diff --git a/README.md b/README.md index cab58871..0f00cde2 100644 --- a/README.md +++ b/README.md @@ -4,17 +4,14 @@ Provides modules for [Ansible](https://www.ansible.com/community) for various cryptographic operations. - - ## Tested with Ansible -Tested with both the current Ansible 2.9 release and the current development version of Ansible. - - +Tested with both the current Ansible 2.9 and 2.10 releases and the current development version of Ansible. Ansible versions before 2.9.10 are not supported. ## External requirements The exact requirements for every module are listed in the module documentation. + Most modules require a recent enough version of [the Python cryptography library](https://pypi.org/project/cryptography/). See the module documentations for the minimal version supported for each module. ## Included content @@ -51,7 +48,16 @@ Most modules require a recent enough version of [the Python cryptography library ## Using this collection - +Before using the crypto community collection, you need to install the collection with the `ansible-galaxy` CLI: + + ansible-galaxy collection install community.crypto + +You can also include it in a `requirements.yml` file and install it via `ansible-galaxy collection install -r requirements.yml` using the format: + +```yaml +collections: +- name: community.crypto +``` See [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html) for more details. @@ -64,20 +70,28 @@ We're following the general Ansible contributor guidelines; see [Ansible Communi If you want to clone this repositority (or a fork of it) to improve it, you can proceed as follows: 1. Create a directory `ansible_collections/community`; 2. In there, checkout this repository (or a fork) as `crypto`; -3. Add the directory containing `ansible_collections` to your [ANSIBLE_COLLECTIONS_PATHS](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#collections-paths). +3. Add the directory containing `ansible_collections` to your [ANSIBLE_COLLECTIONS_PATH](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#collections-paths). + +See [Ansible's dev guide](https://docs.ansible.com/ansible/devel/dev_guide/developing_collections.html#contributing-to-collections) for more information. ## Release notes - +See the [changelog](https://github.com/ansible-collections/community.crypto/blob/master/CHANGELOG.rst). ## Roadmap - +We plan to regularly release minor and patch versions, whenever new features are added or bugs fixed. Our collection follows [semantic versioning](https://semver.org/), so breaking changes will only happen in major releases. + +Most modules will drop PyOpenSSL support in version 2.0.0 of the collection, i.e. in the next major version. We currently plan to release 2.0.0 somewhen during 2021. Around then, the supported versions of the most common distributions will contain a new enough version of ``cryptography``. + +Once 2.0.0 has been released, bugfixes will still be backported to 1.0.0 for some time, and some features might also be backported. If we do not want to backport something ourselves because we think it is not worth the effort, backport PRs by non-maintainers are usually accepted. + +In 2.0.0, the following notable features will be removed: +* PyOpenSSL backends of all modules, except ``openssl_pkcs12`` which does not have a ``cryptography`` backend due to lack of support of PKCS#12 functionality in ``cryptography``. +* The ``assertonly`` provider of ``x509_certificate`` will be removed. ## More information - - - [Ansible Collection overview](https://github.com/ansible-collections/overview) - [Ansible User guide](https://docs.ansible.com/ansible/latest/user_guide/index.html) - [Ansible Developer guide](https://docs.ansible.com/ansible/latest/dev_guide/index.html) diff --git a/changelogs/config.yaml b/changelogs/config.yaml index 22f7aa51..fb55db1d 100644 --- a/changelogs/config.yaml +++ b/changelogs/config.yaml @@ -1,5 +1,10 @@ +changelog_filename_template: ../CHANGELOG.rst +changelog_filename_version_depth: 0 changes_file: changelog.yaml changes_format: combined +keep_fragments: false +mention_ancestor: true +new_plugins_after_name: removed_features notesdir: fragments prelude_section_name: release_summary prelude_section_title: Release Summary @@ -20,3 +25,4 @@ sections: - Bugfixes - - known_issues - Known Issues +title: Community Crypto diff --git a/galaxy.yml b/galaxy.yml index 928ad7b7..aa1b15b1 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,6 +1,6 @@ namespace: community name: crypto -version: 0.1.0 +version: 1.0.0 readme: README.md authors: - Ansible (github.com/ansible) @@ -14,14 +14,14 @@ tags: - cryptography - csr - dhparam - - Entrust - - Let's Encrypt + - entrust + - letsencrypt - luks - openssl - openssh - pkcs12 repository: https://github.com/ansible-collections/community.crypto -documentation: https://github.com/ansible-collection-migration/community.crypto/tree/master/docs +#documentation: https://github.com/ansible-collection-migration/community.crypto/tree/master/docs homepage: https://github.com/ansible-collections/community.crypto issues: https://github.com/ansible-collections/community.crypto/issues build_ignore: diff --git a/meta/runtime.yml b/meta/runtime.yml index d529db03..8e55cf6d 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,3 +1,5 @@ +requires_ansible: '>=2.9.10' + action_groups: acme: - acme_inspect diff --git a/plugins/module_utils/acme.py b/plugins/module_utils/acme.py index 542e873c..0c13ee65 100644 --- a/plugins/module_utils/acme.py +++ b/plugins/module_utils/acme.py @@ -1013,11 +1013,13 @@ def handle_standard_module_arguments(module, needs_acme_v2=False): if module.params['acme_version'] is None: module.params['acme_version'] = 1 - module.deprecate("The option 'acme_version' will be required from Ansible 2.14 on", version='2.14') + module.deprecate("The option 'acme_version' will be required from community.crypto 2.0.0 on", + version='2.0.0', collection_name='community.crypto') if module.params['acme_directory'] is None: module.params['acme_directory'] = 'https://acme-staging.api.letsencrypt.org/directory' - module.deprecate("The option 'acme_directory' will be required from Ansible 2.14 on", version='2.14') + module.deprecate("The option 'acme_directory' will be required from community.crypto 2.0.0 on", + version='2.0.0', collection_name='community.crypto') if needs_acme_v2 and module.params['acme_version'] < 2: module.fail_json(msg='The {0} module requires the ACME v2 protocol!'.format(module._name)) diff --git a/plugins/modules/acme_account_info.py b/plugins/modules/acme_account_info.py index f547d509..7f7cad19 100644 --- a/plugins/modules/acme_account_info.py +++ b/plugins/modules/acme_account_info.py @@ -256,7 +256,8 @@ def main(): supports_check_mode=True, ) if module._name in ('acme_account_facts', 'community.crypto.acme_account_facts'): - module.deprecate("The 'acme_account_facts' module has been renamed to 'acme_account_info'", version='2.12') + module.deprecate("The 'acme_account_facts' module has been renamed to 'acme_account_info'", + version='2.0.0', collection_name='community.crypto') handle_standard_module_arguments(module, needs_acme_v2=True) try: diff --git a/plugins/modules/get_certificate.py b/plugins/modules/get_certificate.py index dd3a2bb0..4ea452fd 100644 --- a/plugins/modules/get_certificate.py +++ b/plugins/modules/get_certificate.py @@ -14,10 +14,10 @@ author: "John Westcott IV (@john-westcott-iv)" short_description: Get a certificate from a host:port description: - Makes a secure connection and returns information about the presented certificate - - The module can use the cryptography Python library, or the pyOpenSSL Python + - "The module can use the cryptography Python library, or the pyOpenSSL Python library. By default, it tries to detect which one is available. This can be overridden with the I(select_crypto_backend) option. Please note that the PyOpenSSL - backend was deprecated in Ansible 2.9 and will be removed in Ansible 2.13." + backend was deprecated in Ansible 2.9 and will be removed in community.crypto 2.0.0." options: host: description: @@ -245,7 +245,8 @@ def main(): if not PYOPENSSL_FOUND: module.fail_json(msg=missing_required_lib('pyOpenSSL >= {0}'.format(MINIMAL_PYOPENSSL_VERSION)), exception=PYOPENSSL_IMP_ERR) - module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', version='2.13') + module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', + version='2.0.0', collection_name='community.crypto') elif backend == 'cryptography': if not CRYPTOGRAPHY_FOUND: module.fail_json(msg=missing_required_lib('cryptography >= {0}'.format(MINIMAL_CRYPTOGRAPHY_VERSION)), diff --git a/plugins/modules/openssl_csr.py b/plugins/modules/openssl_csr.py index 582d6579..fb205c0f 100644 --- a/plugins/modules/openssl_csr.py +++ b/plugins/modules/openssl_csr.py @@ -20,10 +20,10 @@ description: - "Please note that the module regenerates existing CSR if it doesn't match the module's options, or if it seems to be corrupt. If you are concerned that this could overwrite your existing CSR, consider using the I(backup) option." - - The module can use the cryptography Python library, or the pyOpenSSL Python + - "The module can use the cryptography Python library, or the pyOpenSSL Python library. By default, it tries to detect which one is available. This can be