type='str', default='present', choices=['absent', 'dump', 'import', 'present']),
ssl_cert=dict(type='path'), client_cert=dict(type='path', aliases=['ssl_cert']),
ssl_key=dict(type='path'), client_key=dict(type='path', aliases=['ssl_key']),
ssl_ca=dict(type='path'), ca_cert=dict(type='path', aliases=['ssl_ca']),
connect_timeout=dict(type='int', default=30), connect_timeout=dict(type='int', default=30),
config_file=dict(type='path', default='~/.my.cnf'), config_file=dict(type='path', default='~/.my.cnf'),
single_transaction=dict(type='bool', default=False), single_transaction=dict(type='bool', default=False),
@ -282,9 +282,9 @@ def main():
login_port = module.params["login_port"] login_port = module.params["login_port"]
if login_port < 0 or login_port > 65535: if login_port < 0 or login_port > 65535:
module.fail_json(msg="login_port must be a valid unix port number (0-65535)") module.fail_json(msg="login_port must be a valid unix port number (0-65535)")
ssl_cert = module.params["ssl_cert"] ssl_cert = module.params["client_cert"]
ssl_key = module.params["ssl_key"] ssl_key = module.params["client_key"]
ssl_ca = module.params["ssl_ca"] ssl_ca = module.params["ca_cert"]
connect_timeout = module.params['connect_timeout'] connect_timeout = module.params['connect_timeout']
config_file = module.params['config_file'] config_file = module.params['config_file']
login_password = module.params["login_password"] login_password = module.params["login_password"]

@ -220,9 +220,9 @@ def main():
master_ssl_cipher=dict(type='str'), master_ssl_cipher=dict(type='str'),
connect_timeout=dict(type='int', default=30), connect_timeout=dict(type='int', default=30),
config_file=dict(type='path', default='~/.my.cnf'), config_file=dict(type='path', default='~/.my.cnf'),
ssl_cert=dict(type='path'), client_cert=dict(type='path', aliases=['ssl_cert']),
ssl_key=dict(type='path'), client_key=dict(type='path', aliases=['ssl_key']),
ssl_ca=dict(type='path'), ca_cert=dict(type='path', aliases=['ssl_ca']),
) )
) )
mode = module.params["mode"] mode = module.params["mode"]
@ -242,9 +242,9 @@ def main():
master_ssl_key = module.params["master_ssl_key"] master_ssl_key = module.params["master_ssl_key"]
master_ssl_cipher = module.params["master_ssl_cipher"] master_ssl_cipher = module.params["master_ssl_cipher"]
master_auto_position = module.params["master_auto_position"] master_auto_position = module.params["master_auto_position"]
ssl_cert = module.params["ssl_cert"] ssl_cert = module.params["client_cert"]
ssl_key = module.params["ssl_key"] ssl_key = module.params["client_key"]
ssl_ca = module.params["ssl_ca"] ssl_ca = module.params["ca_cert"]
connect_timeout = module.params['connect_timeout'] connect_timeout = module.params['connect_timeout']
config_file = module.params['config_file'] config_file = module.params['config_file']

@ -570,9 +570,9 @@ def main():
connect_timeout=dict(type='int', default=30), connect_timeout=dict(type='int', default=30),
config_file=dict(type='path', default='~/.my.cnf'), config_file=dict(type='path', default='~/.my.cnf'),
sql_log_bin=dict(type='bool', default=True), sql_log_bin=dict(type='bool', default=True),
ssl_cert=dict(type='path'), client_cert=dict(type='path', aliases=['ssl_cert']),
ssl_key=dict(type='path'), client_key=dict(type='path', aliases=['ssl_key']),
ssl_ca=dict(type='path'), ca_cert=dict(type='path', aliases=['ssl_ca']),
), ),
supports_check_mode=True, supports_check_mode=True,
) )
@ -590,9 +590,9 @@ def main():
config_file = module.params['config_file'] config_file = module.params['config_file']
append_privs = module.boolean(module.params["append_privs"]) append_privs = module.boolean(module.params["append_privs"])
update_password = module.params['update_password'] update_password = module.params['update_password']
ssl_cert = module.params["ssl_cert"] ssl_cert = module.params["client_cert"]
ssl_key = module.params["ssl_key"] ssl_key = module.params["client_key"]
ssl_ca = module.params["ssl_ca"] ssl_ca = module.params["ca_cert"]
db = 'mysql' db = 'mysql'
sql_log_bin = module.params["sql_log_bin"] sql_log_bin = module.params["sql_log_bin"]

@ -119,19 +119,19 @@ def main():
login_unix_socket=dict(type='str'), login_unix_socket=dict(type='str'),
variable=dict(type='str'), variable=dict(type='str'),
value=dict(type='str'), value=dict(type='str'),
ssl_cert=dict(type='path'), client_cert=dict(type='path', aliases=['ssl_cert']),
ssl_key=dict(type='path'), client_key=dict(type='path', aliases=['ssl_key']),
ssl_ca=dict(type='path'), ca_cert=dict(type='path', aliases=['ssl_ca']),
connect_timeout=dict(type='int', default=30), connect_timeout=dict(type='int', default=30),
config_file=dict(type='path', default='~/.my.cnf'), config_file=dict(type='path', default='~/.my.cnf'),
), ),
) )
user = module.params["login_user"] user = module.params["login_user"]
password = module.params["login_password"] password = module.params["login_password"]
ssl_cert = module.params["ssl_cert"]
ssl_key = module.params["ssl_key"]
ssl_ca = module.params["ssl_ca"]
connect_timeout = module.params['connect_timeout'] connect_timeout = module.params['connect_timeout']
ssl_cert = module.params["client_cert"]
ssl_key = module.params["client_key"]
ssl_ca = module.params["ca_cert"]
config_file = module.params['config_file'] config_file = module.params['config_file']
db = 'mysql' db = 'mysql'

@ -462,7 +462,7 @@ def main():
"login_password": "password", "login_password": "password",
"port": "port", "port": "port",
"ssl_mode": "sslmode", "ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert" "ca_cert": "sslrootcert"
} }
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != '' and v is not None) if k in params_map and v != '' and v is not None)
@ -479,7 +479,7 @@ def main():
if not raw_connection: if not raw_connection:
try: try:
pgutils.ensure_libs(sslrootcert=module.params.get('ssl_rootcert')) pgutils.ensure_libs(sslrootcert=module.params.get('ca_cert'))
db_connection = psycopg2.connect(database=maintenance_db, **kw) db_connection = psycopg2.connect(database=maintenance_db, **kw)
# Enable autocommit so we can create databases # Enable autocommit so we can create databases

@ -65,13 +65,14 @@ options:
choices: [allow, disable, prefer, require, verify-ca, verify-full] choices: [allow, disable, prefer, require, verify-ca, verify-full]
type: str type: str
version_added: '2.8' version_added: '2.8'
ssl_rootcert: ca_cert:
description: description:
- Specifies the name of a file containing SSL certificate authority (CA) - Specifies the name of a file containing SSL certificate authority (CA)
certificate(s). If the file exists, the server's certificate will be certificate(s). If the file exists, the server's certificate will be
verified to be signed by one of these authorities. verified to be signed by one of these authorities.
type: path type: path
version_added: '2.8' version_added: '2.8'
aliases: [ ssl_rootcert ]
port: port:
description: description:
- Database port to connect to. - Database port to connect to.
@ -225,7 +226,7 @@ def main():
cascade=dict(type='bool', default=False), cascade=dict(type='bool', default=False),
ssl_mode=dict(type='str', default='prefer', choices=[ ssl_mode=dict(type='str', default='prefer', choices=[
'disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']), 'disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(type="path", default=None), ca_cert=dict(type="path", default=None, aliases=['ssl_rootcert']),
session_role=dict(type="str"), session_role=dict(type="str"),
) )
@ -242,7 +243,7 @@ def main():
schema = module.params["schema"] schema = module.params["schema"]
state = module.params["state"] state = module.params["state"]
cascade = module.params["cascade"] cascade = module.params["cascade"]
sslrootcert = module.params["ssl_rootcert"] sslrootcert = module.params["ca_cert"]
session_role = module.params["session_role"] session_role = module.params["session_role"]
changed = False changed = False
@ -256,7 +257,7 @@ def main():
"port": "port", "port": "port",
"db": "database", "db": "database",
"ssl_mode": "sslmode", "ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert" "ca_cert": "sslrootcert"
} }
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != "" and v is not None) if k in params_map and v != "" and v is not None)
@ -267,7 +268,7 @@ def main():
kw["host"] = module.params["login_unix_socket"] kw["host"] = module.params["login_unix_socket"]
if psycopg2.__version__ < '2.4.3' and sslrootcert is not None: if psycopg2.__version__ < '2.4.3' and sslrootcert is not None:
module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ssl_rootcert parameter') module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter')
try: try:
db_connection = psycopg2.connect(**kw) db_connection = psycopg2.connect(**kw)

@ -75,12 +75,13 @@ options:
type: str type: str
default: prefer default: prefer
choices: [ allow, disable, prefer, require, verify-ca, verify-full ] choices: [ allow, disable, prefer, require, verify-ca, verify-full ]
ssl_rootcert: ca_cert:
description: description:
- Specifies the name of a file containing SSL certificate authority (CA) - Specifies the name of a file containing SSL certificate authority (CA)
certificate(s). If the file exists, the server's certificate will be certificate(s). If the file exists, the server's certificate will be
verified to be signed by one of these authorities. verified to be signed by one of these authorities.
type: str type: str
aliases: [ ssl_rootcert ]
state: state:
description: description:
- Index state. - Index state.
@ -433,7 +434,7 @@ def main():
idxname=dict(type='str', required=True, aliases=['name']), idxname=dict(type='str', required=True, aliases=['name']),
db=dict(type='str'), db=dict(type='str'),
ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']), ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(type='str'), ca_cert=dict(type='str', aliases=['ssl_rootcert']),
state=dict(type='str', default='present', choices=['absent', 'present']), state=dict(type='str', default='present', choices=['absent', 'present']),
concurrent=dict(type='bool', default=True), concurrent=dict(type='bool', default=True),
table=dict(type='str'), table=dict(type='str'),
@ -458,7 +459,7 @@ def main():
idxtype = module.params["idxtype"] idxtype = module.params["idxtype"]
columns = module.params["columns"] columns = module.params["columns"]
cond = module.params["cond"] cond = module.params["cond"]
sslrootcert = module.params["ssl_rootcert"] sslrootcert = module.params["ca_cert"]
session_role = module.params["session_role"] session_role = module.params["session_role"]
tablespace = module.params["tablespace"] tablespace = module.params["tablespace"]
storage_params = module.params["storage_params"] storage_params = module.params["storage_params"]
@ -495,7 +496,7 @@ def main():
"port": "port", "port": "port",
"db": "database", "db": "database",
"ssl_mode": "sslmode", "ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert" "ca_cert": "sslrootcert"
} }
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != "" and v is not None) if k in params_map and v != "" and v is not None)
@ -506,7 +507,7 @@ def main():
kw["host"] = module.params["login_unix_socket"] kw["host"] = module.params["login_unix_socket"]
if psycopg2.__version__ < '2.4.3' and sslrootcert is not None: if psycopg2.__version__ < '2.4.3' and sslrootcert is not None:
module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ssl_rootcert parameter') module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter')
if module.check_mode and concurrent: if module.check_mode and concurrent:
module.fail_json(msg="Cannot concurrently create or drop index %s " module.fail_json(msg="Cannot concurrently create or drop index %s "

@ -80,13 +80,14 @@ options:
type: str type: str
choices: [ allow, disable, prefer, require, verify-ca, verify-full ] choices: [ allow, disable, prefer, require, verify-ca, verify-full ]
default: prefer default: prefer
ssl_rootcert: ca_cert:
description: description:
- Specifies the name of a file containing SSL certificate authority (CA) - Specifies the name of a file containing SSL certificate authority (CA)
certificate(s). certificate(s).
- If the file exists, the server's certificate will be - If the file exists, the server's certificate will be
verified to be signed by one of these authorities. verified to be signed by one of these authorities.
type: str type: str
aliases: [ ssl_rootcert ]
notes: notes:
- The default authentication assumes that you are either logging in as or - The default authentication assumes that you are either logging in as or
sudo'ing to the postgres account on the host. sudo'ing to the postgres account on the host.
@ -965,7 +966,7 @@ def main():
port=dict(type='int', default=5432, aliases=['login_port']), port=dict(type='int', default=5432, aliases=['login_port']),
filter=dict(type='list'), filter=dict(type='list'),
ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']), ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(type='str'), ca_cert=dict(type='str', aliases=['ssl_rootcert']),
session_role=dict(type='str'), session_role=dict(type='str'),
) )
module = AnsibleModule( module = AnsibleModule(
@ -977,7 +978,7 @@ def main():
module.fail_json(msg="The python psycopg2 module is required") module.fail_json(msg="The python psycopg2 module is required")
filter_ = module.params["filter"] filter_ = module.params["filter"]
sslrootcert = module.params["ssl_rootcert"] sslrootcert = module.params["ca_cert"]
session_role = module.params["session_role"] session_role = module.params["session_role"]
# To use defaults values, keyword arguments must be absent, so # To use defaults values, keyword arguments must be absent, so
@ -990,7 +991,7 @@ def main():
"port": "port", "port": "port",
"db": "database", "db": "database",
"ssl_mode": "sslmode", "ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert" "ca_cert": "sslrootcert"
} }
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != "" and v is not None) if k in params_map and v != "" and v is not None)
@ -1002,7 +1003,7 @@ def main():
if psycopg2.__version__ < '2.4.3' and sslrootcert: if psycopg2.__version__ < '2.4.3' and sslrootcert:
module.fail_json(msg='psycopg2 must be at least 2.4.3 in order ' module.fail_json(msg='psycopg2 must be at least 2.4.3 in order '
'to user the ssl_rootcert parameter') 'to user the ca_cert parameter')
db_conn_obj = PgDbConn(module, kw, session_role) db_conn_obj = PgDbConn(module, kw, session_role)

@ -101,12 +101,13 @@ options:
default: prefer default: prefer
choices: ["disable", "allow", "prefer", "require", "verify-ca", "verify-full"] choices: ["disable", "allow", "prefer", "require", "verify-ca", "verify-full"]
version_added: '2.8' version_added: '2.8'
ssl_rootcert: ca_cert:
description: description:
- Specifies the name of a file containing SSL certificate authority (CA) - Specifies the name of a file containing SSL certificate authority (CA)
certificate(s). If the file exists, the server's certificate will be certificate(s). If the file exists, the server's certificate will be
verified to be signed by one of these authorities. verified to be signed by one of these authorities.
version_added: '2.8' version_added: '2.8'
aliases: [ ssl_rootcert ]
notes: notes:
- The default authentication assumes that you are either logging in as or - The default authentication assumes that you are either logging in as or
sudo'ing to the postgres account on the host. sudo'ing to the postgres account on the host.
@ -237,7 +238,7 @@ def main():
fail_on_drop=dict(type='bool', default='yes'), fail_on_drop=dict(type='bool', default='yes'),
ssl_mode=dict(default='prefer', choices=[ ssl_mode=dict(default='prefer', choices=[
'disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']), 'disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(default=None), ca_cert=dict(default=None, aliases=['ssl_rootcert']),
session_role=dict(), session_role=dict(),
), ),
supports_check_mode=True supports_check_mode=True
@ -250,7 +251,7 @@ def main():
force_trust = module.params["force_trust"] force_trust = module.params["force_trust"]
cascade = module.params["cascade"] cascade = module.params["cascade"]
fail_on_drop = module.params["fail_on_drop"] fail_on_drop = module.params["fail_on_drop"]
sslrootcert = module.params["ssl_rootcert"] sslrootcert = module.params["ca_cert"]
session_role = module.params["session_role"] session_role = module.params["session_role"]
if not postgresqldb_found: if not postgresqldb_found:
@ -266,7 +267,7 @@ def main():
"port": "port", "port": "port",
"db": "database", "db": "database",
"ssl_mode": "sslmode", "ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert" "ca_cert": "sslrootcert"
} }
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != "" and v is not None) if k in params_map and v != "" and v is not None)
@ -277,7 +278,7 @@ def main():
kw["host"] = module.params["login_unix_socket"] kw["host"] = module.params["login_unix_socket"]
if psycopg2.__version__ < '2.4.3' and sslrootcert is not None: if psycopg2.__version__ < '2.4.3' and sslrootcert is not None:
module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ssl_rootcert parameter') module.fail_json(msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter')
try: try:
db_connection = psycopg2.connect(**kw) db_connection = psycopg2.connect(**kw)

