openssl_csr: consistent param namings (#29604)

* harmonize openssl-csr argument names

* the module has been introduced by 2.4 not only the privatekey_passphrase

(cherry picked from commit 177ce3014c)
This commit is contained in:
Christian Pointner 2017-09-11 21:05:15 +02:00 committed by Toshio Kuratomi
parent 1c7a91a725
commit cc995a2477

View file

@ -20,10 +20,10 @@ author: "Yanis Guenane (@Spredzy)"
version_added: "2.4" version_added: "2.4"
short_description: Generate OpenSSL Certificate Signing Request (CSR) short_description: Generate OpenSSL Certificate Signing Request (CSR)
description: description:
- "This module allows one to (re)generates OpenSSL certificate signing requests. - "This module allows one to (re)generate OpenSSL certificate signing requests.
It uses the pyOpenSSL python library to interact with openssl. This module supports It uses the pyOpenSSL python library to interact with openssl. This module supports
the subjectAltName as well as the keyUsage and extendedKeyUsage extensions. the subjectAltName as well as the keyUsage and extendedKeyUsage extensions.
Note: At least one of commonName or subjectAltName must be specified. Note: At least one of common_name or subject_alt_name must be specified.
This module uses file common arguments to specify generated file permissions." This module uses file common arguments to specify generated file permissions."
requirements: requirements:
- "python-pyOpenSSL" - "python-pyOpenSSL"
@ -47,7 +47,6 @@ options:
required: false required: false
description: description:
- The passphrase for the privatekey. - The passphrase for the privatekey.
version_added: "2.4"
version: version:
required: false required: false
default: 3 default: 3
@ -63,70 +62,74 @@ options:
required: true required: true
description: description:
- Name of the folder in which the generated OpenSSL certificate signing request will be written - Name of the folder in which the generated OpenSSL certificate signing request will be written
countryName: country_name:
required: false required: false
aliases: [ 'C' ] aliases: [ 'C', 'countryName' ]
description: description:
- countryName field of the certificate signing request subject - countryName field of the certificate signing request subject
stateOrProvinceName: state_or_province_name:
required: false required: false
aliases: [ 'ST' ] aliases: [ 'ST', 'stateOrProvinceName' ]
description: description:
- stateOrProvinceName field of the certificate signing request subject - stateOrProvinceName field of the certificate signing request subject
localityName: locality_name:
required: false required: false
aliases: [ 'L' ] aliases: [ 'L', 'localityName' ]
description: description:
- localityName field of the certificate signing request subject - localityName field of the certificate signing request subject
organizationName: organization_name:
required: false required: false
aliases: [ 'O' ] aliases: [ 'O', 'organizationName' ]
description: description:
- organizationName field of the certificate signing request subject - organizationName field of the certificate signing request subject
organizationalUnitName: organizational_unit_name:
required: false required: false
aliases: [ 'OU' ] aliases: [ 'OU', 'organizationalUnitName' ]
description: description:
- organizationalUnitName field of the certificate signing request subject - organizationalUnitName field of the certificate signing request subject
commonName: common_name:
required: false required: false
aliases: [ 'CN' ] aliases: [ 'CN', 'commonName' ]
description: description:
- commonName field of the certificate signing request subject - commonName field of the certificate signing request subject
emailAddress: email_address:
required: false required: false
aliases: [ 'E' ] aliases: [ 'E', 'emailAddress' ]
description: description:
- emailAddress field of the certificate signing request subject - emailAddress field of the certificate signing request subject
subjectAltName: subject_alt_name:
required: false required: false
aliases: [ 'subjectAltName' ]
description: description:
- SAN extension to attach to the certificate signing request - SAN extension to attach to the certificate signing request
- This can either be a 'comma separated string' or a YAML list. - This can either be a 'comma separated string' or a YAML list.
subjectAltName_critical: subject_alt_name_critical:
required: false required: false
aliases: [ 'subjectAltName_critical' ]
description: description:
- Should the subjectAltName extension be considered as critical - Should the subjectAltName extension be considered as critical
keyUsage: key_usage:
required: false required: false
aliases: [ 'keyUsage' ]
description: description:
- This defines the purpose (e.g. encipherment, signature, certificate signing) - This defines the purpose (e.g. encipherment, signature, certificate signing)
of the key contained in the certificate. of the key contained in the certificate.
- This can either be a 'comma separated string' or a YAML list. - This can either be a 'comma separated string' or a YAML list.
keyUsage_critical: key_usage_critical:
required: false required: false
aliases: [ 'keyUsage_critical' ]
description: description:
- Should the keyUsage extension be considered as critical - Should the keyUsage extension be considered as critical
extendedKeyUsage: extended_key_usage:
required: false required: false
aliases: [ 'extKeyUsage' ] aliases: [ 'extKeyUsage', 'extendedKeyUsage' ]
description: description:
- Additional restrictions (e.g. client authentication, server authentication) - Additional restrictions (e.g. client authentication, server authentication)
on the allowed purposes for which the public key may be used. on the allowed purposes for which the public key may be used.
- This can either be a 'comma separated string' or a YAML list. - This can either be a 'comma separated string' or a YAML list.
extendedKeyUsage_critical: extended_key_usage_critical:
required: false required: false
aliases: [ 'extKeyUsage_critical' ] aliases: [ 'extKeyUsage_critical', 'extendedKeyUsage_critical' ]
description: description:
- Should the extkeyUsage extension be considered as critical - Should the extkeyUsage extension be considered as critical
@ -142,7 +145,7 @@ EXAMPLES = '''
- openssl_csr: - openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem privatekey_path: /etc/ssl/private/ansible.com.pem
commonName: www.ansible.com common_name: www.ansible.com
# Generate an OpenSSL Certificate Signing Request with a # Generate an OpenSSL Certificate Signing Request with a
# passphrase protected private key # passphrase protected private key
@ -150,39 +153,39 @@ EXAMPLES = '''
path: /etc/ssl/csr/www.ansible.com.csr path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem privatekey_path: /etc/ssl/private/ansible.com.pem
privatekey_passphrase: ansible privatekey_passphrase: ansible
commonName: www.ansible.com common_name: www.ansible.com
# Generate an OpenSSL Certificate Signing Request with Subject information # Generate an OpenSSL Certificate Signing Request with Subject information
- openssl_csr: - openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem privatekey_path: /etc/ssl/private/ansible.com.pem
countryName: FR country_name: FR
organizationName: Ansible organization_name: Ansible
emailAddress: jdoe@ansible.com email_address: jdoe@ansible.com
commonName: www.ansible.com common_name: www.ansible.com
# Generate an OpenSSL Certificate Signing Request with subjectAltName extension # Generate an OpenSSL Certificate Signing Request with subjectAltName extension
- openssl_csr: - openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem privatekey_path: /etc/ssl/private/ansible.com.pem
subjectAltName: 'DNS:www.ansible.com,DNS:m.ansible.com' subject_alt_name: 'DNS:www.ansible.com,DNS:m.ansible.com'
# Force re-generate an OpenSSL Certificate Signing Request # Force re-generate an OpenSSL Certificate Signing Request
- openssl_csr: - openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem privatekey_path: /etc/ssl/private/ansible.com.pem
force: True force: True
commonName: www.ansible.com common_name: www.ansible.com
# Generate an OpenSSL Certificate Signing Request with special key usages # Generate an OpenSSL Certificate Signing Request with special key usages
- openssl_csr: - openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem privatekey_path: /etc/ssl/private/ansible.com.pem
commonName: www.ansible.com common_name: www.ansible.com
keyUsage: key_usage:
- digitlaSignature - digitlaSignature
- keyAgreement - keyAgreement
extKeyUsage: extended_key_usage:
- clientAuth - clientAuth
''' '''
@ -405,19 +408,19 @@ def main():
version=dict(default='3', type='int'), version=dict(default='3', type='int'),
force=dict(default=False, type='bool'), force=dict(default=False, type='bool'),
path=dict(required=True, type='path'), path=dict(required=True, type='path'),
countryName=dict(aliases=['C'], type='str'), countryName=dict(aliases=['C', 'country_name'], type='str'),
stateOrProvinceName=dict(aliases=['ST'], type='str'), stateOrProvinceName=dict(aliases=['ST', 'state_or_province_name'], type='str'),
localityName=dict(aliases=['L'], type='str'), localityName=dict(aliases=['L', 'locality_name'], type='str'),
organizationName=dict(aliases=['O'], type='str'), organizationName=dict(aliases=['O', 'organization_name'], type='str'),
organizationalUnitName=dict(aliases=['OU'], type='str'), organizationalUnitName=dict(aliases=['OU', 'organizational_unit_name'], type='str'),
commonName=dict(aliases=['CN'], type='str'), commonName=dict(aliases=['CN', 'common_name'], type='str'),
emailAddress=dict(aliases=['E'], type='str'), emailAddress=dict(aliases=['E', 'email_address'], type='str'),
subjectAltName=dict(type='list'), subjectAltName=dict(aliases=['subject_alt_name'], type='list'),
subjectAltName_critical=dict(default=False, type='bool'), subjectAltName_critical=dict(aliases=['subject_alt_name_critical'], default=False, type='bool'),
keyUsage=dict(type='list'), keyUsage=dict(aliases=['key_usage'], type='list'),
keyUsage_critical=dict(default=False, type='bool'), keyUsage_critical=dict(aliases=['key_usage_critical'], default=False, type='bool'),
extendedKeyUsage=dict(aliases=['extKeyUsage'], type='list'), extendedKeyUsage=dict(aliases=['extKeyUsage', 'extended_key_usage'], type='list'),
extendedKeyUsage_critical=dict(default=False, aliases=['extKeyUsage_critical'], type='bool'), extendedKeyUsage_critical=dict(aliases=['extKeyUsage_critical', 'extended_key_usage_critical'], default=False, type='bool'),
), ),
add_file_common_args=True, add_file_common_args=True,
supports_check_mode=True, supports_check_mode=True,