mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Add TLS certs params to redis (#8654)
* add tls params to redis * add PR number * add example * move doc to redis fragment * Update changelogs/fragments/8654-add-redis-tls-params.yml Co-authored-by: Felix Fontein <felix@fontein.de> * rm aliases and add version_added --------- Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
58f9860ba7
commit
52126b8fae
5 changed files with 37 additions and 1 deletions
2
changelogs/fragments/8654-add-redis-tls-params.yml
Normal file
2
changelogs/fragments/8654-add-redis-tls-params.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
minor_changes:
|
||||||
|
- redis, redis_info - add ``client_cert`` and ``client_key`` options to specify path to certificate for Redis authentication (https://github.com/ansible-collections/community.general/pull/8654).
|
|
@ -49,6 +49,16 @@ options:
|
||||||
- Path to root certificates file. If not set and O(tls) is
|
- Path to root certificates file. If not set and O(tls) is
|
||||||
set to V(true), certifi ca-certificates will be used.
|
set to V(true), certifi ca-certificates will be used.
|
||||||
type: str
|
type: str
|
||||||
|
client_cert_file:
|
||||||
|
description:
|
||||||
|
- Path to the client certificate file.
|
||||||
|
type: str
|
||||||
|
version_added: 9.3.0
|
||||||
|
client_key_file:
|
||||||
|
description:
|
||||||
|
- Path to the client private key file.
|
||||||
|
type: str
|
||||||
|
version_added: 9.3.0
|
||||||
requirements: [ "redis", "certifi" ]
|
requirements: [ "redis", "certifi" ]
|
||||||
|
|
||||||
notes:
|
notes:
|
||||||
|
|
|
@ -57,7 +57,9 @@ def redis_auth_argument_spec(tls_default=True):
|
||||||
validate_certs=dict(type='bool',
|
validate_certs=dict(type='bool',
|
||||||
default=True
|
default=True
|
||||||
),
|
),
|
||||||
ca_certs=dict(type='str')
|
ca_certs=dict(type='str'),
|
||||||
|
client_cert_file=dict(type='str'),
|
||||||
|
client_key_file=dict(type='str'),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@ -71,6 +73,8 @@ def redis_auth_params(module):
|
||||||
ca_certs = module.params['ca_certs']
|
ca_certs = module.params['ca_certs']
|
||||||
if tls and ca_certs is None:
|
if tls and ca_certs is None:
|
||||||
ca_certs = str(certifi.where())
|
ca_certs = str(certifi.where())
|
||||||
|
client_cert_file = module.params['client_cert_file']
|
||||||
|
client_key_file = module.params['client_key_file']
|
||||||
if tuple(map(int, redis_version.split('.'))) < (3, 4, 0) and login_user is not None:
|
if tuple(map(int, redis_version.split('.'))) < (3, 4, 0) and login_user is not None:
|
||||||
module.fail_json(
|
module.fail_json(
|
||||||
msg='The option `username` in only supported with redis >= 3.4.0.')
|
msg='The option `username` in only supported with redis >= 3.4.0.')
|
||||||
|
@ -78,6 +82,8 @@ def redis_auth_params(module):
|
||||||
'port': login_port,
|
'port': login_port,
|
||||||
'password': login_password,
|
'password': login_password,
|
||||||
'ssl_ca_certs': ca_certs,
|
'ssl_ca_certs': ca_certs,
|
||||||
|
'ssl_certfile': client_cert_file,
|
||||||
|
'ssl_keyfile': client_key_file,
|
||||||
'ssl_cert_reqs': validate_certs,
|
'ssl_cert_reqs': validate_certs,
|
||||||
'ssl': tls}
|
'ssl': tls}
|
||||||
if login_user is not None:
|
if login_user is not None:
|
||||||
|
|
|
@ -132,6 +132,16 @@ EXAMPLES = '''
|
||||||
command: config
|
command: config
|
||||||
name: lua-time-limit
|
name: lua-time-limit
|
||||||
value: 100
|
value: 100
|
||||||
|
|
||||||
|
- name: Connect using TLS and certificate authentication
|
||||||
|
community.general.redis:
|
||||||
|
command: config
|
||||||
|
name: lua-time-limit
|
||||||
|
value: 100
|
||||||
|
tls: true
|
||||||
|
ca_certs: /etc/redis/certs/ca.crt
|
||||||
|
client_cert_file: /etc/redis/certs/redis.crt
|
||||||
|
client_key_file: /etc/redis/certs/redis.key
|
||||||
'''
|
'''
|
||||||
|
|
||||||
import traceback
|
import traceback
|
||||||
|
|
|
@ -55,6 +55,8 @@ class TestRedisInfoModule(ModuleTestCase):
|
||||||
'password': None,
|
'password': None,
|
||||||
'ssl': False,
|
'ssl': False,
|
||||||
'ssl_ca_certs': None,
|
'ssl_ca_certs': None,
|
||||||
|
'ssl_certfile': None,
|
||||||
|
'ssl_keyfile': None,
|
||||||
'ssl_cert_reqs': 'required'},))
|
'ssl_cert_reqs': 'required'},))
|
||||||
self.assertEqual(result.exception.args[0]['info']['redis_version'], '999.999.999')
|
self.assertEqual(result.exception.args[0]['info']['redis_version'], '999.999.999')
|
||||||
|
|
||||||
|
@ -74,6 +76,8 @@ class TestRedisInfoModule(ModuleTestCase):
|
||||||
'password': 'PASS',
|
'password': 'PASS',
|
||||||
'ssl': False,
|
'ssl': False,
|
||||||
'ssl_ca_certs': None,
|
'ssl_ca_certs': None,
|
||||||
|
'ssl_certfile': None,
|
||||||
|
'ssl_keyfile': None,
|
||||||
'ssl_cert_reqs': 'required'},))
|
'ssl_cert_reqs': 'required'},))
|
||||||
self.assertEqual(result.exception.args[0]['info']['redis_version'], '999.999.999')
|
self.assertEqual(result.exception.args[0]['info']['redis_version'], '999.999.999')
|
||||||
|
|
||||||
|
@ -87,6 +91,8 @@ class TestRedisInfoModule(ModuleTestCase):
|
||||||
'login_password': 'PASS',
|
'login_password': 'PASS',
|
||||||
'tls': True,
|
'tls': True,
|
||||||
'ca_certs': '/etc/ssl/ca.pem',
|
'ca_certs': '/etc/ssl/ca.pem',
|
||||||
|
'client_cert_file': '/etc/ssl/client.pem',
|
||||||
|
'client_key_file': '/etc/ssl/client.key',
|
||||||
'validate_certs': False
|
'validate_certs': False
|
||||||
})
|
})
|
||||||
self.module.main()
|
self.module.main()
|
||||||
|
@ -96,6 +102,8 @@ class TestRedisInfoModule(ModuleTestCase):
|
||||||
'password': 'PASS',
|
'password': 'PASS',
|
||||||
'ssl': True,
|
'ssl': True,
|
||||||
'ssl_ca_certs': '/etc/ssl/ca.pem',
|
'ssl_ca_certs': '/etc/ssl/ca.pem',
|
||||||
|
'ssl_certfile': '/etc/ssl/client.pem',
|
||||||
|
'ssl_keyfile': '/etc/ssl/client.key',
|
||||||
'ssl_cert_reqs': None},))
|
'ssl_cert_reqs': None},))
|
||||||
self.assertEqual(result.exception.args[0]['info']['redis_version'], '999.999.999')
|
self.assertEqual(result.exception.args[0]['info']['redis_version'], '999.999.999')
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue