Fix doc fragments indents.
parent
ddbcf49868
commit
37af200ecb
|
@ -24,25 +24,25 @@ attributes:
|
||||||
INFO_MODULE = r'''
|
INFO_MODULE = r'''
|
||||||
options: {}
|
options: {}
|
||||||
attributes:
|
attributes:
|
||||||
check_mode:
|
check_mode:
|
||||||
support: full
|
support: full
|
||||||
details:
|
details:
|
||||||
- This action does not modify state.
|
- This action does not modify state.
|
||||||
diff_mode:
|
diff_mode:
|
||||||
support: N/A
|
support: N/A
|
||||||
details:
|
details:
|
||||||
- This action does not modify state.
|
- This action does not modify state.
|
||||||
'''
|
'''
|
||||||
|
|
||||||
ACTIONGROUP_ACME = r'''
|
ACTIONGROUP_ACME = r'''
|
||||||
options: {}
|
options: {}
|
||||||
attributes:
|
attributes:
|
||||||
action_group:
|
action_group:
|
||||||
description: Use C(group/acme) or C(group/community.crypto.acme) in C(module_defaults) to set defaults for this module.
|
description: Use C(group/acme) or C(group/community.crypto.acme) in C(module_defaults) to set defaults for this module.
|
||||||
support: full
|
support: full
|
||||||
membership:
|
membership:
|
||||||
- community.crypto.acme
|
- community.crypto.acme
|
||||||
- acme
|
- acme
|
||||||
'''
|
'''
|
||||||
|
|
||||||
FACTS = r"""
|
FACTS = r"""
|
||||||
|
@ -56,16 +56,16 @@ attributes:
|
||||||
FACTS_MODULE = r'''
|
FACTS_MODULE = r'''
|
||||||
options: {}
|
options: {}
|
||||||
attributes:
|
attributes:
|
||||||
check_mode:
|
check_mode:
|
||||||
support: full
|
support: full
|
||||||
details:
|
details:
|
||||||
- This action does not modify state.
|
- This action does not modify state.
|
||||||
diff_mode:
|
diff_mode:
|
||||||
support: N/A
|
support: N/A
|
||||||
details:
|
details:
|
||||||
- This action does not modify state.
|
- This action does not modify state.
|
||||||
facts:
|
facts:
|
||||||
support: full
|
support: full
|
||||||
'''
|
'''
|
||||||
|
|
||||||
FILES = r"""
|
FILES = r"""
|
||||||
|
|
|
@ -88,316 +88,316 @@ seealso:
|
||||||
|
|
||||||
BACKEND_ACME_DOCUMENTATION = r'''
|
BACKEND_ACME_DOCUMENTATION = r'''
|
||||||
description:
|
description:
|
||||||
- This module allows one to (re)generate OpenSSL certificates.
|
- This module allows one to (re)generate OpenSSL certificates.
|
||||||
requirements:
|
requirements:
|
||||||
- acme-tiny >= 4.0.0 (if using the V(acme) provider)
|
- acme-tiny >= 4.0.0 (if using the V(acme) provider)
|
||||||
options:
|
options:
|
||||||
acme_accountkey_path:
|
acme_accountkey_path:
|
||||||
description:
|
description:
|
||||||
- The path to the accountkey for the V(acme) provider.
|
- The path to the accountkey for the V(acme) provider.
|
||||||
- This is only used by the V(acme) provider.
|
- This is only used by the V(acme) provider.
|
||||||
type: path
|
type: path
|
||||||
|
|
||||||
acme_challenge_path:
|
acme_challenge_path:
|
||||||
description:
|
description:
|
||||||
- The path to the ACME challenge directory that is served on U(http://<HOST>:80/.well-known/acme-challenge/)
|
- The path to the ACME challenge directory that is served on U(http://<HOST>:80/.well-known/acme-challenge/)
|
||||||
- This is only used by the V(acme) provider.
|
- This is only used by the V(acme) provider.
|
||||||
type: path
|
type: path
|
||||||
|
|
||||||
acme_chain:
|
acme_chain:
|
||||||
description:
|
description:
|
||||||
- Include the intermediate certificate to the generated certificate
|
- Include the intermediate certificate to the generated certificate
|
||||||
- This is only used by the V(acme) provider.
|
- This is only used by the V(acme) provider.
|
||||||
- Note that this is only available for older versions of C(acme-tiny).
|
- Note that this is only available for older versions of C(acme-tiny).
|
||||||
New versions include the chain automatically, and setting O(acme_chain) to V(true) results in an error.
|
New versions include the chain automatically, and setting O(acme_chain) to V(true) results in an error.
|
||||||
type: bool
|
type: bool
|
||||||
default: false
|
default: false
|
||||||
|
|
||||||
acme_directory:
|
acme_directory:
|
||||||
description:
|
description:
|
||||||
- "The ACME directory to use. You can use any directory that supports the ACME protocol, such as Buypass or Let's Encrypt."
|
- "The ACME directory to use. You can use any directory that supports the ACME protocol, such as Buypass or Let's Encrypt."
|
||||||
- "Let's Encrypt recommends using their staging server while developing jobs. U(https://letsencrypt.org/docs/staging-environment/)."
|
- "Let's Encrypt recommends using their staging server while developing jobs. U(https://letsencrypt.org/docs/staging-environment/)."
|
||||||
type: str
|
type: str
|
||||||
default: https://acme-v02.api.letsencrypt.org/directory
|
default: https://acme-v02.api.letsencrypt.org/directory
|
||||||
'''
|
'''
|
||||||
|
|
||||||
BACKEND_ENTRUST_DOCUMENTATION = r'''
|
BACKEND_ENTRUST_DOCUMENTATION = r'''
|
||||||
options:
|
options:
|
||||||
entrust_cert_type:
|
entrust_cert_type:
|
||||||
description:
|
description:
|
||||||
- Specify the type of certificate requested.
|
- Specify the type of certificate requested.
|
||||||
- This is only used by the V(entrust) provider.
|
- This is only used by the V(entrust) provider.
|
||||||
type: str
|
type: str
|
||||||
default: STANDARD_SSL
|
default: STANDARD_SSL
|
||||||
choices: [ 'STANDARD_SSL', 'ADVANTAGE_SSL', 'UC_SSL', 'EV_SSL', 'WILDCARD_SSL', 'PRIVATE_SSL', 'PD_SSL', 'CDS_ENT_LITE', 'CDS_ENT_PRO', 'SMIME_ENT' ]
|
choices: [STANDARD_SSL, ADVANTAGE_SSL, UC_SSL, EV_SSL, WILDCARD_SSL, PRIVATE_SSL, PD_SSL, CDS_ENT_LITE, CDS_ENT_PRO, SMIME_ENT]
|
||||||
|
|
||||||
entrust_requester_email:
|
entrust_requester_email:
|
||||||
description:
|
description:
|
||||||
- The email of the requester of the certificate (for tracking purposes).
|
- The email of the requester of the certificate (for tracking purposes).
|
||||||
- This is only used by the V(entrust) provider.
|
- This is only used by the V(entrust) provider.
|
||||||
- This is required if the provider is V(entrust).
|
- This is required if the provider is V(entrust).
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
entrust_requester_name:
|
entrust_requester_name:
|
||||||
description:
|
description:
|
||||||
- The name of the requester of the certificate (for tracking purposes).
|
- The name of the requester of the certificate (for tracking purposes).
|
||||||
- This is only used by the V(entrust) provider.
|
- This is only used by the V(entrust) provider.
|
||||||
- This is required if the provider is V(entrust).
|
- This is required if the provider is V(entrust).
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
entrust_requester_phone:
|
entrust_requester_phone:
|
||||||
description:
|
description:
|
||||||
- The phone number of the requester of the certificate (for tracking purposes).
|
- The phone number of the requester of the certificate (for tracking purposes).
|
||||||
- This is only used by the V(entrust) provider.
|
- This is only used by the V(entrust) provider.
|
||||||
- This is required if the provider is V(entrust).
|
- This is required if the provider is V(entrust).
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
entrust_api_user:
|
entrust_api_user:
|
||||||
description:
|
description:
|
||||||
- The username for authentication to the Entrust Certificate Services (ECS) API.
|
- The username for authentication to the Entrust Certificate Services (ECS) API.
|
||||||
- This is only used by the V(entrust) provider.
|
- This is only used by the V(entrust) provider.
|
||||||
- This is required if the provider is V(entrust).
|
- This is required if the provider is V(entrust).
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
entrust_api_key:
|
entrust_api_key:
|
||||||
description:
|
description:
|
||||||
- The key (password) for authentication to the Entrust Certificate Services (ECS) API.
|
- The key (password) for authentication to the Entrust Certificate Services (ECS) API.
|
||||||
- This is only used by the V(entrust) provider.
|
- This is only used by the V(entrust) provider.
|
||||||
- This is required if the provider is V(entrust).
|
- This is required if the provider is V(entrust).
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
entrust_api_client_cert_path:
|
entrust_api_client_cert_path:
|
||||||
description:
|
description:
|
||||||
- The path to the client certificate used to authenticate to the Entrust Certificate Services (ECS) API.
|
- The path to the client certificate used to authenticate to the Entrust Certificate Services (ECS) API.
|
||||||
- This is only used by the V(entrust) provider.
|
- This is only used by the V(entrust) provider.
|
||||||
- This is required if the provider is V(entrust).
|
- This is required if the provider is V(entrust).
|
||||||
type: path
|
type: path
|
||||||
|
|
||||||
entrust_api_client_cert_key_path:
|
entrust_api_client_cert_key_path:
|
||||||
description:
|
description:
|
||||||
- The path to the private key of the client certificate used to authenticate to the Entrust Certificate Services (ECS) API.
|
- The path to the private key of the client certificate used to authenticate to the Entrust Certificate Services (ECS) API.
|
||||||
- This is only used by the V(entrust) provider.
|
- This is only used by the V(entrust) provider.
|
||||||
- This is required if the provider is V(entrust).
|
- This is required if the provider is V(entrust).
|
||||||
type: path
|
type: path
|
||||||
|
|
||||||
entrust_not_after:
|
entrust_not_after:
|
||||||
description:
|
description:
|
||||||
- The point in time at which the certificate stops being valid.
|
- The point in time at which the certificate stops being valid.
|
||||||
- Time can be specified either as relative time or as an absolute timestamp.
|
- Time can be specified either as relative time or as an absolute timestamp.
|
||||||
- A valid absolute time format is C(ASN.1 TIME) such as V(2019-06-18).
|
- A valid absolute time format is C(ASN.1 TIME) such as V(2019-06-18).
|
||||||
- A valid relative time format is V([+-]timespec) where timespec can be an integer + C([w | d | h | m | s]), such as V(+365d) or V(+32w1d2h)).
|
- A valid relative time format is V([+-]timespec) where timespec can be an integer + C([w | d | h | m | s]), such as V(+365d) or V(+32w1d2h)).
|
||||||
- Time will always be interpreted as UTC.
|
- Time will always be interpreted as UTC.
|
||||||
- Note that only the date (day, month, year) is supported for specifying the expiry date of the issued certificate.
|
- Note that only the date (day, month, year) is supported for specifying the expiry date of the issued certificate.
|
||||||
- The full date-time is adjusted to EST (GMT -5:00) before issuance, which may result in a certificate with an expiration date one day
|
- The full date-time is adjusted to EST (GMT -5:00) before issuance, which may result in a certificate with an expiration date one day
|
||||||
earlier than expected if a relative time is used.
|
earlier than expected if a relative time is used.
|
||||||
- The minimum certificate lifetime is 90 days, and maximum is three years.
|
- The minimum certificate lifetime is 90 days, and maximum is three years.
|
||||||
- If this value is not specified, the certificate will stop being valid 365 days the date of issue.
|
- If this value is not specified, the certificate will stop being valid 365 days the date of issue.
|
||||||
- This is only used by the V(entrust) provider.
|
- This is only used by the V(entrust) provider.
|
||||||
- Please note that this value is B(not) covered by the O(ignore_timestamps) option.
|
- Please note that this value is B(not) covered by the O(ignore_timestamps) option.
|
||||||
type: str
|
type: str
|
||||||
default: +365d
|
default: +365d
|
||||||
|
|
||||||
entrust_api_specification_path:
|
entrust_api_specification_path:
|
||||||
description:
|
description:
|
||||||
- The path to the specification file defining the Entrust Certificate Services (ECS) API configuration.
|
- The path to the specification file defining the Entrust Certificate Services (ECS) API configuration.
|
||||||
- You can use this to keep a local copy of the specification to avoid downloading it every time the module is used.
|
- You can use this to keep a local copy of the specification to avoid downloading it every time the module is used.
|
||||||
- This is only used by the V(entrust) provider.
|
- This is only used by the V(entrust) provider.
