From c9524e9c09d8cc2dd61433a61a6785becc63779c Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Tue, 24 Nov 2020 19:40:52 +0100
Subject: [PATCH] Release 1.3.0.

---
 CHANGELOG.rst                                 | 33 ++++++++++++
 changelogs/changelog.yaml                     | 50 +++++++++++++++++++
 changelogs/fragments/1.3.0.yml                |  3 --
 .../117-openssh_cert-use-ssh-agent.yml        |  2 -
 ...129-x509_certificate-no-csr-selfsigned.yml |  2 -
 .../132-openssl_privatekey-ecc-order.yml      |  2 -
 .../135-x509_certificate-entrust.yml          |  2 -
 .../fragments/139-improve-error-handling.yml  |  2 -
 .../145-add-check-for-parsed-pkcs12-files.yml |  2 -
 ...privatekey-csr-certificate-refactoring.yml |  4 --
 10 files changed, 83 insertions(+), 19 deletions(-)
 delete mode 100644 changelogs/fragments/1.3.0.yml
 delete mode 100644 changelogs/fragments/117-openssh_cert-use-ssh-agent.yml
 delete mode 100644 changelogs/fragments/129-x509_certificate-no-csr-selfsigned.yml
 delete mode 100644 changelogs/fragments/132-openssl_privatekey-ecc-order.yml
 delete mode 100644 changelogs/fragments/135-x509_certificate-entrust.yml
 delete mode 100644 changelogs/fragments/139-improve-error-handling.yml
 delete mode 100644 changelogs/fragments/145-add-check-for-parsed-pkcs12-files.yml
 delete mode 100644 changelogs/fragments/privatekey-csr-certificate-refactoring.yml

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 6fee5e7f..cf78a3e3 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -5,6 +5,39 @@ Community Crypto Release Notes
 .. contents:: Topics
 
 
+v1.3.0
+======
+
+Release Summary
+---------------
+
+Contains new modules ``openssl_privatekey_pipe``, ``openssl_csr_pipe`` and ``x509_certificate_pipe`` which allow to create or update private keys, CSRs and X.509 certificates without having to write them to disk.
+
+
+Minor Changes
+-------------
+
+- openssh_cert - add module parameter ``use_agent`` to enable using signing keys stored in ssh-agent (https://github.com/ansible-collections/community.crypto/issues/116).
+- openssl_csr - refactor module to allow code re-use by openssl_csr_pipe (https://github.com/ansible-collections/community.crypto/pull/123).
+- openssl_privatekey - refactor module to allow code re-use by openssl_privatekey_pipe (https://github.com/ansible-collections/community.crypto/pull/119).
+- openssl_privatekey - the elliptic curve ``secp192r1`` now triggers a security warning. Elliptic curves of at least 224 bits should be used for new keys; see `here <https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec.html#elliptic-curves>`_ (https://github.com/ansible-collections/community.crypto/pull/132).
+- x509_certificate - for the ``selfsigned`` provider, a CSR is not required anymore. If no CSR is provided, the module behaves as if a minimal CSR which only contains the public key has been provided (https://github.com/ansible-collections/community.crypto/issues/32, https://github.com/ansible-collections/community.crypto/pull/129).
+- x509_certificate - refactor module to allow code re-use by x509_certificate_pipe (https://github.com/ansible-collections/community.crypto/pull/135).
+
+Bugfixes
+--------
+
+- openssl_pkcs12 - report the correct state when ``action`` is ``parse`` (https://github.com/ansible-collections/community.crypto/issues/143).
+- support code - improve handling of certificate and certificate signing request (CSR) loading with the ``cryptography`` backend when errors occur (https://github.com/ansible-collections/community.crypto/issues/138, https://github.com/ansible-collections/community.crypto/pull/139).
+- x509_certificate - fix ``entrust`` provider, which was broken since community.crypto 0.1.0 due to a feature added before the collection move (https://github.com/ansible-collections/community.crypto/pull/135).
