a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

openssl_privatekey*: add default value for cipher option (#794) 

* Add default value for 'cipher' option.
* Adjust tests.
* Add changelog fragment.
* Clarify that cipher is used only when passphrase is provided.
pull/795/head
Felix Fontein 2024-08-30 09:49:20 +02:00 committed by GitHub
parent f0b8073ea5
commit a49711d383
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
20 changed files with 8 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changelogs/fragments/794-openssl_privatekey-cipher.yml Normal file
View File

@ -0,0 +1,4 @@
minor_changes:
- "openssl_privatekey, openssl_privatekey_pipe - add default value ``auto`` for ``cipher`` option, which happens to be the only supported value
for this option anyway. Therefore it is no longer necessary to specify ``cipher=auto`` when providing ``passphrase``
(https://github.com/ansible-collections/community.crypto/issues/793, https://github.com/ansible-collections/community.crypto/pull/794)."

4
plugins/doc_fragments/module_privatekey.py
View File

@ -71,8 +71,10 @@ options:
type: str type: str
cipher: cipher:
description: description:
- The cipher to encrypt the private key. Must be V(auto). - The cipher to encrypt the private key. This is only used when O(passphrase) is provided.
- Must be V(auto).
type: str type: str
default: auto
select_crypto_backend: select_crypto_backend:
description: description:
- Determines which crypto backend to use. - Determines which crypto backend to use.

5
plugins/module_utils/crypto/module_backends/privatekey.py
View File

@ -514,7 +514,7 @@ def get_privatekey_argument_spec():
'sect283r1', 'sect409k1', 'sect409r1', 'sect571k1', 'sect571r1', 'sect283r1', 'sect409k1', 'sect409r1', 'sect571k1', 'sect571r1',
]), ]),
passphrase=dict(type='str', no_log=True), passphrase=dict(type='str', no_log=True),
cipher=dict(type='str'), cipher=dict(type='str', default='auto'),
format=dict(type='str', default='auto_ignore', choices=['pkcs1', 'pkcs8', 'raw', 'auto', 'auto_ignore']), format=dict(type='str', default='auto_ignore', choices=['pkcs1', 'pkcs8', 'raw', 'auto', 'auto_ignore']),
format_mismatch=dict(type='str', default='regenerate', choices=['regenerate', 'convert']), format_mismatch=dict(type='str', default='regenerate', choices=['regenerate', 'convert']),
select_crypto_backend=dict(type='str', choices=['auto', 'cryptography'], default='auto'), select_crypto_backend=dict(type='str', choices=['auto', 'cryptography'], default='auto'),
@ -524,9 +524,6 @@ def get_privatekey_argument_spec():
choices=['never', 'fail', 'partial_idempotence', 'full_idempotence', 'always'] choices=['never', 'fail', 'partial_idempotence', 'full_idempotence', 'always']
), ),
), ),
required_together=[
['cipher', 'passphrase']
],
required_if=[ required_if=[
['type', 'ECC', ['curve']], ['type', 'ECC', ['curve']],
], ],

1
tests/integration/targets/acme_account/tasks/impl.yml
View File

@ -8,7 +8,6 @@
openssl_privatekey: openssl_privatekey:
path: "{{ remote_tmp_dir }}/{{ item.name }}.pem" path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
passphrase: "{{ item.pass | default(omit) | default(omit, true) }}" passphrase: "{{ item.pass | default(omit) | default(omit, true) }}"
cipher: "{{ 'auto' if (item.pass | default(false)) else omit }}"
type: ECC type: ECC
curve: secp256r1 curve: secp256r1
force: true force: true

1
tests/integration/targets/ecs_certificate/tasks/main.yml
View File

@ -68,7 +68,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ privatekey_path }}' path: '{{ privatekey_path }}'
passphrase: '{{ privatekey_passphrase }}' passphrase: '{{ privatekey_passphrase }}'
cipher: auto
type: RSA type: RSA
size: 2048 size: 2048

