renamed module tls client auth params to avoid overlaping with fetch_url (#59522)

* renamed module tls client auth parameters to avoid overlaping with ansible fetch_url

* added version_added info for params

* Updated version_added

Updated version_added info from 2.9 to 2.10

* Update pulp_repo.py

removed version_added for renamed params

* Apply suggestions from code review

added ca_cert alias and 'version_added'

Co-Authored-By: Mark Chappell <mchappel@redhat.com>

* Apply suggestions from code review

added old behavior for client_cert and client_key which will deprecate in 2.14

Co-Authored-By: Mark Chappell <mchappel@redhat.com>

* Update pulp_repo.py

fix for linting error ansibot is complaining

* added changelog fragment for 59522

* Apply suggestions from code review

more informative depreciation warning and changelog fragment

Co-Authored-By: Felix Fontein <felix@fontein.de>

* added mention for changes in client_key and client_cert behavior

* fixed too long line (linting)

* deprecated ca_cert alias to have consistent module params in Ansible 2.14

* fixed indentation for deprecation warning

* changed deprecated alias handling to argument_spec

* moved deprecated_aliases insied argument dict, thanks tremble

* suggestions from felixfontein

Move doc info about client_cert and client_key into its own paragraph

Co-Authored-By: Felix Fontein <felix@fontein.de>
This commit is contained in:
coreaut 2019-11-18 20:41:40 +01:00 committed by Felix Fontein
parent 1d0a832692
commit 1e59017d27
2 changed files with 27 additions and 10 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- pulp_repo - the ``client_cert`` and ``client_key`` options were used for both requests to pulp.io and for the repo to sync with, resulting in errors when they were used. Use the new options ``feed_client_cert`` and ``feed_client_key`` for client certificates that should only be used for repo synchronisation, and not for communication with pulp.io. (https://github.com/ansible/ansible/issues/59513)

View file

@ -48,13 +48,15 @@ options:
type: bool
default: 'no'
version_added: "2.8"
ca_cert:
feed_ca_cert:
description:
- CA certificate string used to validate the feed source SSL certificate.
This can be the file content or the path to the file.
The ca_cert alias will be removed in Ansible 2.14.
type: str
aliases: [ importer_ssl_ca_cert ]
client_cert:
aliases: [ importer_ssl_ca_cert, ca_cert ]
feed_client_cert:
version_added: "2.10"
description:
- Certificate used as the client certificate when synchronizing the
repository. This is used to communicate authentication information to
@ -62,13 +64,18 @@ options:
certificate. The specified file may be the certificate itself or a
single file containing both the certificate and private key. This can be
the file content or the path to the file.
- If not specified the default value will come from client_cert. Which will
change in Ansible 2.14.
type: str
aliases: [ importer_ssl_client_cert ]
client_key:
feed_client_key:
version_added: "2.10"
description:
- Private key to the certificate specified in I(importer_ssl_client_cert),
assuming it is not included in the certificate file itself. This can be
the file content or the path to the file.
- If not specified the default value will come from client_key. Which will
change in Ansible 2.14.
type: str
aliases: [ importer_ssl_client_key ]
name:
@ -535,9 +542,9 @@ def main():
add_export_distributor=dict(default=False, type='bool'),
feed=dict(),
generate_sqlite=dict(default=False, type='bool'),
ca_cert=dict(aliases=['importer_ssl_ca_cert']),
client_cert=dict(aliases=['importer_ssl_client_cert']),
client_key=dict(aliases=['importer_ssl_client_key']),
feed_ca_cert=dict(aliases=['importer_ssl_ca_cert', 'ca_cert'], deprecated_aliases=[dict(name='ca_cert', version='2.14')]),
feed_client_cert=dict(aliases=['importer_ssl_client_cert']),
feed_client_key=dict(aliases=['importer_ssl_client_key']),
name=dict(required=True, aliases=['repo']),
proxy_host=dict(),
proxy_port=dict(),
@ -561,9 +568,17 @@ def main():
add_export_distributor = module.params['add_export_distributor']
feed = module.params['feed']
generate_sqlite = module.params['generate_sqlite']
importer_ssl_ca_cert = module.params['ca_cert']
importer_ssl_ca_cert = module.params['feed_ca_cert']
importer_ssl_client_cert = module.params['feed_client_cert']
if importer_ssl_client_cert is None and module.params['client_cert'] is not None:
importer_ssl_client_cert = module.params['client_cert']
module.deprecate(("To specify client certificates to be used with the repo to sync, and not for communication with pulp.io, use the new options "
"`feed_client_cert` and `feed_client_key` (available since Ansible 2.10). Until Ansible 2.14, the default value for "
"`feed_client_cert` will be taken from `client_cert` if only the latter is specified"), version="2.14")
importer_ssl_client_key = module.params['feed_client_key']
if importer_ssl_client_key is None and module.params['client_key'] is not None:
importer_ssl_client_key = module.params['client_key']
module.deprecate("In Ansible 2.10 `feed_client_key` option was added. Until 2.14 the default value will come from client_key option", version="2.14")
proxy_host = module.params['proxy_host']
proxy_port = module.params['proxy_port']
proxy_username = module.params['proxy_username']