overridden with the I(select_crypto_backend) option. Please note that the - PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in Ansible 2.13." + PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in community.crypto 2.0.0." requirements: - Either cryptography >= 1.3 - Or pyOpenSSL >= 0.15 @@ -196,7 +196,7 @@ options: - The default choice is C(auto), which tries to use C(cryptography) if available, and falls back to C(pyopenssl). - If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library. - If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library. - - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in Ansible 2.13. + - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in community.crypto 2.0.0. From that point on, only the C(cryptography) backend will be available. type: str default: auto @@ -1100,8 +1100,9 @@ def main(): ) if module.params['version'] != 1: - module.deprecate('The version option will only support allowed values from Ansible 2.14 on. ' - 'Currently, only the value 1 is allowed by RFC 2986', version='2.14') + module.deprecate('The version option will only support allowed values from community.crypto 2.0.0 on. ' + 'Currently, only the value 1 is allowed by RFC 2986', + version='2.0.0', collection_name='community.crypto') base_dir = os.path.dirname(module.params['path']) or '.' if not os.path.isdir(base_dir): @@ -1135,7 +1136,8 @@ def main(): except AttributeError: module.fail_json(msg='You need to have PyOpenSSL>=0.15 to generate CSRs') - module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', version='2.13') + module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', + version='2.0.0', collection_name='community.crypto') csr = CertificateSigningRequestPyOpenSSL(module) elif backend == 'cryptography': if not CRYPTOGRAPHY_FOUND: diff --git a/plugins/modules/openssl_csr_info.py b/plugins/modules/openssl_csr_info.py index 759985a6..b136ab58 100644 --- a/plugins/modules/openssl_csr_info.py +++ b/plugins/modules/openssl_csr_info.py @@ -21,7 +21,7 @@ description: cryptography and PyOpenSSL libraries are available (and meet the minimum version requirements) cryptography will be preferred as a backend over PyOpenSSL (unless the backend is forced with C(select_crypto_backend)). Please note that the PyOpenSSL backend was deprecated in Ansible 2.9 - and will be removed in Ansible 2.13. + and will be removed in community.crypto 2.0.0. requirements: - PyOpenSSL >= 0.15 or cryptography >= 1.3 author: @@ -45,7 +45,7 @@ options: - The default choice is C(auto), which tries to use C(cryptography) if available, and falls back to C(pyopenssl). - If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library. - If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library. - - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in Ansible 2.13. + - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in community.crypto 2.0.0. From that point on, only the C(cryptography) backend will be available. type: str default: auto @@ -651,7 +651,8 @@ def main(): except AttributeError: module.fail_json(msg='You need to have PyOpenSSL>=0.15') - module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', version='2.13') + module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', + version='2.0.0', collection_name='community.crypto') certificate = CertificateSigningRequestInfoPyOpenSSL(module) elif backend == 'cryptography': if not CRYPTOGRAPHY_FOUND: diff --git a/plugins/modules/openssl_privatekey.py b/plugins/modules/openssl_privatekey.py index 95419ca6..47e3afd0 100644 --- a/plugins/modules/openssl_privatekey.py +++ b/plugins/modules/openssl_privatekey.py @@ -24,7 +24,7 @@ description: (or specify none), change the keysize, etc., the private key will be regenerated. If you are concerned that this could **overwrite your private key**, consider using the I(backup) option." - - The module can use the cryptography Python library, or the pyOpenSSL Python + - "The module can use the cryptography Python library, or the pyOpenSSL Python library. By default, it tries to detect which one is available. This can be overridden with the I(select_crypto_backend) option. Please note that the PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in Ansible 2.13." @@ -110,7 +110,7 @@ options: - The default choice is C(auto), which tries to use C(cryptography) if available, and falls back to C(pyopenssl). - If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library. - If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library. - - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in Ansible 2.13. + - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in community.crypto 