|
|
- #! /usr/bin/env python
-
- from ansible.module_utils.basic import AnsibleModule
-
- DOCUMENTATION = '''
- ---
- module: cert_request
- author: Edoardo Putti
- short_description: generate a host certificate request
- options:
- host:
- required: true
- description: FQDN for the host
- path:
- required: true
- description: path to key to be signed
- proto:
- required: true
- description:
- choices:
- - ssh
- - ssl
- '''
-
- EXAMPLES = '''
- - name: Generate ssl host request
- cert_request:
- host: "gandalf.lilik.it"
- path: "/etc/openvpn/openvpn.csr"
- proto: "ssl"
-
- - name: Generate ssh host request
- cert_request:
- host: ""
- path: "/etc/ssh/ssh_host_ed25519_key.pub"
- proto: "ssh"
- '''
-
- RETURN = '''
- type
- description: protocol used for the key
- returned: always
- sample: sign_request
- type: string
- keyType
- description: which type of key we are requesting
- returned: always
- sample:
- ssh_host
- ssl_host
- hostName
- description: FQDN of the host requesting a cert
- returned: always
- sample:
- example.lilik.it
- keyData:
- description: string representation of the key
- returned: always
- '''
-
-
- def main():
- module = AnsibleModule(
- argument_spec=dict(
- host=dict(
- required=True,
- type='str',
- ),
- path=dict(
- required=True,
- type='str',
- ),
- proto=dict(
- required=True,
- choices=['ssh', 'ssl'],
- ),
- client=dict(
- required=False,
- default=False,
- choices=[True, False],
- ),
- ),
- supports_check_mode=False,
- )
-
- host = module.params.get('host')
- path = module.params.get('path')
- proto = module.params.get('proto')
- client = module.params.get('client')
-
- with open(path, 'r') as src:
- result = {
- 'type': 'sign_request',
- 'request': {
- 'keyData': src.read(),
- },
- }
-
- if client:
- result['request']['keyType'] = '{}_user'.format(proto)
- result['request']['userName'] = host
- else:
- result['request']['keyType'] = '{}_host'.format(proto)
- result['request']['hostName'] = host
-
- module.exit_json(**result)
-
-
- if __name__ == '__main__':
- main()
|
