maxhoesel / maxhoesel.smallstep / 0.2.1 / module / ca_claims Manage default or provisioner claims on a step-ca server | "added in version" 2.10.0 of maxhoesel.smallstep" Authors: Max Hösel (@maxhoesel)maxhoesel.smallstep.ca_claims (0.2.1) — module
Install with ansible-galaxy collection install maxhoesel.smallstep:==0.2.1
collections: - name: maxhoesel.smallstep version: 0.2.1
This module can add, update or remove claims (such as certificate duration) on a step-ca server. You can either modify the claims of an individual provisioner, or change the default claims.
- name: Change the TLS cert duration of a provisioner maxhoesel.smallstep.ca_claims: name: webtokens-1 type: JWK min_tls_cert_duration: 24h max_tls_cert_duration: 720h default_tls_cert_duration: 168h
- name: Change default (global) claims maxhoesel.smallstep.ca_claims: scope: global min_tls_cert_duration: 24h max_tls_cert_duration: 720h default_tls_cert_duration: 168h
- name: Overwrite the claims of a provisioner with the given parameters maxhoesel.smallstep.ca_claims: name: webtokens-1 type: JWK exclusive: yes min_tls_cert_duration: 24h max_tls_cert_duration: 720h default_tls_cert_duration: 168h
name: description: 'The name of the provisioner to modify. If multiple provisioners have the same name, all provisioners will be modified unless I(type) is set. Conflicts with I(scope=global) ' type: choices: - JWK - OIDC - AWS - GCP - Azure - ACME - X5C - K8sSA - SSHPOP description: Modify the provisioner with the name I(provisioner) that has this type. Has no effect if I(scope=global). Case-sensitive scope: choices: - global - provisioner default: provisioner description: The scope for which the claims should be modified (either global defaults or a specific provisioner). ca_config: default: ~/.step/config/ca.json description: The path to the certificate authority configuration file. Defaults to the C(step) default of C($STEPPATH/config/ca.json). exclusive: default: false description: Replace all existing claims for the selected scope with the ones defined in the module parameters. type: bool enable_SSHCA: description: Enable this provisioner to generate SSH Certificates. type: bool disable_renewal: description: Disable renewals with this provisioner. type: bool max_host_ssh_duration: description: Do not allow certificates with a duration greater than this value. max_tls_cert_duration: description: Do not allow certificates with a duration greater than this value. max_user_ssh_duration: description: Do not allow certificates with a duration greater than this value. min_host_ssh_duration: description: Do not allow certificates with a duration less than this value. min_tls_cert_duration: description: Do not allow certificates with a duration less than this value. min_user_ssh_duration: description: Do not allow certificates with a duration less than this value. disable_issued_at_check: description: 'Disable a check verifying that provisioning tokens must be issued after the CA has booted. This claim is one prevention against token reuse. The default value is false. Do not change this unless you know what you are doing. ' default_host_ssh_duration: description: If no certificate validity period is specified, use this value. default_tls_cert_duration: description: If no certificate validity period is specified, use this value. default_user_ssh_duration: description: If no certificate validity period is specified, use this value.
claims: description: 'Dictionary contianing the claims of the selected scope. Dict of dict if multiple provisioners were selected, with the provisioners type as key ' returned: always type: dict