support openssl_crl much like openssl_certificate #53789
Comments
|
Files identified in the description: If these files are inaccurate, please update the |
ansibot
added
affects_2.8
|
!component =lib/ansible/modules/crypto/openssl_crl.py |
|
Files identified in the description: If these files are inaccurate, please update the |
ansibot
added
crypto
|
Are you interested in getting information on CRLs (or validate conditions on these), as your example shows, or also to generate / sign CRLs? |
|
primarily the former, but having both would be great as well. |
ansibot
added
support:core
ansibot
added
module
|
CRL is actually a must have module if we want to manage the complete chain by Ansible. I would like to see this implemented as well |
|
If you could be more specific and say what exactly you want such a module to do, that would help a lot. I've never needed CRLs, so in case I ever work on such a module, I would like to know what people want to use it for :) (Also, if someone wants to contribute such a module: feel free! I'm not sure whether I'll work on that anytime soon, or at all...) |
|
Well, to revoke the certificates and prevent users from being able to access the system. eg: a vpn system, the operator may want to add and remove users, and if the authentication works via pubkeys, the crl is the only way to remove users. |
|
So you want to be able to create / update CRLs? If yes, how? Or to verify CRLs? Check whether certificates appear in the CRL? |
|
To create and update |
|
in my case, obtain data from the crl (similar to a crt). e.g. lastupdate, nextupdate, issue, etc. |
felixfontein
added
the
waiting_on_contributor
ansibot
added
waiting_on_contributor
|
I started creating a WIP PR for a |
|
@gnowxilef @jackivanov since you explicitly asked for a |
|
@gnowxilef @jackivanov ping |
|
sorry about that, haven't had a chance to use it yet, but the code looks fine. |
|
@gnowxilef thanks for taking a look! Did you also look at the module interface? Does it provide what you need / think is needed? (For creating/updating CRLs, that is.) |
|
ah, the code looks to only create/update crls it seems? i would also like it to be able to retrieve information about the crl itself, such as nextupdate, lastupdate, digest, etc. |
|
Yes. Adding a |
|
can this be merged yet? |
|
@fawaf as soon as it gets a proper review. |
|
I began with a x509_crl_info module in #67539. |
|
That module is now also merged. During developing it, we decided to not add revocation query support to that module, but add another module |
ansibot
added
collection
|
Thank you very much for your interest in Ansible. Ansible has migrated much of the content into separate repositories to allow for more rapid, independent development. We are closing this issue/PR because this content has been moved to one or more collection repositories.
For further information, please see: |
sivel
removed
the
waiting_on_contributor
SUMMARY
support openssl_crl much like openssl_certificate
ISSUE TYPE
COMPONENT NAME
new module name: openssl_crl
ADDITIONAL INFORMATION
it would be used in very much the same way as the openssl_certificate module just that it would be specific for crl. crl has some attributes that a cert does not have (e.g. lastupdated, nextupdate, etc.)
The text was updated successfully, but these errors were encountered: