mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Sophos UTM - add module to handle utm ca host key certificate entries (#48927)
* - add module to handle utm ca host key certificate entries * - fixed typos in doc * Apply suggestions from code review Co-Authored-By: MatrixCrawler <johannes.brunswicker@gmail.com>
This commit is contained in:
parent
b5ca54eeed
commit
87ee59b8d7
1 changed files with 163 additions and 0 deletions
|
@ -0,0 +1,163 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
# Copyright: (c) 2018, Stephan Schwarz <stearz@gmx.de>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {
|
||||
'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'
|
||||
}
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: utm_ca_host_key_cert
|
||||
|
||||
author:
|
||||
- Stephan Schwarz (@stearz)
|
||||
|
||||
short_description: create, update or destroy ca host_key_cert entry in Sophos UTM
|
||||
|
||||
description:
|
||||
- Create, update or destroy a ca host_key_cert entry in SOPHOS UTM.
|
||||
- This module needs to have the REST Ability of the UTM to be activated.
|
||||
|
||||
version_added: "2.8"
|
||||
|
||||
options:
|
||||
name:
|
||||
description:
|
||||
- The name of the object. Will be used to identify the entry.
|
||||
required: true
|
||||
ca:
|
||||
description:
|
||||
- A reference to an existing utm_ca_signing_ca or utm_ca_verification_ca object.
|
||||
required: true
|
||||
meta:
|
||||
description:
|
||||
- A reference to an existing utm_ca_meta_x509 object.
|
||||
required: true
|
||||
certificate:
|
||||
description:
|
||||
- The certificate in PEM format.
|
||||
required: true
|
||||
comment:
|
||||
description:
|
||||
- Optional comment string.
|
||||
encrypted:
|
||||
description:
|
||||
- Optionally enable encryption.
|
||||
default: False
|
||||
type: bool
|
||||
key:
|
||||
description:
|
||||
- Optional private key in PEM format.
|
||||
|
||||
extends_documentation_fragment:
|
||||
- utm
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
# Create a ca_host_key_cert entry
|
||||
- name: utm ca_host_key_cert
|
||||
utm_ca_host_key_cert:
|
||||
utm_host: sophos.host.name
|
||||
utm_token: abcdefghijklmno1234
|
||||
name: TestHostKeyCertEntry
|
||||
ca: REF_ca/signing_ca_OBJECT_STRING
|
||||
meta: REF_ca/meta_x509_OBJECT_STRING
|
||||
certificate: |
|
||||
--- BEGIN CERTIFICATE ---
|
||||
. . .
|
||||
. . .
|
||||
. . .
|
||||
--- END CERTIFICATE ---
|
||||
state: present
|
||||
|
||||
# Remove a ca_host_key_cert entry
|
||||
- name: utm ca_host_key_cert
|
||||
utm_ca_host_key_cert:
|
||||
utm_host: sophos.host.name
|
||||
utm_token: abcdefghijklmno1234
|
||||
name: TestHostKeyCertEntry
|
||||
state: absent
|
||||
|
||||
# Read a ca_host_key_cert entry
|
||||
- name: utm ca_host_key_cert
|
||||
utm_ca_host_key_cert:
|
||||
utm_host: sophos.host.name
|
||||
utm_token: abcdefghijklmno1234
|
||||
name: TestHostKeyCertEntry
|
||||
state: info
|
||||
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
result:
|
||||
description: The utm object that was created
|
||||
returned: success
|
||||
type: complex
|
||||
contains:
|
||||
_ref:
|
||||
description: The reference name of the object
|
||||
type: string
|
||||
_locked:
|
||||
description: Whether or not the object is currently locked
|
||||
type: boolean
|
||||
_type:
|
||||
description: The type of the object
|
||||
type: string
|
||||
name:
|
||||
description: The name of the object
|
||||
type: string
|
||||
ca:
|
||||
description: A reference to an existing utm_ca_signing_ca or utm_ca_verification_ca object.
|
||||
type: string
|
||||
meta:
|
||||
description: A reference to an existing utm_ca_meta_x509 object.
|
||||
type: string
|
||||
certificate:
|
||||
description: The certificate in PEM format
|
||||
type: string
|
||||
comment:
|
||||
description: Comment string (may be empty string)
|
||||
type: string
|
||||
encrypted:
|
||||
description: If encryption is enabled
|
||||
type: bool
|
||||
key:
|
||||
description: Private key in PEM format (may be empty string)
|
||||
type: string
|
||||
"""
|
||||
|
||||
from ansible.module_utils.utm_utils import UTM, UTMModule
|
||||
from ansible.module_utils._text import to_native
|
||||
|
||||
|
||||
def main():
|
||||
endpoint = "ca/host_key_cert"
|
||||
key_to_check_for_changes = ["ca", "certificate", "comment", "encrypted", "key", "meta"]
|
||||
module = UTMModule(
|
||||
argument_spec=dict(
|
||||
name=dict(type='str', required=True),
|
||||
ca=dict(type='str', required=True),
|
||||
meta=dict(type='str', required=True),
|
||||
certificate=dict(type='str', required=True),
|
||||
comment=dict(type='str', required=False),
|
||||
encrypted=dict(type='bool', required=False, default=False),
|
||||
key=dict(type='str', required=False, no_log=True),
|
||||
)
|
||||
)
|
||||
try:
|
||||
# This is needed because the bool value only accepts int values in the backend
|
||||
UTM(module, endpoint, key_to_check_for_changes).execute()
|
||||
except Exception as e:
|
||||
module.fail_json(msg=to_native(e))
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
Loading…
Reference in a new issue