internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-06 05:12:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: 428550165a

Browse Source
This commit is contained in:
felixfontein
2023-10-28 20:56:41 +00:00
parent cd154371db
commit b59fba27e2
7 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
branch/main/acme_certificate_module.html
View File

@@ -667,9 +667,10 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge</span>
<span class="c1"># Alternative first step:</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a challenge for sample.com using a account key from hashi vault.</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a challenge for sample.com using a account key from Hashi Vault.</span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">account_key_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;hashi_vault&#39;</span><span class="o">,</span> <span class="s1">&#39;secret=secret/account_private_key:value&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">account_key_content</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">&gt;-</span>
<span class="w"> </span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;community.hashi_vault.hashi_vault&#39;</span><span class="o">,</span> <span class="s1">&#39;secret=secret/account_private_key:value&#39;</span><span class="o">)</span> <span class="cp">}}</span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span>
<span class="w"> </span><span class="nt">fullchain_dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/httpd/ssl/sample.com-fullchain.crt</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sample_com_challenge</span>

4
branch/main/certificate_complete_chain_module.html
View File

@@ -281,7 +281,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ce
<span class="c1"># certificates, finds the associated root certificate.</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Find root certificate</span>
<span class="w"> </span><span class="nt">community.crypto.certificate_complete_chain</span><span class="p">:</span>
<span class="w"> </span><span class="nt">input_chain</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com-fullchain.pem&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">input_chain</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;ansible.builtin.file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com-fullchain.pem&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">root_certificates</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ca-certificates/</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www_ansible_com</span>
@@ -294,7 +294,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ce
<span class="c1"># certificates, finds the associated root certificate.</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Find root certificate</span>
<span class="w"> </span><span class="nt">community.crypto.certificate_complete_chain</span><span class="p">:</span>
<span class="w"> </span><span class="nt">input_chain</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com.pem&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">input_chain</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;ansible.builtin.file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com.pem&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">intermediate_certificates</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com-chain.pem</span>
<span class="w"> </span><span class="nt">root_certificates</span><span class="p">:</span>

2
branch/main/ecs_certificate_module.html
View File

@@ -705,7 +705,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ec
</div></td>
<td><div class="ansible-option-cell"><p>The number of days the certificate must have left being valid. If <code class="ansible-return-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-ecs-certificate-module-return-cert-days"><span class="std std-ref"><span class="pre">cert_days</span></span></a></code> &lt; <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-ecs-certificate-module-parameter-remaining-days"><span class="std std-ref"><span class="pre">remaining_days</span></span></a></strong></code> then a new certificate will be obtained using <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-ecs-certificate-module-parameter-request-type"><span class="std std-ref"><span class="pre">request_type</span></span></a></strong></code>.</p>
<p>If <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-ecs-certificate-module-parameter-request-type"><span class="std std-ref"><span class="pre">request_type=renew</span></span></a></code>, a renewal will fail if the certificate being renewed has been issued within the past 30 days, so do not set a <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-ecs-certificate-module-parameter-remaining-days"><span class="std std-ref"><span class="pre">remaining_days</span></span></a></strong></code> value that is within 30 days of the full lifetime of the certificate being acted upon.</p>
<p>For exmaple, if you are requesting Certificates with a 90 day lifetime, do not set <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-ecs-certificate-module-parameter-remaining-days"><span class="std std-ref"><span class="pre">remaining_days</span></span></a></strong></code> to a value <code class="ansible-value docutils literal notranslate"><span class="pre">60</span></code> or higher).</p>
<p>For example, if you are requesting Certificates with a 90 day lifetime, do not set <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-ecs-certificate-module-parameter-remaining-days"><span class="std std-ref"><span class="pre">remaining_days</span></span></a></strong></code> to a value <code class="ansible-value docutils literal notranslate"><span class="pre">60</span></code> or higher).</p>
<p>The <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-ecs-certificate-module-parameter-force"><span class="std std-ref"><span class="pre">force</span></span></a></strong></code> option may be used to ensure that a new certificate is always obtained.</p>
<p class="ansible-option-line"><strong class="ansible-option-default-bold">Default:</strong> <code class="ansible-option-default docutils literal notranslate"><span class="pre">30</span></code></p>
</div></td>

2
branch/main/openssl_csr_pipe_module.html
View File

@@ -734,7 +734,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with an inline CSR</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_csr</span><span class="p">:</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com.csr&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;ansible.builtin.file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com.csr&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">privatekey_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">private_key_content</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>

2
branch/main/searchindex.js
View File

File diff suppressed because one or more lines are too long

2
branch/main/x509_certificate_info_module.html
View File

@@ -270,7 +270,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-x5
<div class="ansibleOptionAnchor" id="parameter-valid_at"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-x509-certificate-info-module-parameter-valid-at"><strong>valid_at</strong></p>
<a class="ansibleOptionLink" href="#parameter-valid_at" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>A dict of names mapping to time specifications. Every time specified here will be checked whether the certificate is valid at this point. See the <code class="ansible-return-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-x509-certificate-info-module-return-valid-at"><span class="std std-ref"><span class="pre">valid_at</span></span></a></code> return value for informations on the result.</p>
<td><div class="ansible-option-cell"><p>A dict of names mapping to time specifications. Every time specified here will be checked whether the certificate is valid at this point. See the <code class="ansible-return-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-x509-certificate-info-module-return-valid-at"><span class="std std-ref"><span class="pre">valid_at</span></span></a></code> return value for information on the result.</p>
<p>Time can be specified either as relative time or as absolute timestamp.</p>
<p>Time will always be interpreted as UTC.</p>
<p>Valid format is <code class="docutils literal notranslate"><span class="pre">[+-]timespec</span> <span class="pre">|</span> <span class="pre">ASN.1</span> <span class="pre">TIME</span></code> where timespec can be an integer + <code class="docutils literal notranslate"><span class="pre">[w</span> <span class="pre">|</span> <span class="pre">d</span> <span class="pre">|</span> <span class="pre">h</span> <span class="pre">|</span> <span class="pre">m</span> <span class="pre">|</span> <span class="pre">s]</span></code> (for example <code class="ansible-value docutils literal notranslate"><span class="pre">+32w1d2h</span></code>), and ASN.1 TIME (in other words, pattern <code class="docutils literal notranslate"><span class="pre">YYYYMMDDHHMMSSZ</span></code>). Note that all timestamps will be treated as being in UTC.</p>

4
branch/main/x509_certificate_pipe_module.html
View File

@@ -713,8 +713,8 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-x5
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">(1/2) Generate an OpenSSL Certificate with the CSR provided inline</span>
<span class="w"> </span><span class="nt">community.crypto.x509_certificate_pipe</span><span class="p">:</span>
<span class="w"> </span><span class="nt">provider</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ownca</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com.crt&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">csr_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com.csr&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;ansible.builtin.file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com.crt&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">csr_content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;ansible.builtin.file&#39;</span><span class="o">,</span> <span class="s1">&#39;/etc/ssl/csr/www.ansible.com.csr&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">ownca_cert</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca_cert.crt</span>
<span class="w"> </span><span class="nt">ownca_privatekey</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/ca_cert.key</span>
<span class="w"> </span><span class="nt">ownca_privatekey_passphrase</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">hunter2</span>