From dbda650bbd30fa6e28e2db935d52f8028ad50b11 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Fri, 3 Jul 2020 13:35:31 +0200 Subject: [PATCH] Release 1.0.0 (#82) * Add release notes. * Create changelog for 1.0.0. --- CHANGELOG.rst | 84 +++++++++++ changelogs/changelog.yaml | 142 ++++++++++++++++++ changelogs/fragments/52408-luks-device.yaml | 2 - .../58973-luks_device_add-type-option.yml | 2 - ...luks_device-add-label-and-uuid-support.yml | 2 - .../60388-openssl_privatekey-format.yml | 2 - ...ks-device-add-option-to-define-keysize.yml | 2 - ...openssh_keypair-public-key-permissions.yml | 2 - .../fragments/61693-acme-buypass-acme-v1.yml | 3 - .../61738-ecs-certificate-invalid-chain.yaml | 2 - .../fragments/62218-fix-to-entrust-api.yml | 3 - .../62790-openssl_certificate_fix_assert.yml | 2 - ...1-openssl_dhparam-cryptography-backend.yml | 2 - ...63140-acme-fix-fetch-url-status-codes.yaml | 2 - .../fragments/63432-openssl_csr-version.yml | 4 - .../fragments/63984-openssl-ed25519-ed448.yml | 4 - ...ypair-add-password-protected-key-check.yml | 4 - ...-fix-python2.x-backward-compatibility.yaml | 2 - .../64648-acme_certificate-acmev1.yml | 2 - .../65017-openssh_keypair-idempotence.yml | 2 - changelogs/fragments/65400-openssl-output.yml | 7 - ...5-openssl_csr-privatekey_path-required.yml | 2 - .../fragments/65633-crypto-argspec-fixup.yml | 2 - .../fragments/66384-openssl-content.yml | 7 - .../67036-openssl_publickey-backend.yml | 2 - .../67038-openssl-openssh-key-regenerate.yml | 3 - ...09-openssl_certificate-acme-directory.yaml | 3 - .../67515-openssl-fingerprint-fips.yml | 2 - .../fragments/67669-cryptography-names.yml | 2 - ...67901-get_certificate-fix-cryptography.yml | 2 - changelogs/fragments/letsencrypt.yml | 2 - .../fragments/openssl_csr-otherName.yml | 2 - 32 files changed, 226 insertions(+), 80 deletions(-) create mode 100644 CHANGELOG.rst create mode 100644 changelogs/changelog.yaml delete mode 100644 changelogs/fragments/52408-luks-device.yaml delete mode 100644 changelogs/fragments/58973-luks_device_add-type-option.yml delete mode 100644 changelogs/fragments/58973_luks_device-add-label-and-uuid-support.yml delete mode 100644 changelogs/fragments/60388-openssl_privatekey-format.yml delete mode 100644 changelogs/fragments/61522-luks-device-add-option-to-define-keysize.yml delete mode 100644 changelogs/fragments/61658-openssh_keypair-public-key-permissions.yml delete mode 100644 changelogs/fragments/61693-acme-buypass-acme-v1.yml delete mode 100644 changelogs/fragments/61738-ecs-certificate-invalid-chain.yaml delete mode 100644 changelogs/fragments/62218-fix-to-entrust-api.yml delete mode 100644 changelogs/fragments/62790-openssl_certificate_fix_assert.yml delete mode 100644 changelogs/fragments/62991-openssl_dhparam-cryptography-backend.yml delete mode 100644 changelogs/fragments/63140-acme-fix-fetch-url-status-codes.yaml delete mode 100644 changelogs/fragments/63432-openssl_csr-version.yml delete mode 100644 changelogs/fragments/63984-openssl-ed25519-ed448.yml delete mode 100644 changelogs/fragments/64436-openssh_keypair-add-password-protected-key-check.yml delete mode 100644 changelogs/fragments/64501-fix-python2.x-backward-compatibility.yaml delete mode 100644 changelogs/fragments/64648-acme_certificate-acmev1.yml delete mode 100644 changelogs/fragments/65017-openssh_keypair-idempotence.yml delete mode 100644 changelogs/fragments/65400-openssl-output.yml delete mode 100644 changelogs/fragments/65435-openssl_csr-privatekey_path-required.yml delete mode 100644 changelogs/fragments/65633-crypto-argspec-fixup.yml delete mode 100644 changelogs/fragments/66384-openssl-content.yml delete mode 100644 changelogs/fragments/67036-openssl_publickey-backend.yml delete mode 100644 changelogs/fragments/67038-openssl-openssh-key-regenerate.yml delete mode 100644 changelogs/fragments/67109-openssl_certificate-acme-directory.yaml delete mode 100644 changelogs/fragments/67515-openssl-fingerprint-fips.yml delete mode 100644 changelogs/fragments/67669-cryptography-names.yml delete mode 100644 changelogs/fragments/67901-get_certificate-fix-cryptography.yml delete mode 100644 changelogs/fragments/letsencrypt.yml delete mode 100644 changelogs/fragments/openssl_csr-otherName.yml diff --git a/CHANGELOG.rst b/CHANGELOG.rst new file mode 100644 index 00000000..dc1a4ffc --- /dev/null +++ b/CHANGELOG.rst @@ -0,0 +1,84 @@ +============================== +Community Crypto Release Notes +============================== + +.. contents:: Topics + + +v1.0.0 +====== + +Release Summary +--------------- + +This is the first proper release of the ``community.crypto`` collection. This changelog contains all changes to the modules in this collection that were added after the release of Ansible 2.9.0. + + +Minor Changes +------------- + +- luks_device - accept ``passphrase``, ``new_passphrase`` and ``remove_passphrase``. +- luks_device - add ``keysize`` parameter to set key size at LUKS container creation +- luks_device - added support to use UUIDs, and labels with LUKS2 containers +- luks_device - added the ``type`` option that allows user explicit define the LUKS container format version +- openssh_keypair - instead of regenerating some broken or password protected keys, fail the module. Keys can still be regenerated by calling the module with ``force=yes``. +- openssh_keypair - the ``regenerate`` option allows to configure the module's behavior when it should or needs to regenerate private keys. +- openssl_* modules - the cryptography backend now properly supports ``dirName``, ``otherName`` and ``RID`` (Registered ID) names. +- openssl_certificate - Add option for changing which ACME directory to use with acme-tiny. Set the default ACME directory to Let's Encrypt instead of using acme-tiny's default. (acme-tiny also uses Let's Encrypt at the time being, so no action should be neccessary.) +- openssl_certificate - Change the required version of acme-tiny to >= 4.0.0 +- openssl_certificate - allow to provide content of some input files via the ``csr_content``, ``privatekey_content``, ``ownca_privatekey_content`` and ``ownca_content`` options. +- openssl_certificate - allow to return the existing/generated certificate directly as ``certificate`` by setting ``return_content`` to ``yes``. +- openssl_certificate_info - allow to provide certificate content via ``content`` option (https://github.com/ansible/ansible/issues/64776). +- openssl_csr - Add support for specifying the SAN ``otherName`` value in the OpenSSL ASN.1 UTF8 string format, ``otherName:;UTF8:string value``. +- openssl_csr - allow to provide private key content via ``private_key_content`` option. +- openssl_csr - allow to return the existing/generated CSR directly as ``csr`` by setting ``return_content`` to ``yes``. +- openssl_csr_info - allow to provide CSR content via ``content`` option. +- openssl_dhparam - allow to return the existing/generated DH params directly as ``dhparams`` by setting ``return_content`` to ``yes``. +- openssl_dhparam - now supports a ``cryptography``-based backend. Auto-detection can be overwritten with the ``select_crypto_backend`` option. +- openssl_pkcs12 - allow to return the existing/generated PKCS#12 directly as ``pkcs12`` by setting ``return_content`` to ``yes``. +- openssl_privatekey - add ``format`` and ``format_mismatch`` options. +- openssl_privatekey - allow to return the existing/generated private key directly as ``privatekey`` by setting ``return_content`` to ``yes``. +- openssl_privatekey - the ``regenerate`` option allows to configure the module's behavior when it should or needs to regenerate private keys. +- openssl_privatekey_info - allow to provide private key content via ``content`` option. +- openssl_publickey - allow to provide private key content via ``private_key_content`` option. +- openssl_publickey - allow to return the existing/generated public key directly as ``publickey`` by setting ``return_content`` to ``yes``. + +Deprecated Features +------------------- + +- openssl_csr - all values for the ``version`` option except ``1`` are deprecated. The value 1 denotes the current only standardized CSR version. + +Removed Features (previously deprecated) +---------------------------------------- + +- The ``letsencrypt`` module has been removed. Use ``acme_certificate`` instead. + +Bugfixes +-------- + +- ACME modules: fix bug in ACME v1 account update code +- ACME modules: make sure some connection errors are handled properly +- ACME modules: support Buypass' ACME v1 endpoint +- acme_certificate - fix crash when module is used with Python 2.x. +- acme_certificate - fix misbehavior when ACME v1 is used with ``modify_account`` set to ``false``. +- ecs_certificate - Always specify header ``connection: keep-alive`` for ECS API connections. +- ecs_certificate - Fix formatting of contents of ``full_chain_path``. +- get_certificate - Fix cryptography backend when pyopenssl is unavailable (https://github.com/ansible/ansible/issues/67900) +- openssh_keypair - add logic to avoid breaking password protected keys. +- openssh_keypair - fixes idempotence issue with public key (https://github.com/ansible/ansible/issues/64969). +- openssh_keypair - public key's file attributes (permissions, owner, group, etc.) are now set to the same values as the private key. +- openssl_* modules - prevent crash on fingerprint determination in FIPS mode (https://github.com/ansible/ansible/issues/67213). +- openssl_certificate - When provider is ``entrust``, use a ``connection: keep-alive`` header for ECS API