Felix Fontein
601a4b8f47
get_certificate: add cryptography backend ( #60599 )
...
* Add cryptography backend for get_certificate.
* Add changelog.
* Use short names (if possible).
* Adjust version (to behave as pyOpenSSL).
* Work around bugs (needed for cryptography 1.2.3).
* Don't run cryptography backend tests for CentOS 6.
* Bump cryptography requirement to 1.6 or newer.
Otherwise, signature_algorithm_oid isn't there, either.
* Simplify requirement text.
* CentOS 6 has cryptography 1.9, so we still need to block.
* Add auto-detect test.
* Improve YAML.
2019-08-17 16:02:14 +02:00
Felix Fontein
91eed74ac3
Stop using ca_certs alias. ( #54507 )
2019-03-28 10:38:18 -04:00
James Cassell
bc4ef99533
standardize TLS connection properties ( #54315 )
...
* openstack: standardize tls params
* tower: tower_verify_ssl->validate_certs
* docker: use standard tls config params
- cacert_path -> ca_cert
- cert_path -> client_cert
- key_path -> client_key
- tls_verify -> validate_certs
* k8s: standardize tls connection params
- verify_ssl -> validate_certs
- ssl_ca_cert -> ca_cert
- cert_file -> client_cert
- key_file -> client_key
* ingate: verify_ssl -> validate_certs
* manageiq: standardize tls params
- verify_ssl -> validate_certs
- ca_bundle_path -> ca_cert
* mysql: standardize tls params
- ssl_ca -> ca_cert
- ssl_cert -> client_cert
- ssl_key -> client_key
* nios: ssl_verify -> validate_certs
* postgresql: ssl_rootcert -> ca_cert
* rabbitmq: standardize tls params
- cacert -> ca_cert
- cert -> client_cert
- key -> client_key
* rackspace: verify_ssl -> validate_certs
* vca: verify_certs -> validate_certs
* kubevirt_cdi_upload: upload_host_verify_ssl -> upload_host_validate_certs
* lxd: standardize tls params
- key_file -> client_key
- cert_file -> client_cert
* get_certificate: ca_certs -> ca_cert
* get_certificate.py: clarify one or more certs in a file
Co-Authored-By: jamescassell <code@james.cassell.me>
* zabbix: tls_issuer -> ca_cert
* bigip_device_auth_ldap: standardize tls params
- ssl_check_peer -> validate_certs
- ssl_client_cert -> client_cert
- ssl_client_key -> client_key
- ssl_ca_cert -> ca_cert
* vdirect: vdirect_validate_certs -> validate_certs
* mqtt: standardize tls params
- ca_certs -> ca_cert
- certfile -> client_cert
- keyfile -> client_key
* pulp_repo: standardize tls params
remove `importer_ssl` prefix
* rhn_register: sslcacert -> ca_cert
* yum_repository: standardize tls params
The fix for yum_repository is not straightforward since this module is
only a thin wrapper for the underlying commands and config. In this
case, we add the new values as aliases, keeping the old as primary,
only due to the internal structure of the module.
Aliases added:
- sslcacert -> ca_cert
- sslclientcert -> client_cert
- sslclientkey -> client_key
- sslverify -> validate_certs
* gitlab_hook: enable_ssl_verification -> hook_validate_certs
* Adjust arguments for docker_swarm inventory plugin.
* foreman callback: standardize tls params
- ssl_cert -> client_cert
- ssl_key -> client_key
* grafana_annotations: validate_grafana_certs -> validate_certs
* nrdp callback: validate_nrdp_certs -> validate_certs
* kubectl connection: standardize tls params
- kubectl_cert_file -> client_cert
- kubectl_key_file -> client_key
- kubectl_ssl_ca_cert -> ca_cert
- kubectl_verify_ssl -> validate_certs
* oc connection: standardize tls params
- oc_cert_file -> client_cert
- oc_key_file -> client_key
- oc_ssl_ca_cert -> ca_cert
- oc_verify_ssl -> validate_certs
* psrp connection: cert_trust_path -> ca_cert
TODO: cert_validation -> validate_certs (multi-valued vs bool)
* k8s inventory: standardize tls params
- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs
* openshift inventory: standardize tls params
- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs
* tower inventory: verify_ssl -> validate_certs
* hashi_vault lookup: cacert -> ca_cert
* k8s lookup: standardize tls params
- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs
* laps_passord lookup: cacert_file -> ca_cert
* changelog for TLS parameter standardization
2019-03-28 00:19:28 -05:00
John Westcott IV
6469baf460
Added get_certificate module ( #41735 )
...
* Added get_certificate module.
* Fixed test against bogus_ca.pem file
2018-12-07 13:27:16 +00:00