2.0.0. From that point on, only the C(cryptography) backend will be available. type: str default: auto @@ -917,7 +917,8 @@ def main(): if not PYOPENSSL_FOUND: module.fail_json(msg=missing_required_lib('pyOpenSSL >= {0}'.format(MINIMAL_PYOPENSSL_VERSION)), exception=PYOPENSSL_IMP_ERR) - module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', version='2.13') + module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', + version='2.0.0', collection_name='community.crypto') private_key = PrivateKeyPyOpenSSL(module) elif backend == 'cryptography': if not CRYPTOGRAPHY_FOUND: diff --git a/plugins/modules/openssl_privatekey_info.py b/plugins/modules/openssl_privatekey_info.py index 72d69527..f59be86b 100644 --- a/plugins/modules/openssl_privatekey_info.py +++ b/plugins/modules/openssl_privatekey_info.py @@ -23,7 +23,7 @@ description: cryptography and PyOpenSSL libraries are available (and meet the minimum version requirements) cryptography will be preferred as a backend over PyOpenSSL (unless the backend is forced with C(select_crypto_backend)). Please note that the PyOpenSSL backend was deprecated in Ansible 2.9 - and will be removed in Ansible 2.13. + and will be removed in community.crypto 2.0.0. requirements: - PyOpenSSL >= 0.15 or cryptography >= 1.2.3 author: @@ -59,7 +59,7 @@ options: - The default choice is C(auto), which tries to use C(cryptography) if available, and falls back to C(pyopenssl). - If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library. - If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library. - - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in Ansible 2.13. + - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in community.crypto 2.0.0. From that point on, only the C(cryptography) backend will be available. type: str default: auto @@ -629,7 +629,8 @@ def main(): if not PYOPENSSL_FOUND: module.fail_json(msg=missing_required_lib('pyOpenSSL >= {0}'.format(MINIMAL_PYOPENSSL_VERSION)), exception=PYOPENSSL_IMP_ERR) - module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', version='2.13') + module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', + version='2.0.0', collection_name='community.crypto') privatekey = PrivateKeyInfoPyOpenSSL(module) elif backend == 'cryptography': if not CRYPTOGRAPHY_FOUND: diff --git a/plugins/modules/openssl_publickey.py b/plugins/modules/openssl_publickey.py index ee2a1b29..b3c5568b 100644 --- a/plugins/modules/openssl_publickey.py +++ b/plugins/modules/openssl_publickey.py @@ -15,11 +15,11 @@ short_description: Generate an OpenSSL public key from its private key. description: - This module allows one to (re)generate OpenSSL public keys from their private keys. - Keys are generated in PEM or OpenSSH format. - - The module can use the cryptography Python library, or the pyOpenSSL Python + - "The module can use the cryptography Python library, or the pyOpenSSL Python library. By default, it tries to detect which one is available. This can be overridden with the I(select_crypto_backend) option. When I(format) is C(OpenSSH), the C(cryptography) backend has to be used. Please note that the PyOpenSSL backend - was deprecated in Ansible 2.9 and will be removed in Ansible 2.13." + was deprecated in Ansible 2.9 and will be removed in community.crypto 2.0.0." requirements: - Either cryptography >= 1.2.3 (older versions might work as well) - Or pyOpenSSL >= 16.0.0 @@ -445,7 +445,8 @@ def main(): if not PYOPENSSL_FOUND: module.fail_json(msg=missing_required_lib('pyOpenSSL >= {0}'.format(MINIMAL_PYOPENSSL_VERSION)), exception=PYOPENSSL_IMP_ERR) - module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', version='2.13') + module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', + version='2.0.0', collection_name='community.crypto') elif backend == 'cryptography': if not CRYPTOGRAPHY_FOUND: module.fail_json(msg=missing_required_lib('cryptography >= {0}'.format(minimal_cryptography_version)), diff --git a/plugins/modules/x509_certificate.py b/plugins/modules/x509_certificate.py index d760eb2c..37e96de2 100644 --- a/plugins/modules/x509_certificate.py +++ b/plugins/modules/x509_certificate.py @@ -19,7 +19,7 @@ description: for your certificate. - The C(assertonly) provider is intended for use cases where one is only interested in checking properties of a supplied certificate. Please note that this provider has been - deprecated in Ansible 2.9 and will be removed in Ansible 2.13. See the examples on how + deprecated in Ansible 2.9 and will be removed in community.crypto 2.0.0. See the examples on how to emulate C(assertonly) usage with M(community.crypto.x509_certificate_info), M(community.crypto.openssl_csr_info), M(community.crypto.openssl_privatekey_info) and