|
||||||
type: path
|
type: path
|
||||||
default: https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml
|
default: https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml
|
||||||
'''
|
'''
|
||||||
|
|
||||||
BACKEND_OWNCA_DOCUMENTATION = r'''
|
BACKEND_OWNCA_DOCUMENTATION = r'''
|
||||||
description:
|
description:
|
||||||
- The V(ownca) provider is intended for generating an OpenSSL certificate signed with your own
|
- The V(ownca) provider is intended for generating an OpenSSL certificate signed with your own
|
||||||
CA (Certificate Authority) certificate (self-signed certificate).
|
CA (Certificate Authority) certificate (self-signed certificate).
|
||||||
options:
|
options:
|
||||||
ownca_path:
|
ownca_path:
|
||||||
description:
|
description:
|
||||||
- Remote absolute path of the CA (Certificate Authority) certificate.
|
- Remote absolute path of the CA (Certificate Authority) certificate.
|
||||||
- This is only used by the V(ownca) provider.
|
- This is only used by the V(ownca) provider.
|
||||||
- This is mutually exclusive with O(ownca_content).
|
- This is mutually exclusive with O(ownca_content).
|
||||||
type: path
|
type: path
|
||||||
ownca_content:
|
ownca_content:
|
||||||
description:
|
description:
|
||||||
- Content of the CA (Certificate Authority) certificate.
|
- Content of the CA (Certificate Authority) certificate.
|
||||||
- This is only used by the V(ownca) provider.
|
- This is only used by the V(ownca) provider.
|
||||||
- This is mutually exclusive with O(ownca_path).
|
- This is mutually exclusive with O(ownca_path).
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
ownca_privatekey_path:
|
ownca_privatekey_path:
|
||||||
description:
|
description:
|
||||||
- Path to the CA (Certificate Authority) private key to use when signing the certificate.
|
- Path to the CA (Certificate Authority) private key to use when signing the certificate.
|
||||||
- This is only used by the V(ownca) provider.
|
- This is only used by the V(ownca) provider.
|
||||||
- This is mutually exclusive with O(ownca_privatekey_content).
|
- This is mutually exclusive with O(ownca_privatekey_content).
|
||||||
type: path
|
type: path
|
||||||
ownca_privatekey_content:
|
ownca_privatekey_content:
|
||||||
description:
|
description:
|
||||||
- Content of the CA (Certificate Authority) private key to use when signing the certificate.
|
- Content of the CA (Certificate Authority) private key to use when signing the certificate.
|
||||||
- This is only used by the V(ownca) provider.
|
- This is only used by the V(ownca) provider.
|
||||||
- This is mutually exclusive with O(ownca_privatekey_path).
|
- This is mutually exclusive with O(ownca_privatekey_path).
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
ownca_privatekey_passphrase:
|
ownca_privatekey_passphrase:
|
||||||
description:
|
description:
|
||||||
- The passphrase for the O(ownca_privatekey_path) resp. O(ownca_privatekey_content).
|
- The passphrase for the O(ownca_privatekey_path) resp. O(ownca_privatekey_content).
|
||||||
- This is only used by the V(ownca) provider.
|
- This is only used by the V(ownca) provider.
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
ownca_digest:
|
ownca_digest:
|
||||||
description:
|
description:
|
||||||
- The digest algorithm to be used for the V(ownca) certificate.
|
- The digest algorithm to be used for the V(ownca) certificate.
|
||||||
- This is only used by the V(ownca) provider.
|
- This is only used by the V(ownca) provider.
|
||||||
type: str
|
type: str
|
||||||
default: sha256
|
default: sha256
|
||||||
|
|
||||||
ownca_version:
|
ownca_version:
|
||||||
description:
|
description:
|
||||||
- The version of the V(ownca) certificate.
|
- The version of the V(ownca) certificate.
|
||||||
- Nowadays it should almost always be V(3).
|
- Nowadays it should almost always be V(3).
|
||||||
- This is only used by the V(ownca) provider.
|
- This is only used by the V(ownca) provider.
|
||||||
type: int
|
type: int
|
||||||
default: 3
|
default: 3
|
||||||
|
|
||||||
ownca_not_before:
|
ownca_not_before:
|
||||||
description:
|
description:
|
||||||
- The point in time the certificate is valid from.
|
- The point in time the certificate is valid from.
|
||||||
- Time can be specified either as relative time or as absolute timestamp.
|
- Time can be specified either as relative time or as absolute timestamp.
|
||||||
- Time will always be interpreted as UTC.
