expose subject_strict and issuer_strict to users (#34090)

2018-01-04 10:43:37 +01:00 · 2018-01-04 10:43:37 +01:00 · 10b3431990
commit 10b3431990
parent 6c97c340ea
1 changed files with 18 additions and 2 deletions
--- a/lib/ansible/modules/crypto/openssl_certificate.py
+++ b/lib/ansible/modules/crypto/openssl_certificate.py
@ -112,11 +112,25 @@ options:
            - Key/value pairs that must be present in the issuer name field of the certificate.
              If you need to specify more than one value with the same key, use a list as value.

+    issuer_strict:
+        default: False
+        type: bool
+        description:
+            - If set to True, the I(issuer) field must contain only these values.
+        version_added: "2.5"
+
    subject:
        description:
            - Key/value pairs that must be present in the subject name field of the certificate.
              If you need to specify more than one value with the same key, use a list as value.

+    subject_strict:
+        default: False
+        type: bool
+        description:
+            - If set to True, the I(subject) field must contain only these values.
+        version_added: "2.5"
+
    has_expired:
        default: False
        type: bool
@ -479,12 +493,12 @@ class AssertOnlyCertificate(Certificate):
            self.subject = crypto_utils.parse_name_field(module.params['subject'])
        else:
            self.subject = []
-        self.subject_strict = False
+        self.subject_strict = module.params['subject_strict']
        if module.params['issuer']:
            self.issuer = crypto_utils.parse_name_field(module.params['issuer'])
        else:
            self.issuer = []
-        self.issuer_strict = False
+        self.issuer_strict = module.params['issuer_strict']
        self.has_expired = module.params['has_expired']
        self.version = module.params['version']
        self.keyUsage = module.params['keyUsage']
@ -776,7 +790,9 @@ def main():
            privatekey_passphrase=dict(type='path', no_log=True),
            signature_algorithms=dict(type='list'),
            subject=dict(type='dict'),
+            subject_strict=dict(type='bool', default=False),
            issuer=dict(type='dict'),
+            issuer_strict=dict(type='bool', default=False),
            has_expired=dict(type='bool', default=False),
            version=dict(type='int'),
            keyUsage=dict(type='list', aliases=['key_usage']),