a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove other deprecations (#290) 

* Remove deprecated redirects.

* Remove deprecations.

* Add changelog fragment.

* Add some forgotten pieces.

* Bump version to 2.0.0.

* Fix formulation.
pull/310/head
Felix Fontein 2021-10-16 21:00:48 +02:00 committed by GitHub
parent 78b27ffedb
commit a581f1ebcd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 32 additions and 531 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
changelogs/fragments/290-remove-deprecations.yml Normal file
View File

@ -0,0 +1,12 @@
removed_features:
- "acme_* modules - the ``acme_version`` option is now required (https://github.com/ansible-collections/community.crypto/pull/290)."
- "acme_* modules - the ``acme_directory`` option is now required (https://github.com/ansible-collections/community.crypto/pull/290)."
- "openssl_csr and openssl_csr_pipe - ``version`` now only accepts the (default) value 1 (https://github.com/ansible-collections/community.crypto/pull/290)."
- "acme_account_info - ``retrieve_orders=url_list`` no longer returns the return value ``orders``. Use the ``order_uris`` return value instead (https://github.com/ansible-collections/community.crypto/pull/290)."
- "acme_account_facts - the deprecated redirect has been removed. Use community.crypto.acme_account_info instead (https://github.com/ansible-collections/community.crypto/pull/290)."
- "openssl_certificate - the deprecated redirect has been removed. Use community.crypto.x509_certificate instead (https://github.com/ansible-collections/community.crypto/pull/290)."
- "openssl_certificate_info - the deprecated redirect has been removed. Use community.crypto.x509_certificate_info instead (https://github.com/ansible-collections/community.crypto/pull/290)."
- "crypto.info module utils - the deprecated redirect has been removed. Use ``crypto.pem`` instead (https://github.com/ansible-collections/community.crypto/pull/290)."
breaking_changes:
- "acme module utils - removing compatibility code (https://github.com/ansible-collections/community.crypto/pull/290)."
- "crypto module utils - removing compatibility code (https://github.com/ansible-collections/community.crypto/pull/290)."

2
galaxy.yml
View File

@ -1,6 +1,6 @@
namespace: community namespace: community
name: crypto name: crypto
version: 1.9.4 version: 2.0.0
readme: README.md readme: README.md
authors: authors:
- Ansible (github.com/ansible) - Ansible (github.com/ansible)

9
meta/runtime.yml
View File

@ -12,20 +12,19 @@ action_groups:
plugin_routing: plugin_routing:
modules: modules:
acme_account_facts: acme_account_facts:
deprecation: tombstone:
removal_version: 2.0.0 removal_version: 2.0.0
warning_text: The 'community.crypto.acme_account_facts' module has been renamed to 'community.crypto.acme_account_info'. warning_text: The 'community.crypto.acme_account_facts' module has been renamed to 'community.crypto.acme_account_info'.
openssl_certificate: openssl_certificate:
deprecation: tombstone:
removal_version: 2.0.0 removal_version: 2.0.0
warning_text: The 'community.crypto.openssl_certificate' module has been renamed to 'community.crypto.x509_certificate' warning_text: The 'community.crypto.openssl_certificate' module has been renamed to 'community.crypto.x509_certificate'
openssl_certificate_info: openssl_certificate_info:
deprecation: tombstone:
removal_version: 2.0.0 removal_version: 2.0.0
warning_text: The 'community.crypto.openssl_certificate_info' module has been renamed to 'community.crypto.x509_certificate_info' warning_text: The 'community.crypto.openssl_certificate_info' module has been renamed to 'community.crypto.x509_certificate_info'
module_utils: module_utils:
crypto.identify: crypto.identify:
redirect: community.crypto.crypto.pem tombstone:
deprecation:
removal_version: 2.0.0 removal_version: 2.0.0
warning_text: The 'crypto/identify.py' module_utils has been renamed 'crypto/pem.py'. Please update your imports warning_text: The 'crypto/identify.py' module_utils has been renamed 'crypto/pem.py'. Please update your imports

16
plugins/doc_fragments/acme.py
View File

@ -74,10 +74,9 @@ options:
- "The ACME version of the endpoint." - "The ACME version of the endpoint."
- "Must be C(1) for the classic Let's Encrypt and Buypass ACME endpoints, - "Must be C(1) for the classic Let's Encrypt and Buypass ACME endpoints,
or C(2) for standardized ACME v2 endpoints." or C(2) for standardized ACME v2 endpoints."
- "The default value is C(1). Note that in community.crypto 2.0.0, this
option B(will be required) and will no longer have a default."
- "The value C(1) is deprecated since community.crypto 2.0.0 and will be - "The value C(1) is deprecated since community.crypto 2.0.0 and will be
removed from community.crypto 3.0.0." removed from community.crypto 3.0.0."
required: true
type: int type: int
choices: [ 1, 2 ] choices: [ 1, 2 ]
acme_directory: acme_directory:
@ -87,22 +86,12 @@ options:
- "For safety reasons the default is set to the Let's Encrypt staging - "For safety reasons the default is set to the Let's Encrypt staging
server (for the ACME v1 protocol). This will create technically correct, server (for the ACME v1 protocol). This will create technically correct,
but untrusted certificates." but untrusted certificates."
- "The default value is C(https://acme-staging.api.letsencrypt.org/directory).
Note that in community.crypto 2.0.0, this option B(will be required) and
will no longer have a default. Note that the default is the Let's Encrypt
staging server for the ACME v1 protocol, which is deprecated and will
be disabled in May 2021 (see
L(here,https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/7)
for details)."
- "For Let's Encrypt, all staging endpoints can be found here: - "For Let's Encrypt, all staging endpoints can be found here:
U(https://letsencrypt.org/docs/staging-environment/). For Buypass, all U(https://letsencrypt.org/docs/staging-environment/). For Buypass, all
endpoints can be found here: endpoints can be found here:
U(https://community.buypass.com/t/63d4ay/buypass-go-ssl-endpoints)" U(https://community.buypass.com/t/63d4ay/buypass-go-ssl-endpoints)"
- "For B(Let's Encrypt), the production directory URL for ACME v2 is - "For B(Let's Encrypt), the production directory URL for ACME v2 is
U(https://acme-v02.api.letsencrypt.org/directory). U(https://acme-v02.api.letsencrypt.org/directory)."
(The production directory URL for ACME v1 is
U(https://acme-v01.api.letsencrypt.org/directory) and will be
disabled in July 2021.)"
- "For B(Buypass), the production directory URL for ACME v2 and v1 is - "For B(Buypass), the production directory URL for ACME v2 and v1 is
U(https://api.buypass.com/acme/directory)." U(https://api.buypass.com/acme/directory)."
- "For B(ZeroSSL), the production directory URL for ACME v2 is - "For B(ZeroSSL), the production directory URL for ACME v2 is
@ -114,6 +103,7 @@ options:
L(create an issue,https://github.com/ansible-collections/community.crypto/issues/new/choose) L(create an issue,https://github.com/ansible-collections/community.crypto/issues/new/choose)
to help us supporting it. Feedback that an ACME server not mentioned does work to help us supporting it. Feedback that an ACME server not mentioned does work
is also appreciated." is also appreciated."
required: true
type: str type: str
validate_certs: validate_certs:
description: description:

4
plugins/doc_fragments/module_csr.py
View File

@ -43,9 +43,11 @@ options:
- The version of the certificate signing request. - The version of the certificate signing request.
- "The only allowed value according to L(RFC 2986,https://tools.ietf.org/html/rfc2986#section-4.1) - "The only allowed value according to L(RFC 2986,https://tools.ietf.org/html/rfc2986#section-4.1)
is 1." is 1."
- This option will no longer accept unsupported values from community.crypto 2.0.0 on. - This option no longer accepts unsupported values since community.crypto 2.0.0.
type: int type: int
default: 1 default: 1
choices:
- 1
subject: subject:
description: description:
- Key/value pairs that will be present in the subject name field of the certificate signing request. - Key/value pairs that will be present in the subject name field of the certificate signing request.