M(ansible.builtin.assert). This also allows more flexible checks than @@ -35,7 +35,7 @@ description: - It uses the pyOpenSSL or cryptography python library to interact with OpenSSL. - If both the cryptography and PyOpenSSL libraries are available (and meet the minimum version requirements) cryptography will be preferred as a backend over PyOpenSSL (unless the backend is forced with C(select_crypto_backend)). - Please note that the PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in Ansible 2.13. + Please note that the PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in community.crypto 2.0.0. - Note that this module was called C(openssl_certificate) when included directly in Ansible up to version 2.9. When moved to the collection C(community.crypto), it was renamed to M(community.crypto.x509_certificate). From Ansible 2.10 on, it can still be used by the @@ -68,7 +68,7 @@ options: description: - Name of the provider to use to generate/retrieve the OpenSSL certificate. - The C(assertonly) provider will not generate files and fail if the certificate file is missing. - - The C(assertonly) provider has been deprecated in Ansible 2.9 and will be removed in Ansible 2.13. + - The C(assertonly) provider has been deprecated in Ansible 2.9 and will be removed in community.crypto 2.0.0. Please see the examples on how to emulate it with M(community.crypto.x509_certificate_info), M(community.crypto.openssl_csr_info), M(community.crypto.openssl_privatekey_info) and M(ansible.builtin.assert). @@ -307,7 +307,7 @@ options: - A list of algorithms that you would accept the certificate to be signed with (e.g. ['sha256WithRSAEncryption', 'sha512WithRSAEncryption']). - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: list elements: str @@ -317,7 +317,7 @@ options: - The key/value pairs that must be present in the issuer name field of the certificate. - If you need to specify more than one value with the same key, use a list as value. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: dict @@ -325,7 +325,7 @@ options: description: - If set to C(yes), the I(issuer) field must contain only these values. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: bool default: no @@ -335,7 +335,7 @@ options: - The key/value pairs that must be present in the subject name field of the certificate. - If you need to specify more than one value with the same key, use a list as value. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: dict @@ -343,7 +343,7 @@ options: description: - If set to C(yes), the I(subject) field must contain only these values. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: bool default: no @@ -352,7 +352,7 @@ options: description: - Checks if the certificate is expired/not expired at the time the module is executed. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: bool default: no @@ -362,7 +362,7 @@ options: - The version of the certificate. - Nowadays it should almost always be 3. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: int @@ -371,7 +371,7 @@ options: - The certificate must be valid at this point in time. - The timestamp is formatted as an ASN.1 TIME. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: str @@ -380,7 +380,7 @@ options: - The certificate must be invalid at this point in time. - The timestamp is formatted as an ASN.1 TIME. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: str @@ -389,7 +389,7 @@ options: - The certificate must start to become valid at this point in time. - The timestamp is formatted as an ASN.1 TIME. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: str aliases: [ notBefore ] @@ -399,7 +399,7 @@ options: - The certificate must expire at this point in time. - The timestamp is formatted as an ASN.1 TIME. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: str aliases: [ notAfter ] @@ -411,7 +411,7 @@ options: + C([w | d | h | m | s]) (e.g. C(+32w1d2h). - Note that if using this parameter, this module is NOT idempotent. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: str @@ -419,7 +419,7 @@ options: description: - The I(key_usage) extension field must contain all these values. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: list elements: str @@ -429,7 +429,7 @@ options: description: - If set to C(yes), the I(key_usage) extension field must contain only these values. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: bool default: no @@ -439,7 +439,7 @@ options: description: - The I(extended_key_usage) extension field must contain all these values. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: list elements: str @@ -449,7 +449,7 @@ options: description: - If set to C(yes), the I(extended_key_usage) extension field must contain only these values. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: bool default: no @@ -459,7 +459,7 @@ options: description: - The I(subject_alt_name) extension field must contain these values. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: list elements: str @@ -469,7 +469,7 @@ options: description: - If set to C(yes), the I(subject_alt_name) extension field must contain only these values. - This is only used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: bool default: no @@ -481,7 +481,7 @@ options: - The default choice is C(auto), which tries to use C(cryptography) if available, and falls back to C(pyopenssl). - If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library. - If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library. - - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in Ansible 2.13. + - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in community.crypto 2.0.0. From that point on, only the C(cryptography) backend will be available. type: str default: auto @@ -492,7 +492,7 @@ options: - Create a backup file including a timestamp so you can get the original certificate back if you overwrote it with a new one by accident. - This is not used by the C(assertonly) provider. - - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in Ansible 2.13. + - This option is deprecated since Ansible 2.9 and will be removed with the C(assertonly) provider in community.crypto 2.0.0. For alternatives, see the example on replacing C(assertonly). type: bool default: no @@ -2557,24 +2557,30 @@ def main(): privatekey_passphrase=dict(type='str', no_log=True), # provider: assertonly - signature_algorithms=dict(type='list', elements='str', removed_in_version='2.13'), - subject=dict(type='dict', removed_in_version='2.13'), - subject_strict=dict(type='bool', default=False, removed_in_version='2.13'), - issuer=dict(type='dict', removed_in_version='2.13'), - issuer_strict=dict(type='bool', default=False, removed_in_version='2.13'), - has_expired=dict(type='bool', default=False, removed_in_version='2.13'), - version=dict(type='int', removed_in_version='2.13'), - key_usage=dict(type='list', elements='str', aliases=['keyUsage'], removed_in_version='2.13'), - key_usage_strict=dict(type='bool', default=False, aliases=['keyUsage_strict'], removed_in_version='2.13'), - extended_key_usage=dict(type='list', elements='str', aliases=['extendedKeyUsage'], removed_in_version='2.13'), - extended_key_usage_strict=dict(type='bool', default=False, aliases=['extendedKeyUsage_strict'], removed_in_version='2.13'), - subject_alt_name=dict(type='list', elements='str', aliases=['subjectAltName'], removed_in_version='2.13'), - subject_alt_name_strict=dict(type='bool', default=False, aliases=['subjectAltName_strict'], removed_in_version='2.13'), - not_before=dict(type='str', aliases=['notBefore'], removed_in_version='2.13'), - not_after=dict(type='str', aliases=['notAfter'], removed_in_version='2.13'), - valid_at=dict(type='str', removed_in_version='2.13'), - invalid_at=dict(type='str', removed_in_version='2.13'), - valid_in=dict(type='str', removed_in_version='2.13'), + signature_algorithms=dict(type='list', elements='str', removed_in_version='2.0.0', removed_from_collection='community.crypto'), + subject=dict(type='dict', removed_in_version='2.0.0', removed_from_collection='community.crypto'), + subject_strict=dict(type='bool', default=False, removed_in_version='2.0.0', removed_from_collection='community.crypto'), + issuer=dict(type='dict', removed_in_version='2.0.0', removed_from_collection='community.crypto'), + issuer_strict=dict(type='bool', default=False, removed_in_version='2.0.0', removed_from_collection='community.crypto'), + has_expired=dict(type='bool', default=False, removed_in_version='2.0.0', removed_from_collection='community.crypto'), + version=dict(type='int', removed_in_version='2.0.0', removed_from_collection='community.crypto'), + key_usage=dict(type='list', elements='str', aliases=['keyUsage'], + removed_in_version='2.0.0', removed_from_collection='community.crypto'), + key_usage_strict=dict(type='bool', default=False, aliases=['keyUsage_strict'], + removed_in_version='2.0.0', removed_from_collection='community.crypto'), + extended_key_usage=dict(type='list', elements='str', aliases=['extendedKeyUsage'], + removed_in_version='2.0.0', removed_from_collection='community.crypto'), + extended_key_usage_strict=dict(type='bool', default=False, aliases=['extendedKeyUsage_strict'], + removed_in_version='2.0.0', removed_from_collection='community.crypto'), + subject_alt_name