You've already forked ansible-role-certificate-authority
Compare commits
3 Commits
0.2.0
...
renovate/a
| Author | SHA1 | Date | |
|---|---|---|---|
a74e1e1dd6
|
|||
9267a743e7
|
|||
|
ef2c31e64e
|
@ -14,7 +14,7 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Run ansible-lint
|
||||
uses: ansible/ansible-lint@v25.6.1
|
||||
uses: ansible/ansible-lint@v25.7.0
|
||||
with:
|
||||
args: "--config-file .ansible-lint"
|
||||
setup_python: "true"
|
||||
|
||||
@ -28,12 +28,11 @@ certificate_authority_client_subject_alternative_names:
|
||||
| `certificate_authority_root_ca_import` | Import the TLS certificate of the root certificate authority into the systems trust store. | `true` |
|
||||
| `certificate_authority_root_ca_path` | Directory where the private and public TLS key of the root certificate authority should be stored. | `/etc/ansible-playbook/pki/ca` |
|
||||
| `certificate_authority_root_ca_common_name` | Common Name (CN) of the root certificate authority. | `Ansible Root CA` |
|
||||
| `certificate_authority_root_ca_country_name` | Common Name (CN) of the root certificate authority. | `""` |
|
||||
| `certificate_authority_root_ca_country_name` | Common Name (CN) of the root certificate authority. For example `US`, `FR` or `DE`. | `""` |
|
||||
| `certificate_authority_root_ca_email_address` | E-Mail Address of the root certificate authority owner. | `""` |
|
||||
| `certificate_authority_root_ca_organization_name` | Organization name of the root certificate authority owner. | `""` |
|
||||
| `certificate_authority_root_ca_organizational_unit_name` | Organizational unit name of the root certificate authority. | `""` |
|
||||
| `certificate_authority_root_ca_state_or_province_name` | State or province name where the owner of the root certificate authority is located. | `""` |
|
||||
| `certificate_authority_root_ca_state` | State where the owner of the root certificate authority is located | `""` |
|
||||
| `certificate_authority_root_ca_subject_alternative_names` | Subject Alternative Names (SAN) of the root certificate authority. | `[]` |
|
||||
| `certificate_authority_root_ca_not_after` | Time in the future from now when the TLS certificate should expire | `+3650d` |
|
||||
| `certificate_authority_root_ca_not_before` | Time in the past from now when the TLS certificate should be valid. | `+0s` |
|
||||
@ -50,12 +49,11 @@ certificate_authority_client_subject_alternative_names:
|
||||
| `certificate_authority_intermediate_ca_create` | Create intermediate certificate from scratch or import via `certificate_authority_intermediate_ca_tls` prefixed variables. | `true` |
|
||||
| `certificate_authority_intermediate_ca_path` | Directory where the private and public TLS key of the intermediate certificate authority should be stored. | `/etc/ansible-playbook/pki/intermediate` |
|
||||
| `certificate_authority_intermediate_ca_common_name` | Common Name (CN) of the intermediate certificate authority. | `Ansible Intermediate CA` |
|
||||
| `certificate_authority_intermediate_ca_country_name` | Country name of the intermediate certificate authority. | `""` |
|
||||
| `certificate_authority_intermediate_ca_country_name` | Country name of the intermediate certificate authority. For example `US`, `FR` or `DE`. | `""` |
|
||||
| `certificate_authority_intermediate_ca_email_address` | E-Mail Address of the intermediate certificate authority owner. | `""` |
|
||||
| `certificate_authority_intermediate_ca_organization_name` | Organization name of the intermediate certificate authority owner. | `""` |
|
||||
| `certificate_authority_intermediate_ca_organizational_unit_name` | Organizational unit name of the intermediate certificate authority. | `""` |
|
||||
| `certificate_authority_intermediate_ca_state_or_province_name` | State or province name where the owner of the intermediate certificate authority is located. | `""` |
|
||||
| `certificate_authority_intermediate_ca_state` | State where the owner of the intermediate certificate authority is located. | `""` |
|
||||
| `certificate_authority_intermediate_ca_subject_alternative_names` | Subject Alternative Names (SAN) of the intermediate certificate authority. | `[]` |
|
||||
| `certificate_authority_intermediate_ca_not_after` | Time in the future from now when the TLS certificate should expire | `+1825d` |
|
||||
| `certificate_authority_intermediate_ca_not_before` | Time in the past from now when the TLS certificate should be valid. | `+0s` |
|
||||
@ -72,12 +70,11 @@ certificate_authority_client_subject_alternative_names:
|
||||
| `certificate_authority_client_create` | Create client certificate from scratch or import via `certificate_authority_client_tls` prefixed variables. | `true` |
|
||||
| `certificate_authority_client_path` | Directory where the private and public TLS key of the client certificate authority should be stored. | `/etc/ansible-playbook/pki/client` |
|
||||
| `certificate_authority_client_common_name` | Common Name (CN) of the client certificate. | `Ansible Client Certificate` |
|
||||
| `certificate_authority_client_country_name` | Country Name (CN) of the client certificate. | `""` |
|
||||
| `certificate_authority_client_country_name` | Country Name (CN) of the client certificate. For example `US`, `FR` or `DE`. | `""` |
|
||||
| `certificate_authority_client_email_address` | E-Mail Address of the client certificate owner. | `""` |
|
||||
| `certificate_authority_client_organization_name` | Organization name of the client certificate owner. | `""` |
|
||||
| `certificate_authority_client_organizational_unit_name` | Common Name (CN) of the client certificate. | `""` |
|
||||
| `certificate_authority_client_state_or_province_name` | State or province name where the owner of the client certificate is located. | `""` |
|
||||
| `certificate_authority_client_state` | State where the owner of the client certificate is located. | `""` |
|
||||
| `certificate_authority_client_subject_alternative_names` | Subject Alternative Names (SAN) of the client certificate. | `[]` |
|
||||
| `certificate_authority_client_not_after` | Time in the future from now when the TLS certificate should expire | `+397d` |
|
||||
| `certificate_authority_client_not_before` | Time in the past from now when the TLS certificate should be valid. | `+0s` |
|
||||
|
||||
@ -10,12 +10,11 @@ certificate_authority_root_ca_import: true
|
||||
|
||||
## @param certificate_authority_root_ca_path Directory where the private and public TLS key of the root certificate authority should be stored.
|
||||
## @param certificate_authority_root_ca_common_name Common Name (CN) of the root certificate authority.
|
||||
## @param certificate_authority_root_ca_country_name Common Name (CN) of the root certificate authority.
|
||||
## @param certificate_authority_root_ca_country_name Common Name (CN) of the root certificate authority. For example `US`, `FR` or `DE`.
|
||||
## @param certificate_authority_root_ca_email_address E-Mail Address of the root certificate authority owner.
|
||||
## @param certificate_authority_root_ca_organization_name Organization name of the root certificate authority owner.
|
||||
## @param certificate_authority_root_ca_organizational_unit_name Organizational unit name of the root certificate authority.
|
||||
## @param certificate_authority_root_ca_state_or_province_name State or province name where the owner of the root certificate authority is located.
|
||||
## @param certificate_authority_root_ca_state State where the owner of the root certificate authority is located
|
||||
## @param certificate_authority_root_ca_subject_alternative_names Subject Alternative Names (SAN) of the root certificate authority.
|
||||
## @param certificate_authority_root_ca_not_after Time in the future from now when the TLS certificate should expire
|
||||
## @param certificate_authority_root_ca_not_before Time in the past from now when the TLS certificate should be valid.
|
||||
@ -26,7 +25,6 @@ certificate_authority_root_ca_email_address: ""
|
||||
certificate_authority_root_ca_organization_name: ""
|
||||
certificate_authority_root_ca_organizational_unit_name: ""
|
||||
certificate_authority_root_ca_state_or_province_name: ""
|
||||
certificate_authority_root_ca_state: ""
|
||||
certificate_authority_root_ca_subject_alternative_names: []
|
||||
certificate_authority_root_ca_not_after: "+3650d"
|
||||
certificate_authority_root_ca_not_before: "+0s"
|
||||
@ -50,12 +48,11 @@ certificate_authority_intermediate_ca_create: true
|
||||
|
||||
## @param certificate_authority_intermediate_ca_path Directory where the private and public TLS key of the intermediate certificate authority should be stored.
|
||||
## @param certificate_authority_intermediate_ca_common_name Common Name (CN) of the intermediate certificate authority.
|
||||
## @param certificate_authority_intermediate_ca_country_name Country name of the intermediate certificate authority.
|
||||
## @param certificate_authority_intermediate_ca_country_name Country name of the intermediate certificate authority. For example `US`, `FR` or `DE`.
|
||||
## @param certificate_authority_intermediate_ca_email_address E-Mail Address of the intermediate certificate authority owner.
|
||||
## @param certificate_authority_intermediate_ca_organization_name Organization name of the intermediate certificate authority owner.
|
||||
## @param certificate_authority_intermediate_ca_organizational_unit_name Organizational unit name of the intermediate certificate authority.
|
||||
## @param certificate_authority_intermediate_ca_state_or_province_name State or province name where the owner of the intermediate certificate authority is located.
|
||||
## @param certificate_authority_intermediate_ca_state State where the owner of the intermediate certificate authority is located.
|
||||
## @param certificate_authority_intermediate_ca_subject_alternative_names Subject Alternative Names (SAN) of the intermediate certificate authority.
|
||||
## @param certificate_authority_intermediate_ca_not_after Time in the future from now when the TLS certificate should expire
|
||||
## @param certificate_authority_intermediate_ca_not_before Time in the past from now when the TLS certificate should be valid.
|
||||
@ -66,7 +63,6 @@ certificate_authority_intermediate_ca_email_address: ""
|
||||
certificate_authority_intermediate_ca_organization_name: ""
|
||||
certificate_authority_intermediate_ca_organizational_unit_name: ""
|
||||
certificate_authority_intermediate_ca_state_or_province_name: ""
|
||||
certificate_authority_intermediate_ca_state: ""
|
||||
certificate_authority_intermediate_ca_subject_alternative_names: []
|
||||
certificate_authority_intermediate_ca_not_after: "+1825d"
|
||||
certificate_authority_intermediate_ca_not_before: "+0s"
|
||||
@ -90,12 +86,11 @@ certificate_authority_client_create: true
|
||||
|
||||
## @param certificate_authority_client_path Directory where the private and public TLS key of the client certificate authority should be stored.
|
||||
## @param certificate_authority_client_common_name Common Name (CN) of the client certificate.
|
||||
## @param certificate_authority_client_country_name Country Name (CN) of the client certificate.
|
||||
## @param certificate_authority_client_country_name Country Name (CN) of the client certificate. For example `US`, `FR` or `DE`.
|
||||
## @param certificate_authority_client_email_address E-Mail Address of the client certificate owner.
|
||||
## @param certificate_authority_client_organization_name Organization name of the client certificate owner.
|
||||
## @param certificate_authority_client_organizational_unit_name Common Name (CN) of the client certificate.
|
||||
## @param certificate_authority_client_state_or_province_name State or province name where the owner of the client certificate is located.
|
||||
## @param certificate_authority_client_state State where the owner of the client certificate is located.
|
||||
## @param certificate_authority_client_subject_alternative_names Subject Alternative Names (SAN) of the client certificate.