@ -57,13 +57,14 @@ options:
type: str type: str
choices: [ allow, disable, prefer, require, verify-ca, verify-full ] choices: [ allow, disable, prefer, require, verify-ca, verify-full ]
default: prefer default: prefer
ssl_rootcert: ca_cert:
description: description:
- Specifies the name of a file containing SSL certificate authority (CA) - Specifies the name of a file containing SSL certificate authority (CA)
certificate(s). certificate(s).
- If the file exists, the server's certificate will be - If the file exists, the server's certificate will be
verified to be signed by one of these authorities. verified to be signed by one of these authorities.
type: str type: str
aliases: [ ssl_rootcert ]
notes: notes:
- The default authentication assumes that you are either logging in as or - The default authentication assumes that you are either logging in as or
sudo'ing to the postgres account on the host. sudo'ing to the postgres account on the host.
@ -90,7 +91,7 @@ EXAMPLES = r'''
login_host: dbsrv login_host: dbsrv
login_user: secret login_user: secret
login_password: secret_pass login_password: secret_pass
ssl_rootcert: /root/root.crt ca_cert: /root/root.crt
ssl_mode: verify-full ssl_mode: verify-full
''' '''
@ -172,7 +173,7 @@ def main():
argument_spec.update( argument_spec.update(
db=dict(type='str'), db=dict(type='str'),
ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']), ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(type='str'), ca_cert=dict(type='str', aliases=['ssl_rootcert']),
) )
module = AnsibleModule( module = AnsibleModule(
argument_spec=argument_spec, argument_spec=argument_spec,
@ -182,7 +183,7 @@ def main():
if not HAS_PSYCOPG2: if not HAS_PSYCOPG2:
module.fail_json(msg="The python psycopg2 module is required") module.fail_json(msg="The python psycopg2 module is required")
sslrootcert = module.params["ssl_rootcert"] sslrootcert = module.params["ca_cert"]
# To use defaults values, keyword arguments must be absent, so # To use defaults values, keyword arguments must be absent, so
# check which values are empty and don't include in the **kw # check which values are empty and don't include in the **kw
@ -194,7 +195,7 @@ def main():
"port": "port", "port": "port",
"db": "database", "db": "database",
"ssl_mode": "sslmode", "ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert" "ca_cert": "sslrootcert"
} }
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != "" and v is not None) if k in params_map and v != "" and v is not None)
@ -206,7 +207,7 @@ def main():
if psycopg2.__version__ < '2.4.3' and sslrootcert is not None: if psycopg2.__version__ < '2.4.3' and sslrootcert is not None:
module.fail_json(msg='psycopg2 must be at least 2.4.3 in order ' module.fail_json(msg='psycopg2 must be at least 2.4.3 in order '
'to user the ssl_rootcert parameter') 'to user the ca_cert parameter')
# Set some default values: # Set some default values:
cursor = False cursor = False

@ -128,11 +128,12 @@ options:
default: prefer default: prefer
choices: [disable, allow, prefer, require, verify-ca, verify-full] choices: [disable, allow, prefer, require, verify-ca, verify-full]
version_added: '2.3' version_added: '2.3'
ssl_rootcert: ca_cert:
description: description:
- Specifies the name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be - Specifies the name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be
verified to be signed by one of these authorities. verified to be signed by one of these authorities.
version_added: '2.3' version_added: '2.3'
aliases: [ ssl_rootcert ]
notes: notes:
- Default authentication assumes that postgresql_privs is run by the - Default authentication assumes that postgresql_privs is run by the
C(postgres) user on the remote host. (Ansible's C(user) or C(sudo-user)). C(postgres) user on the remote host. (Ansible's C(user) or C(sudo-user)).
@ -152,7 +153,7 @@ notes:
specified via I(login). If R has been granted the same privileges by specified via I(login). If R has been granted the same privileges by
another user also, R can still access database objects via these privileges. another user also, R can still access database objects via these privileges.
- When revoking privileges, C(RESTRICT) is assumed (see PostgreSQL docs). - When revoking privileges, C(RESTRICT) is assumed (see PostgreSQL docs).
- The ssl_rootcert parameter requires at least Postgres version 8.4 and I(psycopg2) version 2.4.3. - The ca_cert parameter requires at least Postgres version 8.4 and I(psycopg2) version 2.4.3.
requirements: [psycopg2] requirements: [psycopg2]
extends_documentation_fragment: extends_documentation_fragment:
- postgres - postgres
@ -412,7 +413,7 @@ class Connection(object):
"port": "port", "port": "port",
"database": "database", "database": "database",
"ssl_mode": "sslmode", "ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert" "ca_cert": "sslrootcert"
} }
kw = dict((params_map[k], getattr(params, k)) for k in params_map kw = dict((params_map[k], getattr(params, k)) for k in params_map
@ -423,9 +424,9 @@ class Connection(object):
if is_localhost and params.unix_socket != "": if is_localhost and params.unix_socket != "":
kw["host"] = params.unix_socket kw["host"] = params.unix_socket
sslrootcert = params.ssl_rootcert sslrootcert = params.ca_cert
if psycopg2.__version__ < '2.4.3' and sslrootcert is not None: if psycopg2.__version__ < '2.4.3' and sslrootcert is not None:
raise ValueError('psycopg2 must be at least 2.4.3 in order to user the ssl_rootcert parameter') raise ValueError('psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter')
self.connection = psycopg2.connect(**kw) self.connection = psycopg2.connect(**kw)
self.cursor = self.connection.cursor() self.cursor = self.connection.cursor()
@ -856,7 +857,7 @@ def main():
password=dict(default='', aliases=['login_password'], no_log=True), password=dict(default='', aliases=['login_password'], no_log=True),
ssl_mode=dict(default="prefer", ssl_mode=dict(default="prefer",
choices=['disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']), choices=['disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(default=None), ca_cert=dict(default=None, aliases=['ssl_rootcert']),
fail_on_role=dict(type='bool', default=True), fail_on_role=dict(type='bool', default=True),
), ),
supports_check_mode=True supports_check_mode=True

@ -86,13 +86,14 @@ options:
type: str type: str
default: prefer default: prefer
choices: [ allow, disable, prefer, require, verify-ca, verify-full ] choices: [ allow, disable, prefer, require, verify-ca, verify-full ]
ssl_rootcert: ca_cert:
description: description:
- Specifies the name of a file containing SSL certificate authority (CA) - Specifies the name of a file containing SSL certificate authority (CA)
certificate(s). certificate(s).
- If the file exists, the server's certificate will be - If the file exists, the server's certificate will be
verified to be signed by one of these authorities. verified to be signed by one of these authorities.
type: str type: str
aliases: [ ssl_rootcert ]
notes: notes:
- The default authentication assumes that you are either logging in as or - The default authentication assumes that you are either logging in as or
sudo'ing to the postgres account on the host. sudo'ing to the postgres account on the host.
@ -220,7 +221,7 @@ def main():
query=dict(type='str'), query=dict(type='str'),
db=dict(type='str'), db=dict(type='str'),
ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']), ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(type='str'), ca_cert=dict(type='str', aliases=['ssl_rootcert']),
positional_args=dict(type='list'), positional_args=dict(type='list'),
named_args=dict(type='dict'), named_args=dict(type='dict'),
session_role=dict(type='str'), session_role=dict(type='str'),
@ -239,7 +240,7 @@ def main():
query = module.params["query"] query = module.params["query"]
positional_args = module.params["positional_args"] positional_args = module.params["positional_args"]
named_args = module.params["named_args"] named_args = module.params["named_args"]
sslrootcert = module.params["ssl_rootcert"] sslrootcert = module.params["ca_cert"]
session_role = module.params["session_role"] session_role = module.params["session_role"]
path_to_script = module.params["path_to_script"] path_to_script = module.params["path_to_script"]
@ -265,7 +266,7 @@ def main():
"port": "port", "port": "port",
"db": "database", "db": "database",
"ssl_mode": "sslmode", "ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert" "ca_cert": "sslrootcert"
} }
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != '' and v is not None) if k in params_map and v != '' and v is not None)
@ -277,7 +278,7 @@ def main():
if psycopg2.__version__ < '2.4.3' and sslrootcert: if psycopg2.__version__ < '2.4.3' and sslrootcert:
module.fail_json(msg='psycopg2 must be at least 2.4.3 ' module.fail_json(msg='psycopg2 must be at least 2.4.3 '
'in order to user the ssl_rootcert parameter') 'in order to user the ca_cert parameter')
db_connection = connect_to_db(module, kw) db_connection = connect_to_db(module, kw)
cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor) cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor)

@ -91,12 +91,13 @@ options:
default: prefer default: prefer
choices: [ allow, disable, prefer, require, verify-ca, verify-full ] choices: [ allow, disable, prefer, require, verify-ca, verify-full ]
version_added: '2.8' version_added: '2.8'
ssl_rootcert: ca_cert:
description: description:
- Specifies the name of a file containing SSL certificate authority (CA) certificate(s). - Specifies the name of a file containing SSL certificate authority (CA) certificate(s).
- If the file exists, the server's certificate will be verified to be signed by one of these authorities. - If the file exists, the server's certificate will be verified to be signed by one of these authorities.
type: str type: str
version_added: '2.8' version_added: '2.8'
aliases: [ ssl_rootcert ]
notes: notes:
- This module uses I(psycopg2), a Python PostgreSQL database adapter. - This module uses I(psycopg2), a Python PostgreSQL database adapter.
- You must ensure that psycopg2 is installed on the host before using this module. - You must ensure that psycopg2 is installed on the host before using this module.
@ -252,7 +253,7 @@ def main():
state=dict(type="str", default="present", choices=["absent", "present"]), state=dict(type="str", default="present", choices=["absent", "present"]),
ssl_mode=dict(type="str", default='prefer', choices=[ ssl_mode=dict(type="str", default='prefer', choices=[
'disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']), 'disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(type="str", default=None), ca_cert=dict(type="str", default=None, aliases=['ssl_rootcert']),
session_role=dict(type="str"), session_role=dict(type="str"),
) )
@ -267,7 +268,7 @@ def main():
schema = module.params["schema"] schema = module.params["schema"]
owner = module.params["owner"] owner = module.params["owner"]
state = module.params["state"] state = module.params["state"]
sslrootcert = module.params["ssl_rootcert"] sslrootcert = module.params["ca_cert"]
cascade_drop = module.params["cascade_drop"] cascade_drop = module.params["cascade_drop"]
session_role = module.params["session_role"] session_role = module.params["session_role"]
changed = False changed = False
@ -282,7 +283,7 @@ def main():
"port": "port", "port": "port",
"database": "database", "database": "database",
"ssl_mode": "sslmode", "ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert" "ca_cert": "sslrootcert"
} }
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != "" and v is not None) if k in params_map and v != "" and v is not None)
@ -294,7 +295,7 @@ def main():
if psycopg2.__version__ < '2.4.3' and sslrootcert is not None: if psycopg2.__version__ < '2.4.3' and sslrootcert is not None:
module.fail_json( module.fail_json(
msg='psycopg2 must be at least 2.4.3 in order to user the ssl_rootcert parameter') msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter')
try: try:
db_connection = psycopg2.connect(**kw) db_connection = psycopg2.connect(**kw)

@ -96,13 +96,14 @@ options:
type: str type: str
choices: [ allow, disable, prefer, require, verify-ca, verify-full ] choices: [ allow, disable, prefer, require, verify-ca, verify-full ]
default: prefer default: prefer
ssl_rootcert: ca_cert:
description: description:
- Specifies the name of a file containing SSL certificate authority (CA) - Specifies the name of a file containing SSL certificate authority (CA)
certificate(s). certificate(s).
- If the file exists, the server's certificate will be - If the file exists, the server's certificate will be
verified to be signed by one of these authorities. verified to be signed by one of these authorities.
type: str type: str
aliases: [ ssl_rootcert ]
notes: notes:
- Supported version of PostgreSQL is 9.4 and later. - Supported version of PostgreSQL is 9.4 and later.
- Pay attention, change setting with 'postmaster' context can return changed is true - Pay attention, change setting with 'postmaster' context can return changed is true
@ -338,7 +339,7 @@ def main():
db=dict(type='str', aliases=['login_db']), db=dict(type='str', aliases=['login_db']),
port=dict(type='int', default=5432, aliases=['login_port']), port=dict(type='int', default=5432, aliases=['login_port']),
ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']), ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(type='str'), ca_cert=dict(type='str', aliases=['ssl_rootcert']),
value=dict(type='str'), value=dict(type='str'),
reset=dict(type='bool'), reset=dict(type='bool'),
session_role=dict(type='str'), session_role=dict(type='str'),
@ -354,7 +355,7 @@ def main():
name = module.params["name"] name = module.params["name"]
value = module.params["value"] value = module.params["value"]
reset = module.params["reset"] reset = module.params["reset"]
sslrootcert = module.params["ssl_rootcert"] sslrootcert = module.params["ca_cert"]
session_role = module.params["session_role"] session_role = module.params["session_role"]
# Allow to pass values like 1mb instead of 1MB, etc: # Allow to pass values like 1mb instead of 1MB, etc:
@ -379,7 +380,7 @@ def main():
"port": "port", "port": "port",
"db": "database", "db": "database",
"ssl_mode": "sslmode", "ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert" "ca_cert": "sslrootcert"
} }
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != '' and v is not None) if k in params_map and v != '' and v is not None)
@ -394,7 +395,7 @@ def main():
if psycopg2.__version__ < '2.4.3' and sslrootcert: if psycopg2.__version__ < '2.4.3' and sslrootcert:
module.fail_json(msg='psycopg2 must be at least 2.4.3 ' module.fail_json(msg='psycopg2 must be at least 2.4.3 '
'in order to user the ssl_rootcert parameter') 'in order to user the ca_cert parameter')
db_connection = connect_to_db(module, kw, autocommit=True) db_connection = connect_to_db(module, kw, autocommit=True)
cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor) cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor)

@ -112,13 +112,14 @@ options:
type: str type: str
default: prefer default: prefer
choices: [ allow, disable, prefer, require, verify-ca, verify-full ] choices: [ allow, disable, prefer, require, verify-ca, verify-full ]
ssl_rootcert: ca_cert:
description: description:
- Specifies the name of a file containing SSL certificate authority (CA) - Specifies the name of a file containing SSL certificate authority (CA)
certificate(s). certificate(s).
- If the file exists, the server's certificate will be - If the file exists, the server's certificate will be
verified to be signed by one of these authorities. verified to be signed by one of these authorities.
type: str type: str
aliases: [ ssl_rootcert ]
notes: notes:
- I(state=absent) and I(state=present) (the second one if the tablespace doesn't exist) do not - I(state=absent) and I(state=present) (the second one if the tablespace doesn't exist) do not
support check mode because the corresponding PostgreSQL DROP and CREATE TABLESPACE commands support check mode because the corresponding PostgreSQL DROP and CREATE TABLESPACE commands
@ -389,7 +390,7 @@ def main():
db=dict(type='str', aliases=['login_db']), db=dict(type='str', aliases=['login_db']),
port=dict(type='int', default=5432, aliases=['login_port']), port=dict(type='int', default=5432, aliases=['login_port']),
ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']), ssl_mode=dict(type='str', default='prefer', choices=['allow', 'disable', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(type='str'), ca_cert=dict(type='str', aliases=['ssl_rootcert']),
session_role=dict(type='str'), session_role=dict(type='str'),
) )
@ -408,7 +409,7 @@ def main():
owner = module.params["owner"] owner = module.params["owner"]
rename_to = module.params["rename_to"] rename_to = module.params["rename_to"]
settings = module.params["set"] settings = module.params["set"]
sslrootcert = module.params["ssl_rootcert"] sslrootcert = module.params["ca_cert"]
session_role = module.params["session_role"] session_role = module.params["session_role"]
if state == 'absent' and (location or owner or rename_to or settings): if state == 'absent' and (location or owner or rename_to or settings):
@ -425,7 +426,7 @@ def main():
"port": "port", "port": "port",
"db": "database", "db": "database",
"ssl_mode": "sslmode", "ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert" "ca_cert": "sslrootcert"
} }
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != '' and v is not None) if k in params_map and v != '' and v is not None)
@ -437,7 +438,7 @@ def main():
if psycopg2.__version__ < '2.4.3' and sslrootcert: if psycopg2.__version__ < '2.4.3' and sslrootcert:
module.fail_json(msg='psycopg2 must be at least 2.4.3 ' module.fail_json(msg='psycopg2 must be at least 2.4.3 '
'in order to user the ssl_rootcert parameter') 'in order to user the ca_cert parameter')
db_connection = connect_to_db(module, kw, autocommit=True) db_connection = connect_to_db(module, kw, autocommit=True)
cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor) cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor)

