a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

x509_crl: prepare releasing the mode option for AnsibleModule's use (#596) 

* Prepare releasing the mode option for AnsibleModule's use.

* Update docs.
pull/598/head
Felix Fontein 2023-04-29 20:54:24 +02:00 committed by GitHub
parent 54eeb8d563
commit c568923478
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 51 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
changelogs/fragments/596-x509_crl-mode.yml Normal file
View File

@ -0,0 +1,6 @@
bugfixes:
- "x509_crl - remove problem with ansible-core 2.16 due to ``AnsibleModule`` is now validating the ``mode`` parameter's values (https://github.com/ansible-collections/community.crypto/issues/596)."
minor_changes:
- "x509_crl - the ``crl_mode`` option has been added to replace the existing ``mode`` option (https://github.com/ansible-collections/community.crypto/issues/596)."
deprecated_features:
- "x509_crl - the ``mode`` option is deprecated; use ``crl_mode`` instead. The ``mode`` option will change its meaning in community.crypto 3.0.0, and will refer to the CRL file's mode instead (https://github.com/ansible-collections/community.crypto/issues/596)."

39
plugins/modules/x509_crl.py
View File

@ -42,7 +42,7 @@ options:
default: present default: present
choices: [ absent, present ] choices: [ absent, present ]
mode: crl_mode:
description: description:
- Defines how to process entries of existing CRLs. - Defines how to process entries of existing CRLs.
- If set to C(generate), makes sure that the CRL has the exact set of revoked certificates - If set to C(generate), makes sure that the CRL has the exact set of revoked certificates
@ -51,8 +51,20 @@ options:
I(revoked_certificates), but can also contain other revoked certificates. If the CRL file I(revoked_certificates), but can also contain other revoked certificates. If the CRL file
already exists, all entries from the existing CRL will also be included in the new CRL. already exists, all entries from the existing CRL will also be included in the new CRL.
When using C(update), you might be interested in setting I(ignore_timestamps) to C(true). When using C(update), you might be interested in setting I(ignore_timestamps) to C(true).
- The default value is C(generate).
- This parameter was called I(mode) before community.crypto 2.13.0. It has been renamed to avoid
a collision with the common I(mode) parameter for setting the CRL file's access mode.
type: str type: str
default: generate # default: generate
choices: [ generate, update ]
version_added: 2.13.0
mode:
description:
- This parameter has been renamed to I(crl_mode). The old name I(mode) is now deprecated and will
be removed in community.crypto 3.0.0. Replace usage of this parameter with I(crl_mode).
- Note that from community.crypto 3.0.0 on, I(mode) will be used for the CRL file's mode.
type: str
# default: generate
choices: [ generate, update ] choices: [ generate, update ]
force: force:
@ -479,7 +491,7 @@ class CRL(OpenSSLObject):
self.format = module.params['format'] self.format = module.params['format']
self.update = module.params['mode'] == 'update' self.update = module.params['crl_mode'] == 'update'
self.ignore_timestamps = module.params['ignore_timestamps'] self.ignore_timestamps = module.params['ignore_timestamps']
self.return_content = module.params['return_content'] self.return_content = module.params['return_content']
self.name_encoding = module.params['name_encoding'] self.name_encoding = module.params['name_encoding']
@ -827,7 +839,18 @@ def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=dict( argument_spec=dict(
state=dict(type='str', default='present', choices=['present', 'absent']), state=dict(type='str', default='present', choices=['present', 'absent']),
mode=dict(type='str', default='generate', choices=['generate', 'update']), crl_mode=dict(
type='str',
# default='generate',
choices=['generate', 'update'],
),
mode=dict(
type='str',
# default='generate',
choices=['generate', 'update'],
removed_in_version='3.0.0',
removed_from_collection='community.crypto',
),
force=dict(type='bool', default=False), force=dict(type='bool', default=False),
backup=dict(type='bool', default=False), backup=dict(type='bool', default=False),
path=dict(type='path', required=True), path=dict(type='path', required=True),
@ -882,6 +905,14 @@ def main():
add_file_common_args=True, add_file_common_args=True,
) )
if module.params['mode']:
if module.params['crl_mode']:
module.fail_json('You cannot use both `mode` and `crl_mode`. Use `crl_mode`.')
module.params['crl_mode'] = module.params['mode']
# TODO: in 3.0.0, once the option `mode` has been removed, remove this:
module.params.pop('mode', None)
# From then on, `mode` will be the file mode of the CRL file
if not CRYPTOGRAPHY_FOUND: if not CRYPTOGRAPHY_FOUND:
module.fail_json(msg=missing_required_lib('cryptography >= {0}'.format(MINIMAL_CRYPTOGRAPHY_VERSION)), module.fail_json(msg=missing_required_lib('cryptography >= {0}'.format(MINIMAL_CRYPTOGRAPHY_VERSION)),
exception=CRYPTOGRAPHY_IMP_ERR) exception=CRYPTOGRAPHY_IMP_ERR)