+
+New Modules
+-----------
+
+- openssl_csr_pipe - Generate OpenSSL Certificate Signing Request (CSR)
+- openssl_privatekey_pipe - Generate OpenSSL private keys without disk access
+- x509_certificate_pipe - Generate and/or check OpenSSL certificates
+
 v1.2.0
 ======
 
diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml
index 30b5a3fa..3f57d30d 100644
--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
@@ -235,3 +235,53 @@ releases:
     - 121-x509_certificate_info-fingerprints.yml
     - cve-2020-25646.yml
     release_date: '2020-10-13'
+  1.3.0:
+    changes:
+      bugfixes:
+      - openssl_pkcs12 - report the correct state when ``action`` is ``parse`` (https://github.com/ansible-collections/community.crypto/issues/143).
+      - support code - improve handling of certificate and certificate signing request
+        (CSR) loading with the ``cryptography`` backend when errors occur (https://github.com/ansible-collections/community.crypto/issues/138,
+        https://github.com/ansible-collections/community.crypto/pull/139).
+      - x509_certificate - fix ``entrust`` provider, which was broken since community.crypto
+        0.1.0 due to a feature added before the collection move (https://github.com/ansible-collections/community.crypto/pull/135).
+      minor_changes:
+      - openssh_cert - add module parameter ``use_agent`` to enable using signing
+        keys stored in ssh-agent (https://github.com/ansible-collections/community.crypto/issues/116).
+      - openssl_csr - refactor module to allow code re-use by openssl_csr_pipe (https://github.com/ansible-collections/community.crypto/pull/123).
+      - openssl_privatekey - refactor module to allow code re-use by openssl_privatekey_pipe
+        (https://github.com/ansible-collections/community.crypto/pull/119).
+      - openssl_privatekey - the elliptic curve ``secp192r1`` now triggers a security
+        warning. Elliptic curves of at least 224 bits should be used for new keys;
+        see `here <https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec.html#elliptic-curves>`_
+        (https://github.com/ansible-collections/community.crypto/pull/132).
+      - x509_certificate - for the ``selfsigned`` provider, a CSR is not required
+        anymore. If no CSR is provided, the module behaves as if a minimal CSR which
+        only contains the public key has been provided (https://github.com/ansible-collections/community.crypto/issues/32,
+        https://github.com/ansible-collections/community.crypto/pull/129).
+      - x509_certificate - refactor module to allow code re-use by x509_certificate_pipe
+        (https://github.com/ansible-collections/community.crypto/pull/135).
+      release_summary: 'Contains new modules ``openssl_privatekey_pipe``, ``openssl_csr_pipe``
+        and ``x509_certificate_pipe`` which allow to create or update private keys,
+        CSRs and X.509 certificates without having to write them to disk.
+
+        '
+    fragments:
+    - 1.3.0.yml
+    - 117-openssh_cert-use-ssh-agent.yml
+    - 129-x509_certificate-no-csr-selfsigned.yml
+    - 132-openssl_privatekey-ecc-order.yml
+    - 135-x509_certificate-entrust.yml
+    - 139-improve-error-handling.yml
+    - 145-add-check-for-parsed-pkcs12-files.yml
+    - privatekey-csr-certificate-refactoring.yml
+    modules:
+    - description: Generate OpenSSL Certificate Signing Request (CSR)
+      name: openssl_csr_pipe
+      namespace: ''
+    - description: Generate OpenSSL private keys without disk access
+      name: openssl_privatekey_pipe
+      namespace: ''
+    - description: Generate and/or check OpenSSL certificates
+      name: x509_certificate_pipe
+      namespace: ''
+    release_date: '2020-11-24'
diff --git a/changelogs/fragments/1.3.0.yml b/changelogs/fragments/1.3.0.yml
deleted file mode 100644
index 725a2535..00000000
--- a/changelogs/fragments/1.3.0.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-release_summary: >
-  Contains new modules ``openssl_privatekey_pipe``, ``openssl_csr_pipe`` and ``x509_certificate_pipe`` which allow
-  to create or update private keys, CSRs and X.509 certificates without having to write them to disk.
