[cloud] iam_cert: allow paths to be specified so slurp is not necessary for remote host… (#26097)
* allow paths to be specified so slurp is not necessary for remote hosts to use * Make requested changes remove unused parameters * remove module used out of scope check the potential filepath to be true before checking isfile remove required: false * rephrase documentation * remove 'lookups' from example
This commit is contained in:
Sloane Hertel
Ryan Brown
parent
d64e291274
commit
66f5a094bc
1 changed files with 32 additions and 16 deletions
|
|
@ -50,24 +50,20 @@ options:
|
||||||
default: "/"
|
default: "/"
|
||||||
cert_chain:
|
cert_chain:
|
||||||
description:
|
description:
|
||||||
- The CA certificate chain in PEM encoded format.
|
- The path to, or content of the CA certificate chain in PEM encoded format.
|
||||||
- Note that prior to 2.4, this parameter expected a path to a file.
|
As of 2.4 content is accepted. If the parameter is not a file, it is assumed to be content.
|
||||||
Since 2.4 this is now accomplished using a lookup plugin. See examples for detail.
|
|
||||||
cert:
|
cert:
|
||||||
description:
|
description:
|
||||||
- The certificate body in PEM encoded format.
|
- The path to, or content of the certificate body in PEM encoded format.
|
||||||
- Note that prior to 2.4, this parameter expected a path to a file.
|
As of 2.4 content is accepted. If the parameter is not a file, it is assumed to be content.
|
||||||
Since 2.4 this is now accomplished using a lookup plugin. See examples for detail.
|
|
||||||
key:
|
key:
|
||||||
description:
|
description:
|
||||||
- The key of the certificate in PEM encoded format.
|
- The path to, or content of the private key in PEM encoded format.
|
||||||
- Note that prior to 2.4, this parameter expected a path to a file.
|
As of 2.4 content is accepted. If the parameter is not a file, it is assumed to be content.
|
||||||
Since 2.4 this is now accomplished using a lookup plugin. See examples for detail.
|
|
||||||
dup_ok:
|
dup_ok:
|
||||||
description:
|
description:
|
||||||
- By default the module will not upload a certificate that is already uploaded into AWS.
|
- By default the module will not upload a certificate that is already uploaded into AWS.
|
||||||
If set to True, it will upload the certificate as long as the name is unique.
|
If set to True, it will upload the certificate as long as the name is unique.
|
||||||
required: false
|
|
||||||
default: False
|
default: False
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -87,6 +83,14 @@ EXAMPLES = '''
|
||||||
key: "{{ lookup('file', 'path/to/key') }}"
|
key: "{{ lookup('file', 'path/to/key') }}"
|
||||||
cert_chain: "{{ lookup('file', 'path/to/certchain') }}"
|
cert_chain: "{{ lookup('file', 'path/to/certchain') }}"
|
||||||
|
|
||||||
|
# Basic server certificate upload
|
||||||
|
- iam_cert:
|
||||||
|
name: very_ssl
|
||||||
|
state: present
|
||||||
|
cert: path/to/cert
|
||||||
|
key: path/to/key
|
||||||
|
cert_chain: path/to/certchain
|
||||||
|
|
||||||
# Server certificate upload using key string
|
# Server certificate upload using key string
|
||||||
- iam_cert:
|
- iam_cert:
|
||||||
name: very_ssl
|
name: very_ssl
|
||||||
|
|
@ -105,6 +109,7 @@ EXAMPLES = '''
|
||||||
'''
|
'''
|
||||||
from ansible.module_utils.basic import AnsibleModule
|
from ansible.module_utils.basic import AnsibleModule
|
||||||
from ansible.module_utils.ec2 import ec2_argument_spec, get_aws_connection_info, connect_to_aws
|
from ansible.module_utils.ec2 import ec2_argument_spec, get_aws_connection_info, connect_to_aws
|
||||||
|
import os
|
||||||
|
|
||||||
try:
|
try:
|
||||||
import boto
|
import boto
|
||||||
|
|
@ -222,6 +227,17 @@ def cert_action(module, iam, name, cpath, new_name, new_path, state,
|
||||||
module.exit_json(changed=changed, msg='Certificate with the name %s already absent' % name)
|
module.exit_json(changed=changed, msg='Certificate with the name %s already absent' % name)
|
||||||
|
|
||||||
|
|
||||||
|
def load_data(cert, key, cert_chain):
|
||||||
|
# if paths are provided rather than lookups read the files and return the contents
|
||||||
|
if cert and os.path.isfile(cert):
|
||||||
|
cert = open(cert, 'r').read().rstrip()
|
||||||
|
if key and os.path.isfile(key):
|
||||||
|
key = open(key, 'r').read().rstrip()
|
||||||
|
if cert_chain and os.path.isfile(cert_chain):
|
||||||
|
cert_chain = open(cert_chain, 'r').read()
|
||||||
|
return cert, key, cert_chain
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
argument_spec = ec2_argument_spec()
|
argument_spec = ec2_argument_spec()
|
||||||
argument_spec.update(dict(
|
argument_spec.update(dict(
|
||||||
|
|
@ -231,9 +247,9 @@ def main():
|
||||||
key=dict(no_log=True),
|
key=dict(no_log=True),
|
||||||
cert_chain=dict(),
|
cert_chain=dict(),
|
||||||
new_name=dict(),
|
new_name=dict(),
|
||||||
path=dict(default='/', required=False),
|
path=dict(default='/'),
|
||||||
new_path=dict(required=False),
|
new_path=dict(),
|
||||||
dup_ok=dict(required=False, type='bool')
|
dup_ok=dict(type='bool')
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -269,9 +285,9 @@ def main():
|
||||||
new_path = module.params.get('new_path')
|
new_path = module.params.get('new_path')
|
||||||
dup_ok = module.params.get('dup_ok')
|
dup_ok = module.params.get('dup_ok')
|
||||||
if state == 'present' and not new_name and not new_path:
|
if state == 'present' and not new_name and not new_path:
|
||||||
cert = module.params.get('cert')
|
cert, key, cert_chain = load_data(cert=module.params.get('cert'),
|
||||||
key = module.params.get('key')
|
key=module.params.get('key'),
|
||||||
cert_chain = module.params.get('cert_chain')
|
cert_chain=module.params.get('cert_chain'))
|
||||||
else:
|
else:
|
||||||
cert = key = cert_chain = None
|
cert = key = cert_chain = None
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue