renamed module tls client auth params to avoid overlaping with fetch_url (#59522)

* renamed module tls client auth parameters to avoid overlaping with ansible fetch_url

* added version_added info for params

* Updated version_added

Updated version_added info from 2.9 to 2.10

* Update pulp_repo.py

removed version_added for renamed params

* Apply suggestions from code review

added ca_cert alias and 'version_added'

Co-Authored-By: Mark Chappell <mchappel@redhat.com>

* Apply suggestions from code review

added old behavior for client_cert and client_key which will deprecate in 2.14

Co-Authored-By: Mark Chappell <mchappel@redhat.com>

* Update pulp_repo.py

fix for linting error ansibot is complaining

* added changelog fragment for 59522

* Apply suggestions from code review

more informative depreciation warning and changelog fragment

Co-Authored-By: Felix Fontein <felix@fontein.de>

* added mention for changes in client_key and client_cert behavior

* fixed too long line (linting)

* deprecated ca_cert alias to have consistent module params in Ansible 2.14

* fixed indentation for deprecation warning

* changed deprecated alias handling to argument_spec

* moved deprecated_aliases insied argument dict, thanks tremble

* suggestions from felixfontein

Move doc info about client_cert and client_key into its own paragraph

Co-Authored-By: Felix Fontein <felix@fontein.de>
This commit is contained in:
coreaut 2019-11-18 20:41:40 +01:00 committed by Felix Fontein
parent 1d0a832692
commit 1e59017d27
2 changed files with 27 additions and 10 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- pulp_repo - the ``client_cert`` and ``client_key`` options were used for both requests to pulp.io and for the repo to sync with, resulting in errors when they were used. Use the new options ``feed_client_cert`` and ``feed_client_key`` for client certificates that should only be used for repo synchronisation, and not for communication with pulp.io. (https://github.com/ansible/ansible/issues/59513)

View file

@ -48,13 +48,15 @@ options:
type: bool type: bool
default: 'no' default: 'no'
version_added: "2.8" version_added: "2.8"
ca_cert: feed_ca_cert:
description: description:
- CA certificate string used to validate the feed source SSL certificate. - CA certificate string used to validate the feed source SSL certificate.
This can be the file content or the path to the file. This can be the file content or the path to the file.
The ca_cert alias will be removed in Ansible 2.14.
type: str type: str
aliases: [ importer_ssl_ca_cert ] aliases: [ importer_ssl_ca_cert, ca_cert ]
client_cert: feed_client_cert:
version_added: "2.10"
description: description:
- Certificate used as the client certificate when synchronizing the - Certificate used as the client certificate when synchronizing the
repository. This is used to communicate authentication information to repository. This is used to communicate authentication information to
@ -62,13 +64,18 @@ options:
certificate. The specified file may be the certificate itself or a certificate. The specified file may be the certificate itself or a
single file containing both the certificate and private key. This can be single file containing both the certificate and private key. This can be
the file content or the path to the file. the file content or the path to the file.
- If not specified the default value will come from client_cert. Which will
change in Ansible 2.14.
type: str type: str
aliases: [ importer_ssl_client_cert ] aliases: [ importer_ssl_client_cert ]
client_key: feed_client_key:
version_added: "2.10"
description: description:
- Private key to the certificate specified in I(importer_ssl_client_cert), - Private key to the certificate specified in I(importer_ssl_client_cert),
assuming it is not included in the certificate file itself. This can be assuming it is not included in the certificate file itself. This can be
the file content or the path to the file. the file content or the path to the file.
- If not specified the default value will come from client_key. Which will
change in Ansible 2.14.
type: str type: str
aliases: [ importer_ssl_client_key ] aliases: [ importer_ssl_client_key ]
name: name:
@ -535,9 +542,9 @@ def main():
add_export_distributor=dict(default=False, type='bool'), add_export_distributor=dict(default=False, type='bool'),
feed=dict(), feed=dict(),
generate_sqlite=dict(default=False, type='bool'), generate_sqlite=dict(default=False, type='bool'),
ca_cert=dict(aliases=['importer_ssl_ca_cert']), feed_ca_cert=dict(aliases=['importer_ssl_ca_cert', 'ca_cert'], deprecated_aliases=[dict(name='ca_cert', version='2.14')]),
client_cert=dict(aliases=['importer_ssl_client_cert']), feed_client_cert=dict(aliases=['importer_ssl_client_cert']),
client_key=dict(aliases=['importer_ssl_client_key']), feed_client_key=dict(aliases=['importer_ssl_client_key']),
name=dict(required=True, aliases=['repo']), name=dict(required=True, aliases=['repo']),
proxy_host=dict(), proxy_host=dict(),
proxy_port=dict(), proxy_port=dict(),
@ -561,9 +568,17 @@ def main():
add_export_distributor = module.params['add_export_distributor'] add_export_distributor = module.params['add_export_distributor']
feed = module.params['feed'] feed = module.params['feed']
generate_sqlite = module.params['generate_sqlite'] generate_sqlite = module.params['generate_sqlite']
importer_ssl_ca_cert = module.params['ca_cert'] importer_ssl_ca_cert = module.params['feed_ca_cert']
importer_ssl_client_cert = module.params['feed_client_cert']
if importer_ssl_client_cert is None and module.params['client_cert'] is not None:
importer_ssl_client_cert = module.params['client_cert'] importer_ssl_client_cert = module.params['client_cert']
module.deprecate(("To specify client certificates to be used with the repo to sync, and not for communication with pulp.io, use the new options "
"`feed_client_cert` and `feed_client_key` (available since Ansible 2.10). Until Ansible 2.14, the default value for "
"`feed_client_cert` will be taken from `client_cert` if only the latter is specified"), version="2.14")
importer_ssl_client_key = module.params['feed_client_key']
if importer_ssl_client_key is None and module.params['client_key'] is not None:
importer_ssl_client_key = module.params['client_key'] importer_ssl_client_key = module.params['client_key']
module.deprecate("In Ansible 2.10 `feed_client_key` option was added. Until 2.14 the default value will come from client_key option", version="2.14")
proxy_host = module.params['proxy_host'] proxy_host = module.params['proxy_host']
proxy_port = module.params['proxy_port'] proxy_port = module.params['proxy_port']
proxy_username = module.params['proxy_username'] proxy_username = module.params['proxy_username']