|
- Time will always be interpreted as UTC.
|
||||||
- Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
|
- Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
|
||||||
+ C([w | d | h | m | s]) (for example V(+32w1d2h)).
|
+ C([w | d | h | m | s]) (for example V(+32w1d2h)).
|
||||||
- If this value is not specified, the certificate will start being valid from now.
|
- If this value is not specified, the certificate will start being valid from now.
|
||||||
- Note that this value is B(not used to determine whether an existing certificate should be regenerated).
|
- Note that this value is B(not used to determine whether an existing certificate should be regenerated).
|
||||||
This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should
|
This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should
|
||||||
avoid relative timestamps when setting O(ignore_timestamps=false).
|
avoid relative timestamps when setting O(ignore_timestamps=false).
|
||||||
- This is only used by the V(ownca) provider.
|
- This is only used by the V(ownca) provider.
|
||||||
type: str
|
type: str
|
||||||
default: +0s
|
default: +0s
|
||||||
|
|
||||||
ownca_not_after:
|
ownca_not_after:
|
||||||
description:
|
description:
|
||||||
- The point in time at which the certificate stops being valid.
|
- The point in time at which the certificate stops being valid.
|
||||||
- Time can be specified either as relative time or as absolute timestamp.
|
- Time can be specified either as relative time or as absolute timestamp.
|
||||||
- Time will always be interpreted as UTC.
|
- Time will always be interpreted as UTC.
|
||||||
- Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
|
- Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
|
||||||
+ C([w | d | h | m | s]) (for example V(+32w1d2h)).
|
+ C([w | d | h | m | s]) (for example V(+32w1d2h)).
|
||||||
- If this value is not specified, the certificate will stop being valid 10 years from now.
|
- If this value is not specified, the certificate will stop being valid 10 years from now.
|
||||||
- Note that this value is B(not used to determine whether an existing certificate should be regenerated).
|
- Note that this value is B(not used to determine whether an existing certificate should be regenerated).
|
||||||
This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should
|
This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should
|
||||||
avoid relative timestamps when setting O(ignore_timestamps=false).
|
avoid relative timestamps when setting O(ignore_timestamps=false).
|
||||||
- This is only used by the V(ownca) provider.
|
- This is only used by the V(ownca) provider.
|
||||||
- On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer.
|
- On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer.
|
||||||
Please see U(https://support.apple.com/en-us/HT210176) for more details.
|
Please see U(https://support.apple.com/en-us/HT210176) for more details.
|
||||||
type: str
|
type: str
|
||||||
default: +3650d
|
default: +3650d
|
||||||
|
|
||||||
ownca_create_subject_key_identifier:
|
ownca_create_subject_key_identifier:
|
||||||
description:
|
description:
|
||||||
- Whether to create the Subject Key Identifier (SKI) from the public key.
|
- Whether to create the Subject Key Identifier (SKI) from the public key.
|
||||||
- A value of V(create_if_not_provided) (default) only creates a SKI when the CSR does not
|
- A value of V(create_if_not_provided) (default) only creates a SKI when the CSR does not
|
||||||
provide one.
|
provide one.
|
||||||
- A value of V(always_create) always creates a SKI. If the CSR provides one, that one is
|
- A value of V(always_create) always creates a SKI. If the CSR provides one, that one is
|
||||||
ignored.
|
ignored.
|
||||||
- A value of V(never_create) never creates a SKI. If the CSR provides one, that one is used.
|
- A value of V(never_create) never creates a SKI. If the CSR provides one, that one is used.
|
||||||
- This is only used by the V(ownca) provider.
|
- This is only used by the V(ownca) provider.
|
||||||
- Note that this is only supported if the C(cryptography) backend is used!
|
- Note that this is only supported if the C(cryptography) backend is used!
|
||||||
type: str
|
type: str
|
||||||
choices: [create_if_not_provided, always_create, never_create]
|
choices: [create_if_not_provided, always_create, never_create]
|
||||||
default: create_if_not_provided
|
default: create_if_not_provided
|
||||||
|
|
||||||
ownca_create_authority_key_identifier:
|
ownca_create_authority_key_identifier:
|
||||||
description:
|
description:
|
||||||
- Create a Authority Key Identifier from the CA's certificate. If the CSR provided
|
- Create a Authority Key Identifier from the CA's certificate. If the CSR provided
|
||||||
a authority key identifier, it is ignored.
