forked from TerryHowe/ansible-modules-hashivault
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhashivault_pki_cert_revoke.py
executable file
·77 lines (64 loc) · 2.26 KB
/
hashivault_pki_cert_revoke.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#!/usr/bin/python
from ansible.module_utils.hashivault import hashivault_auth_client
from ansible.module_utils.hashivault import hashivault_argspec
from ansible.module_utils.hashivault import hashivault_init
from ansible.module_utils.hashivault import hashiwrapper
ANSIBLE_METADATA = {'status': ['preview'], 'supported_by': 'community', 'version': '1.1'}
DOCUMENTATION = r'''
---
module: hashivault_pki_cert_revoke
version_added: "4.5.0"
short_description: Hashicorp Vault PKI Revoke Certificate
description:
- This module revokes a certificate using its serial number.
- This is an alternative option to the standard method of revoking using Vault lease IDs.
- A successful revocation will rotate the CRL.
options:
serial:
recuired: true
description:
- Specifies the serial number of the certificate to revoke, in hyphen-separated or colon-separated octal.
mount_point:
default: pki
description:
- location where secrets engine is mounted. also known as path
extends_documentation_fragment:
- hashivault
'''
EXAMPLES = r'''
---
- hosts: localhost
tasks:
- hashivault_pki_cert_revoke:
role: 'tester'
common_name: 'test.example.com'
register: cert
- debug: msg="{{ cert }}"
'''
def main():
argspec = hashivault_argspec()
argspec['serial'] = dict(required=True, type='str')
argspec['mount_point'] = dict(required=False, type='str', default='pki')
module = hashivault_init(argspec)
result = hashivault_pki_cert_revoke(module)
if result.get('failed'):
module.fail_json(**result)
else:
module.exit_json(**result)
@hashiwrapper
def hashivault_pki_cert_revoke(module):
params = module.params
client = hashivault_auth_client(params)
serial = params.get('serial')
mount_point = params.get('mount_point').strip('/')
result = {"changed": False, "rc": 0}
try:
result['data'] = client.secrets.pki.revoke_certificate(serial_number=serial,
mount_point=mount_point).get('data')
except Exception as e:
result['rc'] = 1
result['failed'] = True
result['msg'] = u"Exception: " + str(e)
return result
if __name__ == '__main__':
main()