コード例 #1
0
def main():
    """
    Main function
    :returns: SSL Certificate Information
    """
    module = AnsibleModule(argument_spec=dict(
        auth=dict(type='dict'),
        region=dict(default='na', type='str'),
        datacenter=dict(required=True, type='str'),
        network_domain=dict(required=True, type='str'),
        id=dict(required=False, default=None, type='str'),
        name=dict(required=False, default=None, type='str'),
        description=dict(required=False, default=None, type='str'),
        type=dict(required=False,
                  default='certificate',
                  choices=['certificate', 'chain']),
        path=dict(required=False, default=None, type='str'),
        key_path=dict(required=False, default=None, type='str'),
        state=dict(default='present', choices=['present', 'absent'])),
                           supports_check_mode=True)
    try:
        credentials = get_credentials(module)
    except ImportError as e:
        module.fail_json(msg='{0}'.format(e))
    network_domain_name = module.params.get('network_domain')
    datacenter = module.params.get('datacenter')
    state = module.params.get('state')
    cert = None
    associated_ssl_profiles = []

    # Check Imports
    if not HAS_OPENSSL:
        module.fail_json(msg='Missing Python module: pyOpenSSL')

    # Check the region supplied is valid
    regions = get_regions()
    if module.params.get('region') not in regions:
        module.fail_json(
            msg='Invalid region. Regions must be one of {0}'.format(regions))

    if credentials is False:
        module.fail_json(msg='Error: Could not load the user credentials')

    try:
        client = NTTMCPClient(credentials, module.params.get('region'))
    except NTTMCPAPIException as e:
        module.fail_json(msg=e.msg)

    # Get the CND
    try:
        network = client.get_network_domain_by_name(name=network_domain_name,
                                                    datacenter=datacenter)
        network_domain_id = network.get('id')
    except (KeyError, IndexError, AttributeError, NTTMCPAPIException):
        module.fail_json(msg='Could not find the Cloud Network Domain: {0}'.
                         format(network_domain_name))

    # Check if the SSL certificate already exists
    try:
        if module.params.get('id'):
            if module.params.get('type') == 'certificate':
                cert = client.get_vip_ssl('sslDomainCertificate',
                                          module.params.get('id'))
            elif module.params.get('type') == 'chain':
                cert = client.get_vip_ssl('sslCertificateChain',
                                          module.params.get('id'))
        else:
            if module.params.get('type') == 'certificate':
                certs = client.list_vip_ssl(
                    network_domain_id=network_domain_id,
                    name=module.params.get('name'),
                    ssl_type='sslDomainCertificate')
            elif module.params.get('type') == 'chain':
                certs = client.list_vip_ssl(
                    network_domain_id=network_domain_id,
                    name=module.params.get('name'),
                    ssl_type='sslCertificateChain')
            if len(certs) == 1:
                cert = certs[0]
    except (KeyError, IndexError, AttributeError, NTTMCPAPIException) as exc:
        module.fail_json(
            msg=
            'Could not get a list of existing SSL certificates/chains to check against - {0}'
            .format(exc))

        # Check if the cert is associated with any SSL Offload profiles. SSL certs cannot be updated or removed while still associated with an Offload Profile
        try:
            ssl_profiles = client.list_vip_ssl(
                network_domain_id=network_domain_id,
                ssl_type='sslOffloadProfile')
            associated_ssl_profiles = is_used(module.params.get('type'),
                                              module.params.get('name'),
                                              ssl_profiles)
            if associated_ssl_profiles:
                module.fail_json(
                    msg=
                    'Cannot operate on the SSL {0} {1} as it is still associated with the following'
                    'SSL Offload profiles: {2}'.format(
                        module.params.get('type'), module.params.get('name'),
                        associated_ssl_profiles))
        except (KeyError, IndexError, AttributeError,
                NTTMCPAPIException) as exc:
            module.fail_json(
                msg=
                'Failed getting a list of SSL Offload Profiles to check against - {0}'
                .format(exc))

    if state == 'present':
        if not cert:
            # Implement Check Mode
            if module.check_mode:
                module.exit_json(
                    msg='The new SSL certificate will be imported')
            import_ssl_cert(module, client, network_domain_id)
        else:
            # Implement Check Mode
            if module.check_mode:
                module.exit_json(
                    msg=
                    'An SSL certificate already exists, the old certificate will be removed and the new one imported'
                )
            delete_ssl_cert(module, client, cert.get('id'))
            import_ssl_cert(module, client, network_domain_id)
    elif state == 'absent':
        if not cert:
            module.exit_json(
                msg=
                'The SSL certificate/chain was not found. Nothing to remove.')
        # Implement Check Mode
        if module.check_mode:
            module.exit_json(
                msg='The SSL certificate with ID {0} will be removed'.format(
                    cert.get('id')))
        delete_ssl_cert(module, client, cert.get('id'))
        module.exit_json(
            changed=True,
            msg='The SSL certificate/chain was successfully removed.')
コード例 #2
0
def main():
    """
    Main function