|
a authority key identifier, it is ignored.
|
||||||
- The Authority Key Identifier is generated from the CA certificate's Subject Key Identifier,
|
- The Authority Key Identifier is generated from the CA certificate's Subject Key Identifier,
|
||||||
if available. If it is not available, the CA certificate's public key will be used.
|
if available. If it is not available, the CA certificate's public key will be used.
|
||||||
- This is only used by the V(ownca) provider.
|
- This is only used by the V(ownca) provider.
|
||||||
- Note that this is only supported if the C(cryptography) backend is used!
|
- Note that this is only supported if the C(cryptography) backend is used!
|
||||||
type: bool
|
type: bool
|
||||||
default: true
|
default: true
|
||||||
'''
|
'''
|
||||||
|
|
||||||
BACKEND_SELFSIGNED_DOCUMENTATION = r'''
|
BACKEND_SELFSIGNED_DOCUMENTATION = r'''
|
||||||
notes:
|
notes:
|
||||||
- For the V(selfsigned) provider, O(csr_path) and O(csr_content) are optional. If not provided, a
|
- For the V(selfsigned) provider, O(csr_path) and O(csr_content) are optional. If not provided, a
|
||||||
certificate without any information (Subject, Subject Alternative Names, Key Usage, etc.) is created.
|
certificate without any information (Subject, Subject Alternative Names, Key Usage, etc.) is created.
|
||||||
|
|
||||||
options:
|
options:
|
||||||
# NOTE: descriptions in options are overwritten, not appended. For that reason, the texts provided
|
# NOTE: descriptions in options are overwritten, not appended. For that reason, the texts provided
|
||||||
# here for csr_path and csr_content are not visible to the user. That's why this information is
|
# here for csr_path and csr_content are not visible to the user. That's why this information is
|
||||||
# added to the notes (see above).
|
# added to the notes (see above).
|
||||||
|
|
||||||
# csr_path:
|
# csr_path:
|
||||||
# description:
|
# description:
|
||||||
# - This is optional for the V(selfsigned) provider. If not provided, a certificate
|
# - This is optional for the V(selfsigned) provider. If not provided, a certificate
|
||||||
# without any information (Subject, Subject Alternative Names, Key Usage, etc.) is
|
# without any information (Subject, Subject Alternative Names, Key Usage, etc.) is
|
||||||
# created.
|
# created.
|
||||||
|
|
||||||
# csr_content:
|
# csr_content:
|
||||||
# description:
|
# description:
|
||||||
# - This is optional for the V(selfsigned) provider. If not provided, a certificate
|
# - This is optional for the V(selfsigned) provider. If not provided, a certificate
|
||||||
# without any information (Subject, Subject Alternative Names, Key Usage, etc.) is
|
# without any information (Subject, Subject Alternative Names, Key Usage, etc.) is
|
||||||
# created.
|
# created.
|
||||||
|
|
||||||
selfsigned_version:
|
selfsigned_version:
|
||||||
description:
|
description:
|
||||||
- Version of the V(selfsigned) certificate.
|
- Version of the V(selfsigned) certificate.
|
||||||
- Nowadays it should almost always be V(3).
|
- Nowadays it should almost always be V(3).
|
||||||
- This is only used by the V(selfsigned) provider.
|
- This is only used by the V(selfsigned) provider.
|
||||||
type: int
|
type: int
|
||||||
default: 3
|
default: 3
|
||||||
|
|
||||||
selfsigned_digest:
|
selfsigned_digest:
|
||||||
description:
|
description:
|
||||||
- Digest algorithm to be used when self-signing the certificate.
|
- Digest algorithm to be used when self-signing the certificate.
|
||||||
- This is only used by the V(selfsigned) provider.
|
- This is only used by the V(selfsigned) provider.
|
||||||
type: str
|
type: str
|
||||||
default: sha256
|
default: sha256
|
||||||
|
|
||||||
selfsigned_not_before:
|
selfsigned_not_before:
|
||||||
description:
|
description:
|
||||||
- The point in time the certificate is valid from.
|
- The point in time the certificate is valid from.
|
||||||
- Time can be specified either as relative time or as absolute timestamp.
|
- Time can be specified either as relative time or as absolute timestamp.
|
||||||
- Time will always be interpreted as UTC.
|
- Time will always be interpreted as UTC.
|
||||||
- Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
|
- Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
|
||||||
+ C([w | d | h | m | s]) (for example V(+32w1d2h)).