1
tests/integration/targets/filter_openssl_csr_info/tasks/main.yml
View File

@ -22,7 +22,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekeypw.pem' path: '{{ remote_tmp_dir }}/privatekeypw.pem'
passphrase: hunter2 passphrase: hunter2
cipher: auto
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
- name: Generate CSR 1 - name: Generate CSR 1

1
tests/integration/targets/filter_openssl_privatekey_info/tasks/main.yml
View File

@ -22,7 +22,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey_3.pem' path: '{{ remote_tmp_dir }}/privatekey_3.pem'
passphrase: hunter2 passphrase: hunter2
cipher: auto
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
- name: Generate privatekey 4 (ECC) - name: Generate privatekey 4 (ECC)

1
tests/integration/targets/filter_x509_certificate_info/tasks/main.yml
View File

@ -22,7 +22,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekeypw.pem' path: '{{ remote_tmp_dir }}/privatekeypw.pem'
passphrase: hunter2 passphrase: hunter2
cipher: auto
select_crypto_backend: cryptography select_crypto_backend: cryptography
size: '{{ default_rsa_key_size_certifiates }}' size: '{{ default_rsa_key_size_certifiates }}'

1
tests/integration/targets/openssl_csr/tasks/impl.yml
View File

@ -269,7 +269,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekeypw.pem' path: '{{ remote_tmp_dir }}/privatekeypw.pem'
passphrase: hunter2 passphrase: hunter2
cipher: auto
select_crypto_backend: cryptography select_crypto_backend: cryptography
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'

1
tests/integration/targets/openssl_csr_info/tasks/main.yml
View File

@ -22,7 +22,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekeypw.pem' path: '{{ remote_tmp_dir }}/privatekeypw.pem'
passphrase: hunter2 passphrase: hunter2
cipher: auto
select_crypto_backend: cryptography select_crypto_backend: cryptography
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'

1
tests/integration/targets/openssl_pkcs12/tasks/main.yml
View File

@ -19,7 +19,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekeypw.pem' path: '{{ remote_tmp_dir }}/privatekeypw.pem'
passphrase: hunter2 passphrase: hunter2
cipher: auto
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
- name: Generate CSRs - name: Generate CSRs

4
tests/integration/targets/openssl_privatekey/tasks/impl.yml
View File

@ -88,7 +88,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey6.pem' path: '{{ remote_tmp_dir }}/privatekey6.pem'
passphrase: ànsïblé passphrase: ànsïblé
cipher: auto
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
@ -221,7 +220,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekeypw.pem' path: '{{ remote_tmp_dir }}/privatekeypw.pem'
passphrase: hunter2 passphrase: hunter2
cipher: auto
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
backup: true backup: true
@ -257,7 +255,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekeypw.pem' path: '{{ remote_tmp_dir }}/privatekeypw.pem'
passphrase: hunter2 passphrase: hunter2
cipher: auto
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
backup: true backup: true
@ -278,7 +275,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekeypw.pem' path: '{{ remote_tmp_dir }}/privatekeypw.pem'
passphrase: hunter2 passphrase: hunter2
cipher: auto
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
backup: true backup: true

1
tests/integration/targets/openssl_privatekey_convert/tasks/main.yml
View File

@ -28,7 +28,6 @@
type: '{{ item.type | default(omit) }}' type: '{{ item.type | default(omit) }}'
curve: '{{ item.curve | default(omit) }}' curve: '{{ item.curve | default(omit) }}'
passphrase: '{{ item.passphrase | default(omit) }}' passphrase: '{{ item.passphrase | default(omit) }}'
cipher: '{{ "auto" if item.passphrase is defined else omit }}'
format: '{{ item.format }}' format: '{{ item.format }}'
when: item.condition | default(true) when: item.condition | default(true)
loop: loop:

1
tests/integration/targets/openssl_privatekey_info/tasks/main.yml
View File

@ -22,7 +22,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey_3.pem' path: '{{ remote_tmp_dir }}/privatekey_3.pem'
passphrase: hunter2 passphrase: hunter2
cipher: auto
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
select_crypto_backend: cryptography select_crypto_backend: cryptography