|
||||
## @param certificate_authority_client_not_after Time in the future from now when the TLS certificate should expire
|
||||
## @param certificate_authority_client_not_before Time in the past from now when the TLS certificate should be valid.
|
||||
@ -106,7 +101,6 @@ certificate_authority_client_email_address: ""
|
||||
certificate_authority_client_organization_name: ""
|
||||
certificate_authority_client_organizational_unit_name: ""
|
||||
certificate_authority_client_state_or_province_name: ""
|
||||
certificate_authority_client_state: ""
|
||||
certificate_authority_client_subject_alternative_names: []
|
||||
certificate_authority_client_not_after: "+397d"
|
||||
certificate_authority_client_not_before: "+0s"
|
||||
|
||||
@ -21,7 +21,6 @@
|
||||
privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
|
||||
privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
|
||||
state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
|
||||
state: "{{ certificate_authority_client_state }}"
|
||||
when: |
|
||||
certificate_authority_client_subject_alternative_names is not defined or
|
||||
(certificate_authority_client_subject_alternative_names is defined and
|
||||
@ -41,7 +40,6 @@
|
||||
privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
|
||||
privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
|
||||
state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
|
||||
state: "{{ certificate_authority_client_state }}"
|
||||
subject_alt_name: "{{ certificate_authority_client_subject_alternative_names | map('regex_replace', '^', 'DNS:') | list | join(',') | quote }}"
|
||||
when: certificate_authority_client_subject_alternative_names is defined and
|
||||
certificate_authority_client_subject_alternative_names | length > 0
|
||||
|
||||
@ -19,7 +19,6 @@
|
||||
privatekey_passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
|
||||
privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
|
||||
state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
|
||||
state: "{{ certificate_authority_client_state }}"
|
||||
when: |
|
||||
certificate_authority_client_subject_alternative_names is not defined or
|
||||
(certificate_authority_client_subject_alternative_names is defined and
|
||||
@ -38,7 +37,6 @@
|
||||
path: "{{ certificate_authority_client_path }}/cert-req.pem"
|
||||
privatekey_path: "{{ certificate_authority_client_path }}/privkey.pem"
|
||||
state_or_province_name: "{{ certificate_authority_client_state_or_province_name }}"
|
||||
state: "{{ certificate_authority_client_state }}"
|
||||
subject_alt_name: "{{ certificate_authority_client_subject_alternative_names | map('regex_replace', '^', 'DNS:') | list | join(',') | quote }}"
|
||||
when: certificate_authority_client_subject_alternative_names is defined and
|
||||
certificate_authority_client_subject_alternative_names | length > 0
|
||||
|
||||
@ -20,7 +20,6 @@
|
||||
privatekey_passphrase: "{{ certificate_authority_intermediate_ca_tls_key_passphrase }}"
|
||||
privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem"
|
||||
state_or_province_name: "{{ certificate_authority_intermediate_ca_state_or_province_name }}"
|
||||
state: "{{ certificate_authority_intermediate_ca_state }}"
|
||||
use_common_name_for_san: false
|
||||
|
||||
- name: Create signed client certificate - unprotected root Certificate Authority (CA)
|
||||
|
||||
@ -17,7 +17,6 @@
|
||||
path: "{{ certificate_authority_intermediate_ca_path }}/cert-req.pem"
|
||||
privatekey_path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem"
|
||||
state_or_province_name: "{{ certificate_authority_intermediate_ca_state_or_province_name }}"
|
||||
state: "{{ certificate_authority_intermediate_ca_state }}"
|
||||
use_common_name_for_san: false
|
||||
|
||||
- name: Create signed client certificate - unprotected root Certificate Authority (CA)
|
||||
|
||||
@ -20,7 +20,6 @@
|
||||
privatekey_passphrase: "{{ certificate_authority_root_ca_tls_key_passphrase }}"
|
||||
privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
|
||||
state_or_province_name: "{{ certificate_authority_root_ca_state_or_province_name }}"
|
||||
state: "{{ certificate_authority_root_ca_state }}"
|
||||
use_common_name_for_san: false
|
||||
|
||||
- name: Create self-signed certificate for root CA
|
||||
|
||||
@ -17,7 +17,6 @@
|
||||
path: "{{ certificate_authority_root_ca_path }}/cert-req.pem"
|
||||
privatekey_path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
|
||||
state_or_province_name: "{{ certificate_authority_root_ca_state_or_province_name }}"
|
||||
state: "{{ certificate_authority_root_ca_state }}"
|
||||
use_common_name_for_san: false
|
||||
|
||||
- name: Create self-signed certificate for root CA
|
||||
|
||||
Reference in New Issue
Block a user