Class: Ansible::Ruby::Modules::Openssl_certificate

Inherits:

Base

• Object
• Ansible::Ruby::Models::Base
• Base
• Ansible::Ruby::Modules::Openssl_certificate

Defined in:

lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb

Overview

This module allows one to (re)generate OpenSSL certificates. It implements a notion of provider (ie. C(selfsigned), C(ownca), C(acme), C(assertonly)) for your certificate. The ‘assertonly’ provider is intended for use cases where one is only interested in checking properties of a supplied certificate. The ‘ownca’ provider is intended for generate OpenSSL certificate signed with your own CA (Certificate Authority) certificate (self-signed certificate). Many properties that can be specified in this module are for validation of an existing or newly generated certificate. The proper place to specify them, if you want to receive a certificate with these properties is a CSR (Certificate Signing Request). It uses the pyOpenSSL python library to interact with OpenSSL.

Instance Method Summary

• #acme_accountkey_path ⇒ String^?

  Path to the accountkey for the C(acme) provider.

• #acme_chain ⇒ Boolean^?

  Include the intermediate certificate to the generated certificate.

• #acme_challenge_path ⇒ String^?

  Path to the ACME challenge directory that is served on U(http://<HOST>:80/.well-known/acme-challenge/).

• #csr_path ⇒ String^?

  Path to the Certificate Signing Request (CSR) used to generate this certificate.

• #extended_key_usage ⇒ Array<String>, ...

  The I(extended_key_usage) extension field must contain all these values.

• #extended_key_usage_strict ⇒ Symbol^?

  If set to True, the I(extended_key_usage) extension field must contain only these values.

• #force ⇒ Symbol^?

  Generate the certificate, even if it already exists.

• #has_expired ⇒ Symbol^?

  Checks if the certificate is expired/not expired at the time the module is executed.

• #invalid_at ⇒ Object^?

  The certificate must be invalid at this point in time.

• #issuer ⇒ Hash^?

  Key/value pairs that must be present in the issuer name field of the certificate.

• #issuer_strict ⇒ Symbol^?

  If set to True, the I(issuer) field must contain only these values.

• #key_usage ⇒ Array<String>, ...

  The I(key_usage) extension field must contain all these values.

• #key_usage_strict ⇒ Symbol^?

  If set to True, the I(key_usage) extension field must contain only these values.

• #not_after ⇒ Object^?

  The certificate must expire at this point in time.

• #not_before ⇒ Object^?

  The certificate must start to become valid at this point in time.

• #ownca_digest ⇒ String^?

  Digest algorithm to be used for the C(ownca) certificate.

• #ownca_not_after ⇒ Object^?

  The timestamp at which the certificate stops being valid.

• #ownca_not_before ⇒ Object^?

  The timestamp at which the certificate starts being valid.

• #ownca_path ⇒ String^?

  Remote absolute path of the CA (Certificate Authority) certificate.

• #ownca_privatekey_passphrase ⇒ Object^?

  The passphrase for the I(ownca_privatekey_path).

• #ownca_privatekey_path ⇒ String^?

  Path to the CA (Certificate Authority) private key to use when signing the certificate.

• #ownca_version ⇒ Integer^?

  Version of the C(ownca) certificate.

• #path ⇒ String

  Remote absolute path where the generated certificate file should be created or is already located.

• #privatekey_passphrase ⇒ Object^?

  The passphrase for the I(privatekey_path).

• #privatekey_path ⇒ String^?

  Path to the private key to use when signing the certificate.

• #provider ⇒ :selfsigned, ...

  Name of the provider to use to generate/retrieve the OpenSSL certificate.

• #selfsigned_digest ⇒ String^?

  Digest algorithm to be used when self-signing the certificate.

• #selfsigned_not_after ⇒ Object^?

  The timestamp at which the certificate stops being valid.

• #selfsigned_not_before ⇒ Object^?

  The timestamp at which the certificate starts being valid.

• #selfsigned_version ⇒ Integer^?

  Version of the C(selfsigned) certificate.

• #signature_algorithms ⇒ Array<String>, ...

  List of algorithms that you would accept the certificate to be signed with (e.g. [‘sha256WithRSAEncryption’, ‘sha512WithRSAEncryption’]).

