def hashivault_pki_crl(module):
params = module.params
client = hashivault_auth_client(params)
mount_point = params.get('mount_point').strip('/')
desired_state = {
'disable': params.get('disable'),
'expiry': params.get('expiry')
}
# check if engine is enabled
changed, err = check_secrets_engines(module, client)
if err:
return err
# compare current_state to desired_state
if not changed:
from hvac.exceptions import InvalidPath
try:
current_state = client.secrets.pki.read_crl_configuration(
mount_point=mount_point).get('data')
changed = not compare_state(desired_state, current_state)
except InvalidPath:
changed = True
# make the changes!
if changed and not module.check_mode:
client.secrets.pki.set_crl_configuration(mount_point=mount_point,
extra_params=desired_state)
return {'changed': changed}
def hashivault_pki_url(module):
params = module.params
client = hashivault_auth_client(params)
mount_point = params.get('mount_point').strip('/')
desired_state = {
'issuing_certificates': params.get('issuing_certificates'),
'crl_distribution_points': params.get('crl_distribution_points'),
'ocsp_servers': params.get('ocsp_servers')
}
# check if config exists
changed = False
current_state = {}
try:
current_state = client.secrets.pki.read_urls(
mount_point=mount_point).get('data')
except Exception:
# not configured yet.
changed = True
# compare current_state to desired_state
if not changed:
changed = not compare_state(desired_state, current_state)
# make the changes!
if changed and not module.check_mode:
client.secrets.pki.set_urls(mount_point=mount_point,
params=desired_state)
return {'changed': changed}
def hashivault_pki_role(module):
params = module.params
client = hashivault_auth_client(params)
name = params.get('name').strip('/')
mount_point = params.get('mount_point').strip('/')
state = params.get('state')
role_file = params.get('role_file')
config = params.get('config')
desired_state = {}
exists = False
if role_file:
import json
desired_state = json.loads(open(role_file, 'r').read())
elif config:
import yaml
doc = yaml.safe_load(DOCUMENTATION)
args = doc.get('options').get('config').get('suboptions').items()
for key, value in args:
arg = config.get(key)
if arg is not None:
try:
desired_state[key] = normalize[value.get('type')](arg)
except Exception:
return {
'changed':
False,
'failed':
True,
'msg':
'config item \'{}\' has wrong data fromat'.format(key)
}
changed = False
current_state = check_pki_role(name=name,
mount_point=mount_point,
client=client)
if current_state:
exists = True
if (exists and state == 'absent') or (not exists and state == 'present'):
changed = True
# compare current_state to desired_state
if exists and state == 'present' and not changed:
changed = not compare_state(desired_state, current_state)
# make the changes!
if changed and state == 'present' and not module.check_mode:
client.secrets.pki.create_or_update_role(name=name,
mount_point=mount_point,
extra_params=desired_state)
elif changed and state == 'absent' and not module.check_mode:
client.secrets.pki.delete_role(name=name, mount_point=mount_point)
return {'changed': changed}