|
+ C([w | d | h | m | s]) (for example V(+32w1d2h)).
|
||||||
- If this value is not specified, the certificate will start being valid from now.
|
- If this value is not specified, the certificate will start being valid from now.
|
||||||
- Note that this value is B(not used to determine whether an existing certificate should be regenerated).
|
- Note that this value is B(not used to determine whether an existing certificate should be regenerated).
|
||||||
This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should
|
This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should
|
||||||
avoid relative timestamps when setting O(ignore_timestamps=false).
|
avoid relative timestamps when setting O(ignore_timestamps=false).
|
||||||
- This is only used by the V(selfsigned) provider.
|
- This is only used by the V(selfsigned) provider.
|
||||||
type: str
|
type: str
|
||||||
default: +0s
|
default: +0s
|
||||||
aliases: [ selfsigned_notBefore ]
|
aliases: [ selfsigned_notBefore ]
|
||||||
|
|
||||||
selfsigned_not_after:
|
selfsigned_not_after:
|
||||||
description:
|
description:
|
||||||
- The point in time at which the certificate stops being valid.
|
- The point in time at which the certificate stops being valid.
|
||||||
- Time can be specified either as relative time or as absolute timestamp.
|
- Time can be specified either as relative time or as absolute timestamp.
|
||||||
- Time will always be interpreted as UTC.
|
- Time will always be interpreted as UTC.
|
||||||
- Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
|
- Valid format is C([+-]timespec | ASN.1 TIME) where timespec can be an integer
|
||||||
+ C([w | d | h | m | s]) (for example V(+32w1d2h)).
|
+ C([w | d | h | m | s]) (for example V(+32w1d2h)).
|
||||||
- If this value is not specified, the certificate will stop being valid 10 years from now.
|
- If this value is not specified, the certificate will stop being valid 10 years from now.
|
||||||
- Note that this value is B(not used to determine whether an existing certificate should be regenerated).
|
- Note that this value is B(not used to determine whether an existing certificate should be regenerated).
|
||||||
This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should
|
This can be changed by setting the O(ignore_timestamps) option to V(false). Please note that you should
|
||||||
avoid relative timestamps when setting O(ignore_timestamps=false).
|
avoid relative timestamps when setting O(ignore_timestamps=false).
|
||||||
- This is only used by the V(selfsigned) provider.
|
- This is only used by the V(selfsigned) provider.
|
||||||
- On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer.
|
- On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer.
|
||||||
Please see U(https://support.apple.com/en-us/HT210176) for more details.
|
Please see U(https://support.apple.com/en-us/HT210176) for more details.
|
||||||
type: str
|
type: str
|
||||||
default: +3650d
|
default: +3650d
|
||||||
aliases: [ selfsigned_notAfter ]
|
aliases: [ selfsigned_notAfter ]
|
||||||
|
|
||||||
selfsigned_create_subject_key_identifier:
|
selfsigned_create_subject_key_identifier:
|
||||||
description:
|
description:
|
||||||
- Whether to create the Subject Key Identifier (SKI) from the public key.
|
- Whether to create the Subject Key Identifier (SKI) from the public key.
|
||||||
- A value of V(create_if_not_provided) (default) only creates a SKI when the CSR does not
|
- A value of V(create_if_not_provided) (default) only creates a SKI when the CSR does not
|
||||||
provide one.
|
provide one.
|
||||||
- A value of V(always_create) always creates a SKI. If the CSR provides one, that one is
|
- A value of V(always_create) always creates a SKI. If the CSR provides one, that one is
|
||||||
ignored.
|
ignored.
|
||||||
- A value of V(never_create) never creates a SKI. If the CSR provides one, that one is used.
|
- A value of V(never_create) never creates a SKI. If the CSR provides one, that one is used.
|
||||||
- This is only used by the V(selfsigned) provider.
|
- This is only used by the V(selfsigned) provider.
|
||||||
- Note that this is only supported if the C(cryptography) backend is used!
|
- Note that this is only supported if the C(cryptography) backend is used!
|
||||||
type: str
|
type: str
|
||||||
choices: [create_if_not_provided, always_create, never_create]
|
choices: [create_if_not_provided, always_create, never_create]
|
||||||
default: create_if_not_provided
|
default: create_if_not_provided
|
||||||
'''
|
'''
|
||||||
|
|
Loading…
Reference in New Issue