@ -138,12 +138,13 @@ options:
default: prefer default: prefer
choices: ["disable", "allow", "prefer", "require", "verify-ca", "verify-full"] choices: ["disable", "allow", "prefer", "require", "verify-ca", "verify-full"]
version_added: '2.3' version_added: '2.3'
ssl_rootcert: ca_cert:
description: description:
- Specifies the name of a file containing SSL certificate authority (CA) - Specifies the name of a file containing SSL certificate authority (CA)
certificate(s). If the file exists, the server's certificate will be certificate(s). If the file exists, the server's certificate will be
verified to be signed by one of these authorities. verified to be signed by one of these authorities.
version_added: '2.3' version_added: '2.3'
aliases: [ ssl_rootcert ]
conn_limit: conn_limit:
description: description:
- Specifies the user (role) connection limit. - Specifies the user (role) connection limit.
@ -163,7 +164,7 @@ notes:
- If you specify PUBLIC as the user (role), then the privilege changes will apply - If you specify PUBLIC as the user (role), then the privilege changes will apply
to all users (roles). You may not specify password or role_attr_flags when the to all users (roles). You may not specify password or role_attr_flags when the
PUBLIC user is specified. PUBLIC user is specified.
- The ssl_rootcert parameter requires at least Postgres version 8.4 and - The ca_cert parameter requires at least Postgres version 8.4 and
I(psycopg2) version 2.4.3. I(psycopg2) version 2.4.3.
requirements: [ psycopg2 ] requirements: [ psycopg2 ]
author: "Ansible Core Team" author: "Ansible Core Team"
@ -759,7 +760,7 @@ def main():
expires=dict(default=None), expires=dict(default=None),
ssl_mode=dict(default='prefer', choices=[ ssl_mode=dict(default='prefer', choices=[
'disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']), 'disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full']),
ssl_rootcert=dict(default=None), ca_cert=dict(default=None, aliases=['ssl_rootcert']),
conn_limit=dict(type='int', default=None), conn_limit=dict(type='int', default=None),
session_role=dict(), session_role=dict(),
)) ))
@ -783,7 +784,7 @@ def main():
else: else:
encrypted = "UNENCRYPTED" encrypted = "UNENCRYPTED"
expires = module.params["expires"] expires = module.params["expires"]
sslrootcert = module.params["ssl_rootcert"] sslrootcert = module.params["ca_cert"]
conn_limit = module.params["conn_limit"] conn_limit = module.params["conn_limit"]
if not postgresqldb_found: if not postgresqldb_found:
@ -799,7 +800,7 @@ def main():
"port": "port", "port": "port",
"db": "database", "db": "database",
"ssl_mode": "sslmode", "ssl_mode": "sslmode",
"ssl_rootcert": "sslrootcert" "ca_cert": "sslrootcert"
} }
kw = dict((params_map[k], v) for (k, v) in iteritems(module.params) kw = dict((params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != "" and v is not None) if k in params_map and v != "" and v is not None)
@ -811,7 +812,7 @@ def main():
if psycopg2.__version__ < '2.4.3' and sslrootcert is not None: if psycopg2.__version__ < '2.4.3' and sslrootcert is not None:
module.fail_json( module.fail_json(
msg='psycopg2 must be at least 2.4.3 in order to user the ssl_rootcert parameter') msg='psycopg2 must be at least 2.4.3 in order to user the ca_cert parameter')
try: try:
db_connection = psycopg2.connect(**kw) db_connection = psycopg2.connect(**kw)

@ -107,9 +107,9 @@ class RabbitMqBinding(object):
self.destination_type = 'q' if self.module.params['destination_type'] == 'queue' else 'e' self.destination_type = 'q' if self.module.params['destination_type'] == 'queue' else 'e'
self.routing_key = self.module.params['routing_key'] self.routing_key = self.module.params['routing_key']
self.arguments = self.module.params['arguments'] self.arguments = self.module.params['arguments']
self.verify = self.module.params['cacert'] self.verify = self.module.params['ca_cert']
self.cert = self.module.params['cert'] self.cert = self.module.params['client_cert']
self.key = self.module.params['key'] self.key = self.module.params['client_key']
self.props = urllib_parse.quote(self.routing_key) if self.routing_key != '' else '~' self.props = urllib_parse.quote(self.routing_key) if self.routing_key != '' else '~'
self.base_url = '{0}://{1}:{2}/api/bindings'.format(self.login_protocol, self.base_url = '{0}://{1}:{2}/api/bindings'.format(self.login_protocol,
self.login_host, self.login_host,

@ -127,7 +127,7 @@ def main():
# Check if exchange already exists # Check if exchange already exists
r = requests.get(url, auth=(module.params['login_user'], module.params['login_password']), r = requests.get(url, auth=(module.params['login_user'], module.params['login_password']),
verify=module.params['cacert'], cert=(module.params['cert'], module.params['key'])) verify=module.params['ca_cert'], cert=(module.params['client_cert'], module.params['client_key']))
if r.status_code == 200: if r.status_code == 200:
exchange_exists = True exchange_exists = True
@ -179,12 +179,12 @@ def main():
"type": module.params['exchange_type'], "type": module.params['exchange_type'],
"arguments": module.params['arguments'] "arguments": module.params['arguments']
}), }),
verify=module.params['cacert'], verify=module.params['ca_cert'],
cert=(module.params['cert'], module.params['key']) cert=(module.params['client_cert'], module.params['client_key'])
) )
elif module.params['state'] == 'absent': elif module.params['state'] == 'absent':
r = requests.delete(url, auth=(module.params['login_user'], module.params['login_password']), r = requests.delete(url, auth=(module.params['login_user'], module.params['login_password']),
verify=module.params['cacert'], cert=(module.params['cert'], module.params['key'])) verify=module.params['ca_cert'], cert=(module.params['client_cert'], module.params['client_key']))
# RabbitMQ 3.6.7 changed this response code from 204 to 201 # RabbitMQ 3.6.7 changed this response code from 204 to 201
if r.status_code == 204 or r.status_code == 201: if r.status_code == 204 or r.status_code == 201:

@ -141,7 +141,7 @@ def main():
# Check if queue already exists # Check if queue already exists
r = requests.get(url, auth=(module.params['login_user'], module.params['login_password']), r = requests.get(url, auth=(module.params['login_user'], module.params['login_password']),
verify=module.params['cacert'], cert=(module.params['cert'], module.params['key'])) verify=module.params['ca_cert'], cert=(module.params['client_cert'], module.params['client_key']))
if r.status_code == 200: if r.status_code == 200:
queue_exists = True queue_exists = True
@ -228,12 +228,12 @@ def main():
"auto_delete": module.params['auto_delete'], "auto_delete": module.params['auto_delete'],
"arguments": module.params['arguments'] "arguments": module.params['arguments']
}), }),
verify=module.params['cacert'], verify=module.params['ca_cert'],
cert=(module.params['cert'], module.params['key']) cert=(module.params['client_cert'], module.params['client_key'])
) )
elif module.params['state'] == 'absent': elif module.params['state'] == 'absent':
r = requests.delete(url, auth=(module.params['login_user'], module.params['login_password']), r = requests.delete(url, auth=(module.params['login_user'], module.params['login_password']),
verify=module.params['cacert'], cert=(module.params['cert'], module.params['key'])) verify=module.params['ca_cert'], cert=(module.params['client_cert'], module.params['client_key']))
# RabbitMQ 3.6.7 changed this response code from 204 to 201 # RabbitMQ 3.6.7 changed this response code from 204 to 201
if r.status_code == 204 or r.status_code == 201: if r.status_code == 204 or r.status_code == 201:

@ -112,11 +112,12 @@ options:
- The preshared key, at least 32 hex digits. Required if either tls_connect or tls_accept has PSK enabled. - The preshared key, at least 32 hex digits. Required if either tls_connect or tls_accept has PSK enabled.
- Works only with >= Zabbix 3.0 - Works only with >= Zabbix 3.0
version_added: '2.5' version_added: '2.5'
tls_issuer: ca_cert:
description: description:
- Required certificate issuer. - Required certificate issuer.
- Works only with >= Zabbix 3.0 - Works only with >= Zabbix 3.0
version_added: '2.5' version_added: '2.5'
aliases: [ tls_issuer ]
tls_subject: tls_subject:
description: description:
- Required certificate subject. - Required certificate subject.
@ -642,7 +643,7 @@ def main():
tls_accept=dict(type='int', default=1), tls_accept=dict(type='int', default=1),
tls_psk_identity=dict(type='str', required=False), tls_psk_identity=dict(type='str', required=False),
tls_psk=dict(type='str', required=False), tls_psk=dict(type='str', required=False),
tls_issuer=dict(type='str', required=False), ca_cert=dict(type='str', required=False, aliases=['tls_issuer']),
tls_subject=dict(type='str', required=False), tls_subject=dict(type='str', required=False),
inventory_zabbix=dict(required=False, type='dict'), inventory_zabbix=dict(required=False, type='dict'),
timeout=dict(type='int', default=10), timeout=dict(type='int', default=10),
@ -678,7 +679,7 @@ def main():
tls_accept = module.params['tls_accept'] tls_accept = module.params['tls_accept']
tls_psk_identity = module.params['tls_psk_identity'] tls_psk_identity = module.params['tls_psk_identity']
tls_psk = module.params['tls_psk'] tls_psk = module.params['tls_psk']
tls_issuer = module.params['tls_issuer'] tls_issuer = module.params['ca_cert']
tls_subject = module.params['tls_subject'] tls_subject = module.params['tls_subject']
inventory_zabbix = module.params['inventory_zabbix'] inventory_zabbix = module.params['inventory_zabbix']
status = module.params['status'] status = module.params['status']

@ -64,10 +64,11 @@ options:
required: false required: false
choices: ['no_encryption','PSK','certificate'] choices: ['no_encryption','PSK','certificate']
default: 'no_encryption' default: 'no_encryption'
tls_issuer: ca_cert:
description: description:
- Certificate issuer. - Certificate issuer.
required: false required: false
aliases: [ tls_issuer ]
tls_subject: tls_subject:
description: description:
- Certificate subject. - Certificate subject.
@ -248,7 +249,7 @@ def main():
choices=['no_encryption', 'PSK', 'certificate']), choices=['no_encryption', 'PSK', 'certificate']),
tls_accept=dict(default='no_encryption', tls_accept=dict(default='no_encryption',
choices=['no_encryption', 'PSK', 'certificate']), choices=['no_encryption', 'PSK', 'certificate']),
tls_issuer=dict(type='str', required=False, default=None), ca_cert=dict(type='str', required=False, default=None, aliases=['tls_issuer']),
tls_subject=dict(type='str', required=False, default=None), tls_subject=dict(type='str', required=False, default=None),
tls_psk_identity=dict(type='str', required=False, default=None), tls_psk_identity=dict(type='str', required=False, default=None),
tls_psk=dict(type='str', required=False, default=None), tls_psk=dict(type='str', required=False, default=None),
@ -274,7 +275,7 @@ def main():
status = module.params['status'] status = module.params['status']
tls_connect = module.params['tls_connect'] tls_connect = module.params['tls_connect']
tls_accept = module.params['tls_accept'] tls_accept = module.params['tls_accept']
tls_issuer = module.params['tls_issuer'] tls_issuer = module.params['ca_cert']
tls_subject = module.params['tls_subject'] tls_subject = module.params['tls_subject']
tls_psk_identity = module.params['tls_psk_identity'] tls_psk_identity = module.params['tls_psk_identity']
tls_psk = module.params['tls_psk'] tls_psk = module.params['tls_psk']

@ -87,26 +87,30 @@ options:
- "yes" - "yes"
- "no" - "no"
- start-tls - start-tls
ssl_ca_cert: ca_cert:
description: description:
- Specifies the name of an SSL certificate from a certificate authority (CA). - Specifies the name of an SSL certificate from a certificate authority (CA).
- To remove this value, use the reserved value C(none). - To remove this value, use the reserved value C(none).
type: str type: str
ssl_client_key: aliases: [ ssl_ca_cert ]
client_key:
description: description:
- Specifies the name of an SSL client key. - Specifies the name of an SSL client key.
- To remove this value, use the reserved value C(none). - To remove this value, use the reserved value C(none).
type: str type: str
ssl_client_cert: aliases: [ ssl_client_key ]
client_cert:
description: description:
- Specifies the name of an SSL client certificate. - Specifies the name of an SSL client certificate.
- To remove this value, use the reserved value C(none). - To remove this value, use the reserved value C(none).
type: str type: str
ssl_check_peer: aliases: [ ssl_client_cert ]
validate_certs:
description: description:
- Specifies whether the system checks an SSL peer, as a result of which the - Specifies whether the system checks an SSL peer, as a result of which the
system requires and verifies the server certificate. system requires and verifies the server certificate.
type: bool type: bool
aliases: [ ssl_check_peer ]
login_ldap_attr: login_ldap_attr:
description: description:
- Specifies the LDAP directory attribute containing the local user name that is - Specifies the LDAP directory attribute containing the local user name that is
@ -196,22 +200,22 @@ ssl:
returned: changed returned: changed
type: str type: str
sample: start-tls sample: start-tls
ssl_ca_cert: ca_cert:
description: The name of an SSL certificate from a certificate authority. description: The name of an SSL certificate from a certificate authority.
returned: changed returned: changed
type: str type: str
sample: My-Trusted-CA-Bundle.crt sample: My-Trusted-CA-Bundle.crt
ssl_client_key: client_key:
description: The name of an SSL client key. description: The name of an SSL client key.
returned: changed returned: changed
type: str type: str
sample: MyKey.key sample: MyKey.key
ssl_client_cert: client_cert:
description: The name of an SSL client certificate. description: The name of an SSL client certificate.
returned: changed returned: changed
type: str type: str
sample: MyCert.crt sample: MyCert.crt
ssl_check_peer: validate_certs:
description: Indicates if the system checks an SSL peer. description: Indicates if the system checks an SSL peer.
returned: changed returned: changed
type: bool type: bool
@ -257,10 +261,10 @@ class Parameters(AnsibleF5Parameters):
'userTemplate': 'user_template', 'userTemplate': 'user_template',
'fallback': 'fallback_to_local', 'fallback': 'fallback_to_local',
'loginAttribute': 'login_ldap_attr', 'loginAttribute': 'login_ldap_attr',
'sslCheckPeer': 'ssl_check_peer', 'sslCheckPeer': 'validate_certs',
'sslClientCert': 'ssl_client_cert', 'sslClientCert': 'client_cert',
'sslClientKey': 'ssl_client_key', 'sslClientKey': 'client_key',
'sslCaCertFile': 'ssl_ca_cert', 'sslCaCertFile': 'ca_cert',
'checkRolesGroup': 'check_member_attr', 'checkRolesGroup': 'check_member_attr',
'searchBaseDn': 'remote_directory_tree', 'searchBaseDn': 'remote_directory_tree',
} }
@ -293,10 +297,10 @@ class Parameters(AnsibleF5Parameters):
'scope', 'scope',
'servers', 'servers',
'ssl', 'ssl',
'ssl_ca_cert', 'ca_cert',
'ssl_check_peer', 'validate_certs',
'ssl_client_cert', 'client_cert',
'ssl_client_key', 'client_key',
'user_template', 'user_template',
] ]
@ -803,10 +807,10 @@ class ArgumentSpec(object):
ssl=dict( ssl=dict(
choices=['yes', 'no', 'start-tls'] choices=['yes', 'no', 'start-tls']
), ),
ssl_ca_cert=dict(), ca_cert=dict(aliases=['ssl_ca_cert']),
ssl_client_key=dict(), client_key=dict(aliases=['ssl_client_key']),
ssl_client_cert=dict(), client_cert=dict(aliases=['ssl_client_cert']),
ssl_check_peer=dict(type='bool'), validate_certs=dict(type='bool', aliases=['ssl_check_peer']),
login_ldap_attr=dict(), login_ldap_attr=dict(),
fallback_to_local=dict(type='bool'), fallback_to_local=dict(type='bool'),
update_password=dict( update_password=dict(

