From bffd7b0ce9e9a119f0aa0ff8fee3fd5e5ecd1af2 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Tue, 31 Mar 2020 16:12:58 +0200 Subject: [PATCH] Add changelog fragments from ansible/ansible. (#8) --- changelogs/fragments/52408-luks-device.yaml | 2 ++ changelogs/fragments/58973-luks_device_add-type-option.yml | 2 ++ .../58973_luks_device-add-label-and-uuid-support.yml | 2 ++ changelogs/fragments/60388-openssl_privatekey-format.yml | 2 ++ .../61522-luks-device-add-option-to-define-keysize.yml | 2 ++ .../61658-openssh_keypair-public-key-permissions.yml | 2 ++ .../fragments/61738-ecs-certificate-invalid-chain.yaml | 2 ++ changelogs/fragments/62218-fix-to-entrust-api.yml | 3 +++ .../fragments/62790-openssl_certificate_fix_assert.yml | 2 ++ .../62991-openssl_dhparam-cryptography-backend.yml | 2 ++ changelogs/fragments/63432-openssl_csr-version.yml | 4 ++++ changelogs/fragments/63984-openssl-ed25519-ed448.yml | 4 ++++ ...36-openssh_keypair-add-password-protected-key-check.yml | 4 ++++ .../64501-fix-python2.x-backward-compatibility.yaml | 2 ++ changelogs/fragments/64648-acme_certificate-acmev1.yml | 2 ++ changelogs/fragments/65017-openssh_keypair-idempotence.yml | 2 ++ changelogs/fragments/65400-openssl-output.yml | 7 +++++++ .../65435-openssl_csr-privatekey_path-required.yml | 2 ++ changelogs/fragments/65633-crypto-argspec-fixup.yml | 2 ++ changelogs/fragments/66384-openssl-content.yml | 7 +++++++ changelogs/fragments/67036-openssl_publickey-backend.yml | 2 ++ .../fragments/67038-openssl-openssh-key-regenerate.yml | 3 +++ .../67109-openssl_certificate-acme-directory.yaml | 3 +++ changelogs/fragments/67515-openssl-fingerprint-fips.yml | 2 ++ .../fragments/67901-get_certificate-fix-cryptography.yml | 2 ++ 25 files changed, 69 insertions(+) create mode 100644 changelogs/fragments/52408-luks-device.yaml create mode 100644 changelogs/fragments/58973-luks_device_add-type-option.yml create mode 100644 changelogs/fragments/58973_luks_device-add-label-and-uuid-support.yml create mode 100644 changelogs/fragments/60388-openssl_privatekey-format.yml create mode 100644 changelogs/fragments/61522-luks-device-add-option-to-define-keysize.yml create mode 100644 changelogs/fragments/61658-openssh_keypair-public-key-permissions.yml create mode 100644 changelogs/fragments/61738-ecs-certificate-invalid-chain.yaml create mode 100644 changelogs/fragments/62218-fix-to-entrust-api.yml create mode 100644 changelogs/fragments/62790-openssl_certificate_fix_assert.yml create mode 100644 changelogs/fragments/62991-openssl_dhparam-cryptography-backend.yml create mode 100644 changelogs/fragments/63432-openssl_csr-version.yml create mode 100644 changelogs/fragments/63984-openssl-ed25519-ed448.yml create mode 100644 changelogs/fragments/64436-openssh_keypair-add-password-protected-key-check.yml create mode 100644 changelogs/fragments/64501-fix-python2.x-backward-compatibility.yaml create mode 100644 changelogs/fragments/64648-acme_certificate-acmev1.yml create mode 100644 changelogs/fragments/65017-openssh_keypair-idempotence.yml create mode 100644 changelogs/fragments/65400-openssl-output.yml create mode 100644 changelogs/fragments/65435-openssl_csr-privatekey_path-required.yml create mode 100644 changelogs/fragments/65633-crypto-argspec-fixup.yml create mode 100644 changelogs/fragments/66384-openssl-content.yml create mode 100644 changelogs/fragments/67036-openssl_publickey-backend.yml create mode 100644 changelogs/fragments/67038-openssl-openssh-key-regenerate.yml create mode 100644 changelogs/fragments/67109-openssl_certificate-acme-directory.yaml create mode 100644 changelogs/fragments/67515-openssl-fingerprint-fips.yml create mode 100644 changelogs/fragments/67901-get_certificate-fix-cryptography.yml diff --git a/changelogs/fragments/52408-luks-device.yaml b/changelogs/fragments/52408-luks-device.yaml new file mode 100644 index 00000000..3ab3b8d6 --- /dev/null +++ b/changelogs/fragments/52408-luks-device.yaml @@ -0,0 +1,2 @@ +minor_changes: + - luks_device - accept ``passphrase``, ``new_passphrase`` and ``remove_passphrase``. diff --git a/changelogs/fragments/58973-luks_device_add-type-option.yml b/changelogs/fragments/58973-luks_device_add-type-option.yml new file mode 100644 index 00000000..78c1458c --- /dev/null +++ b/changelogs/fragments/58973-luks_device_add-type-option.yml @@ -0,0 +1,2 @@ +minor_changes: +- luks_device - added the ``type`` option that allows user explicit define the LUKS container format version diff --git a/changelogs/fragments/58973_luks_device-add-label-and-uuid-support.yml b/changelogs/fragments/58973_luks_device-add-label-and-uuid-support.yml new file mode 100644 index 00000000..a8a26030 --- /dev/null +++ b/changelogs/fragments/58973_luks_device-add-label-and-uuid-support.yml @@ -0,0 +1,2 @@ +minor_changes: + - luks_device - added support to use UUIDs, and labels with LUKS2 containers diff --git a/changelogs/fragments/60388-openssl_privatekey-format.yml b/changelogs/fragments/60388-openssl_privatekey-format.yml new file mode 100644 index 00000000..ad3eff91 --- /dev/null +++ b/changelogs/fragments/60388-openssl_privatekey-format.yml @@ -0,0 +1,2 @@ +minor_changes: +- "openssl_privatekey - add ``format`` and ``format_mismatch`` options." diff --git a/changelogs/fragments/61522-luks-device-add-option-to-define-keysize.yml b/changelogs/fragments/61522-luks-device-add-option-to-define-keysize.yml new file mode 100644 index 00000000..b2d68e6f --- /dev/null +++ b/changelogs/fragments/61522-luks-device-add-option-to-define-keysize.yml @@ -0,0 +1,2 @@ +minor_changes: + - luks_device - add ``keysize`` parameter to set key size at LUKS container creation diff --git a/changelogs/fragments/61658-openssh_keypair-public-key-permissions.yml b/changelogs/fragments/61658-openssh_keypair-public-key-permissions.yml new file mode 100644 index 00000000..ad4b9dcc --- /dev/null +++ b/changelogs/fragments/61658-openssh_keypair-public-key-permissions.yml @@ -0,0 +1,2 @@ +bugfixes: +- "openssh_keypair - public key's file attributes (permissions, owner, group, etc.) are now set to the same values as the private key." diff --git a/changelogs/fragments/61738-ecs-certificate-invalid-chain.yaml b/changelogs/fragments/61738-ecs-certificate-invalid-chain.yaml new file mode 100644 index 00000000..6643e9d2 --- /dev/null +++ b/changelogs/fragments/61738-ecs-certificate-invalid-chain.yaml @@ -0,0 +1,2 @@ +bugfixes: + - ecs_certificate - Fix formatting of contents of ``full_chain_path``. diff --git a/changelogs/fragments/62218-fix-to-entrust-api.yml b/changelogs/fragments/62218-fix-to-entrust-api.yml new file mode 100644 index 00000000..6454f1c6 --- /dev/null +++ b/changelogs/fragments/62218-fix-to-entrust-api.yml @@ -0,0 +1,3 @@ +bugfixes: +- "openssl_certificate - When provider is ``entrust``, use a ``connection: keep-alive`` header for ECS API connections." +- "ecs_certificate - Always specify header ``connection: keep-alive`` for ECS API connections." diff --git a/changelogs/fragments/62790-openssl_certificate_fix_assert.yml b/changelogs/fragments/62790-openssl_certificate_fix_assert.yml new file mode 100644 index 00000000..fb692104 --- /dev/null +++ b/changelogs/fragments/62790-openssl_certificate_fix_assert.yml @@ -0,0 +1,2 @@ +bugfixes: +- "openssl_certificate - fix ``assertonly`` provider certificate verification, causing 'private key mismatch' and 'subject mismatch' errors." diff --git a/changelogs/fragments/62991-openssl_dhparam-cryptography-backend.yml b/changelogs/fragments/62991-openssl_dhparam-cryptography-backend.yml new file mode 100644 index 00000000..d9d1f7fc --- /dev/null +++ b/changelogs/fragments/62991-openssl_dhparam-cryptography-backend.yml @@ -0,0 +1,2 @@ +minor_changes: +- "openssl_dhparam - now supports a ``cryptography``-based backend. Auto-detection can be overwritten with the ``select_crypto_backend`` option." diff --git a/changelogs/fragments/63432-openssl_csr-version.yml b/changelogs/fragments/63432-openssl_csr-version.yml new file mode 100644 index 00000000..c080a31f --- /dev/null +++ b/changelogs/fragments/63432-openssl_csr-version.yml @@ -0,0 +1,4 @@ +deprecated_features: +- "openssl_csr - all values for the ``version`` option except ``1`` are deprecated." +bugfixes: +- "openssl_csr - a warning is issued if an unsupported value for ``version`` is used for the ``cryptography`` backend." diff --git a/changelogs/fragments/63984-openssl-ed25519-ed448.yml b/changelogs/fragments/63984-openssl-ed25519-ed448.yml new file mode 100644 index 00000000..ee7ad550 --- /dev/null +++ b/changelogs/fragments/63984-openssl-ed25519-ed448.yml @@ -0,0 +1,4 @@ +bugfixes: +- "openssl_certificate and openssl_csr - fix Ed25519 and Ed448 private key support for ``cryptography`` backend. + This probably needs at least cryptography 2.8, since older versions have problems with signing certificates + or CSRs with such keys. (https://github.com/ansible/ansible/issues/59039, PR https://github.com/ansible/ansible/pull/63984)" diff --git a/changelogs/fragments/64436-openssh_keypair-add-password-protected-key-check.yml b/changelogs/fragments/64436-openssh_keypair-add-password-protected-key-check.yml new file mode 100644 index 00000000..53b9680b --- /dev/null +++ b/changelogs/fragments/64436-openssh_keypair-add-password-protected-key-check.yml @@ -0,0 +1,4 @@ +bugfixes: + - openssh_keypair - add logic to avoid breaking password protected keys. +minor_changes: + - openssh_keypair - instead of regenerating some broken or password protected keys, fail the module. Keys can still be regenerated by calling the module with ``force=yes``. diff --git a/changelogs/fragments/64501-fix-python2.x-backward-compatibility.yaml b/changelogs/fragments/64501-fix-python2.x-backward-compatibility.yaml new file mode 100644 index 00000000..42c4761c --- /dev/null +++ b/changelogs/fragments/64501-fix-python2.x-backward-compatibility.yaml @@ -0,0 +1,2 @@ +bugfixes: +- "acme_certificate - fix crash when module is used with Python 2.x." diff --git a/changelogs/fragments/64648-acme_certificate-acmev1.yml b/changelogs/fragments/64648-acme_certificate-acmev1.yml new file mode 100644 index 00000000..56776b0a --- /dev/null +++ b/changelogs/fragments/64648-acme_certificate-acmev1.yml @@ -0,0 +1,2 @@ +bugfixes: +- "acme_certificate - fix misbehavior when ACME v1 is used with ``modify_account`` set to ``false``." \ No newline at end of file diff --git a/changelogs/fragments/65017-openssh_keypair-idempotence.yml b/changelogs/fragments/65017-openssh_keypair-idempotence.yml new file mode 100644 index 00000000..411b7149 --- /dev/null +++ b/changelogs/fragments/65017-openssh_keypair-idempotence.yml @@ -0,0 +1,2 @@ +bugfixes: +- "openssh_keypair - fixes idempotence issue with public key (https://github.com/ansible/ansible/issues/64969)." diff --git a/changelogs/fragments/65400-openssl-output.yml b/changelogs/fragments/65400-openssl-output.yml new file mode 100644 index 00000000..fd5e2bcf --- /dev/null +++ b/changelogs/fragments/65400-openssl-output.yml @@ -0,0 +1,7 @@ +minor_changes: +- "openssl_certificate - allow to return the existing/generated certificate directly as ``certificate`` by setting ``return_content`` to ``yes``." +- "openssl_csr - allow to return the existing/generated CSR directly as ``csr`` by setting ``return_content`` to ``yes``." +- "openssl_dhparam - allow to return the existing/generated DH params directly as ``dhparams`` by setting ``return_content`` to ``yes``." +- "openssl_pkcs12 - allow to return the existing/generated PKCS#12 directly as ``pkcs12`` by setting ``return_content`` to ``yes``." +- "openssl_privatekey - allow to return the existing/generated private key directly as ``privatekey`` by setting ``return_content`` to ``yes``." +- "openssl_publickey - allow to return the existing/generated public key directly as ``publickey`` by setting ``return_content`` to ``yes``." diff --git a/changelogs/fragments/65435-openssl_csr-privatekey_path-required.yml b/changelogs/fragments/65435-openssl_csr-privatekey_path-required.yml new file mode 100644 index 00000000..e7bb5a15 --- /dev/null +++ b/changelogs/fragments/65435-openssl_csr-privatekey_path-required.yml @@ -0,0 +1,2 @@ +bugfixes: +- "openssl_csr - the module will now enforce that ``privatekey_path`` is specified when ``state=present``." diff --git a/changelogs/fragments/65633-crypto-argspec-fixup.yml b/changelogs/fragments/65633-crypto-argspec-fixup.yml new file mode 100644 index 00000000..7f4ae281 --- /dev/null +++ b/changelogs/fragments/65633-crypto-argspec-fixup.yml @@ -0,0 +1,2 @@ +bugfixes: +- "openssl_certificate - ``provider`` option was documented as required, but it was not checked whether it was provided. It is now only required when ``state`` is ``present``." diff --git a/changelogs/fragments/66384-openssl-content.yml b/changelogs/fragments/66384-openssl-content.yml new file mode 100644 index 00000000..86e33428 --- /dev/null +++ b/changelogs/fragments/66384-openssl-content.yml @@ -0,0 +1,7 @@ +minor_changes: +- "openssl_certificate_info - allow to provide certificate content via ``content`` option (https://github.com/ansible/ansible/issues/64776)." +- "openssl_csr_info - allow to provide CSR content via ``content`` option." +- "openssl_privatekey_info - allow to provide private key content via ``content`` option." +- "openssl_certificate - allow to provide content of some input files via the ``csr_content``, ``privatekey_content``, ``ownca_privatekey_content`` and ``ownca_content`` options." +- "openssl_csr - allow to provide private key content via ``private_key_content`` option." +- "openssl_publickey - allow to provide private key content via ``private_key_content`` option." diff --git a/changelogs/fragments/67036-openssl_publickey-backend.yml b/changelogs/fragments/67036-openssl_publickey-backend.yml new file mode 100644 index 00000000..97093c20 --- /dev/null +++ b/changelogs/fragments/67036-openssl_publickey-backend.yml @@ -0,0 +1,2 @@ +bugfixes: +- "openssl_publickey - fix a module crash caused when pyOpenSSL is not installed (https://github.com/ansible/ansible/issues/67035)." diff --git a/changelogs/fragments/67038-openssl-openssh-key-regenerate.yml b/changelogs/fragments/67038-openssl-openssh-key-regenerate.yml new file mode 100644 index 00000000..de40804b --- /dev/null +++ b/changelogs/fragments/67038-openssl-openssh-key-regenerate.yml @@ -0,0 +1,3 @@ +minor_changes: +- "openssh_keypair - the ``regenerate`` option allows to configure the module's behavior when it should or needs to regenerate private keys." +- "openssl_privatekey - the ``regenerate`` option allows to configure the module's behavior when it should or needs to regenerate private keys." diff --git a/changelogs/fragments/67109-openssl_certificate-acme-directory.yaml b/changelogs/fragments/67109-openssl_certificate-acme-directory.yaml new file mode 100644 index 00000000..27e87998 --- /dev/null +++ b/changelogs/fragments/67109-openssl_certificate-acme-directory.yaml @@ -0,0 +1,3 @@ +minor_changes: + - "openssl_certificate - Add option for changing which ACME directory to use with acme-tiny. Set the default ACME directory to Let's Encrypt instead of using acme-tiny's default. (acme-tiny also uses Let's Encrypt at the time being, so no action should be neccessary.)" + - "openssl_certificate - Change the required version of acme-tiny to >= 4.0.0" diff --git a/changelogs/fragments/67515-openssl-fingerprint-fips.yml b/changelogs/fragments/67515-openssl-fingerprint-fips.yml new file mode 100644 index 00000000..18738d1f --- /dev/null +++ b/changelogs/fragments/67515-openssl-fingerprint-fips.yml @@ -0,0 +1,2 @@ +bugfixes: +- "openssl_* modules - prevent crash on fingerprint determination in FIPS mode (https://github.com/ansible/ansible/issues/67213)." diff --git a/changelogs/fragments/67901-get_certificate-fix-cryptography.yml b/changelogs/fragments/67901-get_certificate-fix-cryptography.yml new file mode 100644 index 00000000..09f4c56a --- /dev/null +++ b/changelogs/fragments/67901-get_certificate-fix-cryptography.yml @@ -0,0 +1,2 @@ +bugfixes: +- get_certificate - Fix cryptography backend when pyopenssl is unavailable (https://github.com/ansible/ansible/issues/67900)