4
tests/integration/targets/filter_x509_crl_info/tasks/impl.yml
View File

@ -130,7 +130,7 @@
reason_critical: true reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
ignore_timestamps: false ignore_timestamps: false
mode: update crl_mode: update
return_content: true return_content: true
register: crl_2_change register: crl_2_change
@ -156,7 +156,7 @@
reason_critical: true reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
ignore_timestamps: true ignore_timestamps: true
mode: update crl_mode: update
return_content: true return_content: true
register: crl_2_change_order register: crl_2_change_order

16
tests/integration/targets/x509_crl/tasks/impl.yml
View File

@ -360,7 +360,7 @@
revoked_certificates: revoked_certificates:
- serial_number: 1235 - serial_number: 1235
ignore_timestamps: true ignore_timestamps: true
mode: update crl_mode: update
check_mode: true check_mode: true
register: crl_2_idem_update_change_check register: crl_2_idem_update_change_check
@ -378,7 +378,7 @@
revoked_certificates: revoked_certificates:
- serial_number: 1235 - serial_number: 1235
ignore_timestamps: true ignore_timestamps: true
mode: update crl_mode: update
register: crl_2_idem_update_change register: crl_2_idem_update_change
- name: Create CRL 2 (idempotent update, check mode) - name: Create CRL 2 (idempotent update, check mode)
@ -398,7 +398,7 @@
reason_critical: true reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
ignore_timestamps: true ignore_timestamps: true
mode: update crl_mode: update
check_mode: true check_mode: true
register: crl_2_idem_update_check register: crl_2_idem_update_check
@ -419,7 +419,7 @@
reason_critical: true reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
ignore_timestamps: true ignore_timestamps: true
mode: update crl_mode: update
register: crl_2_idem_update register: crl_2_idem_update
- name: Create CRL 2 (changed timestamps, check mode) - name: Create CRL 2 (changed timestamps, check mode)
@ -439,7 +439,7 @@
reason_critical: true reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
ignore_timestamps: false ignore_timestamps: false
mode: update crl_mode: update
check_mode: true check_mode: true
register: crl_2_change_check register: crl_2_change_check
@ -460,7 +460,7 @@
reason_critical: true reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
ignore_timestamps: false ignore_timestamps: false
mode: update crl_mode: update
return_content: true return_content: true
register: crl_2_change register: crl_2_change
@ -493,7 +493,7 @@
reason_critical: true reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
ignore_timestamps: true ignore_timestamps: true
mode: update crl_mode: update
return_content: true return_content: true
register: crl_2_change_order_ignore register: crl_2_change_order_ignore
@ -514,7 +514,7 @@
reason_critical: true reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
ignore_timestamps: true ignore_timestamps: true
mode: update crl_mode: update
return_content: true return_content: true
register: crl_2_change_order register: crl_2_change_order