=dict(type='list', elements='str', aliases=['subjectAltName'], + removed_in_version='2.0.0', removed_from_collection='community.crypto'), + subject_alt_name_strict=dict(type='bool', default=False, aliases=['subjectAltName_strict'], + removed_in_version='2.0.0', removed_from_collection='community.crypto'), + not_before=dict(type='str', aliases=['notBefore'], removed_in_version='2.0.0', removed_from_collection='community.crypto'), + not_after=dict(type='str', aliases=['notAfter'], removed_in_version='2.0.0', removed_from_collection='community.crypto'), + valid_at=dict(type='str', removed_in_version='2.0.0', removed_from_collection='community.crypto'), + invalid_at=dict(type='str', removed_in_version='2.0.0', removed_from_collection='community.crypto'), + valid_in=dict(type='str', removed_in_version='2.0.0', removed_from_collection='community.crypto'), # provider: selfsigned selfsigned_version=dict(type='int', default=3), @@ -2640,7 +2646,8 @@ def main(): ], ) if module._name == 'community.crypto.openssl_certificate': - module.deprecate("The 'community.crypto.openssl_certificate' module has been renamed to 'community.crypto.x509_certificate'", version='2.14') + module.deprecate("The 'community.crypto.openssl_certificate' module has been renamed to 'community.crypto.x509_certificate'", + version='2.0.0', collection_name='community.crypto') try: if module.params['state'] == 'absent': @@ -2661,7 +2668,7 @@ def main(): if provider == 'assertonly': module.deprecate("The 'assertonly' provider is deprecated; please see the examples of " "the 'x509_certificate' module on how to replace it with other modules", - version='2.13') + version='2.0.0', collection_name='community.crypto') elif provider == 'selfsigned': if module.params['privatekey_path'] is None and module.params['privatekey_content'] is None: module.fail_json(msg='One of privatekey_path and privatekey_content must be specified for the selfsigned provider.') @@ -2709,7 +2716,8 @@ def main(): except AttributeError: module.fail_json(msg='You need to have PyOpenSSL>=0.15') - module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', version='2.13') + module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', + version='2.0.0', collection_name='community.crypto') if provider == 'selfsigned': certificate = SelfSignedCertificate(module) elif provider == 'acme': diff --git a/plugins/modules/x509_certificate_info.py b/plugins/modules/x509_certificate_info.py index 8a8ba9f8..1c7806ad 100644 --- a/plugins/modules/x509_certificate_info.py +++ b/plugins/modules/x509_certificate_info.py @@ -19,7 +19,7 @@ description: cryptography and PyOpenSSL libraries are available (and meet the minimum version requirements) cryptography will be preferred as a backend over PyOpenSSL (unless the backend is forced with C(select_crypto_backend)). Please note that the PyOpenSSL backend was deprecated in Ansible 2.9 - and will be removed in Ansible 2.13. + and will be removed in community.crypto 2.0.0. - Note that this module was called C(openssl_certificate_info) when included directly in Ansible up to version 2.9. When moved to the collection C(community.crypto), it was renamed to M(community.crypto.x509_certificate_info). From Ansible 2.10 on, it can still be used by the @@ -63,7 +63,7 @@ options: - The default choice is C(auto), which tries to use C(cryptography) if available, and falls back to C(pyopenssl). - If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library. - If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library. - - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in Ansible 2.13. + - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in community.crypto 2.0.0. From that point on, only the C(cryptography) backend will be available. type: str default: auto @@ -822,7 +822,8 @@ def main(): supports_check_mode=True, ) if module._name == 'community.crypto.openssl_certificate_info': - module.deprecate("The 'community.crypto.openssl_certificate_info' module has been renamed to 'community.crypto.x509_certificate_info'", version='2.14') + module.deprecate("The 'community.crypto.openssl_certificate_info' module has been renamed to 'community.crypto.x509_certificate_info'", + version='2.0.0', collection_name='community.crypto') try: if module.params['path'] is not None: @@ -861,7 +862,8 @@ def main(): except AttributeError: module.fail_json(msg='You need to have PyOpenSSL>=0.15') - module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', version='2.13') + module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', + version='2.0.0', collection_name='community.crypto') certificate = CertificateInfoPyOpenSSL(module) elif backend == 'cryptography': if not CRYPTOGRAPHY_FOUND: diff --git a/tests/sanity/ignore-2.10.txt b/tests/sanity/ignore-2.10.txt index c6a4a18f..c9f2cb39 100644 --- a/tests/sanity/ignore-2.10.txt +++ b/tests/sanity/ignore-2.10.txt @@ -1,22 +1,10 @@ -plugins/module_utils/acme.py pylint:ansible-deprecated-no-collection-name plugins/module_utils/compat/ipaddress.py future-import-boilerplate plugins/module_utils/compat/ipaddress.py metaclass-boilerplate plugins/module_utils/compat/ipaddress.py no-assert plugins/module_utils/compat/ipaddress.py no-unicode-literals plugins/module_utils/crypto/__init__.py empty-init -plugins/modules/acme_account_info.py pylint:ansible-deprecated-no-collection-name plugins/modules/acme_account_info.py validate-modules:return-syntax-error plugins/modules/acme_certificate.py validate-modules:doc-elements-mismatch -plugins/modules/get_certificate.py pylint:ansible-deprecated-no-collection-name -plugins/modules/openssl_csr.py pylint:ansible-deprecated-no-collection-name -plugins/modules/openssl_csr_info.py pylint:ansible-deprecated-no-collection-name -plugins/modules/openssl_privatekey.py pylint:ansible-deprecated-no-collection-name -plugins/modules/openssl_privatekey_info.py pylint:ansible-deprecated-no-collection-name -plugins/modules/openssl_publickey.py pylint:ansible-deprecated-no-collection-name -plugins/modules/x509_certificate.py pylint:ansible-deprecated-no-collection-name -plugins/modules/x509_certificate.py validate-modules:deprecation-collection-missing -plugins/modules/x509_certificate.py validate-modules:invalid-deprecated-version -plugins/modules/x509_certificate_info.py pylint:ansible-deprecated-no-collection-name tests/unit/mock/path.py future-import-boilerplate tests/unit/mock/path.py metaclass-boilerplate tests/unit/mock/yaml_helper.py future-import-boilerplate diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt index c6a4a18f..c9f2cb39 100644 --- a/tests/sanity/ignore-2.11.txt +++ b/tests/sanity/ignore-2.11.txt @@ -1,22 +1,10 @@ -plugins/module_utils/acme.py pylint:ansible-deprecated-no-collection-name plugins/module_utils/compat/ipaddress.py future-import-boilerplate plugins/module_utils/compat/ipaddress.py metaclass-boilerplate plugins/module_utils/compat/ipaddress.py no-assert plugins/module_utils/compat/ipaddress.py no-unicode-literals plugins/module_utils/crypto/__init__.py empty-init -plugins/modules/acme_account_info.py pylint:ansible-deprecated-no-collection-name plugins/modules/acme_account_info.py validate-modules:return-syntax-error plugins/modules/acme_certificate.py validate-modules:doc-elements-mismatch -plugins/modules/get_certificate.py pylint:ansible-deprecated-no-collection-name -plugins/modules/openssl_csr.py pylint:ansible-deprecated-no-collection-name -plugins/modules/openssl_csr_info.py pylint:ansible-deprecated-no-collection-name -plugins/modules/openssl_privatekey.py pylint:ansible-deprecated-no-collection-name -plugins/modules/openssl_privatekey_info.py pylint:ansible-deprecated-no-collection-name -plugins/modules/openssl_publickey.py pylint:ansible-deprecated-no-collection-name -plugins/modules/x509_certificate.py pylint:ansible-deprecated-no-collection-name -plugins/modules/x509_certificate.py validate-modules:deprecation-collection-missing -plugins/modules/x509_certificate.py validate-modules:invalid-deprecated-version -plugins/modules/x509_certificate_info.py pylint:ansible-deprecated-no-collection-name tests/unit/mock/path.py future-import-boilerplate tests/unit/mock/path.py metaclass-boilerplate tests/unit/mock/yaml_helper.py future-import-boilerplate diff --git a/tests/unit/requirements.txt b/tests/unit/requirements.txt index a9772bea..054a9cf5 100644 --- a/tests/unit/requirements.txt +++ b/tests/unit/requirements.txt @@ -1,42 +1,6 @@ -boto3 -placebo -pycrypto -passlib -pypsrp -python-memcached -pytz -pyvmomi -redis -requests -setuptools > 0.6 # pytest-xdist installed via requirements does not work with very old setuptools (sanity_ok) +cryptography +ipaddress +pyopenssl + unittest2 ; python_version < '2.7' importlib ; python_version < '2.7' -netaddr -ipaddress -netapp-lib -solidfire-sdk-python - -# requirements for F5 specific modules -f5-sdk ; python_version >= '2.7' -f5-icontrol-rest ; python_version >= '2.7' -deepdiff - -# requirement for Fortinet specific modules -pyFMG - -# requirement for aci_rest module -xmljson - -# requirement for winrm connection plugin tests -pexpect - -# requirement for the linode module -linode-python # APIv3 -linode_api4 ; python_version > '2.6' # APIv4 - -# requirement for the gitlab module -python-gitlab -httmock - -# requirment for kubevirt modules -openshift ; python_version >= '2.7'