a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Release 1.3.0.

pull/154/head 1.3.0
Felix Fontein 2020-11-24 19:40:52 +01:00
parent c2122acfba
commit c9524e9c09
10 changed files with 83 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
CHANGELOG.rst
View File

@ -5,6 +5,39 @@ Community Crypto Release Notes
.. contents:: Topics
v1.3.0
======
Release Summary
---------------
Contains new modules ``openssl_privatekey_pipe``, ``openssl_csr_pipe`` and ``x509_certificate_pipe`` which allow to create or update private keys, CSRs and X.509 certificates without having to write them to disk.
Minor Changes
-------------
- openssh_cert - add module parameter ``use_agent`` to enable using signing keys stored in ssh-agent (https://github.com/ansible-collections/community.crypto/issues/116).
- openssl_csr - refactor module to allow code re-use by openssl_csr_pipe (https://github.com/ansible-collections/community.crypto/pull/123).
- openssl_privatekey - refactor module to allow code re-use by openssl_privatekey_pipe (https://github.com/ansible-collections/community.crypto/pull/119).
- openssl_privatekey - the elliptic curve ``secp192r1`` now triggers a security warning. Elliptic curves of at least 224 bits should be used for new keys; see `here <https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec.html#elliptic-curves>`_ (https://github.com/ansible-collections/community.crypto/pull/132).
- x509_certificate - for the ``selfsigned`` provider, a CSR is not required anymore. If no CSR is provided, the module behaves as if a minimal CSR which only contains the public key has been provided (https://github.com/ansible-collections/community.crypto/issues/32, https://github.com/ansible-collections/community.crypto/pull/129).
- x509_certificate - refactor module to allow code re-use by x509_certificate_pipe (https://github.com/ansible-collections/community.crypto/pull/135).
Bugfixes
--------
- openssl_pkcs12 - report the correct state when ``action`` is ``parse`` (https://github.com/ansible-collections/community.crypto/issues/143).
- support code - improve handling of certificate and certificate signing request (CSR) loading with the ``cryptography`` backend when errors occur (https://github.com/ansible-collections/community.crypto/issues/138, https://github.com/ansible-collections/community.crypto/pull/139).
- x509_certificate - fix ``entrust`` provider, which was broken since community.crypto 0.1.0 due to a feature added before the collection move (https://github.com/ansible-collections/community.crypto/pull/135).
New Modules
-----------
- openssl_csr_pipe - Generate OpenSSL Certificate Signing Request (CSR)
- openssl_privatekey_pipe - Generate OpenSSL private keys without disk access
- x509_certificate_pipe - Generate and/or check OpenSSL certificates
v1.2.0
======

50
changelogs/changelog.yaml
View File

@ -235,3 +235,53 @@ releases:
- 121-x509_certificate_info-fingerprints.yml
- cve-2020-25646.yml
release_date: '2020-10-13'
1.3.0:
changes:
bugfixes:
- openssl_pkcs12 - report the correct state when ``action`` is ``parse`` (https://github.com/ansible-collections/community.crypto/issues/143).
- support code - improve handling of certificate and certificate signing request
(CSR) loading with the ``cryptography`` backend when errors occur (https://github.com/ansible-collections/community.crypto/issues/138,
https://github.com/ansible-collections/community.crypto/pull/139).
- x509_certificate - fix ``entrust`` provider, which was broken since community.crypto
0.1.0 due to a feature added before the collection move (https://github.com/ansible-collections/community.crypto/pull/135).
minor_changes:
- openssh_cert - add module parameter ``use_agent`` to enable using signing
keys stored in ssh-agent (https://github.com/ansible-collections/community.crypto/issues/116).
- openssl_csr - refactor module to allow code re-use by openssl_csr_pipe (https://github.com/ansible-collections/community.crypto/pull/123).
- openssl_privatekey - refactor module to allow code re-use by openssl_privatekey_pipe
(https://github.com/ansible-collections/community.crypto/pull/119).
- openssl_privatekey - the elliptic curve ``secp192r1`` now triggers a security
warning. Elliptic curves of at least 224 bits should be used for new keys;
see `here <https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec.html#elliptic-curves>`_
(https://github.com/ansible-collections/community.crypto/pull/132).
- x509_certificate - for the ``selfsigned`` provider, a CSR is not required
anymore. If no CSR is provided, the module behaves as if a minimal CSR which
only contains the public key has been provided (https://github.com/ansible-collections/community.crypto/issues/32,
https://github.com/ansible-collections/community.crypto/pull/129).
- x509_certificate - refactor module to allow code re-use by x509_certificate_pipe
(https://github.com/ansible-collections/community.crypto/pull/135).
release_summary: 'Contains new modules ``openssl_privatekey_pipe``, ``openssl_csr_pipe``
and ``x509_certificate_pipe`` which allow to create or update private keys,
CSRs and X.509 certificates without having to write them to disk.
'
fragments:
- 1.3.0.yml
- 117-openssh_cert-use-ssh-agent.yml
- 129-x509_certificate-no-csr-selfsigned.yml
- 132-openssl_privatekey-ecc-order.yml
- 135-x509_certificate-entrust.yml
- 139-improve-error-handling.yml
- 145-add-check-for-parsed-pkcs12-files.yml
- privatekey-csr-certificate-refactoring.yml
modules:
- description: Generate OpenSSL Certificate Signing Request (CSR)
name: openssl_csr_pipe
namespace: ''
- description: Generate OpenSSL private keys without disk access
name: openssl_privatekey_pipe
namespace: ''
- description: Generate and/or check OpenSSL certificates
name: x509_certificate_pipe
namespace: ''
release_date: '2020-11-24'

3
changelogs/fragments/1.3.0.yml
View File

@ -1,3 +0,0 @@
release_summary: >
Contains new modules ``openssl_privatekey_pipe``, ``openssl_csr_pipe`` and ``x509_certificate_pipe`` which allow
to create or update private keys, CSRs and X.509 certificates without having to write them to disk.

2
changelogs/fragments/117-openssh_cert-use-ssh-agent.yml
View File

@ -1,2 +0,0 @@
minor_changes:
- openssh_cert - add module parameter ``use_agent`` to enable using signing keys stored in ssh-agent (https://github.com/ansible-collections/community.crypto/issues/116).

2
changelogs/fragments/129-x509_certificate-no-csr-selfsigned.yml
View File

@ -1,2 +0,0 @@
minor_changes:
- "x509_certificate - for the ``selfsigned`` provider, a CSR is not required anymore. If no CSR is provided, the module behaves as if a minimal CSR which only contains the public key has been provided (https://github.com/ansible-collections/community.crypto/issues/32, https://github.com/ansible-collections/community.crypto/pull/129)."

2
changelogs/fragments/132-openssl_privatekey-ecc-order.yml
View File

@ -1,2 +0,0 @@
minor_changes:
- "openssl_privatekey - the elliptic curve ``secp192r1`` now triggers a security warning. Elliptic curves of at least 224 bits should be used for new keys; see `here <https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec.html#elliptic-curves>`_ (https://github.com/ansible-collections/community.crypto/pull/132)."

2
changelogs/fragments/135-x509_certificate-entrust.yml
View File

@ -1,2 +0,0 @@
bugfixes:
- "x509_certificate - fix ``entrust`` provider, which was broken since community.crypto 0.1.0 due to a feature added before the collection move (https://github.com/ansible-collections/community.crypto/pull/135)."

2
changelogs/fragments/139-improve-error-handling.yml
View File

@ -1,2 +0,0 @@
bugfixes:
- "support code - improve handling of certificate and certificate signing request (CSR) loading with the ``cryptography`` backend when errors occur (https://github.com/ansible-collections/community.crypto/issues/138, https://github.com/ansible-collections/community.crypto/pull/139)."

2
changelogs/fragments/145-add-check-for-parsed-pkcs12-files.yml
View File

@ -1,2 +0,0 @@
bugfixes:
- openssl_pkcs12 - report the correct state when ``action`` is ``parse`` (https://github.com/ansible-collections/community.crypto/issues/143).

4
changelogs/fragments/privatekey-csr-certificate-refactoring.yml
View File

@ -1,4 +0,0 @@
minor_changes:
- "openssl_privatekey - refactor module to allow code re-use by openssl_privatekey_pipe (https://github.com/ansible-collections/community.crypto/pull/119)."
- "openssl_csr - refactor module to allow code re-use by openssl_csr_pipe (https://github.com/ansible-collections/community.crypto/pull/123)."
- "x509_certificate - refactor module to allow code re-use by x509_certificate_pipe (https://github.com/ansible-collections/community.crypto/pull/135)."