1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Add TLS certs params to redis (#8654)

* add tls params to redis

* add PR number

* add example

* move doc to redis fragment

* Update changelogs/fragments/8654-add-redis-tls-params.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* rm aliases and add version_added

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Matthieu Bourgain 2024-07-23 18:01:37 +02:00 committed by GitHub
parent 58f9860ba7
commit 52126b8fae
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 37 additions and 1 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- redis, redis_info - add ``client_cert`` and ``client_key`` options to specify path to certificate for Redis authentication (https://github.com/ansible-collections/community.general/pull/8654).

View file

@ -49,6 +49,16 @@ options:
- Path to root certificates file. If not set and O(tls) is - Path to root certificates file. If not set and O(tls) is
set to V(true), certifi ca-certificates will be used. set to V(true), certifi ca-certificates will be used.
type: str type: str
client_cert_file:
description:
- Path to the client certificate file.
type: str
version_added: 9.3.0
client_key_file:
description:
- Path to the client private key file.
type: str
version_added: 9.3.0
requirements: [ "redis", "certifi" ] requirements: [ "redis", "certifi" ]
notes: notes:

View file

@ -57,7 +57,9 @@ def redis_auth_argument_spec(tls_default=True):
validate_certs=dict(type='bool', validate_certs=dict(type='bool',
default=True default=True
), ),
ca_certs=dict(type='str') ca_certs=dict(type='str'),
client_cert_file=dict(type='str'),
client_key_file=dict(type='str'),
) )
@ -71,6 +73,8 @@ def redis_auth_params(module):
ca_certs = module.params['ca_certs'] ca_certs = module.params['ca_certs']
if tls and ca_certs is None: if tls and ca_certs is None:
ca_certs = str(certifi.where()) ca_certs = str(certifi.where())
client_cert_file = module.params['client_cert_file']
client_key_file = module.params['client_key_file']
if tuple(map(int, redis_version.split('.'))) < (3, 4, 0) and login_user is not None: if tuple(map(int, redis_version.split('.'))) < (3, 4, 0) and login_user is not None:
module.fail_json( module.fail_json(
msg='The option `username` in only supported with redis >= 3.4.0.') msg='The option `username` in only supported with redis >= 3.4.0.')
@ -78,6 +82,8 @@ def redis_auth_params(module):
'port': login_port, 'port': login_port,
'password': login_password, 'password': login_password,
'ssl_ca_certs': ca_certs, 'ssl_ca_certs': ca_certs,
'ssl_certfile': client_cert_file,
'ssl_keyfile': client_key_file,
'ssl_cert_reqs': validate_certs, 'ssl_cert_reqs': validate_certs,
'ssl': tls} 'ssl': tls}
if login_user is not None: if login_user is not None:

View file

@ -132,6 +132,16 @@ EXAMPLES = '''
command: config command: config
name: lua-time-limit name: lua-time-limit
value: 100 value: 100
- name: Connect using TLS and certificate authentication
community.general.redis:
command: config
name: lua-time-limit
value: 100
tls: true
ca_certs: /etc/redis/certs/ca.crt
client_cert_file: /etc/redis/certs/redis.crt
client_key_file: /etc/redis/certs/redis.key
''' '''
import traceback import traceback

View file

@ -55,6 +55,8 @@ class TestRedisInfoModule(ModuleTestCase):
'password': None, 'password': None,
'ssl': False, 'ssl': False,
'ssl_ca_certs': None, 'ssl_ca_certs': None,
'ssl_certfile': None,
'ssl_keyfile': None,
'ssl_cert_reqs': 'required'},)) 'ssl_cert_reqs': 'required'},))
self.assertEqual(result.exception.args[0]['info']['redis_version'], '999.999.999') self.assertEqual(result.exception.args[0]['info']['redis_version'], '999.999.999')
@ -74,6 +76,8 @@ class TestRedisInfoModule(ModuleTestCase):
'password': 'PASS', 'password': 'PASS',
'ssl': False, 'ssl': False,
'ssl_ca_certs': None, 'ssl_ca_certs': None,
'ssl_certfile': None,
'ssl_keyfile': None,
'ssl_cert_reqs': 'required'},)) 'ssl_cert_reqs': 'required'},))
self.assertEqual(result.exception.args[0]['info']['redis_version'], '999.999.999') self.assertEqual(result.exception.args[0]['info']['redis_version'], '999.999.999')
@ -87,6 +91,8 @@ class TestRedisInfoModule(ModuleTestCase):
'login_password': 'PASS', 'login_password': 'PASS',
'tls': True, 'tls': True,
'ca_certs': '/etc/ssl/ca.pem', 'ca_certs': '/etc/ssl/ca.pem',
'client_cert_file': '/etc/ssl/client.pem',
'client_key_file': '/etc/ssl/client.key',
'validate_certs': False 'validate_certs': False
}) })
self.module.main() self.module.main()
@ -96,6 +102,8 @@ class TestRedisInfoModule(ModuleTestCase):
'password': 'PASS', 'password': 'PASS',
'ssl': True, 'ssl': True,
'ssl_ca_certs': '/etc/ssl/ca.pem', 'ssl_ca_certs': '/etc/ssl/ca.pem',
'ssl_certfile': '/etc/ssl/client.pem',
'ssl_keyfile': '/etc/ssl/client.key',
'ssl_cert_reqs': None},)) 'ssl_cert_reqs': None},))
self.assertEqual(result.exception.args[0]['info']['redis_version'], '999.999.999') self.assertEqual(result.exception.args[0]['info']['redis_version'], '999.999.999')