90
plugins/module_utils/acme/__init__.py
View File

@ -1,90 +0,0 @@
# -*- coding: utf-8 -*-
# Copyright: (c) 2016 Michael Gruener <michael.gruener@chaosmoon.net>
# Copyright: (c) 2021 Felix Fontein <felix@fontein.de>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
import base64
import binascii
import copy
import datetime
import hashlib
import json
import locale
import os
import re
import shutil
import sys
import tempfile
import traceback
from ansible.module_utils.basic import missing_required_lib
from ansible.module_utils.urls import fetch_url
from ansible.module_utils.six.moves.urllib.parse import unquote
from ansible.module_utils.common.text.converters import to_native, to_text, to_bytes
from ansible_collections.community.crypto.plugins.module_utils.acme.acme import (
get_default_argspec,
ACMEDirectory,
)
from ansible_collections.community.crypto.plugins.module_utils.acme.backend_cryptography import (
CryptographyBackend,
CRYPTOGRAPHY_VERSION,
)
from ansible_collections.community.crypto.plugins.module_utils.acme.backend_openssl_cli import (
OpenSSLCLIBackend,
)
from ansible_collections.community.crypto.plugins.module_utils.acme._compatibility import (
handle_standard_module_arguments,
set_crypto_backend,
HAS_CURRENT_CRYPTOGRAPHY,
)
from ansible_collections.community.crypto.plugins.module_utils.acme._compatibility import ACMELegacyAccount as ACMEAccount
from ansible_collections.community.crypto.plugins.module_utils.acme.errors import ModuleFailException
from ansible_collections.community.crypto.plugins.module_utils.acme.io import (
read_file,
write_file,
)
from ansible_collections.community.crypto.plugins.module_utils.acme.utils import (
nopad_b64,
pem_to_der,
process_links,
)
def openssl_get_csr_identifiers(openssl_binary, module, csr_filename, csr_content=None):
module.deprecate(
'Please adjust your custom module/plugin to the ACME module_utils refactor '
'(https://github.com/ansible-collections/community.crypto/pull/184). The '
'compatibility layer will be removed in community.crypto 2.0.0, thus breaking '
'your code', version='2.0.0', collection_name='community.crypto')
return OpenSSLCLIBackend(module, openssl_binary=openssl_binary).get_csr_identifiers(csr_filename=csr_filename, csr_content=csr_content)
def cryptography_get_csr_identifiers(module, csr_filename, csr_content=None):
module.deprecate(
'Please adjust your custom module/plugin to the ACME module_utils refactor '
'(https://github.com/ansible-collections/community.crypto/pull/184). The '
'compatibility layer will be removed in community.crypto 2.0.0, thus breaking '
'your code', version='2.0.0', collection_name='community.crypto')
return CryptographyBackend(module).get_csr_identifiers(csr_filename=csr_filename, csr_content=csr_content)
def cryptography_get_cert_days(module, cert_file, now=None):
module.deprecate(
'Please adjust your custom module/plugin to the ACME module_utils refactor '
'(https://github.com/ansible-collections/community.crypto/pull/184). The '
'compatibility layer will be removed in community.crypto 2.0.0, thus breaking '
'your code', version='2.0.0', collection_name='community.crypto')
return CryptographyBackend(module).get_cert_days(cert_filename=cert_file, now=now)

267
plugins/module_utils/acme/_compatibility.py
View File

@ -1,267 +0,0 @@
# -*- coding: utf-8 -*-
# Copyright: (c) 2016 Michael Gruener <michael.gruener@chaosmoon.net>
# Copyright: (c) 2021 Felix Fontein <felix@fontein.de>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
import locale
from ansible.module_utils.basic import missing_required_lib
from ansible_collections.community.crypto.plugins.module_utils.acme.backend_cryptography import HAS_CURRENT_CRYPTOGRAPHY as _ORIGINAL_HAS_CURRENT_CRYPTOGRAPHY
from ansible_collections.community.crypto.plugins.module_utils.acme.backend_cryptography import (
CryptographyBackend,
CRYPTOGRAPHY_VERSION,
)
from ansible_collections.community.crypto.plugins.module_utils.acme.backend_openssl_cli import (
OpenSSLCLIBackend,
)
from ansible_collections.community.crypto.plugins.module_utils.acme.acme import (
ACMEClient,
)
from ansible_collections.community.crypto.plugins.module_utils.acme.account import (
ACMEAccount,
)
from ansible_collections.community.crypto.plugins.module_utils.acme.challenges import (
create_key_authorization,
)
from ansible_collections.community.crypto.plugins.module_utils.acme.errors import (
KeyParsingError,
)
HAS_CURRENT_CRYPTOGRAPHY = _ORIGINAL_HAS_CURRENT_CRYPTOGRAPHY
def set_crypto_backend(module):
'''
Sets which crypto backend to use (default: auto detection).
Does not care whether a new enough cryptoraphy is available or not. Must
be called before any real stuff is done which might evaluate
``HAS_CURRENT_CRYPTOGRAPHY``.
'''
global HAS_CURRENT_CRYPTOGRAPHY
module.deprecate(
'Please adjust your custom module/plugin to the ACME module_utils refactor '
'(https://github.com/ansible-collections/community.crypto/pull/184). The '
'compatibility layer will be removed in community.crypto 2.0.0, thus breaking '
'your code', version='2.0.0', collection_name='community.crypto')
# Choose backend
backend = module.params['select_crypto_backend']
if backend == 'auto':
pass
elif backend == 'openssl':
HAS_CURRENT_CRYPTOGRAPHY = False
elif backend == 'cryptography':
if not _ORIGINAL_HAS_CURRENT_CRYPTOGRAPHY:
module.fail_json(msg=missing_required_lib('cryptography'))
HAS_CURRENT_CRYPTOGRAPHY = True
else:
module.fail_json(msg='Unknown crypto backend "{0}"!'.format(backend))
# Inform about choices
if HAS_CURRENT_CRYPTOGRAPHY:
module.debug('Using cryptography backend (library version {0})'.format(CRYPTOGRAPHY_VERSION))
return 'cryptography'
else:
module.debug('Using OpenSSL binary backend')
return 'openssl'
def handle_standard_module_arguments(module, needs_acme_v2=False):
'''
Do standard module setup, argument handling and warning emitting.
'''
backend = set_crypto_backend(module)
if not module.params['validate_certs']:
module.warn(
'Disabling certificate validation for communications with ACME endpoint. '
'This should only be done for testing against a local ACME server for '
'development purposes, but *never* for production purposes.'
)
if module.params['acme_version'] is None:
module.params['acme_version'] = 1
module.deprecate("The option 'acme_version' will be required from community.crypto 2.0.0 on",
version='2.0.0', collection_name='community.crypto')
if module.params['acme_directory'] is None:
module.params['acme_directory'] = 'https://acme-staging.api.letsencrypt.org/directory'
module.deprecate("The option 'acme_directory' will be required from community.crypto 2.0.0 on",
version='2.0.0', collection_name='community.crypto')
if needs_acme_v2 and module.params['acme_version'] < 2:
module.fail_json(msg='The {0} module requires the ACME v2 protocol!'.format(module._name))
# AnsibleModule() changes the locale, so change it back to C because we rely on time.strptime() when parsing certificate dates.
module.run_command_environ_update = dict(LANG='C', LC_ALL='C', LC_MESSAGES='C', LC_CTYPE='C')
locale.setlocale(locale.LC_ALL, 'C')
return backend
def get_compatibility_backend(module):
if HAS_CURRENT_CRYPTOGRAPHY:
return CryptographyBackend(module)
else:
return OpenSSLCLIBackend(module)
class ACMELegacyAccount(object):
'''
ACME account object. Handles the authorized communication with the
ACME server. Provides access to account bound information like
the currently active authorizations and valid certificates
'''
def __init__(self, module):
module.deprecate(
'Please adjust your custom module/plugin to the ACME module_utils refactor '
'(https://github.com/ansible-collections/community.crypto/pull/184). The '
'compatibility layer will be removed in community.crypto 2.0.0, thus breaking '
