Add TLS certs params to redis (#8654)

* add tls params to redis * add PR number * add example * move doc to redis fragment * Update changelogs/fragments/8654-add-redis-tls-params.yml Co-authored-by: Felix Fontein <felix@fontein.de> * rm aliases and add version_added --------- Co-authored-by: Felix Fontein <felix@fontein.de>
2024-09-14 20:13:21 +02:00 · 2024-07-23 18:01:37 +02:00 · 2024-07-23 18:01:37 +02:00 · 52126b8fae
commit 52126b8fae
parent 58f9860ba7
5 changed files with 37 additions and 1 deletions
--- a/changelogs/fragments/8654-add-redis-tls-params.yml
+++ b/changelogs/fragments/8654-add-redis-tls-params.yml
@ -0,0 +1,2 @@
 minor_changes:
  - redis, redis_info - add ``client_cert`` and ``client_key`` options to specify path to certificate for Redis authentication  (https://github.com/ansible-collections/community.general/pull/8654).
--- a/plugins/doc_fragments/redis.py
+++ b/plugins/doc_fragments/redis.py
@ -49,6 +49,16 @@ options:
      - Path to root certificates file. If not set and O(tls) is
        set to V(true), certifi ca-certificates will be used.
    type: str
  client_cert_file:
    description:
      - Path to the client certificate file.
    type: str
    version_added: 9.3.0
  client_key_file:
    description:
      - Path to the client private key file.
    type: str
    version_added: 9.3.0
 requirements: [ "redis", "certifi" ]
 notes:
--- a/plugins/module_utils/redis.py
+++ b/plugins/module_utils/redis.py
@ -57,7 +57,9 @@ def redis_auth_argument_spec(tls_default=True):
        validate_certs=dict(type='bool',
                            default=True
                            ),
-        ca_certs=dict(type='str')
+        ca_certs=dict(type='str'),
        client_cert_file=dict(type='str'),
        client_key_file=dict(type='str'),
    )
@ -71,6 +73,8 @@ def redis_auth_params(module):
    ca_certs = module.params['ca_certs']
    if tls and ca_certs is None:
        ca_certs = str(certifi.where())
    client_cert_file = module.params['client_cert_file']
    client_key_file = module.params['client_key_file']
    if tuple(map(int, redis_version.split('.'))) < (3, 4, 0) and login_user is not None:
        module.fail_json(
            msg='The option `username` in only supported with redis >= 3.4.0.')
@ -78,6 +82,8 @@ def redis_auth_params(module):
              'port': login_port,
              'password': login_password,
              'ssl_ca_certs': ca_certs,
              'ssl_certfile': client_cert_file,
              'ssl_keyfile': client_key_file,
              'ssl_cert_reqs': validate_certs,
              'ssl': tls}
    if login_user is not None:
--- a/plugins/modules/redis.py
+++ b/plugins/modules/redis.py
@ -132,6 +132,16 @@ EXAMPLES = '''
    command: config
    name: lua-time-limit
    value: 100
 - name: Connect using TLS and certificate authentication
  community.general.redis:
    command: config
    name: lua-time-limit
    value: 100
    tls: true
    ca_certs: /etc/redis/certs/ca.crt
    client_cert_file: /etc/redis/certs/redis.crt
    client_key_file: /etc/redis/certs/redis.key
 '''
 import traceback
--- a/tests/unit/plugins/modules/test_redis_info.py
+++ b/tests/unit/plugins/modules/test_redis_info.py
@ -55,6 +55,8 @@ class TestRedisInfoModule(ModuleTestCase):
                                                       'password': None,
                                                       'ssl': False,
                                                       'ssl_ca_certs': None,
                                                       'ssl_certfile': None,
                                                       'ssl_keyfile': None,
                                                       'ssl_cert_reqs': 'required'},))
            self.assertEqual(result.exception.args[0]['info']['redis_version'], '999.999.999')
@ -74,6 +76,8 @@ class TestRedisInfoModule(ModuleTestCase):
                                                       'password': 'PASS',
                                                       'ssl': False,
                                                       'ssl_ca_certs': None,
                                                       'ssl_certfile': None,
                                                       'ssl_keyfile': None,
                                                       'ssl_cert_reqs': 'required'},))
            self.assertEqual(result.exception.args[0]['info']['redis_version'], '999.999.999')
@ -87,6 +91,8 @@ class TestRedisInfoModule(ModuleTestCase):
                    'login_password': 'PASS',
                    'tls': True,
                    'ca_certs': '/etc/ssl/ca.pem',
                    'client_cert_file': '/etc/ssl/client.pem',
                    'client_key_file': '/etc/ssl/client.key',
                    'validate_certs': False
                })
                self.module.main()
@ -96,6 +102,8 @@ class TestRedisInfoModule(ModuleTestCase):
                                                       'password': 'PASS',
                                                       'ssl': True,
                                                       'ssl_ca_certs': '/etc/ssl/ca.pem',
                                                       'ssl_certfile': '/etc/ssl/client.pem',
                                                       'ssl_keyfile': '/etc/ssl/client.key',
                                                       'ssl_cert_reqs': None},))
            self.assertEqual(result.exception.args[0]['info']['redis_version'], '999.999.999')
		`@ -0,0 +1,2 @@`
							`minor_changes:`
							- redis, redis_info - add ``client_cert`` and ``client_key`` options to specify path to certificate for Redis authentication (https://github.com/ansible-collections/community.general/pull/8654).