• #state ⇒ :present, ...

  Whether the certificate should exist or not, taking action if the state is different from what is stated.

• #subject ⇒ Object^?

  Key/value pairs that must be present in the subject name field of the certificate.

• #subject_alt_name ⇒ Array<String>, ...

  The I(subject_alt_name) extension field must contain these values.

• #subject_alt_name_strict ⇒ Symbol^?

  If set to True, the I(subject_alt_name) extension field must contain only these values.

• #subject_strict ⇒ Symbol^?

  If set to True, the I(subject) field must contain only these values.

• #valid_at ⇒ String^?

  The certificate must be valid at this point in time.

• #valid_in ⇒ Integer^?

  The certificate must still be valid in I(valid_in) seconds from now.

• #version ⇒ Object^?

  Version of the certificate.

Methods inherited from Base

#ansible_name, #to_h

Methods inherited from Ansible::Ruby::Models::Base

attr_option, attr_options, attribute, fix_inclusion, #initialize, remove_existing_validations, #to_h, validates

Constructor Details

This class inherits a constructor from Ansible::Ruby::Models::Base

Instance Method Details

#acme_accountkey_path ⇒ String^?

Returns Path to the accountkey for the C(acme) provider.

Returns:

• (String, nil) —

  Path to the accountkey for the C(acme) provider

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 78

attribute :acme_accountkey_path

#acme_chain ⇒ Boolean^?

Returns Include the intermediate certificate to the generated certificate.

Returns:

• (Boolean, nil) —

  Include the intermediate certificate to the generated certificate

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 86

attribute :acme_chain

#acme_challenge_path ⇒ String^?

Returns Path to the ACME challenge directory that is served on U(http://<HOST>:80/.well-known/acme-challenge/).

Returns:

• (String, nil) —

  Path to the ACME challenge directory that is served on U(http://<HOST>:80/.well-known/acme-challenge/)

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 82

attribute :acme_challenge_path

#csr_path ⇒ String^?

Returns Path to the Certificate Signing Request (CSR) used to generate this certificate. This is not required in C(assertonly) mode.

Returns:

• (String, nil) —

  Path to the Certificate Signing Request (CSR) used to generate this certificate. This is not required in C(assertonly) mode.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 28

attribute :csr_path

#extended_key_usage ⇒ Array<String>, ...

Returns The I(extended_key_usage) extension field must contain all these values.

Returns:

• (Array<String>, String, nil) —

  The I(extended_key_usage) extension field must contain all these values.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 141

attribute :extended_key_usage

#extended_key_usage_strict ⇒ Symbol^?

Returns If set to True, the I(extended_key_usage) extension field must contain only these values.

Returns:

• (Symbol, nil) —

  If set to True, the I(extended_key_usage) extension field must contain only these values.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 145

attribute :extended_key_usage_strict

#force ⇒ Symbol^?

Returns Generate the certificate, even if it already exists.

Returns:

• (Symbol, nil) —

  Generate the certificate, even if it already exists.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 24

attribute :force

#has_expired ⇒ Symbol^?

Returns Checks if the certificate is expired/not expired at the time the module is executed.

Returns:

• (Symbol, nil) —

  Checks if the certificate is expired/not expired at the time the module is executed.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 109

attribute :has_expired

#invalid_at ⇒ Object^?

Returns The certificate must be invalid at this point in time. The timestamp is formatted as an ASN.1 TIME.

Returns:

• (Object, nil) —

  The certificate must be invalid at this point in time. The timestamp is formatted as an ASN.1 TIME.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 120

attribute :invalid_at

#issuer ⇒ Hash^?

Returns Key/value pairs that must be present in the issuer name field of the certificate. If you need to specify more than one value with the same key, use a list as value.

Returns:

• (Hash, nil) —

  Key/value pairs that must be present in the issuer name field of the certificate. If you need to specify more than one value with the same key, use a list as value.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 94

attribute :issuer

#issuer_strict ⇒ Symbol^?

Returns If set to True, the I(issuer) field must contain only these values.

Returns:

• (Symbol, nil) —

  If set to True, the I(issuer) field must contain only these values.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 98

attribute :issuer_strict

#key_usage ⇒ Array<String>, ...

