def main():
"""
Main function
:returns: SSL Certificate Information
"""
module = AnsibleModule(argument_spec=dict(
auth=dict(type='dict'),
region=dict(default='na', type='str'),
datacenter=dict(required=True, type='str'),
network_domain=dict(required=True, type='str'),
id=dict(required=False, default=None, type='str'),
name=dict(required=False, default=None, type='str'),
description=dict(required=False, default=None, type='str'),
type=dict(required=False,
default='certificate',
choices=['certificate', 'chain']),
path=dict(required=False, default=None, type='str'),
key_path=dict(required=False, default=None, type='str'),
state=dict(default='present', choices=['present', 'absent'])),
supports_check_mode=True)
try:
credentials = get_credentials(module)
except ImportError as e:
module.fail_json(msg='{0}'.format(e))
network_domain_name = module.params.get('network_domain')
datacenter = module.params.get('datacenter')
state = module.params.get('state')
cert = None
associated_ssl_profiles = []
# Check Imports
if not HAS_OPENSSL:
module.fail_json(msg='Missing Python module: pyOpenSSL')
# Check the region supplied is valid
regions = get_regions()
if module.params.get('region') not in regions:
module.fail_json(
msg='Invalid region. Regions must be one of {0}'.format(regions))
if credentials is False:
module.fail_json(msg='Error: Could not load the user credentials')
try:
client = NTTMCPClient(credentials, module.params.get('region'))
except NTTMCPAPIException as e:
module.fail_json(msg=e.msg)
# Get the CND
try:
network = client.get_network_domain_by_name(name=network_domain_name,
datacenter=datacenter)
network_domain_id = network.get('id')
except (KeyError, IndexError, AttributeError, NTTMCPAPIException):
module.fail_json(msg='Could not find the Cloud Network Domain: {0}'.
format(network_domain_name))
# Check if the SSL certificate already exists
try:
if module.params.get('id'):
if module.params.get('type') == 'certificate':
cert = client.get_vip_ssl('sslDomainCertificate',
module.params.get('id'))
elif module.params.get('type') == 'chain':
cert = client.get_vip_ssl('sslCertificateChain',
module.params.get('id'))
else:
if module.params.get('type') == 'certificate':
certs = client.list_vip_ssl(
network_domain_id=network_domain_id,
name=module.params.get('name'),
ssl_type='sslDomainCertificate')
elif module.params.get('type') == 'chain':
certs = client.list_vip_ssl(
network_domain_id=network_domain_id,
name=module.params.get('name'),
ssl_type='sslCertificateChain')
if len(certs) == 1:
cert = certs[0]
except (KeyError, IndexError, AttributeError, NTTMCPAPIException) as exc:
module.fail_json(
msg=
'Could not get a list of existing SSL certificates/chains to check against - {0}'
.format(exc))
# Check if the cert is associated with any SSL Offload profiles. SSL certs cannot be updated or removed while still associated with an Offload Profile
try:
ssl_profiles = client.list_vip_ssl(
network_domain_id=network_domain_id,
ssl_type='sslOffloadProfile')
associated_ssl_profiles = is_used(module.params.get('type'),
module.params.get('name'),
ssl_profiles)
if associated_ssl_profiles:
module.fail_json(
msg=
'Cannot operate on the SSL {0} {1} as it is still associated with the following'
'SSL Offload profiles: {2}'.format(
module.params.get('type'), module.params.get('name'),
associated_ssl_profiles))
except (KeyError, IndexError, AttributeError,
NTTMCPAPIException) as exc:
module.fail_json(
msg=
'Failed getting a list of SSL Offload Profiles to check against - {0}'
.format(exc))
if state == 'present':
if not cert:
# Implement Check Mode
if module.check_mode:
module.exit_json(
msg='The new SSL certificate will be imported')
import_ssl_cert(module, client, network_domain_id)
else:
# Implement Check Mode
if module.check_mode:
module.exit_json(
msg=
'An SSL certificate already exists, the old certificate will be removed and the new one imported'
)
delete_ssl_cert(module, client, cert.get('id'))
import_ssl_cert(module, client, network_domain_id)
elif state == 'absent':
if not cert:
module.exit_json(
msg=
'The SSL certificate/chain was not found. Nothing to remove.')
