Refactor openssl_csr module, add openssl_csr_pipe module #123
Conversation
|
My original request was focused on the use case of a dedicated CA machine that's responsible for signing certificates, so having a proper module is good, and this doesn't exclude localhost usage. I'm a bit confused about naming though: You're replacing |
To fully do this, the same refactoring/addition of new module needs also to be done for x509_certificate. Then this will be possible without having to write something to disk on the CA machine (this PR only saves you writing the CSR to disk somewhere).
The openssl_csr module is still there with the same functionality as before. The only difference is that there's now another module,
IMO it is a lot cleaner if all the file-specific options and return values aren't there when you don't need them. |
|
Oh, I see. I got confused by this part: That looked like you removed the file completely, but I guess it only appeared because you moved the documentation to doc_fragments. |
|
I also moved a lot of its code to module_utils, so its size reduced drastically. But it's still there, and due to the doc fragment and module_utils it still does the same as before. (Or should do, modulo bugs :) ) |
felixfontein
force-pushed
the
openssl_csr_pipe
branch
from
d09d2c2
to
9e19938
Compare
|
ready_for_review |
|
The last commit is needed because of ansible/ansible#72334. |
|
@MarkusTeufelberger is the helper in 86758a2 fine for you? Is there anything else you would like to be improved or changed? |
|
No, I love it. Thanks for all the work! /shipit |
|
@MarkusTeufelberger thanks a lot for reviewing this! :) |
SUMMARY
(Almost) same change to openssl_csr as done for #119. The main exception is that the result is not an action module, but a "real" module. This allows to run the modue also on remove machines.
Implements the openssl_csr part of ansible/ansible#63553.
(CC @onitake @dnmvisser who created/liked that issue.)
ISSUE TYPE
COMPONENT NAME
openssl_csr
openssl_csr_pipe