community.crypto.x509_crl_info (2.18.0) — filter

Install collection

Install with ansible-galaxy collection install community.crypto:==2.18.0

Add to requirements.yml

  collections:
    - name: community.crypto
      version: 2.18.0

Description

Provided a X.509 crl in PEM format, retrieve information.

This is a filter version of the M(community.crypto.x509_crl_info) module.

Requirements

• If O(name_encoding) is set to another value than V(ignore), the L(idna Python library,https://pypi.org/project/idna/) needs to be installed.

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Show the Organization Name of the CRL's subject
  ansible.builtin.debug:
    msg: >-
      {{
        (
          lookup('ansible.builtin.file', '/path/to/cert.pem')
          | community.crypto.x509_crl_info
        ).issuer.organizationName
      }}

Inputs

    
_input:
    description:
    - The content of the X.509 CRL in PEM format.
    required: true
    type: string

name_encoding:
    choices:
    - ignore
    - idna
    - unicode
    default: ignore
    description:
    - How to encode names (DNS names, URIs, email addresses) in return values.
    - V(ignore) will use the encoding returned by the backend.
    - V(idna) will convert all labels of domain names to IDNA encoding. IDNA2008 will
      be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.
    - V(unicode) will convert all labels of domain names to Unicode. IDNA2008 will be
      preferred, and IDNA2003 will be used if IDNA2008 decoding fails.
    - B(Note) that V(idna) and V(unicode) require the L(idna Python library,https://pypi.org/project/idna/)
      to be installed.
    type: str

list_revoked_certificates:
    default: true
    description:
    - If set to V(false), the list of revoked certificates is not included in the result.
    - This is useful when retrieving information on large CRL files. Enumerating all revoked
      certificates can take some time, including serializing the result as JSON, sending
      it to the Ansible controller, and decoding it again.
    type: bool
    version_added: 1.7.0
    version_added_collection: community.crypto

Outputs

_value:
  contains:
    digest:
      description: The signature algorithm used to sign the CRL.
      returned: success
      sample: sha256WithRSAEncryption
      type: str
    format:
      choices:
      - pem
      - der
      description:
      - Whether the CRL is in PEM format (V(pem)) or in DER format (V(der)).
      returned: success
      sample: pem
      type: str
    issuer:
      description:
      - The CRL's issuer.
      - Note that for repeated values, only the last one will be returned.
      - See O(name_encoding) for how IDNs are handled.
      returned: success
      sample:
        commonName: ca.example.com
        organizationName: Ansible
      type: dict
    issuer_ordered:
      description: The CRL's issuer as an ordered list of tuples.
      elements: list
      returned: success
      sample:
      - - organizationName
        - Ansible
      - - commonName: ca.example.com
      type: list
    last_update:
      description: The point in time from which this CRL can be trusted as ASN.1 TIME.
      returned: success
      sample: 20190413202428Z
      type: str
    next_update:
      description: The point in time from which a new CRL will be issued and the client
        has to check for it as ASN.1 TIME.
      returned: success
      sample: 20190413202428Z
      type: str
    revoked_certificates:
      contains:
        invalidity_date:
          description: 'The point in time it was known/suspected that the private
            key was compromised

            or that the certificate otherwise became invalid as ASN.1 TIME.

            '
          sample: 20190413202428Z
          type: str
        invalidity_date_critical:
          description: Whether the invalidity date extension is critical.
          sample: false
          type: bool
        issuer:
          description:
          - The certificate's issuer.
          - See O(name_encoding) for how IDNs are handled.
          elements: str
          sample:
          - DNS:ca.example.org
          type: list
        issuer_critical:
          description: Whether the certificate issuer extension is critical.
          sample: false
          type: bool
        reason:
          choices:
          - unspecified
          - key_compromise
          - ca_compromise
          - affiliation_changed
          - superseded
          - cessation_of_operation
          - certificate_hold
          - privilege_withdrawn
          - aa_compromise
          - remove_from_crl
          description:
          - The value for the revocation reason extension.
          sample: key_compromise
          type: str
        reason_critical:
          description: Whether the revocation reason extension is critical.
          sample: false
          type: bool
        revocation_date:
          description: The point in time the certificate was revoked as ASN.1 TIME.
          sample: 20190413202428Z
          type: str
        serial_number:
          description:
          - Serial number of the certificate.
          - This return value is an B(integer). If you need the serial numbers as
            a colon-separated hex string, such as C(11:22:33), you need to convert
            it to that form with P(community.crypto.to_serial#filter).
          sample: 1234
          type: int
      description: List of certificates to be revoked.
      elements: dict
      returned: success if O(list_revoked_certificates=true)
      type: list
  description:
  - Information on the CRL.
  type: dict

See also

• community.crypto.x509_crl_info
• community.crypto.to_serial (filter plugin)