'your code', version='2.0.0', collection_name='community.crypto')
backend = get_compatibility_backend(module)
self.client = ACMEClient(module, backend)
self.account = ACMEAccount(self.client)
self.key = self.client.account_key_file
self.key_content = self.client.account_key_content
self.uri = self.client.account_uri
self.key_data = self.client.account_key_data
self.jwk = self.client.account_jwk
self.jws_header = self.client.account_jws_header
self.directory = self.client.directory
def get_keyauthorization(self, token):
'''
Returns the key authorization for the given token
https://tools.ietf.org/html/rfc8555#section-8.1
'''
return create_key_authorization(self.client, token)
def parse_key(self, key_file=None, key_content=None):
'''
Parses an RSA or Elliptic Curve key file in PEM format and returns a pair
(error, key_data).
'''
try:
return None, self.client.parse_key(key_file=key_file, key_content=key_content)
except KeyParsingError as e:
return e.msg, {}
def sign_request(self, protected, payload, key_data, encode_payload=True):
return self.client.sign_request(protected, payload, key_data, encode_payload=encode_payload)
def send_signed_request(self, url, payload, key_data=None, jws_header=None, parse_json_result=True, encode_payload=True):
'''
Sends a JWS signed HTTP POST request to the ACME server and returns
the response as dictionary
https://tools.ietf.org/html/rfc8555#section-6.2
If payload is None, a POST-as-GET is performed.
(https://tools.ietf.org/html/rfc8555#section-6.3)
'''
return self.client.send_signed_request(
url,
payload,
key_data=key_data,
jws_header=jws_header,
parse_json_result=parse_json_result,
encode_payload=encode_payload,
fail_on_error=False,
)
def get_request(self, uri, parse_json_result=True, headers=None, get_only=False, fail_on_error=True):
'''
Perform a GET-like request. Will try POST-as-GET for ACMEv2, with fallback
to GET if server replies with a status code of 405.
'''
return self.client.get_request(
uri,
parse_json_result=parse_json_result,
headers=headers,
get_only=get_only,
fail_on_error=fail_on_error,
)
def set_account_uri(self, uri):
'''
Set account URI. For ACME v2, it needs to be used to sending signed
requests.
'''
self.client.set_account_uri(uri)
self.uri = self.client.account_uri
def get_account_data(self):
'''
Retrieve account information. Can only be called when the account
URI is already known (such as after calling setup_account).
Return None if the account was deactivated, or a dict otherwise.
'''
return self.account.get_account_data()
def setup_account(self, contact=None, agreement=None, terms_agreed=False,
allow_creation=True, remove_account_uri_if_not_exists=False,
external_account_binding=None):
'''
Detect or create an account on the ACME server. For ACME v1,
as the only way (without knowing an account URI) to test if an
account exists is to try and create one with the provided account
key, this method will always result in an account being present
(except on error situations). For ACME v2, a new account will
only be created if ``allow_creation`` is set to True.
For ACME v2, ``check_mode`` is fully respected. For ACME v1, the
account might be created if it does not yet exist.
Return a pair ``(created, account_data)``. Here, ``created`` will
be ``True`` in case the account was created or would be created
(check mode). ``account_data`` will be the current account data,
or ``None`` if the account does not exist.
The account URI will be stored in ``self.uri``; if it is ``None``,
the account does not exist.
If specified, ``external_account_binding`` should be a dictionary
with keys ``kid``, ``alg`` and ``key``
(https://tools.ietf.org/html/rfc8555#section-7.3.4).
https://tools.ietf.org/html/rfc8555#section-7.3
'''
result = self.account.setup_account(
contact=contact,
agreement=agreement,
terms_agreed=terms_agreed,
allow_creation=allow_creation,
remove_account_uri_if_not_exists=remove_account_uri_if_not_exists,
external_account_binding=external_account_binding,
)
self.uri = self.client.account_uri
return result
def update_account(self, account_data, contact=None):
'''
Update an account on the ACME server. Check mode is fully respected.
The current account data must be provided as ``account_data``.
Return a pair ``(updated, account_data)``, where ``updated`` is
``True`` in case something changed (contact info updated) or
would be changed (check mode), and ``account_data`` the updated
account data.
https://tools.ietf.org/html/rfc8555#section-7.3.2
'''
return self.account.update_account(account_data, contact=contact)

