-
Notifications
You must be signed in to change notification settings - Fork 157
/
hashivault_pki_set_signed.py
executable file
·98 lines (85 loc) · 2.9 KB
/
hashivault_pki_set_signed.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/usr/bin/python
# -*- coding: utf-8 -*-
from ansible.module_utils.hashivault import hashivault_auth_client
from ansible.module_utils.hashivault import hashivault_argspec
from ansible.module_utils.hashivault import hashivault_init
from ansible.module_utils.hashivault import hashiwrapper
ANSIBLE_METADATA = {'status': ['preview'], 'supported_by': 'community', 'version': '1.1'}
DOCUMENTATION = r'''
---
module: hashivault_pki_set_signed
version_added: "4.5.0"
short_description: Hashicorp Vault PKI Set Signed Intermediate
description:
- This module allows submitting the signed CA certificate corresponding to a private key generated via
`intermediate` type in `hashivault_pki_ca` module.
- The certificate should be submitted in PEM format.
options:
certificate:
recuired: true
type: str
description:
- Specifies the name of the role to create.
mount_point:
default: pki
description:
- location where secrets engine is mounted. also known as path
extends_documentation_fragment:
- hashivault
'''
EXAMPLES = r'''
---
- hosts: localhost
tasks:
- name: Generate Intermediate
hashivault_pki_ca:
mount_point: "{{mount_inter}}"
common_name: my common name
kind: intermediate
register: response
- name: List Certificates
hashivault_pki_cert_list:
mount_point: "{{mount_inter}}"
register: list
- name: Sign Intermediate
hashivault_pki_cert_sign:
mount_point: "{{mount_root}}"
csr: "{{response.data.csr}}"
common_name: my common name
type: intermediate
register: response
- name: Set Signed Intermediate
hashivault_pki_set_signed:
mount_point: "{{mount_inter}}"
certificate: "{{ response.data.certificate }}\n{{ response.data.issuing_ca }}"
'''
def main():
argspec = hashivault_argspec()
argspec['certificate'] = dict(required=True, type='str')
argspec['mount_point'] = dict(required=False, type='str', default='pki')
module = hashivault_init(argspec)
result = hashivault_pki_set_signed(module)
if result.get('failed'):
module.fail_json(**result)
else:
module.exit_json(**result)
@hashiwrapper
def hashivault_pki_set_signed(module):
params = module.params
client = hashivault_auth_client(params)
certificate = params.get('certificate')
mount_point = params.get('mount_point').strip('/')
result = {"changed": False, "rc": 0}
try:
response = client.secrets.pki.set_signed_intermediate(certificate=certificate, mount_point=mount_point)
if isinstance(response, dict):
result['changed'] = True
else:
result['changed'] = response.ok
except Exception as e:
result['rc'] = 1
result['failed'] = True
result['msg'] = u"Exception: " + str(e)
return result
if __name__ == '__main__':
main()