mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
letsencrypt: add new param force (#37077)
* letsencrypt: add new param force to ignore remaining days * letsencrypt: fix E325
This commit is contained in:
parent
f0dc0b28d4
commit
4705edd1a7
2 changed files with 18 additions and 9 deletions
|
@ -102,7 +102,8 @@ options:
|
|||
- "Boolean indicating whether you agree to the terms of service document."
|
||||
- "ACME servers can require this to be true."
|
||||
- This option will only be used when C(acme_version) is not 1.
|
||||
default: false
|
||||
default: no
|
||||
type: bool
|
||||
version_added: "2.5"
|
||||
challenge:
|
||||
description: The challenge to be performed.
|
||||
|
@ -140,8 +141,6 @@ options:
|
|||
chain_dest:
|
||||
description:
|
||||
- If specified, the intermediate certificate will be written to this file.
|
||||
required: false
|
||||
default: null
|
||||
aliases: ['chain']
|
||||
version_added: 2.5
|
||||
remaining_days:
|
||||
|
@ -156,8 +155,8 @@ options:
|
|||
- Whether calls to the ACME directory will validate TLS certificates.
|
||||
- I(Warning:) Should I(only ever) be set to C(false) for testing purposes,
|
||||
for example when testing against a local Pebble server.
|
||||
required: false
|
||||
default: true
|
||||
default: yes
|
||||
type: bool
|
||||
version_added: 2.5
|
||||
deactivate_authzs:
|
||||
description:
|
||||
|
@ -167,8 +166,17 @@ options:
|
|||
for a certain amount of time, and can be used to issue certificates
|
||||
without having to re-authenticate the domain. This can be a security
|
||||
concern. "
|
||||
required: false
|
||||
default: false
|
||||
default: no
|
||||
type: bool
|
||||
version_added: 2.6
|
||||
force:
|
||||
description:
|
||||
- Enforces the execution of the challenge and validation, even if an
|
||||
existing certificate is still valid.
|
||||
- This is especially helpful when having an updated CSR e.g. with
|
||||
additional domains for which a new certificate is desired.
|
||||
default: no
|
||||
type: bool
|
||||
version_added: 2.6
|
||||
'''
|
||||
|
||||
|
@ -1281,6 +1289,7 @@ def main():
|
|||
remaining_days=dict(required=False, default=10, type='int'),
|
||||
validate_certs=dict(required=False, default=True, type='bool'),
|
||||
deactivate_authzs=dict(required=False, default=False, type='bool'),
|
||||
force=dict(required=False, default=False, type='bool'),
|
||||
),
|
||||
required_one_of=(
|
||||
['account_key_src', 'account_key_content'],
|
||||
|
@ -1306,7 +1315,8 @@ def main():
|
|||
cert_days = get_cert_days(module, module.params['dest'])
|
||||
else:
|
||||
cert_days = get_cert_days(module, module.params['fullchain_dest'])
|
||||
if cert_days < module.params['remaining_days']:
|
||||
|
||||
if module.params['force'] or cert_days < module.params['remaining_days']:
|
||||
# If checkmode is active, base the changed state solely on the status
|
||||
# of the certificate file as all other actions (accessing an account, checking
|
||||
# the authorization status...) would lead to potential changes of the current
|
||||
|
|
|
@ -2186,5 +2186,4 @@ lib/ansible/modules/web_infrastructure/jenkins_script.py E325
|
|||
lib/ansible/modules/web_infrastructure/jira.py E322
|
||||
lib/ansible/modules/web_infrastructure/jira.py E324
|
||||
lib/ansible/modules/web_infrastructure/jira.py E325
|
||||
lib/ansible/modules/web_infrastructure/letsencrypt.py E325
|
||||
lib/ansible/modules/web_infrastructure/taiga_issue.py E324
|
||||
|
|
Loading…
Reference in a new issue