@ -82,13 +82,14 @@ options:
- may be set as C(VDIRECT_HTTPS) or C(VDIRECT_USE_SSL) environment variable. - may be set as C(VDIRECT_HTTPS) or C(VDIRECT_USE_SSL) environment variable.
type: bool type: bool
default: 'yes' default: 'yes'
vdirect_validate_certs: validate_certs:
description: description:
- If C(no), SSL certificates will not be validated, - If C(no), SSL certificates will not be validated,
- may be set as C(VDIRECT_VALIDATE_CERTS) or C(VDIRECT_VERIFY) environment variable. - may be set as C(VDIRECT_VALIDATE_CERTS) or C(VDIRECT_VERIFY) environment variable.
- This should only set to C(no) used on personally controlled sites using self-signed certificates. - This should only set to C(no) used on personally controlled sites using self-signed certificates.
type: bool type: bool
default: 'yes' default: 'yes'
aliases: [ vdirect_validate_certs ]
devices: devices:
description: description:
- List of Radware Alteon device names for commit operations. - List of Radware Alteon device names for commit operations.
@ -172,9 +173,9 @@ meta_args = dict(
vdirect_timeout=dict( vdirect_timeout=dict(
required=False, fallback=(env_fallback, ['VDIRECT_TIMEOUT']), required=False, fallback=(env_fallback, ['VDIRECT_TIMEOUT']),
default=60, type='int'), default=60, type='int'),
vdirect_validate_certs=dict( validate_certs=dict(
required=False, fallback=(env_fallback, ['VDIRECT_VERIFY', 'VDIRECT_VALIDATE_CERTS']), required=False, fallback=(env_fallback, ['VDIRECT_VERIFY', 'VDIRECT_VALIDATE_CERTS']),
default=True, type='bool'), default=True, type='bool', aliases=['vdirect_validate_certs']),
vdirect_https_port=dict( vdirect_https_port=dict(
required=False, fallback=(env_fallback, ['VDIRECT_HTTPS_PORT']), required=False, fallback=(env_fallback, ['VDIRECT_HTTPS_PORT']),
default=2189, type='int'), default=2189, type='int'),
@ -219,7 +220,7 @@ class VdirectCommit(object):
http_port=params['vdirect_http_port'], http_port=params['vdirect_http_port'],
timeout=params['vdirect_timeout'], timeout=params['vdirect_timeout'],
https=params['vdirect_use_ssl'], https=params['vdirect_use_ssl'],
verify=params['vdirect_validate_certs']) verify=params['validate_certs'])
self.devices = params['devices'] self.devices = params['devices']
self.apply = params['apply'] self.apply = params['apply']
self.save = params['save'] self.save = params['save']

@ -76,13 +76,14 @@ options:
- may be set as VDIRECT_HTTPS or VDIRECT_USE_SSL environment variable. - may be set as VDIRECT_HTTPS or VDIRECT_USE_SSL environment variable.
type: bool type: bool
default: 'yes' default: 'yes'
vdirect_validate_certs: validate_certs:
description: description:
- If C(no), SSL certificates will not be validated, - If C(no), SSL certificates will not be validated,
- may be set as VDIRECT_VALIDATE_CERTS or VDIRECT_VERIFY environment variable. - may be set as VDIRECT_VALIDATE_CERTS or VDIRECT_VERIFY environment variable.
- This should only set to C(no) used on personally controlled sites using self-signed certificates. - This should only set to C(no) used on personally controlled sites using self-signed certificates.
type: bool type: bool
default: 'yes' default: 'yes'
aliases: [ vdirect_validate_certs ]
file_name: file_name:
description: description:
- vDirect runnable file name to be uploaded. - vDirect runnable file name to be uploaded.
@ -148,9 +149,9 @@ meta_args = dict(
vdirect_timeout=dict( vdirect_timeout=dict(
required=False, fallback=(env_fallback, ['VDIRECT_TIMEOUT']), required=False, fallback=(env_fallback, ['VDIRECT_TIMEOUT']),
default=60, type='int'), default=60, type='int'),
vdirect_validate_certs=dict( validate_certs=dict(
required=False, fallback=(env_fallback, ['VDIRECT_VERIFY', 'VDIRECT_VALIDATE_CERTS']), required=False, fallback=(env_fallback, ['VDIRECT_VERIFY', 'VDIRECT_VALIDATE_CERTS']),
default=True, type='bool'), default=True, type='bool', aliases=['vdirect_validate_certs']),
vdirect_https_port=dict( vdirect_https_port=dict(
required=False, fallback=(env_fallback, ['VDIRECT_HTTPS_PORT']), required=False, fallback=(env_fallback, ['VDIRECT_HTTPS_PORT']),
default=2189, type='int'), default=2189, type='int'),
@ -187,7 +188,7 @@ class VdirectFile(object):
http_port=params['vdirect_http_port'], http_port=params['vdirect_http_port'],
timeout=params['vdirect_timeout'], timeout=params['vdirect_timeout'],
https=params['vdirect_use_ssl'], https=params['vdirect_use_ssl'],
verify=params['vdirect_validate_certs']) verify=params['validate_certs'])
def upload(self, fqn): def upload(self, fqn):
if fqn.endswith(TEMPLATE_EXTENSION): if fqn.endswith(TEMPLATE_EXTENSION):

@ -76,13 +76,14 @@ options:
- may be set as C(VDIRECT_HTTPS) or C(VDIRECT_USE_SSL) environment variable. - may be set as C(VDIRECT_HTTPS) or C(VDIRECT_USE_SSL) environment variable.
type: bool type: bool
default: 'yes' default: 'yes'
vdirect_validate_certs: validate_certs:
description: description:
- If C(no), SSL certificates will not be validated, - If C(no), SSL certificates will not be validated,
- may be set as C(VDIRECT_VALIDATE_CERTS) or C(VDIRECT_VERIFY) environment variable. - may be set as C(VDIRECT_VALIDATE_CERTS) or C(VDIRECT_VERIFY) environment variable.
- This should only set to C(no) used on personally controlled sites using self-signed certificates. - This should only set to C(no) used on personally controlled sites using self-signed certificates.
type: bool type: bool
default: 'yes' default: 'yes'
aliases: [ vdirect_validate_certs ]
runnable_type: runnable_type:
description: description:
- vDirect runnable type. - vDirect runnable type.
@ -160,9 +161,9 @@ meta_args = dict(
vdirect_timeout=dict( vdirect_timeout=dict(
required=False, fallback=(env_fallback, ['VDIRECT_TIMEOUT']), required=False, fallback=(env_fallback, ['VDIRECT_TIMEOUT']),
default=60, type='int'), default=60, type='int'),
vdirect_validate_certs=dict( validate_certs=dict(
required=False, fallback=(env_fallback, ['VDIRECT_VERIFY', 'VDIRECT_VALIDATE_CERTS']), required=False, fallback=(env_fallback, ['VDIRECT_VERIFY', 'VDIRECT_VALIDATE_CERTS']),
default=True, type='bool'), default=True, type='bool', aliases=['vdirect_validate_certs']),
vdirect_https_port=dict( vdirect_https_port=dict(
required=False, fallback=(env_fallback, ['VDIRECT_HTTPS_PORT']), required=False, fallback=(env_fallback, ['VDIRECT_HTTPS_PORT']),
default=2189, type='int'), default=2189, type='int'),
@ -222,7 +223,7 @@ class VdirectRunnable(object):
http_port=params['vdirect_http_port'], http_port=params['vdirect_http_port'],
timeout=params['vdirect_timeout'], timeout=params['vdirect_timeout'],
https=params['vdirect_use_ssl'], https=params['vdirect_use_ssl'],
verify=params['vdirect_validate_certs']) verify=params['validate_certs'])
self.params = params self.params = params
self.type = self.params['runnable_type'] self.type = self.params['runnable_type']
self.name = self.params['runnable_name'] self.name = self.params['runnable_name']

@ -61,7 +61,7 @@ options:
retained message immediately. retained message immediately.
type: bool type: bool
default: 'no' default: 'no'
ca_certs: ca_cert:
description: description:
- The path to the Certificate Authority certificate files that are to be - The path to the Certificate Authority certificate files that are to be
treated as trusted by this client. If this is the only option given treated as trusted by this client. If this is the only option given
@ -72,18 +72,21 @@ options:
network encryption but may not be sufficient depending on how the broker network encryption but may not be sufficient depending on how the broker
is configured. is configured.
version_added: 2.3 version_added: 2.3
certfile: aliases: [ ca_certs ]
client_cert:
description: description:
- The path pointing to the PEM encoded client certificate. If this is not - The path pointing to the PEM encoded client certificate. If this is not
None it will be used as client information for TLS based None it will be used as client information for TLS based
authentication. Support for this feature is broker dependent. authentication. Support for this feature is broker dependent.
version_added: 2.3 version_added: 2.3
keyfile: aliases: [ certfile ]
client_key:
description: description:
- The path pointing to the PEM encoded client private key. If this is not - The path pointing to the PEM encoded client private key. If this is not
None it will be used as client information for TLS based None it will be used as client information for TLS based
authentication. Support for this feature is broker dependent. authentication. Support for this feature is broker dependent.
version_added: 2.3 version_added: 2.3
aliases: [ keyfile ]
# informational: requirements for nodes # informational: requirements for nodes
@ -141,9 +144,9 @@ def main():
retain=dict(default=False, type='bool'), retain=dict(default=False, type='bool'),
username=dict(default=None), username=dict(default=None),
password=dict(default=None, no_log=True), password=dict(default=None, no_log=True),
ca_certs=dict(default=None, type='path'), ca_cert=dict(default=None, type='path', aliases=['ca_certs']),
certfile=dict(default=None, type='path'), client_cert=dict(default=None, type='path', aliases=['certfile']),
keyfile=dict(default=None, type='path'), client_key=dict(default=None, type='path', aliases=['keyfile']),
), ),
supports_check_mode=True supports_check_mode=True
) )
@ -160,9 +163,9 @@ def main():
retain = module.params.get("retain") retain = module.params.get("retain")
username = module.params.get("username", None) username = module.params.get("username", None)
password = module.params.get("password", None) password = module.params.get("password", None)
ca_certs = module.params.get("ca_certs", None) ca_certs = module.params.get("ca_cert", None)
certfile = module.params.get("certfile", None) certfile = module.params.get("client_cert", None)
keyfile = module.params.get("keyfile", None) keyfile = module.params.get("client_key", None)
if client_id is None: if client_id is None:
client_id = "%s_%s" % (socket.getfqdn(), os.getpid()) client_id = "%s_%s" % (socket.getfqdn(), os.getpid())

@ -48,11 +48,13 @@ options:
type: bool type: bool
default: 'no' default: 'no'
version_added: "2.8" version_added: "2.8"
importer_ssl_ca_cert: ca_cert:
description: description:
- CA certificate string used to validate the feed source SSL certificate. - CA certificate string used to validate the feed source SSL certificate.
This can be the file content or the path to the file. This can be the file content or the path to the file.
importer_ssl_client_cert: type: str
aliases: [ importer_ssl_ca_cert ]
client_cert:
description: description:
- Certificate used as the client certificate when synchronizing the - Certificate used as the client certificate when synchronizing the
repository. This is used to communicate authentication information to repository. This is used to communicate authentication information to
@ -60,11 +62,15 @@ options:
certificate. The specified file may be the certificate itself or a certificate. The specified file may be the certificate itself or a
single file containing both the certificate and private key. This can be single file containing both the certificate and private key. This can be
the file content or the path to the file. the file content or the path to the file.
importer_ssl_client_key: type: str
aliases: [ importer_ssl_client_cert ]
client_key:
description: description:
- Private key to the certificate specified in I(importer_ssl_client_cert), - Private key to the certificate specified in I(importer_ssl_client_cert),
assuming it is not included in the certificate file itself. This can be assuming it is not included in the certificate file itself. This can be
the file content or the path to the file. the file content or the path to the file.
type: str
aliases: [ importer_ssl_client_key ]
name: name:
description: description:
- Name of the repo to add or remove. This correlates to repo-id in Pulp. - Name of the repo to add or remove. This correlates to repo-id in Pulp.
@ -529,9 +535,9 @@ def main():
add_export_distributor=dict(default=False, type='bool'), add_export_distributor=dict(default=False, type='bool'),
feed=dict(), feed=dict(),
generate_sqlite=dict(default=False, type='bool'), generate_sqlite=dict(default=False, type='bool'),
importer_ssl_ca_cert=dict(), ca_cert=dict(aliases=['importer_ssl_ca_cert']),
importer_ssl_client_cert=dict(), client_cert=dict(aliases=['importer_ssl_client_cert']),
importer_ssl_client_key=dict(), client_key=dict(aliases=['importer_ssl_client_key']),
name=dict(required=True, aliases=['repo']), name=dict(required=True, aliases=['repo']),
proxy_host=dict(), proxy_host=dict(),
proxy_port=dict(), proxy_port=dict(),
@ -555,9 +561,9 @@ def main():
add_export_distributor = module.params['add_export_distributor'] add_export_distributor = module.params['add_export_distributor']
feed = module.params['feed'] feed = module.params['feed']
generate_sqlite = module.params['generate_sqlite'] generate_sqlite = module.params['generate_sqlite']
importer_ssl_ca_cert = module.params['importer_ssl_ca_cert'] importer_ssl_ca_cert = module.params['ca_cert']
importer_ssl_client_cert = module.params['importer_ssl_client_cert'] importer_ssl_client_cert = module.params['client_cert']
importer_ssl_client_key = module.params['importer_ssl_client_key'] importer_ssl_client_key = module.params['client_key']
proxy_host = module.params['proxy_host'] proxy_host = module.params['proxy_host']
proxy_port = module.params['proxy_port'] proxy_port = module.params['proxy_port']
proxy_username = module.params['proxy_username'] proxy_username = module.params['proxy_username']

@ -55,11 +55,12 @@ options:
- Supply an profilename for use with registration. - Supply an profilename for use with registration.
type: str type: str
version_added: "2.0" version_added: "2.0"
sslcacert: ca_cert:
description: description:
- Supply a custom ssl CA certificate file for use with registration. - Supply a custom ssl CA certificate file for use with registration.
type: path type: path
version_added: "2.1" version_added: "2.1"
aliases: [ sslcacert ]
systemorgid: systemorgid:
description: description:
- Supply an organizational id for use with registration. - Supply an organizational id for use with registration.
@ -350,7 +351,7 @@ def main():
server_url=dict(type='str'), server_url=dict(type='str'),
activationkey=dict(type='str', no_log=True), activationkey=dict(type='str', no_log=True),
profilename=dict(type='str'), profilename=dict(type='str'),
sslcacert=dict(type='path'), ca_cert=dict(type='path', aliases=['sslcacert']),
systemorgid=dict(type='str'), systemorgid=dict(type='str'),
enable_eus=dict(type='bool', default=False), enable_eus=dict(type='bool', default=False),
nopackages=dict(type='bool', default=False), nopackages=dict(type='bool', default=False),
@ -374,7 +375,7 @@ def main():
state = module.params['state'] state = module.params['state']
activationkey = module.params['activationkey'] activationkey = module.params['activationkey']
profilename = module.params['profilename'] profilename = module.params['profilename']
sslcacert = module.params['sslcacert'] sslcacert = module.params['ca_cert']
systemorgid = module.params['systemorgid'] systemorgid = module.params['systemorgid']
channels = module.params['channels'] channels = module.params['channels']
enable_eus = module.params['enable_eus'] enable_eus = module.params['enable_eus']

