# flake8: noqa
# pylint: skip-file

DOCUMENTATION = '''
---
module: oadm_ca
short_description: Module to manage openshift certificate authority
description:
  - Wrapper around the openshift `oc adm ca` command.
options:
  state:
    description:
    - Present is the only supported state.  The state present means that `oc adm ca` will generate a certificate
    - When create-master-certs is desired then the following parameters are passed.
    - ['cert_dir', 'hostnames', 'master', 'public_master', 'overwrite', 'signer_name']
    - When create-key-pair is desired then the following parameters are passed.
    - ['private_key', 'public_key']
    - When create-server-cert is desired then the following parameters are passed.
    - ['cert', 'key', 'signer_cert', 'signer_key', 'signer_serial']
    required: false
    default: present
    choices: 
    - present
    aliases: []
  kubeconfig:
    description:
    - The path for the kubeconfig file to use for authentication
    required: false
    default: /etc/origin/master/admin.kubeconfig
    aliases: []
  debug:
    description:
    - Turn on debug output.
    required: false
    default: False
    aliases: []
  cmd:
    description:
    - The sub command given for `oc adm ca`
    required: false
    default: None
    choices:
    - create-master-certs
    - create-key-pair
    - create-server-cert
    aliases: []
  cert_dir:
    description:
    - The certificate data directory.
    required: false
    default: None
    aliases: []
  cert:
    description:
    - The certificate file. Choose a name that indicates what the service is.
    required: false
    default: None
    aliases: []
  key:
    description:
    - The key file. Choose a name that indicates what the service is.
    required: false
    default: None
    aliases: []
  overwrite:
    description:
    - Overwrite existing cert files if found.  If false, any existing file will be left as-is.
    required: false
    default: False
    aliases: []
  signer_cert:
    description:
    - The signer certificate file.
    required: false
    default: None
    aliases: []
  signer_key:
    description:
    - The signer key file.
    required: false
    default: None
    aliases: []
  signer_serial:
    description:
    - The signer serial file.
    required: false
    default: None
    aliases: []
  public_key:
    description:
    - The public key file used with create-key-pair
    required: false
    default: None
    aliases: []
  private_key:
    description:
    - The private key file used with create-key-pair
    required: false
    default: None
    aliases: []
    
  hostnames:
    description:
    - Every hostname or IP that server certs should be valid for (comma-delimited list)
    required: false
    default: None
    aliases: []
  master:
    description:
    - The API server's URL
    required: false
    default: None
    aliases: []
  public_master:
    description:
    - The API public facing server's URL (if applicable)
    required: false
    default: None
    aliases: []
  signer_name:
    description:
    - The name to use for the generated signer
    required: false
    default: None
    aliases: []
author:
- "Kenny Woodson <kwoodson@redhat.com>"
extends_documentation_fragment: []
'''

EXAMPLES = '''
- name: Create a self-signed cert
  oadm_ca:
    cmd: create-server-cert
    signer_cert: /etc/origin/master/ca.crt
    signer_key: /etc/origin/master/ca.key
    signer_serial: /etc/origin/master/ca.serial.txt
    hostnames: "registry.test.openshift.com,127.0.0.1,docker-registry.default.svc.cluster.local"
    cert: /etc/origin/master/registry.crt
    key: /etc/origin/master/registry.key
'''