    :returns: SSL Profile Information
    """
    module = AnsibleModule(
        argument_spec=dict(
            auth=dict(type='dict'),
            region=dict(default='na', type='str'),
            datacenter=dict(required=True, type='str'),
            network_domain=dict(required=True, type='str'),
            id=dict(required=False, default=None, type='str'),
            name=dict(required=False, default=None, type='str'),
            description=dict(required=False, default=None, type='str'),
            chain=dict(required=False, default=None, type='dict'),
            certificate=dict(required=False, default=None, type='dict'),
            new_name=dict(required=False, default=None, type='str'),
            ciphers=dict(required=False, default=None, type='str'),
            state=dict(default='present', choices=['present', 'absent'])
        ),
        supports_check_mode=True
    )
    try:
        credentials = get_credentials(module)
    except ImportError as e:
        module.fail_json(msg='{0}'.format(e))
    network_domain_name = module.params.get('network_domain')
    datacenter = module.params.get('datacenter')
    state = module.params.get('state')
    name = module.params.get('name')
    profile = cert = new_cert = cert_chain = new_cert_chain = None

    # Check Imports
    if not HAS_OPENSSL:
        module.fail_json(msg='Missing Python module: pyOpenSSL')

    # Check the region supplied is valid
    regions = get_regions()
    if module.params.get('region') not in regions:
        module.fail_json(msg='Invalid region. Regions must be one of {0}'.format(regions))

    if credentials is False:
        module.fail_json(msg='Error: Could not load the user credentials')

    try:
        client = NTTMCPClient(credentials, module.params.get('region'))
    except NTTMCPAPIException as e:
        module.fail_json(msg=e.msg)

    # Get the CND
    try:
        network = client.get_network_domain_by_name(name=network_domain_name, datacenter=datacenter)
        network_domain_id = network.get('id')
    except (KeyError, IndexError, AttributeError, NTTMCPAPIException):
        module.fail_json(msg='Could not find the Cloud Network Domain: {0}'.format(network_domain_name))

    # Verify SSL certificate  and certificate chain schema
    if state == 'present':
        verify_cert_schema(module, client, network_domain_id)
        verify_cert_chain_schema(module, client, network_domain_id)

        # Check if the SSL certificate and chain already exist
        try:
            certs = client.list_vip_ssl(network_domain_id=network_domain_id, ssl_type='sslDomainCertificate',
                                        name=module.params.get('certificate').get('name'))
            if len(certs) == 1:
                new_cert = certs[0]
                new_cert_id = new_cert.get('id')
        except (KeyError, IndexError, AttributeError, NTTMCPAPIException) as exc:
            module.fail_json(msg='Failed to get a list of current SSL certificates: {0}'.format(exc))
        try:
            cert_chains = client.list_vip_ssl(network_domain_id=network_domain_id, ssl_type='sslCertificateChain',
                                              name=module.params.get('chain').get('name'))
            if len(cert_chains) == 1:
                new_cert_chain = cert_chains[0]
                new_cert_chain_id = new_cert_chain.get('id')
        except (KeyError, IndexError, AttributeError, NTTMCPAPIException) as exc:
            module.fail_json(msg='Failed to get a list of current SSL certificate chains: {0}'.format(exc))

    # Check if the SSL Profile already exists
    if name:
        try:
            profiles = client.list_vip_ssl(network_domain_id=network_domain_id, ssl_type='sslOffloadProfile', name=name)
            if len(profiles) == 1:
                if profiles[0].get('name'):
                    profile = profiles[0]
                    cert = client.get_vip_ssl(ssl_type='sslDomainCertificate',
                                              ssl_id=profiles[0].get('sslDomainCertificate').get('id'))
                    cert_chain = client.get_vip_ssl(ssl_type='sslCertificateChain',
                                                    ssl_id=profiles[0].get('sslCertificateChain').get('id'))
        except (KeyError, IndexError, AttributeError, NTTMCPAPIException) as exc:
            module.fail_json(msg='Failed getting a list of SSL Offload Profiles to check against - {0}'.format(exc))

    if state == 'present':
        # Implement Check Mode
        if module.check_mode and not profile:
            module.exit_json(msg='A new SSL Offload Profile will be created')
        # Handle new certificates and certificate chains first
        if not new_cert:
            new_cert_id = import_ssl_cert(module, client, network_domain_id)
        if not new_cert_chain:
            new_cert_chain_id = import_ssl_cert_chain(module, client, network_domain_id)
        if not profile:
            create_ssl_offload_profile(module, client, network_domain_id, new_cert_id, new_cert_chain_id)
        else:
            if compare_ssl_profile(module, profile):
                update_ssl_offload_profile(module, client, profile, new_cert_id, new_cert_chain_id)
            else:
                module.exit_json(data=profile.get('id'))
    elif state == 'absent':
        if not profile:
            module.exit_json(msg='The SSL Profile was not found. Nothing to remove.')
        # Implement Check Mode
        if module.check_mode:
            module.exit_json(msg='The SSL Offload Profile with ID {0} will be deleted'.format(profile.get('id')))
        delete_ssl_profile(module, client, network_domain_id, profile.get('id'), cert, cert_chain)