@ -273,19 +273,23 @@ options:
description: description:
- Path to the directory containing the databases of the certificate - Path to the directory containing the databases of the certificate
authorities yum should use to verify SSL certificates. authorities yum should use to verify SSL certificates.
aliases: [ ca_cert ]
sslclientcert: sslclientcert:
description: description:
- Path to the SSL client certificate yum should use to connect to - Path to the SSL client certificate yum should use to connect to
repos/remote sites. repos/remote sites.
aliases: [ client_cert ]
sslclientkey: sslclientkey:
description: description:
- Path to the SSL client key yum should use to connect to repos/remote - Path to the SSL client key yum should use to connect to repos/remote
sites. sites.
aliases: [ client_key ]
sslverify: sslverify:
description: description:
- Defines whether yum should verify SSL certificates/hosts at all. - Defines whether yum should verify SSL certificates/hosts at all.
type: bool type: bool
default: 'yes' default: 'yes'
aliases: [ validate_certs ]
state: state:
description: description:
- State of the repo file. - State of the repo file.
@ -593,11 +597,11 @@ def main():
retries=dict(), retries=dict(),
s3_enabled=dict(type='bool'), s3_enabled=dict(type='bool'),
skip_if_unavailable=dict(type='bool'), skip_if_unavailable=dict(type='bool'),
sslcacert=dict(), sslcacert=dict(aliases=['ca_cert']),
ssl_check_cert_permissions=dict(type='bool'), ssl_check_cert_permissions=dict(type='bool'),
sslclientcert=dict(), sslclientcert=dict(aliases=['client_cert']),
sslclientkey=dict(), sslclientkey=dict(aliases=['client_key']),
sslverify=dict(type='bool'), sslverify=dict(type='bool', aliases=['validate_certs']),
state=dict(choices=['present', 'absent'], default='present'), state=dict(choices=['present', 'absent'], default='present'),
throttle=dict(), throttle=dict(),
timeout=dict(), timeout=dict(),

@ -61,7 +61,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: Delete an alert profile from ManageIQ - name: Delete an alert profile from ManageIQ
manageiq_alert_profiles: manageiq_alert_profiles:
@ -71,7 +71,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
''' '''
RETURN = ''' RETURN = '''

@ -80,7 +80,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: Add an alert with a "miq expression" to ManageIQ - name: Add an alert with a "miq expression" to ManageIQ
manageiq_alerts: manageiq_alerts:
@ -107,7 +107,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: Delete an alert from ManageIQ - name: Delete an alert from ManageIQ
manageiq_alerts: manageiq_alerts:
@ -117,7 +117,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
''' '''
RETURN = ''' RETURN = '''

@ -104,7 +104,7 @@ EXAMPLES = '''
url: 'https://manageiq_server' url: 'https://manageiq_server'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: Create a group in ManageIQ with the role EvmRole-user and tenant with tenant_id 4 - name: Create a group in ManageIQ with the role EvmRole-user and tenant with tenant_id 4
manageiq_group: manageiq_group:
@ -115,7 +115,7 @@ EXAMPLES = '''
url: 'https://manageiq_server' url: 'https://manageiq_server'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: - name:
- Create or update a group in ManageIQ with the role EvmRole-user and tenant my_tenant. - Create or update a group in ManageIQ with the role EvmRole-user and tenant my_tenant.
@ -141,7 +141,7 @@ EXAMPLES = '''
url: 'https://manageiq_server' url: 'https://manageiq_server'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: Delete a group in ManageIQ - name: Delete a group in ManageIQ
manageiq_group: manageiq_group:

@ -62,7 +62,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: Unassign a policy_profile for a provider in ManageIQ - name: Unassign a policy_profile for a provider in ManageIQ
manageiq_policies: manageiq_policies:
@ -75,7 +75,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: List current policy_profile and policies for a provider in ManageIQ - name: List current policy_profile and policies for a provider in ManageIQ
manageiq_policies: manageiq_policies:
@ -86,7 +86,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
''' '''
RETURN = ''' RETURN = '''

@ -82,7 +82,7 @@ options:
description: Provider's api endpoint authentication password. defaults to None. description: Provider's api endpoint authentication password. defaults to None.
auth_key: auth_key:
description: Provider's api endpoint authentication bearer token. defaults to None. description: Provider's api endpoint authentication bearer token. defaults to None.
verify_ssl: validate_certs:
description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True. description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True.
type: bool type: bool
default: 'yes' default: 'yes'
@ -106,7 +106,7 @@ options:
description: Provider's api endpoint authentication password. defaults to None. description: Provider's api endpoint authentication password. defaults to None.
auth_key: auth_key:
description: Provider's api endpoint authentication bearer token. defaults to None. description: Provider's api endpoint authentication bearer token. defaults to None.
verify_ssl: validate_certs:
description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True. description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True.
type: bool type: bool
default: 'yes' default: 'yes'
@ -133,7 +133,7 @@ options:
description: Provider's api endpoint authentication password. defaults to None. description: Provider's api endpoint authentication password. defaults to None.
auth_key: auth_key:
description: Provider's api endpoint authentication bearer token. defaults to None. description: Provider's api endpoint authentication bearer token. defaults to None.
verify_ssl: validate_certs:
description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True. description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True.
default: true default: true
security_protocol: security_protocol:
@ -165,7 +165,7 @@ EXAMPLES = '''
auth_key: 'topSecret' auth_key: 'topSecret'
hostname: 'example.com' hostname: 'example.com'
port: 8443 port: 8443
verify_ssl: true validate_certs: true
security_protocol: 'ssl-with-validation-custom-ca' security_protocol: 'ssl-with-validation-custom-ca'
certificate_authority: | certificate_authority: |
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
@ -191,7 +191,7 @@ EXAMPLES = '''
role: 'hawkular' role: 'hawkular'
hostname: 'example.com' hostname: 'example.com'
port: 443 port: 443
verify_ssl: true validate_certs: true
security_protocol: 'ssl-with-validation-custom-ca' security_protocol: 'ssl-with-validation-custom-ca'
certificate_authority: | certificate_authority: |
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
@ -216,7 +216,7 @@ EXAMPLES = '''
url: 'https://127.0.0.1:80' url: 'https://127.0.0.1:80'
username: 'admin' username: 'admin'
password: 'password' password: 'password'
verify_ssl: true validate_certs: true
- name: Update an existing provider named 'EngLab' (defaults to 'Prometheus' metrics) - name: Update an existing provider named 'EngLab' (defaults to 'Prometheus' metrics)
@ -228,7 +228,7 @@ EXAMPLES = '''
auth_key: 'topSecret' auth_key: 'topSecret'
hostname: 'next.example.com' hostname: 'next.example.com'
port: 8443 port: 8443
verify_ssl: true validate_certs: true
security_protocol: 'ssl-with-validation-custom-ca' security_protocol: 'ssl-with-validation-custom-ca'
certificate_authority: | certificate_authority: |
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
@ -253,7 +253,7 @@ EXAMPLES = '''
auth_key: 'topSecret' auth_key: 'topSecret'
hostname: 'next.example.com' hostname: 'next.example.com'
port: 443 port: 443
verify_ssl: true validate_certs: true
security_protocol: 'ssl-with-validation-custom-ca' security_protocol: 'ssl-with-validation-custom-ca'
certificate_authority: | certificate_authority: |
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
@ -278,7 +278,7 @@ EXAMPLES = '''
url: 'https://127.0.0.1' url: 'https://127.0.0.1'
username: 'admin' username: 'admin'
password: 'password' password: 'password'
verify_ssl: true validate_certs: true
- name: Delete a provider in ManageIQ - name: Delete a provider in ManageIQ
@ -290,7 +290,7 @@ EXAMPLES = '''
url: 'https://127.0.0.1' url: 'https://127.0.0.1'
username: 'admin' username: 'admin'
password: 'password' password: 'password'
verify_ssl: true validate_certs: true
- name: Create a new Amazon provider in ManageIQ using token authentication - name: Create a new Amazon provider in ManageIQ using token authentication
@ -305,7 +305,7 @@ EXAMPLES = '''
manageiq_connection: manageiq_connection:
url: 'https://127.0.0.1' url: 'https://127.0.0.1'
token: 'VeryLongToken' token: 'VeryLongToken'
verify_ssl: true validate_certs: true
- name: Create a new oVirt provider in ManageIQ - name: Create a new oVirt provider in ManageIQ
@ -317,7 +317,7 @@ EXAMPLES = '''
hostname: 'rhev01.example.com' hostname: 'rhev01.example.com'
userid: 'admin@internal' userid: 'admin@internal'
password: 'password' password: 'password'
verify_ssl: true validate_certs: true
certificate_authority: | certificate_authority: |
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
@ -342,7 +342,7 @@ EXAMPLES = '''
path: 'ovirt_engine_history' path: 'ovirt_engine_history'
userid: 'user_id_metrics' userid: 'user_id_metrics'
password: 'password_metrics' password: 'password_metrics'
verify_ssl: true validate_certs: true
certificate_authority: | certificate_authority: |
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
@ -366,7 +366,7 @@ EXAMPLES = '''
url: 'https://127.0.0.1' url: 'https://127.0.0.1'
username: 'admin' username: 'admin'
password: 'password' password: 'password'
verify_ssl: true validate_certs: true
- name: Create a new VMware provider in ManageIQ - name: Create a new VMware provider in ManageIQ
manageiq_provider: manageiq_provider:
@ -382,7 +382,7 @@ EXAMPLES = '''
manageiq_connection: manageiq_connection:
url: 'https://127.0.0.1' url: 'https://127.0.0.1'
token: 'VeryLongToken' token: 'VeryLongToken'
verify_ssl: true validate_certs: true
- name: Create a new Azure provider in ManageIQ - name: Create a new Azure provider in ManageIQ
manageiq_provider: manageiq_provider:
@ -400,7 +400,7 @@ EXAMPLES = '''
url: 'https://cf-6af0.rhpds.opentlc.com' url: 'https://cf-6af0.rhpds.opentlc.com'
username: 'admin' username: 'admin'
password: 'password' password: 'password'
verify_ssl: false validate_certs: false
- name: Create a new OpenStack Director provider in ManageIQ with rsa keypair - name: Create a new OpenStack Director provider in ManageIQ with rsa keypair
manageiq_provider: manageiq_provider:
@ -413,7 +413,7 @@ EXAMPLES = '''
userid: 'admin' userid: 'admin'
password: 'password' password: 'password'
security_protocol: 'ssl-with-validation' security_protocol: 'ssl-with-validation'
verify_ssl: 'true' validate_certs: 'true'
certificate_authority: | certificate_authority: |
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
@ -452,7 +452,7 @@ EXAMPLES = '''
userid: 'admin' userid: 'admin'
password: 'password' password: 'password'
security_protocol: 'ssl-with-validation' security_protocol: 'ssl-with-validation'
verify_ssl: 'true' validate_certs: 'true'
certificate_authority: | certificate_authority: |
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
@ -491,7 +491,7 @@ EXAMPLES = '''
provider: provider:
hostname: 'gce.example.com' hostname: 'gce.example.com'
auth_key: 'google_json_key' auth_key: 'google_json_key'
verify_ssl: 'false' validate_certs: 'false'
''' '''
RETURN = ''' RETURN = '''
@ -551,7 +551,7 @@ def endpoint_argument_spec():
role=dict(), role=dict(),
hostname=dict(required=True), hostname=dict(required=True),
port=dict(type='int'), port=dict(type='int'),
verify_ssl=dict(default=True, type='bool'), validate_certs=dict(default=True, type='bool', aliases=['verify_ssl']),
certificate_authority=dict(), certificate_authority=dict(),
security_protocol=dict( security_protocol=dict(
choices=[ choices=[
@ -662,7 +662,7 @@ class ManageIQProvider(object):
'role': role, 'role': role,
'hostname': endpoint.get('hostname'), 'hostname': endpoint.get('hostname'),
'port': endpoint.get('port'), 'port': endpoint.get('port'),
'verify_ssl': [0, 1][endpoint.get('verify_ssl', True)], 'verify_ssl': [0, 1][endpoint.get('validate_certs', True)],
'security_protocol': endpoint.get('security_protocol'), 'security_protocol': endpoint.get('security_protocol'),
'certificate_authority': endpoint.get('certificate_authority'), 'certificate_authority': endpoint.get('certificate_authority'),
'path': endpoint.get('path'), 'path': endpoint.get('path'),

@ -65,7 +65,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: Remove tags for a provider in ManageIQ - name: Remove tags for a provider in ManageIQ
manageiq_tags: manageiq_tags:
@ -81,7 +81,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: List current tags for a provider in ManageIQ - name: List current tags for a provider in ManageIQ
manageiq_tags: manageiq_tags:
@ -92,7 +92,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
''' '''
RETURN = ''' RETURN = '''

@ -86,7 +86,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: Create a tenant in ManageIQ - name: Create a tenant in ManageIQ
manageiq_tenant: manageiq_tenant:
@ -97,7 +97,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: Delete a tenant in ManageIQ - name: Delete a tenant in ManageIQ
manageiq_tenant: manageiq_tenant:
@ -108,7 +108,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: Set tenant quota for cpu_allocated, mem_allocated, remove quota for vms_allocated - name: Set tenant quota for cpu_allocated, mem_allocated, remove quota for vms_allocated
manageiq_tenant: manageiq_tenant:
@ -122,7 +122,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: Delete a tenant in ManageIQ using a token - name: Delete a tenant in ManageIQ using a token
@ -133,7 +133,7 @@ EXAMPLES = '''
manageiq_connection: manageiq_connection:
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
token: 'sometoken' token: 'sometoken'
verify_ssl: False validate_certs: False
''' '''
RETURN = ''' RETURN = '''

@ -79,7 +79,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: Create a new user in ManageIQ using a token - name: Create a new user in ManageIQ using a token
manageiq_user: manageiq_user:
@ -91,7 +91,7 @@ EXAMPLES = '''
manageiq_connection: manageiq_connection:
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
token: 'sometoken' token: 'sometoken'
verify_ssl: False validate_certs: False
- name: Delete a user in ManageIQ - name: Delete a user in ManageIQ
manageiq_user: manageiq_user:
@ -101,7 +101,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: Delete a user in ManageIQ using a token - name: Delete a user in ManageIQ using a token
manageiq_user: manageiq_user:
@ -110,7 +110,7 @@ EXAMPLES = '''
manageiq_connection: manageiq_connection:
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
token: 'sometoken' token: 'sometoken'
verify_ssl: False validate_certs: False
- name: Update email of user in ManageIQ - name: Update email of user in ManageIQ
manageiq_user: manageiq_user:
@ -120,7 +120,7 @@ EXAMPLES = '''
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
username: 'admin' username: 'admin'
password: 'smartvm' password: 'smartvm'
verify_ssl: False validate_certs: False
- name: Update email of user in ManageIQ using a token - name: Update email of user in ManageIQ using a token
manageiq_user: manageiq_user:
@ -129,7 +129,7 @@ EXAMPLES = '''
manageiq_connection: manageiq_connection:
url: 'http://127.0.0.1:3000' url: 'http://127.0.0.1:3000'
token: 'sometoken' token: 'sometoken'
verify_ssl: False validate_certs: False
''' '''
RETURN = ''' RETURN = '''

@ -95,11 +95,12 @@ options:
- Trigger hook on wiki events - Trigger hook on wiki events
type: bool type: bool
default: no default: no
enable_ssl_verification: hook_validate_certs:
description: description:
- Whether GitLab will do SSL verification when triggering the hook - Whether GitLab will do SSL verification when triggering the hook
type: bool type: bool
default: no default: no
aliases: [ enable_ssl_verification ]
token: token:
description: description:
- Secret token to validate hook messages at the receiver. - Secret token to validate hook messages at the receiver.
@ -119,7 +120,7 @@ EXAMPLES = '''
state: present state: present
push_events: yes push_events: yes
tag_push_events: yes tag_push_events: yes
enable_ssl_verification: no hook_validate_certs: no
token: "my-super-secret-token-that-my-ci-server-will-check" token: "my-super-secret-token-that-my-ci-server-will-check"
- name: "Delete the previous hook" - name: "Delete the previous hook"
@ -315,7 +316,7 @@ def main():
job_events=dict(type='bool', default=False), job_events=dict(type='bool', default=False),
pipeline_events=dict(type='bool', default=False), pipeline_events=dict(type='bool', default=False),
wiki_page_events=dict(type='bool', default=False), wiki_page_events=dict(type='bool', default=False),
enable_ssl_verification=dict(type='bool', default=False), hook_validate_certs=dict(type='bool', default=False, aliases=['enable_ssl_verification']),
token=dict(type='str', no_log=True), token=dict(type='str', no_log=True),
)) ))
@ -353,7 +354,7 @@ def main():
job_events = module.params['job_events'] job_events = module.params['job_events']
pipeline_events = module.params['pipeline_events'] pipeline_events = module.params['pipeline_events']
wiki_page_events = module.params['wiki_page_events'] wiki_page_events = module.params['wiki_page_events']
enable_ssl_verification = module.params['enable_ssl_verification'] enable_ssl_verification = module.params['hook_validate_certs']
hook_token = module.params['token'] hook_token = module.params['token']
if not HAS_GITLAB_PACKAGE: if not HAS_GITLAB_PACKAGE:

@ -58,11 +58,12 @@ options:
required: False required: False
default: "present" default: "present"
choices: ["present", "absent"] choices: ["present", "absent"]
tower_verify_ssl: validate_certs:
description: description:
- Tower option to avoid certificates check. - Tower option to avoid certificates check.
required: False required: False
type: bool type: bool
aliases: [ tower_verify_ssl ]
extends_documentation_fragment: tower extends_documentation_fragment: tower
''' '''
@ -75,7 +76,7 @@ EXAMPLES = '''
inputs: "{{ lookup('file', 'tower_credential_inputs_nexus.json') }}" inputs: "{{ lookup('file', 'tower_credential_inputs_nexus.json') }}"
injectors: {'extra_vars': {'nexus_credential': 'test' }} injectors: {'extra_vars': {'nexus_credential': 'test' }}
state: present state: present
tower_verify_ssl: false validate_certs: false
- tower_credential_type: - tower_credential_type:
name: Nexus name: Nexus

@ -138,10 +138,11 @@ options:
- Desired state of the resource. - Desired state of the resource.
default: "present" default: "present"
choices: ["present", "absent"] choices: ["present", "absent"]
tower_verify_ssl: validate_certs:
description: description:
- Tower option to avoid certificates check. - Tower option to avoid certificates check.
type: bool type: bool
aliases: [ tower_verify_ssl ]
extends_documentation_fragment: tower extends_documentation_fragment: tower
''' '''
@ -158,7 +159,7 @@ EXAMPLES = '''
overwrite: true overwrite: true
source_vars: '{ private: false }' source_vars: '{ private: false }'
state: present state: present
tower_verify_ssl: false validate_certs: false
''' '''

@ -29,7 +29,7 @@ DOCUMENTATION = '''
ini: ini:
- section: callback_foreman - section: callback_foreman
key: url key: url
ssl_cert: client_cert:
description: X509 certificate to authenticate to Foreman if https is used description: X509 certificate to authenticate to Foreman if https is used
env: env:
- name: FOREMAN_SSL_CERT - name: FOREMAN_SSL_CERT
@ -37,7 +37,10 @@ DOCUMENTATION = '''
ini: ini:
- section: callback_foreman - section: callback_foreman
key: ssl_cert key: ssl_cert
ssl_key: - section: callback_foreman
key: client_cert
aliases: [ ssl_cert ]
client_key:
description: the corresponding private key description: the corresponding private key
env: env:
- name: FOREMAN_SSL_KEY - name: FOREMAN_SSL_KEY
@ -45,6 +48,9 @@ DOCUMENTATION = '''
ini: ini:
- section: callback_foreman - section: callback_foreman
key: ssl_key key: ssl_key
- section: callback_foreman
key: client_key
aliases: [ ssl_key ]
verify_certs: verify_certs:
description: description:
- Toggle to decide whether to verify the Foreman certificate. - Toggle to decide whether to verify the Foreman certificate.
@ -96,7 +102,7 @@ class CallbackModule(CallbackBase):
super(CallbackModule, self).set_options(task_keys=task_keys, var_options=var_options, direct=direct) super(CallbackModule, self).set_options(task_keys=task_keys, var_options=var_options, direct=direct)
self.FOREMAN_URL = self.get_option('url') self.FOREMAN_URL = self.get_option('url')
self.FOREMAN_SSL_CERT = (self.get_option('ssl_cert'), self.get_option('ssl_key')) self.FOREMAN_SSL_CERT = (self.get_option('client_cert'), self.get_option('client_key'))
self.FOREMAN_SSL_VERIFY = str(self.get_option('verify_certs')) self.FOREMAN_SSL_VERIFY = str(self.get_option('verify_certs'))
self.ssl_verify = self._ssl_verify() self.ssl_verify = self._ssl_verify()

@ -48,15 +48,18 @@ DOCUMENTATION = """
ini: ini:
- section: callback_grafana_annotations - section: callback_grafana_annotations
key: grafana_url key: grafana_url
validate_grafana_certs: validate_certs:
description: validate the SSL certificate of the Grafana server. (For HTTPS url) description: validate the SSL certificate of the Grafana server. (For HTTPS url)
env: env:
- name: GRAFANA_VALIDATE_CERT - name: GRAFANA_VALIDATE_CERT
ini: ini:
- section: callback_grafana_annotations - section: callback_grafana_annotations
key: validate_grafana_certs key: validate_grafana_certs
- section: callback_grafana_annotations
key: validate_certs
default: True default: True
type: bool type: bool
aliases: [ validate_grafana_certs ]
http_agent: http_agent:
description: The HTTP 'User-agent' value to set in HTTP requets. description: The HTTP 'User-agent' value to set in HTTP requets.
env: env:
@ -173,7 +176,7 @@ class CallbackModule(CallbackBase):
self.grafana_api_key = self.get_option('grafana_api_key') self.grafana_api_key = self.get_option('grafana_api_key')
self.grafana_url = self.get_option('grafana_url') self.grafana_url = self.get_option('grafana_url')
self.validate_grafana_certs = self.get_option('validate_grafana_certs') self.validate_grafana_certs = self.get_option('validate_certs')
self.http_agent = self.get_option('http_agent') self.http_agent = self.get_option('http_agent')
self.grafana_user = self.get_option('grafana_user') self.grafana_user = self.get_option('grafana_user')
self.grafana_password = self.get_option('grafana_password') self.grafana_password = self.get_option('grafana_password')

@ -25,14 +25,17 @@ DOCUMENTATION = '''
ini: ini:
- section: callback_nrdp - section: callback_nrdp
key: url key: url
validate_nrdp_certs: validate_certs:
description: (bool) validate the SSL certificate of the nrdp server. (For HTTPS url) description: (bool) validate the SSL certificate of the nrdp server. (For HTTPS url)
env: env:
- name: NRDP_VALIDATE_CERTS - name: NRDP_VALIDATE_CERTS
ini: ini:
- section: callback_nrdp - section: callback_nrdp
key: validate_nrdp_certs key: validate_nrdp_certs
- section: callback_nrdp
key: validate_certs
default: False default: False
aliases: [ validate_nrdp_certs ]
token: token:
description: token to be allowed to push nrdp events description: token to be allowed to push nrdp events
required: True required: True
@ -99,7 +102,7 @@ class CallbackModule(CallbackBase):
self.token = self.get_option('token') self.token = self.get_option('token')
self.hostname = self.get_option('hostname') self.hostname = self.get_option('hostname')
self.servicename = self.get_option('servicename') self.servicename = self.get_option('servicename')
self.validate_nrdp_certs = self.get_option('validate_nrdp_certs') self.validate_nrdp_certs = self.get_option('validate_certs')
if (self.url or self.token or self.hostname or if (self.url or self.token or self.hostname or
self.servicename) is None: self.servicename) is None:

@ -123,38 +123,46 @@ DOCUMENTATION = """
env: env:
- name: K8S_AUTH_TOKEN - name: K8S_AUTH_TOKEN
- name: K8S_AUTH_API_KEY - name: K8S_AUTH_API_KEY
kubectl_cert_file: client_cert:
description: description:
- Path to a certificate used to authenticate with the API. - Path to a certificate used to authenticate with the API.
default: '' default: ''
vars: vars:
- name: ansible_kubectl_cert_file - name: ansible_kubectl_cert_file
- name: ansible_kubectl_client_cert
env: env:
- name: K8S_AUTH_CERT_FILE - name: K8S_AUTH_CERT_FILE
kubectl_key_file: aliases: [ kubectl_cert_file ]
client_key:
description: description:
- Path to a key file used to authenticate with the API. - Path to a key file used to authenticate with the API.
default: '' default: ''
vars: vars:
- name: ansible_kubectl_key_file - name: ansible_kubectl_key_file
- name: ansible_kubectl_client_key
env: env:
- name: K8S_AUTH_KEY_FILE - name: K8S_AUTH_KEY_FILE
kubectl_ssl_ca_cert: aliases: [ kubectl_key_file ]
ca_cert:
description: description:
- Path to a CA certificate used to authenticate with the API. - Path to a CA certificate used to authenticate with the API.
default: '' default: ''
vars: vars:
- name: ansible_kubectl_ssl_ca_cert - name: ansible_kubectl_ssl_ca_cert
- name: ansible_kubectl_ca_cert
env: env:
- name: K8S_AUTH_SSL_CA_CERT - name: K8S_AUTH_SSL_CA_CERT
kubectl_verify_ssl: aliases: [ kubectl_ssl_ca_cert ]
validate_certs:
description: description:
- Whether or not to verify the API server's SSL certificate. Defaults to I(true). - Whether or not to verify the API server's SSL certificate. Defaults to I(true).
default: '' default: ''
vars: vars:
- name: ansible_kubectl_verify_ssl - name: ansible_kubectl_verify_ssl
- name: ansible_kubectl_validate_certs
env: env:
- name: K8S_AUTH_VERIFY_SSL - name: K8S_AUTH_VERIFY_SSL
aliases: [ kubectl_verify_ssl ]
""" """
import distutils.spawn import distutils.spawn
@ -183,10 +191,10 @@ CONNECTION_OPTIONS = {
'kubectl_host': '--server', 'kubectl_host': '--server',
'kubectl_username': '--username', 'kubectl_username': '--username',
'kubectl_password': '--password', 'kubectl_password': '--password',
'kubectl_cert_file': '--client-certificate', 'client_cert': '--client-certificate',
'kubectl_key_file': '--client-key', 'client_key': '--client-key',
'kubectl_ssl_ca_cert': '--certificate-authority', 'ca_cert': '--certificate-authority',
'kubectl_verify_ssl': '--insecure-skip-tls-verify', 'validate_certs': '--insecure-skip-tls-verify',
'kubectl_token': '--token' 'kubectl_token': '--token'
} }

@ -106,38 +106,46 @@ DOCUMENTATION = """
env: env:
- name: K8S_AUTH_TOKEN - name: K8S_AUTH_TOKEN
- name: K8S_AUTH_API_KEY - name: K8S_AUTH_API_KEY
oc_cert_file: client_cert:
description: description:
- Path to a certificate used to authenticate with the API. - Path to a certificate used to authenticate with the API.
default: '' default: ''
vars: vars:
- name: ansible_oc_cert_file - name: ansible_oc_cert_file
- name: ansible_oc_client_cert
env: env:
- name: K8S_AUTH_CERT_FILE - name: K8S_AUTH_CERT_FILE
oc_key_file: aliases: [ oc_cert_file ]
client_key:
description: description:
- Path to a key file used to authenticate with the API. - Path to a key file used to authenticate with the API.
default: '' default: ''
vars: vars:
- name: ansible_oc_key_file - name: ansible_oc_key_file
- name: ansible_oc_client_key
env: env:
- name: K8S_AUTH_KEY_FILE - name: K8S_AUTH_KEY_FILE
oc_ssl_ca_cert: aliases: [ oc_key_file ]
ca_cert:
description: description:
- Path to a CA certificate used to authenticate with the API. - Path to a CA certificate used to authenticate with the API.
default: '' default: ''
vars: vars:
- name: ansible_oc_ssl_ca_cert - name: ansible_oc_ssl_ca_cert
- name: ansible_oc_ca_cert
env: env:
- name: K8S_AUTH_SSL_CA_CERT - name: K8S_AUTH_SSL_CA_CERT
oc_verify_ssl: aliases: [ oc_ssl_ca_cert ]
validate_certs:
description: description:
- Whether or not to verify the API server's SSL certificate. Defaults to I(true). - Whether or not to verify the API server's SSL certificate. Defaults to I(true).
default: '' default: ''
vars: vars:
- name: ansible_oc_verify_ssl - name: ansible_oc_verify_ssl
- name: ansible_oc_validate_certs
env: env:
- name: K8S_AUTH_VERIFY_SSL - name: K8S_AUTH_VERIFY_SSL
aliases: [ oc_verify_ssl ]
""" """
from ansible.plugins.connection.kubectl import Connection as KubectlConnection from ansible.plugins.connection.kubectl import Connection as KubectlConnection
@ -151,10 +159,10 @@ CONNECTION_OPTIONS = {
'oc_kubeconfig': '--config', 'oc_kubeconfig': '--config',
'oc_context': '--context', 'oc_context': '--context',
'oc_host': '--server', 'oc_host': '--server',
'oc_cert_file': '--client-certificate', 'client_cert': '--client-certificate',
'oc_key_file': '--client-key', 'client_key': '--client-key',
'oc_ssl_ca_cert': '--certificate-authority', 'ca_cert': '--certificate-authority',
'oc_verify_ssl': '--insecure-skip-tls-verify', 'validate_certs': '--insecure-skip-tls-verify',
'oc_token': '--token' 'oc_token': '--token'
} }

@ -72,7 +72,7 @@ options:
description: description:
- Whether to validate the remote server's certificate or not. - Whether to validate the remote server's certificate or not.
- Set to C(ignore) to not validate any certificates. - Set to C(ignore) to not validate any certificates.
- I(cert_trust_path) can be set to the path of a PEM certificate chain to - I(ca_cert) can be set to the path of a PEM certificate chain to
use in the validation. use in the validation.
choices: choices:
- validate - validate
@ -80,13 +80,15 @@ options:
default: validate default: validate
vars: vars:
- name: ansible_psrp_cert_validation - name: ansible_psrp_cert_validation
cert_trust_path: ca_cert:
description: description:
- The path to a PEM certificate chain to use when validating the server's - The path to a PEM certificate chain to use when validating the server's
certificate. certificate.
- This value is ignored if I(cert_validation) is set to C(ignore). - This value is ignored if I(cert_validation) is set to C(ignore).
vars: vars:
- name: ansible_psrp_cert_trust_path - name: ansible_psrp_cert_trust_path
- name: ansible_psrp_ca_cert
aliases: [ cert_trust_path ]
connection_timeout: connection_timeout:
description: description:
- The connection timeout for making the request to the remote host. - The connection timeout for making the request to the remote host.
@ -516,7 +518,7 @@ if ($bytes_read -gt 0) {
self._psrp_auth = self.get_option('auth') self._psrp_auth = self.get_option('auth')
# cert validation can either be a bool or a path to the cert # cert validation can either be a bool or a path to the cert
cert_validation = self.get_option('cert_validation') cert_validation = self.get_option('cert_validation')
cert_trust_path = self.get_option('cert_trust_path') cert_trust_path = self.get_option('ca_cert')
if cert_validation == 'ignore': if cert_validation == 'ignore':
self._psrp_cert_validation = False self._psrp_cert_validation = False
elif cert_trust_path is not None: elif cert_trust_path is not None:

@ -42,27 +42,27 @@ options:
instead. If the environment variable is not set, the default value will be used. instead. If the environment variable is not set, the default value will be used.
type: int type: int
default: 60 default: 60
cacert_path: ca_cert:
description: description:
- Use a CA certificate when performing server verification by providing the path to a CA certificate file. - Use a CA certificate when performing server verification by providing the path to a CA certificate file.
- If the value is not specified in the task and the environment variable C(DOCKER_CERT_PATH) is set, - If the value is not specified in the task and the environment variable C(DOCKER_CERT_PATH) is set,
the file C(ca.pem) from the directory specified in the environment variable C(DOCKER_CERT_PATH) will be used. the file C(ca.pem) from the directory specified in the environment variable C(DOCKER_CERT_PATH) will be used.
type: path type: path
aliases: [ tls_ca_cert ] aliases: [ tls_ca_cert, cacert_path ]
cert_path: client_cert:
description: description:
- Path to the client's TLS certificate file. - Path to the client's TLS certificate file.
- If the value is not specified in the task and the environment variable C(DOCKER_CERT_PATH) is set, - If the value is not specified in the task and the environment variable C(DOCKER_CERT_PATH) is set,
the file C(cert.pem) from the directory specified in the environment variable C(DOCKER_CERT_PATH) will be used. the file C(cert.pem) from the directory specified in the environment variable C(DOCKER_CERT_PATH) will be used.
type: path type: path
aliases: [ tls_client_cert ] aliases: [ tls_client_cert, cert_path ]
key_path: client_key:
description: description:
- Path to the client's TLS key file. - Path to the client's TLS key file.
- If the value is not specified in the task and the environment variable C(DOCKER_CERT_PATH) is set, - If the value is not specified in the task and the environment variable C(DOCKER_CERT_PATH) is set,
the file C(key.pem) from the directory specified in the environment variable C(DOCKER_CERT_PATH) will be used. the file C(key.pem) from the directory specified in the environment variable C(DOCKER_CERT_PATH) will be used.
type: path type: path
aliases: [ tls_client_key ] aliases: [ tls_client_key, key_path ]
ssl_version: ssl_version:
description: description:
- Provide a valid SSL version number. Default value determined by ssl.py module. - Provide a valid SSL version number. Default value determined by ssl.py module.
@ -77,13 +77,14 @@ options:
instead. If the environment variable is not set, the default value will be used. instead. If the environment variable is not set, the default value will be used.
type: bool type: bool
default: no default: no
tls_verify: validate_certs:
description: description:
- Secure the connection to the API by using TLS and verifying the authenticity of the Docker host server. - Secure the connection to the API by using TLS and verifying the authenticity of the Docker host server.
- If the value is not specified in the task, the value of environment variable C(DOCKER_TLS_VERIFY) will be - If the value is not specified in the task, the value of environment variable C(DOCKER_TLS_VERIFY) will be
used instead. If the environment variable is not set, the default value will be used. used instead. If the environment variable is not set, the default value will be used.
type: bool type: bool
default: no default: no
aliases: [ tls_verify ]
debug: debug:
description: description:
- Debug mode - Debug mode

