Document missing role parameters for controlling renewal behavior (#32)

Venafi · Oct 22, 2020 · eaa05c4 · eaa05c4
1 parent 0693813
commit eaa05c4
Showing 1 changed file with 20 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -98,24 +98,27 @@ For more information about Ansible Galaxy, go to https://galaxy.ansible.com/docs
 
    | Variable Name                            | Description                                                  |
    | ---------------------------------------- | ------------------------------------------------------------ |
-   | `credentials_file`                       | Name of the file containing Venafi credentials and connection settings<br/>Default: credentials.yml |
-   | `certificate_common_name`                | *Common Name* to request for the certificate.<br/>Default: "{{ ansible_fqdn }}" |
-   | `certificate_alt_name`                   | Comma separated list of *Subject Alternative Names* to request for the certificate.  Prefix each value with the SAN type (e.g. "DNS:host.company.com,IP:10.20.30.40,email:me@company.com") |                                                              |
-   | `certificate_privatekey_type`            | Key algorithm, "RSA" or "ECDSA"<br/>Default: "RSA" (from VCert) |
-   | `certificate_privatekey_size`            | Key size in bits for RSA keys<br/>Default: "2048" (from VCert) |
-   | `certificate_privatekey_curve`           | Elliptic Curve for ECDSA keys<br/>Default: "P251" (from VCert) |
+   | `credentials_file`                       | Name of the file containing Venafi credentials and connection settings<br/>Default: `credentials.yml` |
+   | `certificate_common_name`                | *Common Name* to request for the certificate.<br/>Default: `"{{ ansible_fqdn }}"` |
+   | `certificate_alt_name`                   | Comma separated list of *Subject Alternative Names* to request for the certificate.  Prefix each value with the SAN type.<br/>Example: `"DNS:host.example.com,IP:10.20.30.40,email:me@example.com"` |                                                              |
+   | `certificate_privatekey_type`            | Key algorithm, "RSA" or "ECDSA"<br/>Default: `"RSA"` (from VCert) |
+   | `certificate_privatekey_size`            | Key size in bits for RSA keys<br/>Default: `"2048"` (from VCert) |
+   | `certificate_privatekey_curve`           | Elliptic Curve for ECDSA keys<br/>Default: `"P251"` (from VCert) |
    | `certificate_privatekey_passphrase`      | Password to use for encrypting the private key |
-   | `certificate_chain_option`               | Specifies whether the root CA certificate appears "last" (default) or "first" in the chain file |
-   | `certificate_cert_dir`                   | Local parent directory where the cryptographic assets will be stored<br/>Default: "/etc/ssl/{{ certificate_common_name }}" |
-   | `certificate_cert_path`                  | Local directory where certificate files will be stored<br/>Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.pem" |
-   | `certificate_chain_path`                 | Local directory where certificate chain files will be stored<br/>Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.chain.pem" |
-   | `certificate_privatekey_path`            | Local directory where private key files will be stored<br/>Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.key" |
-   | `certificate_csr_path`                   | Local directory where certificate signing request files will be stored<br/>Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.csr" |
-   | `certificate_remote_execution`           | Specifies whether cryptographic assets will be generated remotely, or locally and then provisioned to the remote host<br/>Default: false |
-   | `certificate_remote_cert_path`           | Directory on remote host where certificate files will be stored<br/>Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.pem" |
-   | `certificate_remote_chain_path`          | Directory on remote host where certificate chain files will be stored<br/>Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.chain.pem" |
-   | `certificate_remote_privatekey_path`     | Directory on remote host where private key files will be stored<br/>Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.key" |
-   | `certificate_copy_private_key_to_remote` | Specifies whether to copy the private key file to the remote host<br/>Default: true |
+   | `certificate_chain_option`               | Specifies whether the root CA certificate appears `"last"` (default) or `"first"` in the chain file |
+   | `certificate_cert_dir`                   | Local parent directory where the cryptographic assets will be stored<br/>Default: `"/etc/ssl/{{ certificate_common_name }}"` |
+   | `certificate_cert_path`                  | Local directory where certificate files will be stored<br/>Default: `{{ certificate_cert_dir }}/{{ certificate_common_name }}.pem"` |
+   | `certificate_chain_path`                 | Local directory where certificate chain files will be stored<br/>Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.chain.pem"` |
+   | `certificate_privatekey_path`            | Local directory where private key files will be stored<br/>Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.key"` |
+   | `certificate_csr_path`                   | Local directory where certificate signing request files will be stored<br/>Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.csr"` |
+   | `certificate_remote_execution`           | Specifies whether cryptographic assets will be generated remotely, or locally and then provisioned to the remote host<br/>Default: `false` |
+   | `certificate_remote_cert_path`           | Directory on remote host where certificate files will be stored<br/>Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.pem"` |
+   | `certificate_remote_chain_path`          | Directory on remote host where certificate chain files will be stored<br/>Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.chain.pem"` |
+   | `certificate_remote_privatekey_path`     | Directory on remote host where private key files will be stored<br/>Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.key"` |
+   | `certificate_copy_private_key_to_remote` | Specifies whether to copy the private key file to the remote host<br/>Default: `true` |
+   | `certificate_before_expired_hours`       | Number of hours prior to the expiration of the certificate before it can be renewed<br/>Default: `72` |
+   | `certificate_renew`                      | Specifies whether to renew the certificate if it is within the "before_expired_hours" window when the playbook is run<br/>Default: `true` |
+   | `certificate_force`                      | Specifies whether to request a new certificate every time the playbook is run<br/>Default: `false` |
 
    Defaults are defined in the [defaults/main.yml](defaults/main.yml) file.