source: | cloud/oracle/oci_waas_certificate.py |
---|---|
orphan: |
.. versionadded:: 2.5
- This module allows the user to create, delete and update WAAS certificates in OCI.
The below requirements are needed on the host that executes this module.
- python >= 2.7
- Python SDK for Oracle Cloud Infrastructure https://oracle-cloud-infrastructure-python-sdk.readthedocs.io
Parameter | Choices/Defaults | Comments |
---|---|---|
api_user
string
|
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See
config_file_location ). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
|
api_user_fingerprint
string
|
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See
config_file_location ). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
|
api_user_key_file
string
|
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See
config_file_location ). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided. |
|
api_user_key_pass_phrase
string
|
Passphrase used by the key referenced in
api_user_key_file , if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location ). |
|
auth_type
string
|
|
The type of authentication to use for making API requests. By default
auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible` playbooks within an OCI compute instance. |
certificate_data
string
|
The data of the SSL certificate.
|
|
certificate_id
string
|
The OCID of the SSL certificate used in the WAAS policy. Required when deleting a WAAS certificate with state=absent or updating a WAAS certificate with state=present. This option is mutually exclusive with compartment_id.
|
|
compartment_id
string
|
The OCID of the compartment in which to create the SSL certificate.
|
|
config_file_location
string
|
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
|
|
config_profile_name
string
|
The profile to load from the config file referenced by
config_file_location . If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location . |
|
defined_tags
dictionary
|
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/resourcetags.htm.
|
|
display_name
string
|
A user-friendly name for the SSL certificate. The name can be changed and does not need to be unique.
|
|
force_create
boolean
|
|
Whether to attempt non-idempotent creation of a resource. By default, create resource is an idempotent operation, and doesn't create the resource if it already exists. Setting this option to true, forcefully creates a copy of the resource, even if it already exists.This option is mutually exclusive with key_by.
|
freeform_tags
dictionary
|
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/resourcetags.htm.
|
|
is_trust_verification_disabled
boolean
|
|
The is_trust_verification_disabled of this certificate. Set to true if the SSL certificate is self-signed.
|
key_by
list
|
The list of comma-separated attributes of this resource which should be used to uniquely identify an instance of the resource. By default, all the attributes of a resource except freeform_tags are used to uniquely identify a resource.
|
|
private_key_data
string
|
The private key data of the SSL certificate.
|
|
region
string
|
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See
config_file_location ). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions. |
|
state
-
|
|
Create or update a WAAS certificate with state=present. Use state=absent to delete a WAAS certificate.
|
tenancy
string
|
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See
config_file_location ). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm |
|
wait
boolean
|
|
Whether to wait for create or delete operation to complete.
|
wait_timeout
integer
|
Default: 2000
|
Time, in seconds, to wait when wait=yes.
|
wait_until
string
|
The lifecycle state to wait for the resource to transition into when wait=yes. By default, when wait=yes, we wait for the resource to get into ACTIVE/ATTACHED/AVAILABLE/PROVISIONED/ RUNNING applicable lifecycle state during create operation & to get into DELETED/DETACHED/ TERMINATED lifecycle state during delete operation.
|
Note
- For OCI python sdk configuration, please refer to https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/configuration.html
- name: Create a waas certificate
oci_waas_certificate:
compartment_id: "ocid1.compartment.oc1..xxxxxEXAMPLExxxxx"
display_name: "test_waas_certificate"
certificate_data: "{{ lookup('file', '/path/to/cert/file') }}"
private_key_data: "{{ lookup('file', '/path/to/private/key') }}"
is_trust_verification_disabled: True
- name: Update display name of the waas certificate
oci_waas_certificate:
certificate_id: "ocid1.waascertificate.oc1..xxxxxEXAMPLExxxxx"
display_name: "updated_test_waas_certificate"
- name: Delete a waas certificate
oci_waas_certificate:
certificate_id: "ocid1.waascertificate.oc1..xxxxxEXAMPLExxxxx"
state: absent
Common return values are documented :ref:`here <common_return_values>`, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
waas_certificate
complex
|
on successful create and update operation |
Information about the WAAS certificate.
