internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-04-17 22:30:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: 3bcc0db4fc

Browse Source
This commit is contained in:
felixfontein
2023-05-15 19:56:50 +00:00
parent b796b6f253
commit c54890cd03
12 changed files with 28 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
branch/main/acme_account_info_module.html
View File

@@ -401,7 +401,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Verify that account exists</span>
<span class="w"> </span><span class="nt">assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">ansible.builtin.assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data.exists</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Print account URI</span>
@@ -417,7 +417,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">acme_account_uri</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Verify that account exists</span>
<span class="w"> </span><span class="nt">assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">ansible.builtin.assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">account_data.exists</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Print account contacts</span>

12
branch/main/acme_certificate_module.html
View File

@@ -675,14 +675,16 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<span class="c1"># perform the necessary steps to fulfill the challenge</span>
<span class="c1"># for example:</span>
<span class="c1">#</span>
<span class="c1"># - copy:</span>
<span class="c1"># - name: Copy http-01 challenge for sample.com</span>
<span class="c1"># ansible.builtin.copy:</span>
<span class="c1"># dest: /var/www/html/</span><span class="cp">{{</span> <span class="nv">sample_com_challenge</span><span class="o">[</span><span class="s1">&#39;challenge_data&#39;</span><span class="o">][</span><span class="s1">&#39;sample.com&#39;</span><span class="o">][</span><span class="s1">&#39;http-01&#39;</span><span class="o">][</span><span class="s1">&#39;resource&#39;</span><span class="o">]</span> <span class="cp">}}</span>
<span class="c1"># content: &quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge</span><span class="o">[</span><span class="s1">&#39;challenge_data&#39;</span><span class="o">][</span><span class="s1">&#39;sample.com&#39;</span><span class="o">][</span><span class="s1">&#39;http-01&#39;</span><span class="o">][</span><span class="s1">&#39;resource_value&#39;</span><span class="o">]</span> <span class="cp">}}</span><span class="c1">&quot;</span>
<span class="c1"># when: sample_com_challenge is changed and &#39;sample.com&#39; in sample_com_challenge[&#39;challenge_data&#39;]</span>
<span class="c1">#</span>
<span class="c1"># Alternative way:</span>
<span class="c1">#</span>
<span class="c1"># - copy:</span>
<span class="c1"># - name: Copy http-01 challenges</span>
<span class="c1"># ansible.builtin.copy:</span>
<span class="c1"># dest: /var/www/</span><span class="cp">{{</span> <span class="nv">item.key</span> <span class="cp">}}</span><span class="c1">/</span><span class="cp">{{</span> <span class="nv">item.value</span><span class="o">[</span><span class="s1">&#39;http-01&#39;</span><span class="o">][</span><span class="s1">&#39;resource&#39;</span><span class="o">]</span> <span class="cp">}}</span>
<span class="c1"># content: &quot;</span><span class="cp">{{</span> <span class="nv">item.value</span><span class="o">[</span><span class="s1">&#39;http-01&#39;</span><span class="o">][</span><span class="s1">&#39;resource_value&#39;</span><span class="o">]</span> <span class="cp">}}</span><span class="c1">&quot;</span>
<span class="c1"># loop: &quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge.challenge_data</span> <span class="o">|</span> <span class="nf">dict2items</span> <span class="cp">}}</span><span class="c1">&quot;</span>
@@ -714,7 +716,8 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<span class="c1"># perform the necessary steps to fulfill the challenge</span>
<span class="c1"># for example:</span>
<span class="c1">#</span>
<span class="c1"># - community.aws.route53:</span>
<span class="c1"># - name: Create DNS record for sample.com dns-01 challenge</span>
<span class="c1"># community.aws.route53:</span>
<span class="c1"># zone: sample.com</span>
<span class="c1"># record: &quot;</span><span class="cp">{{</span> <span class="nv">sample_com_challenge.challenge_data</span><span class="o">[</span><span class="s1">&#39;sample.com&#39;</span><span class="o">][</span><span class="s1">&#39;dns-01&#39;</span><span class="o">]</span><span class="nv">.record</span> <span class="cp">}}</span><span class="c1">&quot;</span>
<span class="c1"># type: TXT</span>
@@ -727,7 +730,8 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<span class="c1">#</span>
<span class="c1"># Alternative way:</span>
<span class="c1">#</span>
<span class="c1"># - community.aws.route53:</span>
<span class="c1"># - name: Create DNS records for dns-01 challenges</span>
<span class="c1"># community.aws.route53:</span>
<span class="c1"># zone: sample.com</span>
<span class="c1"># record: &quot;</span><span class="cp">{{</span> <span class="nv">item.key</span> <span class="cp">}}</span><span class="c1">&quot;</span>
<span class="c1"># type: TXT</span>

6
branch/main/certificate_complete_chain_module.html
View File

@@ -277,7 +277,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ce
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ca-certificates/</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www_ansible_com</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Write root certificate to disk</span>
<span class="w"> </span><span class="nt">copy</span><span class="p">:</span>
<span class="w"> </span><span class="nt">ansible.builtin.copy</span><span class="p">:</span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com-root.pem</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">www_ansible_com.root</span> <span class="cp">}}</span><span class="s">&quot;</span>
@@ -292,11 +292,11 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ce
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ca-certificates/</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www_ansible_com</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Write complete chain to disk</span>
<span class="w"> </span><span class="nt">copy</span><span class="p">:</span>
<span class="w"> </span><span class="nt">ansible.builtin.copy</span><span class="p">:</span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com-completechain.pem</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="s1">&#39;&#39;</span><span class="nv">.join</span><span class="o">(</span><span class="nv">www_ansible_com.complete_chain</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Write root chain (intermediates and root) to disk</span>
<span class="w"> </span><span class="nt">copy</span><span class="p">:</span>
<span class="w"> </span><span class="nt">ansible.builtin.copy</span><span class="p">:</span>
<span class="w"> </span><span class="nt">dest</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/www.ansible.com-rootchain.pem</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="s1">&#39;&#39;</span><span class="nv">.join</span><span class="o">(</span><span class="nv">www_ansible_com.chain</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
</pre></div>

2
branch/main/get_certificate_module.html
View File

@@ -373,7 +373,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ge
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">cert</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">How many days until cert expires</span>
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;cert</span><span class="nv"> </span><span class="s">expires</span><span class="nv"> </span><span class="s">in:</span><span class="nv"> </span><span class="cp">{{</span> <span class="nv">expire_days</span> <span class="cp">}}</span><span class="nv"> </span><span class="s">days.&quot;</span>
<span class="w"> </span><span class="nt">vars</span><span class="p">:</span>
<span class="w"> </span><span class="nt">expire_days</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="o">((</span> <span class="nv">cert.not_after</span> <span class="o">|</span> <span class="nf">to_datetime</span><span class="o">(</span><span class="s1">&#39;%Y%m%d%H%M%SZ&#39;</span><span class="o">))</span> <span class="o">-</span> <span class="o">(</span><span class="nv">ansible_date_time.iso8601</span> <span class="o">|</span> <span class="nf">to_datetime</span><span class="o">(</span><span class="s1">&#39;%Y-%m-%dT%H:%M:%SZ&#39;</span><span class="o">))</span> <span class="o">)</span><span class="nv">.days</span> <span class="cp">}}</span><span class="s">&quot;</span>

2
branch/main/openssl_csr_info_module.html
View File

@@ -316,7 +316,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Dump information</span>
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
</pre></div>
</div>

3
branch/main/openssl_csr_pipe_module.html
View File

@@ -719,7 +719,8 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
<span class="w"> </span><span class="nt">privatekey_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/private/ansible.com.pem</span>
<span class="w"> </span><span class="nt">common_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">www.ansible.com</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">debug</span><span class="p">:</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Print CSR</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.csr</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate an OpenSSL Certificate Signing Request with an inline CSR</span>

8
branch/main/openssl_privatekey_pipe_module.html
View File

@@ -470,11 +470,13 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">output</span>
<span class="w"> </span><span class="nt">no_log</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"> </span><span class="c1"># make sure that private key data is not accidentally revealed in logs!</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Show generated key</span>
<span class="w"> </span><span class="nt">debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">output.privatekey</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="c1"># DO NOT OUTPUT KEY MATERIAL TO CONSOLE OR LOGS IN PRODUCTION!</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">block</span><span class="p">:</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Generate or update a Mozilla sops encrypted key</span>
<span class="w"> </span><span class="nt">block</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Update sops-encrypted key with the community.sops collection</span>
<span class="w"> </span><span class="nt">community.crypto.openssl_privatekey_pipe</span><span class="p">:</span>
<span class="w"> </span><span class="nt">content</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">&#39;community.sops.sops&#39;</span><span class="o">,</span> <span class="s1">&#39;private_key.pem.sops&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
@@ -489,7 +491,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-op
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">output is changed</span>
<span class="w"> </span><span class="nt">always</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Make sure that output (which contains the private key) is overwritten</span>
<span class="w"> </span><span class="nt">set_fact</span><span class="p">:</span>
<span class="w"> </span><span class="nt">ansible.builtin.set_fact</span><span class="p">:</span>
<span class="w"> </span><span class="nt">output</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;&#39;</span>
</pre></div>
</div>

2
branch/main/openssl_signature_info_module.html
View File

@@ -326,7 +326,7 @@ ed448 and ed25519 keys: <code class="docutils literal notranslate"><span class="
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">verify</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Make sure the signature is valid</span>
<span class="w"> </span><span class="nt">assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">ansible.builtin.assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">verify.valid</span>
</pre></div>

2
branch/main/openssl_signature_module.html
View File

@@ -326,7 +326,7 @@ ed448 and ed25519 keys: <code class="docutils literal notranslate"><span class="
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">verify</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Make sure the signature is valid</span>
<span class="w"> </span><span class="nt">assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">ansible.builtin.assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">verify.valid</span>
</pre></div>

2
branch/main/searchindex.js
View File

File diff suppressed because one or more lines are too long

2
branch/main/x509_certificate_info_module.html
View File

@@ -359,7 +359,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-x5
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Validate that certificate is valid tomorrow, but not in three weeks</span>
<span class="w"> </span><span class="nt">assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">ansible.builtin.assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.valid_at.point_1</span><span class="w"> </span><span class="c1"># valid in one day</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">not result.valid_at.point_2</span><span class="w"> </span><span class="c1"># not valid in three weeks</span>

3
branch/main/x509_certificate_module.html
View File

@@ -943,7 +943,8 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-x5
<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/ssl/csr/ansible.com.key</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result_privatekey</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">assert</span><span class="p">:</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Check conditions on certificate, CSR, and private key</span>
<span class="w"> </span><span class="nt">ansible.builtin.assert</span><span class="p">:</span>
<span class="w"> </span><span class="nt">that</span><span class="p">:</span>
<span class="w"> </span><span class="c1"># When private key was specified for assertonly, this was checked:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">result.public_key == result_privatekey.public_key</span>