renamed module tls client auth params to avoid overlaping with fetch_url (#59522)
* renamed module tls client auth parameters to avoid overlaping with ansible fetch_url * added version_added info for params * Updated version_added Updated version_added info from 2.9 to 2.10 * Update pulp_repo.py removed version_added for renamed params * Apply suggestions from code review added ca_cert alias and 'version_added' Co-Authored-By: Mark Chappell <mchappel@redhat.com> * Apply suggestions from code review added old behavior for client_cert and client_key which will deprecate in 2.14 Co-Authored-By: Mark Chappell <mchappel@redhat.com> * Update pulp_repo.py fix for linting error ansibot is complaining * added changelog fragment for 59522 * Apply suggestions from code review more informative depreciation warning and changelog fragment Co-Authored-By: Felix Fontein <felix@fontein.de> * added mention for changes in client_key and client_cert behavior * fixed too long line (linting) * deprecated ca_cert alias to have consistent module params in Ansible 2.14 * fixed indentation for deprecation warning * changed deprecated alias handling to argument_spec * moved deprecated_aliases insied argument dict, thanks tremble * suggestions from felixfontein Move doc info about client_cert and client_key into its own paragraph Co-Authored-By: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
1d0a832692
commit
1e59017d27
2 changed files with 27 additions and 10 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
bugfixes:
|
||||||
|
- pulp_repo - the ``client_cert`` and ``client_key`` options were used for both requests to pulp.io and for the repo to sync with, resulting in errors when they were used. Use the new options ``feed_client_cert`` and ``feed_client_key`` for client certificates that should only be used for repo synchronisation, and not for communication with pulp.io. (https://github.com/ansible/ansible/issues/59513)
|
|
@ -48,13 +48,15 @@ options:
|
||||||
type: bool
|
type: bool
|
||||||
default: 'no'
|
default: 'no'
|
||||||
version_added: "2.8"
|
version_added: "2.8"
|
||||||
ca_cert:
|
feed_ca_cert:
|
||||||
description:
|
description:
|
||||||
- CA certificate string used to validate the feed source SSL certificate.
|
- CA certificate string used to validate the feed source SSL certificate.
|
||||||
This can be the file content or the path to the file.
|
This can be the file content or the path to the file.
|
||||||
|
The ca_cert alias will be removed in Ansible 2.14.
|
||||||
type: str
|
type: str
|
||||||
aliases: [ importer_ssl_ca_cert ]
|
aliases: [ importer_ssl_ca_cert, ca_cert ]
|
||||||
client_cert:
|
feed_client_cert:
|
||||||
|
version_added: "2.10"
|
||||||
description:
|
description:
|
||||||
- Certificate used as the client certificate when synchronizing the
|
- Certificate used as the client certificate when synchronizing the
|
||||||
repository. This is used to communicate authentication information to
|
repository. This is used to communicate authentication information to
|
||||||
|
@ -62,13 +64,18 @@ options:
|
||||||
certificate. The specified file may be the certificate itself or a
|
certificate. The specified file may be the certificate itself or a
|
||||||
single file containing both the certificate and private key. This can be
|
single file containing both the certificate and private key. This can be
|
||||||
the file content or the path to the file.
|
the file content or the path to the file.
|
||||||
|
- If not specified the default value will come from client_cert. Which will
|
||||||
|
change in Ansible 2.14.
|
||||||
type: str
|
type: str
|
||||||
aliases: [ importer_ssl_client_cert ]
|
aliases: [ importer_ssl_client_cert ]
|
||||||
client_key:
|
feed_client_key:
|
||||||
|
version_added: "2.10"
|
||||||
description:
|
description:
|
||||||
- Private key to the certificate specified in I(importer_ssl_client_cert),
|
- Private key to the certificate specified in I(importer_ssl_client_cert),
|
||||||
assuming it is not included in the certificate file itself. This can be
|
assuming it is not included in the certificate file itself. This can be
|
||||||
the file content or the path to the file.
|
the file content or the path to the file.
|
||||||
|
- If not specified the default value will come from client_key. Which will
|
||||||
|
change in Ansible 2.14.
|
||||||
type: str
|
type: str
|
||||||
aliases: [ importer_ssl_client_key ]
|
aliases: [ importer_ssl_client_key ]
|
||||||
name:
|
name:
|
||||||
|
@ -535,9 +542,9 @@ def main():
|
||||||
add_export_distributor=dict(default=False, type='bool'),
|
add_export_distributor=dict(default=False, type='bool'),
|
||||||
feed=dict(),
|
feed=dict(),
|
||||||
generate_sqlite=dict(default=False, type='bool'),
|
generate_sqlite=dict(default=False, type='bool'),
|
||||||
ca_cert=dict(aliases=['importer_ssl_ca_cert']),
|
feed_ca_cert=dict(aliases=['importer_ssl_ca_cert', 'ca_cert'], deprecated_aliases=[dict(name='ca_cert', version='2.14')]),
|
||||||
client_cert=dict(aliases=['importer_ssl_client_cert']),
|
feed_client_cert=dict(aliases=['importer_ssl_client_cert']),
|
||||||
client_key=dict(aliases=['importer_ssl_client_key']),
|
feed_client_key=dict(aliases=['importer_ssl_client_key']),
|
||||||
name=dict(required=True, aliases=['repo']),
|
name=dict(required=True, aliases=['repo']),
|
||||||
proxy_host=dict(),
|
proxy_host=dict(),
|
||||||
proxy_port=dict(),
|
proxy_port=dict(),
|
||||||
|
@ -561,9 +568,17 @@ def main():
|
||||||
add_export_distributor = module.params['add_export_distributor']
|
add_export_distributor = module.params['add_export_distributor']
|
||||||
feed = module.params['feed']
|
feed = module.params['feed']
|
||||||
generate_sqlite = module.params['generate_sqlite']
|
generate_sqlite = module.params['generate_sqlite']
|
||||||
importer_ssl_ca_cert = module.params['ca_cert']
|
importer_ssl_ca_cert = module.params['feed_ca_cert']
|
||||||
importer_ssl_client_cert = module.params['client_cert']
|
importer_ssl_client_cert = module.params['feed_client_cert']
|
||||||
importer_ssl_client_key = module.params['client_key']
|
if importer_ssl_client_cert is None and module.params['client_cert'] is not None:
|
||||||
|
importer_ssl_client_cert = module.params['client_cert']
|
||||||
|
module.deprecate(("To specify client certificates to be used with the repo to sync, and not for communication with pulp.io, use the new options "
|
||||||
|
"`feed_client_cert` and `feed_client_key` (available since Ansible 2.10). Until Ansible 2.14, the default value for "
|
||||||
|
"`feed_client_cert` will be taken from `client_cert` if only the latter is specified"), version="2.14")
|
||||||
|
importer_ssl_client_key = module.params['feed_client_key']
|
||||||
|
if importer_ssl_client_key is None and module.params['client_key'] is not None:
|
||||||
|
importer_ssl_client_key = module.params['client_key']
|
||||||
|
module.deprecate("In Ansible 2.10 `feed_client_key` option was added. Until 2.14 the default value will come from client_key option", version="2.14")
|
||||||
proxy_host = module.params['proxy_host']
|
proxy_host = module.params['proxy_host']
|
||||||
proxy_port = module.params['proxy_port']
|
proxy_port = module.params['proxy_port']
|
||||||
proxy_username = module.params['proxy_username']
|
proxy_username = module.params['proxy_username']
|
||||||
|
|
Loading…
Reference in a new issue