# Implement Check Mode
if module.check_mode:
module.exit_json(
msg='The SSL certificate with ID {0} will be removed'.format(
cert.get('id')))
delete_ssl_cert(module, client, cert.get('id'))
module.exit_json(
changed=True,
msg='The SSL certificate/chain was successfully removed.')
def main():
"""
Main function
:returns: SSL Profile Information
"""
module = AnsibleModule(
argument_spec=dict(
auth=dict(type='dict'),
region=dict(default='na', type='str'),
datacenter=dict(required=True, type='str'),
network_domain=dict(required=True, type='str'),
id=dict(required=False, default=None, type='str'),
name=dict(required=False, default=None, type='str'),
description=dict(required=False, default=None, type='str'),
chain=dict(required=False, default=None, type='dict'),
certificate=dict(required=False, default=None, type='dict'),
new_name=dict(required=False, default=None, type='str'),
ciphers=dict(required=False, default=None, type='str'),
state=dict(default='present', choices=['present', 'absent'])
),
supports_check_mode=True
)
try:
credentials = get_credentials(module)
except ImportError as e:
module.fail_json(msg='{0}'.format(e))
network_domain_name = module.params.get('network_domain')
datacenter = module.params.get('datacenter')
state = module.params.get('state')
name = module.params.get('name')
profile = cert = new_cert = cert_chain = new_cert_chain = None
# Check Imports
if not HAS_OPENSSL:
module.fail_json(msg='Missing Python module: pyOpenSSL')
# Check the region supplied is valid
regions = get_regions()
if module.params.get('region') not in regions:
module.fail_json(msg='Invalid region. Regions must be one of {0}'.format(regions))
if credentials is False:
module.fail_json(msg='Error: Could not load the user credentials')
try:
client = NTTMCPClient(credentials, module.params.get('region'))
except NTTMCPAPIException as e:
module.fail_json(msg=e.msg)
# Get the CND
try:
network = client.get_network_domain_by_name(name=network_domain_name, datacenter=datacenter)
network_domain_id = network.get('id')
except (KeyError, IndexError, AttributeError, NTTMCPAPIException):
module.fail_json(msg='Could not find the Cloud Network Domain: {0}'.format(network_domain_name))
# Verify SSL certificate and certificate chain schema
if state == 'present':
verify_cert_schema(module, client, network_domain_id)
verify_cert_chain_schema(module, client, network_domain_id)
# Check if the SSL certificate and chain already exist
try:
certs = client.list_vip_ssl(network_domain_id=network_domain_id, ssl_type='sslDomainCertificate',
name=module.params.get('certificate').get('name'))
if len(certs) == 1:
new_cert = certs[0]
new_cert_id = new_cert.get('id')
except (KeyError, IndexError, AttributeError, NTTMCPAPIException) as exc:
module.fail_json(msg='Failed to get a list of current SSL certificates: {0}'.format(exc))
try:
cert_chains = client.list_vip_ssl(network_domain_id=network_domain_id, ssl_type='sslCertificateChain',
name=module.params.get('chain').get('name'))
if len(cert_chains) == 1:
new_cert_chain = cert_chains[0]
new_cert_chain_id = new_cert_chain.get('id')
except (KeyError, IndexError, AttributeError, NTTMCPAPIException) as exc:
module.fail_json(msg='Failed to get a list of current SSL certificate chains: {0}'.format(exc))
# Check if the SSL Profile already exists
if name:
try:
profiles = client.list_vip_ssl(network_domain_id=network_domain_id, ssl_type='sslOffloadProfile', name=name)
if len(profiles) == 1:
if profiles[0].get('name'):
profile = profiles[0]
cert = client.get_vip_ssl(ssl_type='sslDomainCertificate',
ssl_id=profiles[0].get('sslDomainCertificate').get('id'))
cert_chain = client.get_vip_ssl(ssl_type='sslCertificateChain',
ssl_id=profiles[0].get('sslCertificateChain').get('id'))
except (KeyError, IndexError, AttributeError, NTTMCPAPIException) as exc:
module.fail_json(msg='Failed getting a list of SSL Offload Profiles to check against - {0}'.format(exc))
if state == 'present':
# Implement Check Mode
if module.check_mode and not profile:
module.exit_json(msg='A new SSL Offload Profile will be created')
# Handle new certificates and certificate chains first
if not new_cert:
new_cert_id = import_ssl_cert(module, client, network_domain_id)
if not new_cert_chain:
new_cert_chain_id = import_ssl_cert_chain(module, client, network_domain_id)
if not profile:
create_ssl_offload_profile(module, client, network_domain_id, new_cert_id, new_cert_chain_id)
else:
if compare_ssl_profile(module, profile):
update_ssl_offload_profile(module, client, profile, new_cert_id, new_cert_chain_id)
else:
module.exit_json(data=profile.get('id'))
elif state == 'absent':
if not profile:
module.exit_json(msg='The SSL Profile was not found. Nothing to remove.')
# Implement Check Mode
if module.check_mode:
module.exit_json(msg='The SSL Offload Profile with ID {0} will be deleted'.format(profile.get('id')))
delete_ssl_profile(module, client, network_domain_id, profile.get('id'), cert, cert_chain)