2
tests/integration/targets/openssl_publickey/tasks/impl.yml
View File

@ -94,7 +94,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey3.pem' path: '{{ remote_tmp_dir }}/privatekey3.pem'
passphrase: ansible passphrase: ansible
cipher: auto
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
- name: "({{ select_crypto_backend }}) Generate publickey3 - with passphrase protected privatekey" - name: "({{ select_crypto_backend }}) Generate publickey3 - with passphrase protected privatekey"
@ -156,7 +155,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekeypw.pem' path: '{{ remote_tmp_dir }}/privatekeypw.pem'
passphrase: hunter2 passphrase: hunter2
cipher: auto
select_crypto_backend: cryptography select_crypto_backend: cryptography
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'

2
tests/integration/targets/openssl_signature/tasks/main.yml
View File

@ -22,7 +22,6 @@
- passwd: nopasswd - passwd: nopasswd
- passwd: passwd - passwd: passwd
privatekey_passphrase: hunter2 privatekey_passphrase: hunter2
privatekey_cipher: auto
- name: Add cryptography backend - name: Add cryptography backend
set_fact: set_fact:
@ -72,7 +71,6 @@
curve: '{{ item.curve | default(omit) }}' curve: '{{ item.curve | default(omit) }}'
size: '{{ item.size | default(omit) }}' size: '{{ item.size | default(omit) }}'
passphrase: '{{ item.privatekey_passphrase | default(omit) }}' passphrase: '{{ item.privatekey_passphrase | default(omit) }}'
cipher: '{{ item.privatekey_cipher | default(omit) }}'
select_crypto_backend: cryptography select_crypto_backend: cryptography
loop: '{{ all_tests }}' loop: '{{ all_tests }}'

1
tests/integration/targets/setup_acme/tasks/obtain-cert.yml
View File

@ -16,7 +16,6 @@
'secp521r1' if key_type == 'ec521' else 'secp521r1' if key_type == 'ec521' else
'invalid value for key_type!' }} 'invalid value for key_type!' }}
passphrase: "{{ certificate_passphrase | default(omit) | default(omit, true) }}" passphrase: "{{ certificate_passphrase | default(omit) | default(omit, true) }}"
cipher: "{{ 'auto' if certificate_passphrase | default() else omit }}"
force: true force: true
## CSR ######################################################################################## ## CSR ########################################################################################
- name: ({{ certgen_title }}) Create cert CSR - name: ({{ certgen_title }}) Create cert CSR

2
tests/integration/targets/x509_certificate/tasks/ownca.yml
View File

@ -12,7 +12,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/ca_privatekey_pw.pem' path: '{{ remote_tmp_dir }}/ca_privatekey_pw.pem'
passphrase: hunter2 passphrase: hunter2
cipher: auto
select_crypto_backend: cryptography select_crypto_backend: cryptography
size: '{{ default_rsa_key_size_certifiates }}' size: '{{ default_rsa_key_size_certifiates }}'
@ -589,7 +588,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/ca_privatekey_{{ item }}.pem' path: '{{ remote_tmp_dir }}/ca_privatekey_{{ item }}.pem'
type: '{{ item }}' type: '{{ item }}'
cipher: auto
passphrase: Test123 passphrase: Test123
ignore_errors: true ignore_errors: true
loop: loop:

1
tests/integration/targets/x509_certificate/tasks/selfsigned.yml
View File

@ -12,7 +12,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekeypw.pem' path: '{{ remote_tmp_dir }}/privatekeypw.pem'
passphrase: hunter2 passphrase: hunter2
cipher: auto
select_crypto_backend: cryptography select_crypto_backend: cryptography
size: '{{ default_rsa_key_size_certifiates }}' size: '{{ default_rsa_key_size_certifiates }}'

1
tests/integration/targets/x509_certificate_info/tasks/main.yml
View File

@ -22,7 +22,6 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekeypw.pem' path: '{{ remote_tmp_dir }}/privatekeypw.pem'
passphrase: hunter2 passphrase: hunter2
cipher: auto
select_crypto_backend: cryptography select_crypto_backend: cryptography
size: '{{ default_rsa_key_size_certifiates }}' size: '{{ default_rsa_key_size_certifiates }}'