14
plugins/module_utils/acme/acme.py
View File

@ -328,8 +328,8 @@ def get_default_argspec():
account_key_content=dict(type='str', no_log=True), account_key_content=dict(type='str', no_log=True),
account_key_passphrase=dict(type='str', no_log=True), account_key_passphrase=dict(type='str', no_log=True),
account_uri=dict(type='str'), account_uri=dict(type='str'),
acme_directory=dict(type='str'), acme_directory=dict(type='str', required=True),
acme_version=dict(type='int', choices=[1, 2]), acme_version=dict(type='int', required=True, choices=[1, 2]),
validate_certs=dict(type='bool', default=True), validate_certs=dict(type='bool', default=True),
select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'openssl', 'cryptography']), select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'openssl', 'cryptography']),
) )
@ -365,16 +365,6 @@ def create_backend(module, needs_acme_v2):
'development purposes, but *never* for production purposes.' 'development purposes, but *never* for production purposes.'
) )
if module.params['acme_version'] is None:
module.params['acme_version'] = 1
module.deprecate("The option 'acme_version' will be required from community.crypto 2.0.0 on",
version='2.0.0', collection_name='community.crypto')
if module.params['acme_directory'] is None:
module.params['acme_directory'] = 'https://acme-staging.api.letsencrypt.org/directory'
module.deprecate("The option 'acme_directory' will be required from community.crypto 2.0.0 on",
version='2.0.0', collection_name='community.crypto')
if needs_acme_v2 and module.params['acme_version'] < 2: if needs_acme_v2 and module.params['acme_version'] < 2:
module.fail_json(msg='The {0} module requires the ACME v2 protocol!'.format(module._name)) module.fail_json(msg='The {0} module requires the ACME v2 protocol!'.format(module._name))

92
plugins/module_utils/crypto/__init__.py
View File

@ -1,92 +0,0 @@
# -*- coding: utf-8 -*-
#
# (c) 2016, Yanis Guenane <yanis+ansible@guenane.org>
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
from __future__ import absolute_import, division, print_function
__metaclass__ = type
# THIS FILE IS FOR COMPATIBILITY ONLY! YOU SHALL NOT IMPORT IT!
#
# This fill will be removed eventually, so if you're using it,
# please stop doing so.
from .basic import (
CRYPTOGRAPHY_HAS_X25519,
CRYPTOGRAPHY_HAS_X25519_FULL,
CRYPTOGRAPHY_HAS_X448,
CRYPTOGRAPHY_HAS_ED25519,
CRYPTOGRAPHY_HAS_ED448,
HAS_CRYPTOGRAPHY,
OpenSSLObjectError,
OpenSSLBadPassphraseError,
)
from .cryptography_crl import (
REVOCATION_REASON_MAP,
REVOCATION_REASON_MAP_INVERSE,
cryptography_decode_revoked_certificate,
)
from .cryptography_support import (
cryptography_get_extensions_from_cert,
cryptography_get_extensions_from_csr,
cryptography_name_to_oid,
cryptography_oid_to_name,
cryptography_get_name,
cryptography_decode_name,
cryptography_parse_key_usage_params,
cryptography_get_basic_constraints,
cryptography_key_needs_digest_for_signing,
cryptography_compare_public_keys,
)
from .pem import (
identify_private_key_format,
)
from .math import (
binary_exp_mod,
simple_gcd,
quick_is_not_prime,
count_bits,
)
from ._obj2txt import obj2txt as _obj2txt
from ._objects_data import OID_MAP as _OID_MAP
from ._objects import OID_LOOKUP as _OID_LOOKUP
from ._objects import NORMALIZE_NAMES as _NORMALIZE_NAMES
from ._objects import NORMALIZE_NAMES_SHORT as _NORMALIZE_NAMES_SHORT
from .support import (
get_fingerprint_of_bytes,
get_fingerprint,
load_privatekey,
load_certificate,
load_certificate_request,
parse_name_field,
convert_relative_to_datetime,
get_relative_time_option,
select_message_digest,
OpenSSLObject,
)
from ..io import (
load_file_if_exists,
write_file,
)

7
plugins/module_utils/crypto/module_backends/csr.py
View File

@ -561,11 +561,6 @@ class CertificateSigningRequestCryptographyBackend(CertificateSigningRequestBack
def select_backend(module, backend): def select_backend(module, backend):
if module.params['version'] != 1:
module.deprecate('The version option will only support allowed values from community.crypto 2.0.0 on. '
'Currently, only the value 1 is allowed by RFC 2986',
version='2.0.0', collection_name='community.crypto')
if backend == 'auto': if backend == 'auto':
# Detection what is possible # Detection what is possible
can_use_cryptography = CRYPTOGRAPHY_FOUND and CRYPTOGRAPHY_VERSION >= LooseVersion(MINIMAL_CRYPTOGRAPHY_VERSION) can_use_cryptography = CRYPTOGRAPHY_FOUND and CRYPTOGRAPHY_VERSION >= LooseVersion(MINIMAL_CRYPTOGRAPHY_VERSION)
@ -595,7 +590,7 @@ def get_csr_argument_spec():
privatekey_path=dict(type='path'), privatekey_path=dict(type='path'),
privatekey_content=dict(type='str', no_log=True), privatekey_content=dict(type='str', no_log=True),
privatekey_passphrase=dict(type='str', no_log=True), privatekey_passphrase=dict(type='str', no_log=True),
version=dict(type='int', default=1), version=dict(type='int', default=1, choices=[1]),
subject=dict(type='dict'), subject=dict(type='dict'),
country_name=dict(type='str', aliases=['C', 'countryName']), country_name=dict(type='str', aliases=['C', 'countryName']),
state_or_province_name=dict(type='str', aliases=['ST', 'stateOrProvinceName']), state_or_province_name=dict(type='str', aliases=['ST', 'stateOrProvinceName']),

1
plugins/modules/acme_account_facts.py
View File

@ -1 +0,0 @@
acme_account_info.py

22
plugins/modules/acme_account_info.py
View File

@ -31,9 +31,8 @@ options:
by the ACME server." by the ACME server."
- "A value of C(ignore) will not fetch the list of orders." - "A value of C(ignore) will not fetch the list of orders."
- "If the value is not C(ignore) and the ACME server supports orders, the C(order_uris) - "If the value is not C(ignore) and the ACME server supports orders, the C(order_uris)
return value is always populated. The C(orders) return value currently depends on return value is always populated. The C(orders) return value is only returned
whether this option is set to C(url_list) or C(object_list). In community.crypto 2.0.0, if this option is set to C(object_list)."
it will only be returned if this option is set to C(object_list)."
- "Currently, Let's Encrypt does not return orders, so the C(orders) result - "Currently, Let's Encrypt does not return orders, so the C(orders) result
will always be empty." will always be empty."
type: str type: str
@ -125,12 +124,9 @@ account:
orders: orders:
description: description:
- "The list of orders." - "The list of orders."
- "If I(retrieve_orders) is C(url_list), this will be a list of URLs. In community.crypto 2.0.0,
this return value will no longer be returned for C(url_list)."
- "If I(retrieve_orders) is C(object_list), this will be a list of objects."
type: list type: list
#elements: ... depends on retrieve_orders elements: dict
returned: if account exists, I(retrieve_orders) is not C(ignore), and server supports order listing returned: if account exists, I(retrieve_orders) is C(object_list), and server supports order listing
contains: contains:
status: status:
description: The order's status. description: The order's status.
@ -282,9 +278,6 @@ def main():
), ),
supports_check_mode=True, supports_check_mode=True,
) )
if module._name in ('acme_account_facts', 'community.crypto.acme_account_facts'):
module.deprecate("The 'acme_account_facts' module has been renamed to 'acme_account_info'",
version='2.0.0', collection_name='community.crypto')
backend = create_backend(module, True) backend = create_backend(module, True)
try: try:
@ -313,13 +306,6 @@ def main():
if account_data.get('orders') and module.params['retrieve_orders'] != 'ignore': if account_data.get('orders') and module.params['retrieve_orders'] != 'ignore':
orders = get_orders_list(module, client, account_data['orders']) orders = get_orders_list(module, client, account_data['orders'])
result['order_uris'] = orders result['order_uris'] = orders
if module.params['retrieve_orders'] == 'url_list':
module.deprecate(
'retrieve_orders=url_list now returns the order URI list as `order_uris`.'
' Right now it also returns this list as `orders` for backwards compatibility,'
' but this will stop in community.crypto 2.0.0',
version='2.0.0', collection_name='community.crypto')
result['orders'] = orders
if module.params['retrieve_orders'] == 'object_list': if module.params['retrieve_orders'] == 'object_list':
result['orders'] = [get_order(client, order) for order in orders] result['orders'] = [get_order(client, order) for order in orders]
module.exit_json(**result) module.exit_json(**result)