Returns The I(key_usage) extension field must contain all these values.

Returns:

• (Array<String>, String, nil) —

  The I(key_usage) extension field must contain all these values.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 133

attribute :key_usage

#key_usage_strict ⇒ Symbol^?

Returns If set to True, the I(key_usage) extension field must contain only these values.

Returns:

• (Symbol, nil) —

  If set to True, the I(key_usage) extension field must contain only these values.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 137

attribute :key_usage_strict

#not_after ⇒ Object^?

Returns The certificate must expire at this point in time. The timestamp is formatted as an ASN.1 TIME.

Returns:

• (Object, nil) —

  The certificate must expire at this point in time. The timestamp is formatted as an ASN.1 TIME.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 126

attribute :not_after

#not_before ⇒ Object^?

Returns The certificate must start to become valid at this point in time. The timestamp is formatted as an ASN.1 TIME.

Returns:

• (Object, nil) —

  The certificate must start to become valid at this point in time. The timestamp is formatted as an ASN.1 TIME.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 123

attribute :not_before

#ownca_digest ⇒ String^?

Returns Digest algorithm to be used for the C(ownca) certificate.

Returns:

• (String, nil) —

  Digest algorithm to be used for the C(ownca) certificate.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 64

attribute :ownca_digest

#ownca_not_after ⇒ Object^?

Returns The timestamp at which the certificate stops being valid. The timestamp is formatted as an ASN.1 TIME. If this value is not specified, certificate will stop being valid 10 years from now.

Returns:

• (Object, nil) —

  The timestamp at which the certificate stops being valid. The timestamp is formatted as an ASN.1 TIME. If this value is not specified, certificate will stop being valid 10 years from now.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 75

attribute :ownca_not_after

#ownca_not_before ⇒ Object^?

Returns The timestamp at which the certificate starts being valid. The timestamp is formatted as an ASN.1 TIME. If this value is not specified, certificate will start being valid from now.

Returns:

• (Object, nil) —

  The timestamp at which the certificate starts being valid. The timestamp is formatted as an ASN.1 TIME. If this value is not specified, certificate will start being valid from now.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 72

attribute :ownca_not_before

#ownca_path ⇒ String^?

Returns Remote absolute path of the CA (Certificate Authority) certificate.

Returns:

• (String, nil) —

  Remote absolute path of the CA (Certificate Authority) certificate.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 53

attribute :ownca_path

#ownca_privatekey_passphrase ⇒ Object^?

Returns The passphrase for the I(ownca_privatekey_path).

Returns:

• (Object, nil) —

  The passphrase for the I(ownca_privatekey_path).

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 61

attribute :ownca_privatekey_passphrase

#ownca_privatekey_path ⇒ String^?

Returns Path to the CA (Certificate Authority) private key to use when signing the certificate.

Returns:

• (String, nil) —

  Path to the CA (Certificate Authority) private key to use when signing the certificate.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 57

attribute :ownca_privatekey_path

#ownca_version ⇒ Integer^?

Returns Version of the C(ownca) certificate. Nowadays it should almost always be C(3).

Returns:

• (Integer, nil) —

  Version of the C(ownca) certificate. Nowadays it should almost always be C(3).

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 68

attribute :ownca_version

#path ⇒ String

Returns Remote absolute path where the generated certificate file should be created or is already located.

Returns:

• (String) —

  Remote absolute path where the generated certificate file should be created or is already located.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 16

attribute :path

#privatekey_passphrase ⇒ Object^?

Returns The passphrase for the I(privatekey_path).

Returns:

• (Object, nil) —

  The passphrase for the I(privatekey_path).

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 36

attribute :privatekey_passphrase

#privatekey_path ⇒ String^?

Returns Path to the private key to use when signing the certificate.

Returns:

• (String, nil) —

  Path to the private key to use when signing the certificate.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 32

attribute :privatekey_path

#provider ⇒ :selfsigned, ...

Returns Name of the provider to use to generate/retrieve the OpenSSL certificate. The C(assertonly) provider will not generate files and fail if the certificate file is missing.

Returns:

• (:selfsigned, :ownca, :assertonly, :acme) —

  Name of the provider to use to generate/retrieve the OpenSSL certificate. The C(assertonly) provider will not generate files and fail if the certificate file is missing.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 20

attribute :provider

#selfsigned_digest ⇒ String^?

Returns Digest algorithm to be used when self-signing the certificate.

Returns:

• (String, nil) —

  Digest algorithm to be used when self-signing the certificate

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 43

attribute :selfsigned_digest

#selfsigned_not_after ⇒ Object^?

Returns The timestamp at which the certificate stops being valid. The timestamp is formatted as an ASN.1 TIME. If this value is not specified, certificate will stop being valid 10 years from now.

Returns:

• (Object, nil) —

  The timestamp at which the certificate stops being valid. The timestamp is formatted as an ASN.1 TIME. If this value is not specified, certificate will stop being valid 10 years from now.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 50

attribute :selfsigned_not_after

#selfsigned_not_before ⇒ Object^?

Returns The timestamp at which the certificate starts being valid. The timestamp is formatted as an ASN.1 TIME. If this value is not specified, certificate will start being valid from now.

Returns:

• (Object, nil) —

  The timestamp at which the certificate starts being valid. The timestamp is formatted as an ASN.1 TIME. If this value is not specified, certificate will start being valid from now.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 47

attribute :selfsigned_not_before

#selfsigned_version ⇒ Integer^?

Returns Version of the C(selfsigned) certificate. Nowadays it should almost always be C(3).

Returns:

• (Integer, nil) —

  Version of the C(selfsigned) certificate. Nowadays it should almost always be C(3).

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 39

attribute :selfsigned_version

#signature_algorithms ⇒ Array<String>, ...

Returns list of algorithms that you would accept the certificate to be signed with (e.g. [‘sha256WithRSAEncryption’, ‘sha512WithRSAEncryption’]).

Returns:

• (Array<String>, String, nil) —

  list of algorithms that you would accept the certificate to be signed with (e.g. [‘sha256WithRSAEncryption’, ‘sha512WithRSAEncryption’]).

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 90

attribute :signature_algorithms

#state ⇒ :present, ...

Returns Whether the certificate should exist or not, taking action if the state is different from what is stated.

Returns:

• (:present, :absent, nil) —

  Whether the certificate should exist or not, taking action if the state is different from what is stated.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 12

attribute :state

#subject ⇒ Object^?

Returns Key/value pairs that must be present in the subject name field of the certificate. If you need to specify more than one value with the same key, use a list as value.

Returns:

• (Object, nil) —

  Key/value pairs that must be present in the subject name field of the certificate. If you need to specify more than one value with the same key, use a list as value.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 102

attribute :subject

#subject_alt_name ⇒ Array<String>, ...

Returns The I(subject_alt_name) extension field must contain these values.

Returns:

• (Array<String>, String, nil) —

  The I(subject_alt_name) extension field must contain these values.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 149

attribute :subject_alt_name

#subject_alt_name_strict ⇒ Symbol^?

Returns If set to True, the I(subject_alt_name) extension field must contain only these values.

Returns:

• (Symbol, nil) —

  If set to True, the I(subject_alt_name) extension field must contain only these values.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 153

attribute :subject_alt_name_strict

#subject_strict ⇒ Symbol^?

Returns If set to True, the I(subject) field must contain only these values.

Returns:

• (Symbol, nil) —

  If set to True, the I(subject) field must contain only these values.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 105

attribute :subject_strict

#valid_at ⇒ String^?

Returns The certificate must be valid at this point in time. The timestamp is formatted as an ASN.1 TIME.

Returns:

• (String, nil) —

  The certificate must be valid at this point in time. The timestamp is formatted as an ASN.1 TIME.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 116

attribute :valid_at

#valid_in ⇒ Integer^?

Returns The certificate must still be valid in I(valid_in) seconds from now.

Returns:

• (Integer, nil) —

  The certificate must still be valid in I(valid_in) seconds from now.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 129

attribute :valid_in

#version ⇒ Object^?

Returns Version of the certificate. Nowadays it should almost always be 3.

Returns:

• (Object, nil) —

  Version of the certificate. Nowadays it should almost always be 3.

# File 'lib/ansible/ruby/modules/generated/crypto/openssl_certificate.rb', line 113

attribute :version