diff --git a/changelogs/fragments/117-openssh_cert-use-ssh-agent.yml b/changelogs/fragments/117-openssh_cert-use-ssh-agent.yml
deleted file mode 100644
index 33ad1197..00000000
--- a/changelogs/fragments/117-openssh_cert-use-ssh-agent.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-minor_changes:
-- openssh_cert - add module parameter ``use_agent`` to enable using signing keys stored in ssh-agent (https://github.com/ansible-collections/community.crypto/issues/116).
diff --git a/changelogs/fragments/129-x509_certificate-no-csr-selfsigned.yml b/changelogs/fragments/129-x509_certificate-no-csr-selfsigned.yml
deleted file mode 100644
index b95421f4..00000000
--- a/changelogs/fragments/129-x509_certificate-no-csr-selfsigned.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-minor_changes:
-- "x509_certificate - for the ``selfsigned`` provider, a CSR is not required anymore. If no CSR is provided, the module behaves as if a minimal CSR which only contains the public key has been provided (https://github.com/ansible-collections/community.crypto/issues/32, https://github.com/ansible-collections/community.crypto/pull/129)."
\ No newline at end of file
diff --git a/changelogs/fragments/132-openssl_privatekey-ecc-order.yml b/changelogs/fragments/132-openssl_privatekey-ecc-order.yml
deleted file mode 100644
index 634caedb..00000000
--- a/changelogs/fragments/132-openssl_privatekey-ecc-order.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-minor_changes:
-- "openssl_privatekey - the elliptic curve ``secp192r1`` now triggers a security warning. Elliptic curves of at least 224 bits should be used for new keys; see `here <https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec.html#elliptic-curves>`_ (https://github.com/ansible-collections/community.crypto/pull/132)."
diff --git a/changelogs/fragments/135-x509_certificate-entrust.yml b/changelogs/fragments/135-x509_certificate-entrust.yml
deleted file mode 100644
index 763c2afd..00000000
--- a/changelogs/fragments/135-x509_certificate-entrust.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-bugfixes:
-- "x509_certificate - fix ``entrust`` provider, which was broken since community.crypto 0.1.0 due to a feature added before the collection move (https://github.com/ansible-collections/community.crypto/pull/135)."
diff --git a/changelogs/fragments/139-improve-error-handling.yml b/changelogs/fragments/139-improve-error-handling.yml
deleted file mode 100644
index 832ed858..00000000
--- a/changelogs/fragments/139-improve-error-handling.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-bugfixes:
- - "support code - improve handling of certificate and certificate signing request (CSR) loading with the ``cryptography`` backend when errors occur (https://github.com/ansible-collections/community.crypto/issues/138, https://github.com/ansible-collections/community.crypto/pull/139)."
diff --git a/changelogs/fragments/145-add-check-for-parsed-pkcs12-files.yml b/changelogs/fragments/145-add-check-for-parsed-pkcs12-files.yml
deleted file mode 100644
index e1a0d503..00000000
--- a/changelogs/fragments/145-add-check-for-parsed-pkcs12-files.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-bugfixes:
- - openssl_pkcs12 - report the correct state when ``action`` is ``parse`` (https://github.com/ansible-collections/community.crypto/issues/143).
diff --git a/changelogs/fragments/privatekey-csr-certificate-refactoring.yml b/changelogs/fragments/privatekey-csr-certificate-refactoring.yml
deleted file mode 100644
index 6f1e3e42..00000000
--- a/changelogs/fragments/privatekey-csr-certificate-refactoring.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-minor_changes:
-- "openssl_privatekey - refactor module to allow code re-use by openssl_privatekey_pipe (https://github.com/ansible-collections/community.crypto/pull/119)."
-- "openssl_csr - refactor module to allow code re-use by openssl_csr_pipe (https://github.com/ansible-collections/community.crypto/pull/123)."
-- "x509_certificate - refactor module to allow code re-use by x509_certificate_pipe (https://github.com/ansible-collections/community.crypto/pull/135)."