1
plugins/modules/openssl_certificate.py
View File

@ -1 +0,0 @@
x509_certificate.py

1
plugins/modules/openssl_certificate_info.py
View File

@ -1 +0,0 @@
x509_certificate_info.py

4
plugins/modules/x509_certificate.py
View File

@ -371,10 +371,6 @@ def main():
supports_check_mode=True, supports_check_mode=True,
) )
if module._name == 'community.crypto.openssl_certificate':
module.deprecate("The 'community.crypto.openssl_certificate' module has been renamed to 'community.crypto.x509_certificate'",
version='2.0.0', collection_name='community.crypto')
try: try:
if module.params['state'] == 'absent': if module.params['state'] == 'absent':
certificate = CertificateAbsent(module) certificate = CertificateAbsent(module)

3
plugins/modules/x509_certificate_info.py
View File

@ -401,9 +401,6 @@ def main():
), ),
supports_check_mode=True, supports_check_mode=True,
) )
if module._name == 'community.crypto.openssl_certificate_info':
module.deprecate("The 'community.crypto.openssl_certificate_info' module has been renamed to 'community.crypto.x509_certificate_info'",
version='2.0.0', collection_name='community.crypto')
if module.params['content'] is not None: if module.params['content'] is not None:
data = module.params['content'].encode('utf-8') data = module.params['content'].encode('utf-8')

8
tests/integration/targets/acme_certificate/tests/validate.yml
View File

@ -167,21 +167,17 @@
assert: assert:
that: that:
- "'account' in account_orders_urls" - "'account' in account_orders_urls"
- "'orders' in account_orders_urls" - "'orders' not in account_orders_urls"
- "account_orders_urls.orders[0] is string"
- "'order_uris' in account_orders_urls" - "'order_uris' in account_orders_urls"
- "account_orders_urls.order_uris[0] is string" - "account_orders_urls.order_uris[0] is string"
- "account_orders_urls.order_uris == account_orders_urls.orders"
- name: Validate that orders were retrieved as list of URLs (2/2) - name: Validate that orders were retrieved as list of URLs (2/2)
assert: assert:
that: that:
- "'account' in account_orders_urls2" - "'account' in account_orders_urls2"
- "'orders' in account_orders_urls2" - "'orders' not in account_orders_urls2"
- "account_orders_urls2.orders[0] is string"
- "'order_uris' in account_orders_urls2" - "'order_uris' in account_orders_urls2"
- "account_orders_urls2.order_uris[0] is string" - "account_orders_urls2.order_uris[0] is string"
- "account_orders_urls2.order_uris == account_orders_urls2.orders"
- name: Validate that orders were retrieved as list of objects (1/2) - name: Validate that orders were retrieved as list of objects (1/2)
assert: assert:

2
tests/sanity/ignore-2.10.txt
View File

@ -1,3 +1 @@
plugins/module_utils/acme/__init__.py empty-init
plugins/module_utils/crypto/__init__.py empty-init
plugins/modules/acme_account_info.py validate-modules:return-syntax-error plugins/modules/acme_account_info.py validate-modules:return-syntax-error

2
tests/sanity/ignore-2.11.txt
View File

@ -1,3 +1 @@
plugins/module_utils/acme/__init__.py empty-init
plugins/module_utils/crypto/__init__.py empty-init
plugins/modules/acme_account_info.py validate-modules:return-syntax-error plugins/modules/acme_account_info.py validate-modules:return-syntax-error

2
tests/sanity/ignore-2.12.txt
View File

@ -1,3 +1 @@
plugins/module_utils/acme/__init__.py empty-init
plugins/module_utils/crypto/__init__.py empty-init
plugins/modules/acme_account_info.py validate-modules:return-syntax-error plugins/modules/acme_account_info.py validate-modules:return-syntax-error

2
tests/sanity/ignore-2.13.txt
View File

@ -1,2 +0,0 @@
plugins/module_utils/acme/__init__.py empty-init
plugins/module_utils/crypto/__init__.py empty-init

2
tests/sanity/ignore-2.9.txt
View File

@ -1,2 +0,0 @@
plugins/module_utils/acme/__init__.py empty-init
plugins/module_utils/crypto/__init__.py empty-init