@ -46,11 +46,12 @@ options:
description: description:
- The timeout (in seconds) for REST API requests. - The timeout (in seconds) for REST API requests.
type: int type: int
verify_ssl: validate_certs:
description: description:
- Verify the unit's HTTPS certificate. - Verify the unit's HTTPS certificate.
type: bool type: bool
default: yes default: yes
aliases: [ verify_ssl ]
notes: notes:
- This module requires that the Ingate Python SDK is installed on the - This module requires that the Ingate Python SDK is installed on the
host. To install the SDK use the pip command from your shell host. To install the SDK use the pip command from your shell

@ -43,31 +43,35 @@ options:
variable. variable.
- Please read the description of the C(username) option for a discussion of when this option is applicable. - Please read the description of the C(username) option for a discussion of when this option is applicable.
type: str type: str
cert_file: client_cert:
description: description:
- Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment - Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment
variable. variable.
type: path type: path
key_file: aliases: [ cert_file ]
client_key:
description: description:
- Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment - Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment
variable. variable.
type: path type: path
ssl_ca_cert: aliases: [ key_file ]
ca_cert:
description: description:
- Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to - Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to
avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable. avoid certificate validation errors. Can also be specified via K8S_AUTH_SSL_CA_CERT environment variable.
type: path type: path
verify_ssl: aliases: [ ssl_ca_cert ]
validate_certs:
description: description:
- Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL - Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL
environment variable. environment variable.
type: bool type: bool
aliases: [ verify_ssl ]
notes: notes:
- "The OpenShift Python client wraps the K8s Python client, providing full access to - "The OpenShift Python client wraps the K8s Python client, providing full access to
all of the APIS and models available on both platforms. For API version details and all of the APIS and models available on both platforms. For API version details and
additional information visit https://github.com/openshift/openshift-restclient-python" additional information visit https://github.com/openshift/openshift-restclient-python"
- "To avoid SSL certificate validation errors when C(verify_ssl) is I(True), the full - "To avoid SSL certificate validation errors when C(validate_certs) is I(True), the full
certificate chain for the API server must be provided via C(ssl_ca_cert) or in the certificate chain for the API server must be provided via C(ca_cert) or in the
kubeconfig file." kubeconfig file."
''' '''

@ -32,15 +32,17 @@ options:
description: description:
- ManageIQ token. C(MIQ_TOKEN) env var if set. otherwise, required if no username or password is passed in. - ManageIQ token. C(MIQ_TOKEN) env var if set. otherwise, required if no username or password is passed in.
type: str type: str
verify_ssl: validate_certs:
description: description:
- Whether SSL certificates should be verified for HTTPS requests. defaults to True. - Whether SSL certificates should be verified for HTTPS requests. defaults to True.
type: bool type: bool
default: yes default: yes
ca_bundle_path: aliases: [ verify_ssl ]
ca_cert:
description: description:
- The path to a CA bundle file or directory with certificates. defaults to None. - The path to a CA bundle file or directory with certificates. defaults to None.
type: path type: path
aliases: [ ca_bundle_path ]
requirements: requirements:
- 'manageiq-client U(https://github.com/ManageIQ/manageiq-api-client-python/)' - 'manageiq-client U(https://github.com/ManageIQ/manageiq-api-client-python/)'

@ -43,22 +43,25 @@ options:
type: path type: path
default: '~/.my.cnf' default: '~/.my.cnf'
version_added: "2.0" version_added: "2.0"
ssl_ca: ca_cert:
description: description:
- The path to a Certificate Authority (CA) certificate. This option, if used, must specify the same certificate - The path to a Certificate Authority (CA) certificate. This option, if used, must specify the same certificate
as used by the server. as used by the server.
type: path type: path
version_added: "2.0" version_added: "2.0"
ssl_cert: aliases: [ ssl_ca ]
client_cert:
description: description:
- The path to a client public key certificate. - The path to a client public key certificate.
type: path type: path
version_added: "2.0" version_added: "2.0"
ssl_key: aliases: [ ssl_cert ]
client_key:
description: description:
- The path to the client private key. - The path to the client private key.
type: path type: path
version_added: "2.0" version_added: "2.0"
aliases: [ ssl_key ]
requirements: requirements:
- PyMySQL (Python 2.7 and Python 3.X), or - PyMySQL (Python 2.7 and Python 3.X), or
- MySQLdb (Python 2.x) - MySQLdb (Python 2.x)

@ -36,13 +36,14 @@ options:
- Value can also be specified using C(INFOBLOX_PASSWORD) environment - Value can also be specified using C(INFOBLOX_PASSWORD) environment
variable. variable.
type: str type: str
ssl_verify: validate_certs:
description: description:
- Boolean value to enable or disable verifying SSL certificates - Boolean value to enable or disable verifying SSL certificates
- Value can also be specified using C(INFOBLOX_SSL_VERIFY) environment - Value can also be specified using C(INFOBLOX_SSL_VERIFY) environment
variable. variable.
type: bool type: bool
default: no default: no
aliases: [ ssl_verify ]
http_request_timeout: http_request_timeout:
description: description:
- The amount of time before to wait before receiving a response - The amount of time before to wait before receiving a response

@ -54,26 +54,29 @@ options:
- How long should the socket layer wait before timing out for API calls. - How long should the socket layer wait before timing out for API calls.
If this is omitted, nothing will be passed to the requests library. If this is omitted, nothing will be passed to the requests library.
type: int type: int
verify: validate_certs:
description: description:
- Whether or not SSL API requests should be verified. - Whether or not SSL API requests should be verified.
- Before Ansible 2.3 this defaulted to C(yes). - Before Ansible 2.3 this defaulted to C(yes).
type: bool type: bool
default: no default: no
aliases: [ validate_certs ] aliases: [ verify ]
cacert: ca_cert:
description: description:
- A path to a CA Cert bundle that can be used as part of verifying - A path to a CA Cert bundle that can be used as part of verifying
SSL API requests. SSL API requests.
type: str type: str
cert: aliases: [ cacert ]
client_cert:
description: description:
- A path to a client certificate to use as part of the SSL transaction. - A path to a client certificate to use as part of the SSL transaction.
type: str type: str
key: aliases: [ cert ]
client_key:
description: description:
- A path to a client key to use as part of the SSL transaction. - A path to a client key to use as part of the SSL transaction.
type: str type: str
aliases: [ key ]
interface: interface:
description: description:
- Endpoint URL type to fetch from the service catalog. - Endpoint URL type to fetch from the service catalog.

@ -38,18 +38,19 @@ options:
default: prefer default: prefer
choices: [ allow, disable, prefer, require, verify-ca, verify-full ] choices: [ allow, disable, prefer, require, verify-ca, verify-full ]
version_added: '2.3' version_added: '2.3'
ssl_rootcert: ca_cert:
description: description:
- Specifies the name of a file containing SSL certificate authority (CA) certificate(s). - Specifies the name of a file containing SSL certificate authority (CA) certificate(s).
- If the file exists, the server's certificate will be verified to be signed by one of these authorities. - If the file exists, the server's certificate will be verified to be signed by one of these authorities.
type: str type: str
version_added: '2.3' version_added: '2.3'
aliases: [ ssl_rootcert ]
notes: notes:
- The default authentication assumes that you are either logging in as or sudo'ing to the C(postgres) account on the host. - The default authentication assumes that you are either logging in as or sudo'ing to the C(postgres) account on the host.
- This module uses I(psycopg2), a Python PostgreSQL database adapter. You must ensure that psycopg2 is installed on - This module uses I(psycopg2), a Python PostgreSQL database adapter. You must ensure that psycopg2 is installed on
the host before using this module. If the remote host is the PostgreSQL server (which is the default case), then the host before using this module. If the remote host is the PostgreSQL server (which is the default case), then
PostgreSQL must also be installed on the remote host. For Ubuntu-based systems, install the C(postgresql), C(libpq-dev), PostgreSQL must also be installed on the remote host. For Ubuntu-based systems, install the C(postgresql), C(libpq-dev),
and C(python-psycopg2) packages on the remote host before using this module. and C(python-psycopg2) packages on the remote host before using this module.
- The ssl_rootcert parameter requires at least Postgres version 8.4 and I(psycopg2) version 2.4.3. - The ca_cert parameter requires at least Postgres version 8.4 and I(psycopg2) version 2.4.3.
requirements: [ psycopg2 ] requirements: [ psycopg2 ]
''' '''

@ -34,21 +34,24 @@ options:
choices: [ http , https ] choices: [ http , https ]
default: http default: http
version_added: "2.3" version_added: "2.3"
cacert: ca_cert:
description: description:
- CA certificate to verify SSL connection to management API. - CA certificate to verify SSL connection to management API.
type: path type: path
version_added: "2.3" version_added: "2.3"
cert: aliases: [ cacert ]
client_cert:
description: description:
- Client certificate to send on SSL connections to management API. - Client certificate to send on SSL connections to management API.
type: path type: path
version_added: "2.3" version_added: "2.3"
key: aliases: [ cert ]
client_key:
description: description:
- Private key matching the client certificate. - Private key matching the client certificate.
type: path type: path
version_added: "2.3" version_added: "2.3"
aliases: [ key ]
vhost: vhost:
description: description:
- RabbitMQ virtual host. - RabbitMQ virtual host.

@ -35,11 +35,12 @@ options:
description: description:
- Rackspace username, overrides I(credentials). - Rackspace username, overrides I(credentials).
type: str type: str
verify_ssl: validate_certs:
description: description:
- Whether or not to require SSL validation of API endpoints. - Whether or not to require SSL validation of API endpoints.
type: bool type: bool
version_added: '1.5' version_added: '1.5'
aliases: [ verify_ssl ]
requirements: requirements:
- python >= 2.6 - python >= 2.6
- pyrax - pyrax
@ -95,11 +96,12 @@ options:
username: username:
description: description:
- Rackspace username, overrides I(credentials). - Rackspace username, overrides I(credentials).
verify_ssl: validate_certs:
description: description:
- Whether or not to require SSL validation of API endpoints. - Whether or not to require SSL validation of API endpoints.
version_added: '1.5' version_added: '1.5'
type: bool type: bool
aliases: [ verify_ssl ]
requirements: requirements:
- python >= 2.6 - python >= 2.6
- pyrax - pyrax

@ -21,12 +21,13 @@ options:
description: description:
- Password for your Tower instance. - Password for your Tower instance.
type: str type: str
tower_verify_ssl: validate_certs:
description: description:
- Whether to allow insecure connections to Tower. - Whether to allow insecure connections to Tower.
- If C(no), SSL certificates will not be validated. - If C(no), SSL certificates will not be validated.
- This should only be used on personally controlled sites using self-signed certificates. - This should only be used on personally controlled sites using self-signed certificates.
type: bool type: bool
aliases: [ tower_verify_ssl ]
tower_config_file: tower_config_file:
description: description:
- Path to the Tower config file. - Path to the Tower config file.

@ -48,11 +48,12 @@ options:
type: str type: str
choices: [ absent, present ] choices: [ absent, present ]
default: present default: present
verify_certs: validate_certs:
description: description:
- If the certificates of the authentication is to be verified. - If the certificates of the authentication is to be verified.
type: bool type: bool
default: yes default: yes
aliases: [ verify_certs ]
vdc_name: vdc_name:
description: description:
- The name of the vdc where the gateway is located. - The name of the vdc where the gateway is located.

@ -48,24 +48,25 @@ DOCUMENTATION = '''
description: Connect using TLS without verifying the authenticity of the Docker host server. description: Connect using TLS without verifying the authenticity of the Docker host server.
type: bool type: bool
default: no default: no
tls_verify: validate_certs:
description: Toggle if connecting using TLS with or without verifying the authenticity of the Docker description: Toggle if connecting using TLS with or without verifying the authenticity of the Docker
host server. host server.
type: bool type: bool
default: no default: no
key_path: aliases: [ tls_verify ]
client_key:
description: Path to the client's TLS key file. description: Path to the client's TLS key file.
type: path type: path
aliases: [ tls_client_key ] aliases: [ tls_client_key, key_path ]
cacert_path: ca_cert:
description: Use a CA certificate when performing server verification by providing the path to a CA description: Use a CA certificate when performing server verification by providing the path to a CA
certificate file. certificate file.
type: path type: path
aliases: [ tls_ca_cert ] aliases: [ tls_ca_cert, cacert_path ]
cert_path: client_cert:
description: Path to the client's TLS certificate file. description: Path to the client's TLS certificate file.
type: path type: path
aliases: [ tls_client_cert ] aliases: [ tls_client_cert, cert_path ]
tls_hostname: tls_hostname:
description: When verifying the authenticity of the Docker host server, provide the expected name of description: When verifying the authenticity of the Docker host server, provide the expected name of
the server. the server.
@ -116,10 +117,10 @@ tls: yes
# Example using remote docker with verified TLS and client certificate verification # Example using remote docker with verified TLS and client certificate verification
plugin: docker_swarm plugin: docker_swarm
docker_host: tcp://my-docker-host:2376 docker_host: tcp://my-docker-host:2376
tls_verify: yes validate_certs: yes
cacert_path: /somewhere/ca.pem ca_cert: /somewhere/ca.pem
key_path: /somewhere/key.pem client_key: /somewhere/key.pem
cert_path: /somewhere/cert.pem client_cert: /somewhere/cert.pem
# Example using constructed features to create groups and set ansible_host # Example using constructed features to create groups and set ansible_host
plugin: docker_swarm plugin: docker_swarm
@ -164,10 +165,10 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
raw_params = dict( raw_params = dict(
docker_host=self.get_option('docker_host'), docker_host=self.get_option('docker_host'),
tls=self.get_option('tls'), tls=self.get_option('tls'),
tls_verify=self.get_option('tls_verify'), tls_verify=self.get_option('validate_certs'),
key_path=self.get_option('key_path'), key_path=self.get_option('client_key'),
cacert_path=self.get_option('cacert_path'), cacert_path=self.get_option('ca_cert'),
cert_path=self.get_option('cert_path'), cert_path=self.get_option('client_cert'),
tls_hostname=self.get_option('tls_hostname'), tls_hostname=self.get_option('tls_hostname'),
api_version=self.get_option('api_version'), api_version=self.get_option('api_version'),
timeout=self.get_option('timeout'), timeout=self.get_option('timeout'),
@ -186,7 +187,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
if self.get_option('include_host_uri'): if self.get_option('include_host_uri'):
if self.get_option('include_host_uri_port'): if self.get_option('include_host_uri_port'):
host_uri_port = str(self.get_option('include_host_uri_port')) host_uri_port = str(self.get_option('include_host_uri_port'))
elif self.get_option('tls') or self.get_option('tls_verify'): elif self.get_option('tls') or self.get_option('validate_certs'):
host_uri_port = '2376' host_uri_port = '2376'
else: else:
host_uri_port = '2375' host_uri_port = '2375'