Sample:
{'freeform_tags': {'example_freeform_key': 'example_freeform_value'}, 'issuer_name': {'organizational_unit': 'testorgunit', 'common_name': 'testcommonname', 'locality': 'testlocality', 'organization': 'testorg', 'state_province': 'teststate', 'email_address': 'test.email@address.com', 'country': 'AU'}, 'public_key_info': {'algorithm': 'RSA', 'exponent': 65537, 'key_size': 2048}, 'serial_number': '100000000000710', 'display_name': 'testcertificate', 'signature_algorithm': None, 'lifecycle_state': 'ACTIVE', 'compartment_id': 'ocid1.compartment.oc1..xxxxxEXAMPLExxxxx', 'time_not_valid_after': '2020-04-01T15:29:38+00:00', 'issued_by': 'testissuer', 'subject_name': {'organizational_unit': 'testorgunit', 'common_name': 'testcommonname', 'locality': 'testlocality', 'organization': 'testorg', 'state_province': 'teststate', 'email_address': 'test.email@address.com', 'country': 'AU'}, 'version': 2, 'extensions': [{'value': 'A6:B2:56:XX:XX:XX:XX:XX:XX:XX:XX:9F:E1:98:2E:8C:F6', 'name': 'subjectKeyIdentifier', 'is_critical': None}, {'value': 'keyid:A6:B2:56:XX:XX:XX:XX:XX:XX:XX:XX:9F:E1:98:2E:8C:F6', 'name': 'authorityKeyIdentifier', 'is_critical': None}, {'value': 'CA:TRUE', 'name': 'basicConstraints', 'is_critical': True}], 'defined_tags': {'example_namespace': {'example_key': 'example_value'}}, 'time_not_valid_before': '2019-04-02T15:29:38+00:00', 'time_created': '2019-04-13T21:51:09.088000+00:00', 'id': 'ocid1.waascertificate.oc1..xxxxxEXAMPLExxxxx'}
|
|
compartment_id
string
|
success |
The OCID of the certificate's compartment.
Sample:
ocid1.compartment.oc1..xxxxxEXAMPLExxxxx
|
|
defined_tags
string
|
success |
A key-value pair with a defined schema that restricts the values of tags. These predefined keys are scoped to namespaces.
Sample:
{'example_namespace': {'example_key': 'example_value'}}
|
|
display_name
string
|
success |
The user-friendly name of the certificate.
Sample:
testcertificate
|
|
extensions
list
|
success |
The extensions of this Certificate.
Sample:
[{'value': 'A6:B2:56:XX:XX:XX:XX:XX:XX:XX:XX:9F:E1:98:2E:8C:F6', 'name': 'subjectKeyIdentifier', 'is_critical': None}, {'value': 'keyid:A6:B2:56:XX:XX:XX:XX:XX:XX:XX:XX:9F:E1:98:2E:8C:F6', 'name': 'authorityKeyIdentifier', 'is_critical': None}, {'value': 'CA:TRUE', 'name': 'basicConstraints', 'is_critical': True}]
|
|
freeform_tags
complex
|
success |
A simple key-value pair without any defined schema.
Sample:
{'example_freeform_key': 'example_freeform_value'}
|
|
id
string
|
success |
The OCID of the certificate.
Sample:
ocid1.waascertificate.oc1..xxxxxEXAMPLExxxxx
|
|
issued_by
string
|
success |
The issued_by of this Certificate.
Sample:
testissuer
|
|
issuer_name
complex
|
success |
The issuer_name of this Certificate.
Sample:
{'organizational_unit': 'testorgunit', 'common_name': 'testcommonname', 'locality': 'testlocality', 'organization': 'testorg', 'state_province': 'teststate', 'email_address': 'test.email@address.com', 'country': 'AU'}
|
|
lifecycle_state
string
|
success |
The current lifecycle state of the SSL certificate.
Sample:
ACTIVE
|
|
public_key_info
complex
|
success |
The public_key_info of this Certificate.
Sample:
{'algorithm': 'RSA', 'exponent': 65537, 'key_size': 2048}
|
|
serial_number
string
|
success |
The serial_number of this Certificate.
Sample:
100000000000710
|
|
signature_algorithm
string
|
success |
The signature_algorithm of this Certificate.
Sample:
SHA-1
|
|
subject_name
complex
|
success |
The subject_name of this Certificate.
Sample:
{'organizational_unit': 'testorgunit', 'common_name': 'testcommonname', 'locality': 'testlocality', 'organization': 'testorg', 'state_province': 'teststate', 'email_address': 'test.email@address.com', 'country': 'AU'}
|
|
time_created
string
|
success |
The date and time the certificate was created, expressed in RFC 3339 timestamp format.
Sample:
2019-04-02 17:12:42.454000+00:00
|
|
time_not_valid_after
string
|
success |
The date and time the certificate will expire, expressed in RFC 3339 timestamp format.
Sample:
2020-04-01 15:29:38+00:00
|
|
time_not_valid_before
string
|
success |
The time_not_valid_before of this Certificate.
Sample:
2019-04-02 15:29:38+00:00
|
|
version
integer
|
success |
The version of this Certificate.
Sample:
2
|
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is :ref:`maintained by the Ansible Community <modules_support>`. [community]
- Manoj Meda (@manojmeda)
Hint
If you notice any issues in this documentation you can edit this document to improve it.