@ -57,23 +57,27 @@ DOCUMENTATION = '''
description: description:
- Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD - Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD
environment variable. environment variable.
cert_file: client_cert:
description: description:
- Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE - Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE
environment variable. environment variable.
key_file: aliases: [ cert_file ]
client_key:
description: description:
- Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE - Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE
environment variable. environment variable.
ssl_ca_cert: aliases: [ key_file ]
ca_cert:
description: description:
- Path to a CA certificate used to authenticate with the API. Can also be specified via - Path to a CA certificate used to authenticate with the API. Can also be specified via
K8S_AUTH_SSL_CA_CERT environment variable. K8S_AUTH_SSL_CA_CERT environment variable.
verify_ssl: aliases: [ ssl_ca_cert ]
validate_certs:
description: description:
- "Whether or not to verify the API server's SSL certificates. Can also be specified via - "Whether or not to verify the API server's SSL certificates. Can also be specified via
K8S_AUTH_VERIFY_SSL environment variable." K8S_AUTH_VERIFY_SSL environment variable."
type: bool type: bool
aliases: [ verify_ssl ]
namespaces: namespaces:
description: description:
- List of namespaces. If not specified, will fetch all containers for all namespaces user is authorized - List of namespaces. If not specified, will fetch all containers for all namespaces user is authorized
@ -93,7 +97,7 @@ plugin: k8s
connections: connections:
host: https://192.168.64.4:8443 host: https://192.168.64.4:8443
token: xxxxxxxxxxxxxxxx token: xxxxxxxxxxxxxxxx
ssl_verify: false validate_certs: false
# Use default config (~/.kube/config) file and active context, and return objects for a specific namespace # Use default config (~/.kube/config) file and active context, and return objects for a specific namespace
plugin: k8s plugin: k8s

@ -57,23 +57,27 @@ DOCUMENTATION = '''
description: description:
- Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD - Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD
environment variable. environment variable.
cert_file: client_cert:
description: description:
- Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE - Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE
environment variable. environment variable.
key_file: aliases: [ cert_file ]
client_key:
description: description:
- Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE - Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE
environment variable. environment variable.
ssl_ca_cert: aliases: [ key_file ]
ca_cert:
description: description:
- Path to a CA certificate used to authenticate with the API. Can also be specified via - Path to a CA certificate used to authenticate with the API. Can also be specified via
K8S_AUTH_SSL_CA_CERT environment variable. K8S_AUTH_SSL_CA_CERT environment variable.
verify_ssl: aliases: [ ssl_ca_cert ]
validate_certs:
description: description:
- "Whether or not to verify the API server's SSL certificates. Can also be specified via - "Whether or not to verify the API server's SSL certificates. Can also be specified via
K8S_AUTH_VERIFY_SSL environment variable." K8S_AUTH_VERIFY_SSL environment variable."
type: bool type: bool
aliases: [ verify_ssl ]
namespaces: namespaces:
description: description:
- List of namespaces. If not specified, will fetch all containers for all namespaces user is authorized - List of namespaces. If not specified, will fetch all containers for all namespaces user is authorized

@ -52,13 +52,14 @@ DOCUMENTATION = '''
env: env:
- name: TOWER_INVENTORY - name: TOWER_INVENTORY
required: True required: True
verify_ssl: validate_certs:
description: Specify whether Ansible should verify the SSL certificate of Ansible Tower host. description: Specify whether Ansible should verify the SSL certificate of Ansible Tower host.
type: bool type: bool
default: True default: True
env: env:
- name: TOWER_VERIFY_SSL - name: TOWER_VERIFY_SSL
required: False required: False
aliases: [ verify_ssl ]
include_metadata: include_metadata:
description: Make extra requests to provide all group vars with metadata about the source Ansible Tower host. description: Make extra requests to provide all group vars with metadata about the source Ansible Tower host.
type: bool type: bool
@ -156,7 +157,7 @@ class InventoryModule(BaseInventoryPlugin):
request_handler = Request(url_username=self.get_option('username'), request_handler = Request(url_username=self.get_option('username'),
url_password=self.get_option('password'), url_password=self.get_option('password'),
force_basic_auth=True, force_basic_auth=True,
validate_certs=self.get_option('verify_ssl')) validate_certs=self.get_option('validate_certs'))
inventory_id = self.get_option('inventory_id').replace('/', '') inventory_id = self.get_option('inventory_id').replace('/', '')
inventory_url = '/api/v2/inventories/{inv_id}/script/?hostvars=1&towervars=1&all=1'.format(inv_id=inventory_id) inventory_url = '/api/v2/inventories/{inv_id}/script/?hostvars=1&towervars=1&all=1'.format(inv_id=inventory_id)

@ -54,8 +54,9 @@ DOCUMENTATION = """
mount_point: mount_point:
description: vault mount point, only required if you have a custom mount point. description: vault mount point, only required if you have a custom mount point.
default: ldap default: ldap
cacert: ca_cert:
description: path to certificate to use for authentication. description: path to certificate to use for authentication.
aliases: [ cacert ]
validate_certs: validate_certs:
description: controls verification and validation of SSL certificates, mostly you only want to turn off with self signed ones. description: controls verification and validation of SSL certificates, mostly you only want to turn off with self signed ones.
type: boolean type: boolean
@ -267,6 +268,10 @@ class LookupModule(LookupBase):
raise AnsibleError("hashi_vault lookup plugin needs key=value pairs, but received %s" % terms) raise AnsibleError("hashi_vault lookup plugin needs key=value pairs, but received %s" % terms)
vault_dict[key] = value vault_dict[key] = value
if 'ca_cert' in vault_dict.keys():
vault_dict['cacert'] = vault_dict['ca_cert']
vault_dict.pop('ca_cert', None)
vault_conn = HashiVault(**vault_dict) vault_conn = HashiVault(**vault_dict)
for term in terms: for term in terms:

@ -98,24 +98,28 @@ DOCUMENTATION = """
description: description:
- Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment - Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment
variable. variable.
cert_file: client_cert:
description: description:
- Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE - Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE
environment environment
variable. variable.
key_file: aliases: [ cert_file ]
client_key:
description: description:
- Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment - Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_KEY_FILE environment
variable. variable.
ssl_ca_cert: aliases: [ key_file ]
ca_cert:
description: description:
- Path to a CA certificate used to authenticate with the API. Can also be specified via K8S_AUTH_SSL_CA_CERT - Path to a CA certificate used to authenticate with the API. Can also be specified via K8S_AUTH_SSL_CA_CERT
environment variable. environment variable.
verify_ssl: aliases: [ ssl_ca_cert ]
validate_certs:
description: description:
- Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL - Whether or not to verify the API server's SSL certificates. Can also be specified via K8S_AUTH_VERIFY_SSL
environment variable. environment variable.
type: bool type: bool
aliases: [ verify_ssl ]
requirements: requirements:
- "python >= 2.7" - "python >= 2.7"

@ -40,13 +40,14 @@ options:
- gssapi - gssapi
default: gssapi default: gssapi
type: str type: str
cacert_file: ca_cert:
description: description:
- The path to a CA certificate PEM file to use for certificate validation. - The path to a CA certificate PEM file to use for certificate validation.
- Certificate validation is used when C(scheme=ldaps) or C(start_tls=yes). - Certificate validation is used when C(scheme=ldaps) or C(start_tls=yes).
- This may fail on hosts with an older OpenLDAP install like MacOS, this will have to be updated before - This may fail on hosts with an older OpenLDAP install like MacOS, this will have to be updated before
reinstalling python-ldap to get working again. reinstalling python-ldap to get working again.
type: str type: str
aliases: [ cacert_file ]
domain: domain:
description: description:
- The domain to search in to retrieve the LAPS password. - The domain to search in to retrieve the LAPS password.
@ -173,7 +174,7 @@ EXAMPLES = """
ansible_password: "{{ lookup('laps_password', 'windows-pc', ansible_password: "{{ lookup('laps_password', 'windows-pc',
domain='dc01.ansible.com', domain='dc01.ansible.com',
start_tls=True, start_tls=True,
cacert_file='/usr/local/share/certs/ad.pem') }}" ca_cert='/usr/local/share/certs/ad.pem') }}"
""" """
RETURN = """ RETURN = """
@ -243,7 +244,7 @@ class LookupModule(LookupBase):
scheme = self.get_option('scheme') scheme = self.get_option('scheme')
start_tls = self.get_option('start_tls') start_tls = self.get_option('start_tls')
validate_certs = self.get_option('validate_certs') validate_certs = self.get_option('validate_certs')
cacert_file = self.get_option('cacert_file') cacert_file = self.get_option('ca_cert')
search_base = self.get_option('search_base') search_base = self.get_option('search_base')
username = self.get_option('username') username = self.get_option('username')
password = self.get_option('password') password = self.get_option('password')

@ -56,7 +56,7 @@
- result is not changed - result is not changed
- result is failed - result is failed
# We got the correct response from the module # We got the correct response from the module
- "'ca_certs file does not exist' == result.msg" - "'ca_cert file does not exist' == result.msg"
- name: Download CA Cert as pem from server - name: Download CA Cert as pem from server
get_url: get_url:

@ -17,7 +17,7 @@
- name: 'test {{ auth_type }} auth with certs (validation enabled, lookup parameters)' - name: 'test {{ auth_type }} auth with certs (validation enabled, lookup parameters)'
include_tasks: '{{ auth_type }}_test.yml' include_tasks: '{{ auth_type }}_test.yml'
vars: vars:
conn_params: 'url=https://localhost:8201 cacert={{ local_temp_dir }}/cert.pem validate_certs=True ' conn_params: 'url=https://localhost:8201 ca_cert={{ local_temp_dir }}/cert.pem validate_certs=True '
- name: 'test {{ auth_type }} auth with certs (validation enabled, environment variables)' - name: 'test {{ auth_type }} auth with certs (validation enabled, environment variables)'
include_tasks: '{{ auth_type }}_test.yml' include_tasks: '{{ auth_type }}_test.yml'

@ -83,7 +83,7 @@
password: "{{ 65535 | random | to_uuid }}" password: "{{ 65535 | random | to_uuid }}"
email: joe@example.org email: joe@example.org
state: present state: present
tower_verify_ssl: true validate_certs: true
tower_host: http://foo.invalid tower_host: http://foo.invalid
ignore_errors: true ignore_errors: true
register: result register: result

@ -1,6 +1,6 @@
- name: Run a workflow with no parameters - name: Run a workflow with no parameters
tower_workflow_launch: tower_workflow_launch:
tower_verify_ssl: False validate_certs: False
ignore_errors: true ignore_errors: true
register: result1 register: result1
@ -12,7 +12,7 @@
- name: Fail no connect to Tower server - name: Fail no connect to Tower server
tower_workflow_launch: tower_workflow_launch:
tower_host: 127.0.0.1:22 tower_host: 127.0.0.1:22
tower_verify_ssl: False validate_certs: False
workflow_template: "Here" workflow_template: "Here"
ignore_errors: True ignore_errors: True
register: result2 register: result2
@ -24,7 +24,7 @@
- name: Connect to Tower server but request an invalid workflow - name: Connect to Tower server but request an invalid workflow
tower_workflow_launch: tower_workflow_launch:
tower_verify_ssl: False validate_certs: False
workflow_template: "Does Not Exist" workflow_template: "Does Not Exist"
ignore_errors: true ignore_errors: true
register: result3 register: result3
@ -36,7 +36,7 @@
- name: Connect to Tower in check_mode with a valid workflow name - name: Connect to Tower in check_mode with a valid workflow name
tower_workflow_launch: tower_workflow_launch:
tower_verify_ssl: False validate_certs: False
workflow_template: "Success Workflow" workflow_template: "Success Workflow"
check_mode: True check_mode: True
ignore_errors: true ignore_errors: true
@ -49,7 +49,7 @@
- name: Connect to Tower in check_mode with a valid workflow id - name: Connect to Tower in check_mode with a valid workflow id
tower_workflow_launch: tower_workflow_launch:
tower_verify_ssl: False validate_certs: False
workflow_template: 9999999 workflow_template: 9999999
check_mode: True check_mode: True
ignore_errors: true ignore_errors: true
@ -62,7 +62,7 @@
- name: Run the workflow without waiting (this should just give us back a job ID) - name: Run the workflow without waiting (this should just give us back a job ID)
tower_workflow_launch: tower_workflow_launch:
tower_verify_ssl: False validate_certs: False
workflow_template: "Success Workflow" workflow_template: "Success Workflow"
wait: False wait: False
ignore_errors: True ignore_errors: True
@ -75,7 +75,7 @@
- name: Kick off a workflow and wait for it - name: Kick off a workflow and wait for it
tower_workflow_launch: tower_workflow_launch:
tower_verify_ssl: False validate_certs: False
workflow_template: "Success Workflow" workflow_template: "Success Workflow"
ignore_errors: True ignore_errors: True
register: result7 register: result7
@ -87,7 +87,7 @@
- name: Kick off a workflow and wait for it, but only for a second - name: Kick off a workflow and wait for it, but only for a second
tower_workflow_launch: tower_workflow_launch:
tower_verify_ssl: False validate_certs: False
workflow_template: "Success Workflow" workflow_template: "Success Workflow"
timeout: 1 timeout: 1
ignore_errors: True ignore_errors: True

@ -30,7 +30,7 @@ class TestNiosApi(unittest.TestCase):
self.mock_connector.stop() self.mock_connector.stop()
def test_get_provider_spec(self): def test_get_provider_spec(self):
provider_options = ['host', 'username', 'password', 'ssl_verify', 'silent_ssl_warnings', provider_options = ['host', 'username', 'password', 'validate_certs', 'silent_ssl_warnings',
'http_request_timeout', 'http_pool_connections', 'http_request_timeout', 'http_pool_connections',
'http_pool_maxsize', 'max_retries', 'wapi_version', 'max_results'] 'http_pool_maxsize', 'max_retries', 'wapi_version', 'max_results']
res = api.WapiBase.provider_spec res = api.WapiBase.provider_spec

@ -26,7 +26,7 @@ from units.compat.mock import patch
BASE_PARAMS = {'vdirect_ip': None, 'vdirect_user': None, 'vdirect_password': None, BASE_PARAMS = {'vdirect_ip': None, 'vdirect_user': None, 'vdirect_password': None,
'vdirect_wait': None, 'vdirect_secondary_ip': None, 'vdirect_wait': None, 'vdirect_secondary_ip': None,
'vdirect_https_port': None, 'vdirect_http_port': None, 'vdirect_https_port': None, 'vdirect_http_port': None,
'vdirect_timeout': None, 'vdirect_use_ssl': None, 'vdirect_validate_certs': None} 'vdirect_timeout': None, 'vdirect_use_ssl': None, 'validate_certs': None}
COMMIT_PARAMS = {'devices': ['adc', 'defensepro', 'vx', 'appwall'], 'apply': True, 'save': True, 'sync': True} COMMIT_PARAMS = {'devices': ['adc', 'defensepro', 'vx', 'appwall'], 'apply': True, 'save': True, 'sync': True}

@ -31,7 +31,7 @@ RESP_DATA = 3
NONE_PARAMS = {'vdirect_ip': None, 'vdirect_user': None, 'vdirect_password': None, NONE_PARAMS = {'vdirect_ip': None, 'vdirect_user': None, 'vdirect_password': None,
'vdirect_wait': None, 'vdirect_secondary_ip': None, 'vdirect_wait': None, 'vdirect_secondary_ip': None,
'vdirect_https_port': None, 'vdirect_http_port': None, 'vdirect_https_port': None, 'vdirect_http_port': None,
'vdirect_timeout': None, 'vdirect_use_ssl': None, 'vdirect_validate_certs': None} 'vdirect_timeout': None, 'vdirect_use_ssl': None, 'validate_certs': None}
@patch('vdirect_client.rest_client.RestClient') @patch('vdirect_client.rest_client.RestClient')

@ -26,7 +26,7 @@ from units.compat.mock import patch
BASE_PARAMS = {'vdirect_ip': None, 'vdirect_user': None, 'vdirect_password': None, BASE_PARAMS = {'vdirect_ip': None, 'vdirect_user': None, 'vdirect_password': None,
'vdirect_wait': None, 'vdirect_secondary_ip': None, 'vdirect_wait': None, 'vdirect_secondary_ip': None,
'vdirect_https_port': None, 'vdirect_http_port': None, 'vdirect_https_port': None, 'vdirect_http_port': None,
'vdirect_timeout': None, 'vdirect_use_ssl': None, 'vdirect_validate_certs': None} 'vdirect_timeout': None, 'vdirect_use_ssl': None, 'validate_certs': None}
RUNNABLE_PARAMS = {'runnable_type': 'ConfigurationTemplate', 'runnable_name': 'runnable', RUNNABLE_PARAMS = {'runnable_type': 'ConfigurationTemplate', 'runnable_name': 'runnable',
'action_name': None, 'parameters': None} 'action_name': None, 'parameters': None}

Loading…
Cancel
Save