connections. +- openssl_certificate - ``provider`` option was documented as required, but it was not checked whether it was provided. It is now only required when ``state`` is ``present``. +- openssl_certificate - fix ``assertonly`` provider certificate verification, causing 'private key mismatch' and 'subject mismatch' errors. +- openssl_certificate and openssl_csr - fix Ed25519 and Ed448 private key support for ``cryptography`` backend. This probably needs at least cryptography 2.8, since older versions have problems with signing certificates or CSRs with such keys. (https://github.com/ansible/ansible/issues/59039, PR https://github.com/ansible/ansible/pull/63984) +- openssl_csr - a warning is issued if an unsupported value for ``version`` is used for the ``cryptography`` backend. +- openssl_csr - the module will now enforce that ``privatekey_path`` is specified when ``state=present``. +- openssl_publickey - fix a module crash caused when pyOpenSSL is not installed (https://github.com/ansible/ansible/issues/67035). + +New Modules +----------- + +- ecs_domain - Request validation of a domain with the Entrust Certificate Services (ECS) API +- x509_crl - Generate Certificate Revocation Lists (CRLs) +- x509_crl_info - Retrieve information on Certificate Revocation Lists (CRLs) diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml new file mode 100644 index 00000000..d860c873 --- /dev/null +++ b/changelogs/changelog.yaml @@ -0,0 +1,142 @@ +ancestor: null +releases: + 1.0.0: + changes: + bugfixes: + - 'ACME modules: fix bug in ACME v1 account update code' + - 'ACME modules: make sure some connection errors are handled properly' + - 'ACME modules: support Buypass'' ACME v1 endpoint' + - acme_certificate - fix crash when module is used with Python 2.x. + - acme_certificate - fix misbehavior when ACME v1 is used with ``modify_account`` + set to ``false``. + - 'ecs_certificate - Always specify header ``connection: keep-alive`` for ECS + API connections.' + - ecs_certificate - Fix formatting of contents of ``full_chain_path``. + - get_certificate - Fix cryptography backend when pyopenssl is unavailable (https://github.com/ansible/ansible/issues/67900) + - openssh_keypair - add logic to avoid breaking password protected keys. + - openssh_keypair - fixes idempotence issue with public key (https://github.com/ansible/ansible/issues/64969). + - openssh_keypair - public key's file attributes (permissions, owner, group, + etc.) are now set to the same values as the private key. + - openssl_* modules - prevent crash on fingerprint determination in FIPS mode + (https://github.com/ansible/ansible/issues/67213). + - 'openssl_certificate - When provider is ``entrust``, use a ``connection: keep-alive`` + header for ECS API connections.' + - openssl_certificate - ``provider`` option was documented as required, but + it was not checked whether it was provided. It is now only required when ``state`` + is ``present``. + - openssl_certificate - fix ``assertonly`` provider certificate verification, + causing 'private key mismatch' and 'subject mismatch' errors. + - openssl_certificate and openssl_csr - fix Ed25519 and Ed448 private key support + for ``cryptography`` backend. This probably needs at least cryptography 2.8, + since older versions have problems with signing certificates or CSRs with + such keys. (https://github.com/ansible/ansible/issues/59039, PR https://github.com/ansible/ansible/pull/63984) + - openssl_csr - a warning is issued if an unsupported value for ``version`` + is used for the ``cryptography`` backend. + - openssl_csr - the module will now enforce that ``privatekey_path`` is specified + when ``state=present``. + - openssl_publickey - fix a module crash caused when pyOpenSSL is not installed + (https://github.com/ansible/ansible/issues/67035). + deprecated_features: + - openssl_csr - all values for the ``version`` option except ``1`` are deprecated. + The value 1 denotes the current only standardized CSR version. + minor_changes: + - luks_device - accept ``passphrase``, ``new_passphrase`` and ``remove_passphrase``. + - luks_device - add ``keysize`` parameter to set key size at LUKS container + creation + - luks_device - added support to use UUIDs, and labels with LUKS2 containers + - luks_device - added the ``type`` option that allows user explicit define the + LUKS container format version + - openssh_keypair - instead of regenerating some broken or password protected + keys, fail the module. Keys can still be regenerated by calling the module + with ``force=yes``. + - openssh_keypair - the ``regenerate`` option allows to configure the module's + behavior when it should or needs to regenerate private keys. + - openssl_* modules - the cryptography backend now properly supports ``dirName``, + ``otherName`` and ``RID`` (Registered ID) names. + - openssl_certificate - Add option for changing which ACME directory to use + with acme-tiny. Set the default ACME directory to Let's Encrypt instead of + using acme-tiny's default. (acme-tiny also uses Let's Encrypt at the time + being, so no action should be neccessary.) + - openssl_certificate - Change the required version of acme-tiny to >= 4.0.0 + - openssl_certificate - allow to provide content of some input files via the + ``csr_content``, ``privatekey_content``, ``ownca_privatekey_content`` and + ``ownca_content`` options. + - openssl_certificate - allow to return the existing/generated certificate directly + as ``certificate`` by setting ``return_content`` to ``yes``. + - openssl_certificate_info - allow to provide certificate content via ``content`` + option (https://github.com/ansible/ansible/issues/64776). + - openssl_csr - Add support for specifying the SAN ``otherName`` value in the + OpenSSL ASN.1 UTF8 string format, ``otherName:;UTF8:string value``. + - openssl_csr - allow to provide private key content via ``private_key_content`` + option. + - openssl_csr - allow to return the existing/generated CSR directly as ``csr`` + by setting ``return_content`` to ``yes``. + - openssl_csr_info - allow to provide CSR content via ``content`` option. + - openssl_dhparam - allow to return the existing/generated DH params directly + as ``dhparams`` by setting ``return_content`` to ``yes``. + - openssl_dhparam - now supports a ``cryptography``-based backend. Auto-detection + can be overwritten with the ``select_crypto_backend`` option. + - openssl_pkcs12 - allow to return the existing/generated PKCS#12 directly as + ``pkcs12`` by setting ``return_content`` to ``yes``. + - openssl_privatekey - add ``format`` and ``format_mismatch`` options. + - openssl_privatekey - allow to return the existing/generated private key directly + as ``privatekey`` by setting ``return_content`` to ``yes``. + - openssl_privatekey - the ``regenerate`` option allows to configure the module's + behavior when it should or needs to regenerate private keys. + - openssl_privatekey_info - allow to provide private key content via ``content`` + option. + - openssl_publickey - allow to provide private key content via ``private_key_content`` + option. + - openssl_publickey - allow to return the existing/generated public key directly + as ``publickey`` by setting ``return_content`` to ``yes``. + release_summary: 'This is the first proper release of the ``community.crypto`` + collection. This changelog contains all changes to the modules in this collection + that were added after the release of Ansible 2.9.0. + + ' + removed_features: + - The ``letsencrypt`` module has been removed. Use ``acme_certificate`` instead. + fragments: + - 1.0.0.yml + - 52408-luks-device.yaml + - 58973-luks_device_add-type-option.yml + - 58973_luks_device-add-label-and-uuid-support.yml + - 60388-openssl_privatekey-format.yml + - 61522-luks-device-add-option-to-define-keysize.yml + - 61658-openssh_keypair-public-key-permissions.yml + - 61693-acme-buypass-acme-v1.yml + - 61738-ecs-certificate-invalid-chain.yaml + - 62218-fix-to-entrust-api.yml + - 62790-openssl_certificate_fix_assert.yml + - 62991-openssl_dhparam-cryptography-backend.yml + - 63140-acme-fix-fetch-url-status-codes.yaml + - 63432-openssl_csr-version.yml + - 63984-openssl-ed25519-ed448.yml + - 64436-openssh_keypair-add-password-protected-key-check.yml + - 64501-fix-python2.x-backward-compatibility.yaml + - 64648-acme_certificate-acmev1.yml + - 65017-openssh_keypair-idempotence.yml + - 65400-openssl-output.yml + - 65435-openssl_csr-privatekey_path-required.yml + - 65633-crypto-argspec-fixup.yml + - 66384-openssl-content.yml + - 67036-openssl_publickey-backend.yml + - 67038-openssl-openssh-key-regenerate.yml + - 67109-openssl_certificate-acme-directory.yaml + - 67515-openssl-fingerprint-fips.yml + - 67669-cryptography-names.yml + - 67901-get_certificate-fix-cryptography.yml + - letsencrypt.yml + - openssl_csr-otherName.yml + modules: + - description: Request validation of a domain with the Entrust Certificate Services + (ECS) API + name: ecs_domain + namespace: '' + - description: Generate Certificate Revocation Lists (CRLs) + name: x509_crl + namespace: '' + - description: Retrieve information on Certificate Revocation Lists (CRLs) + name: x509_crl_info + namespace: '' + release_date: '2020-07-03' diff --git a/changelogs/fragments/52408-luks-device.yaml b/changelogs/fragments/52408-luks-device.yaml deleted file mode 100644 index 3ab3b8d6..00000000 --- a/changelogs/fragments/52408-luks-device.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - luks_device - accept ``passphrase``, ``new_passphrase`` and ``remove_passphrase``. diff --git a/changelogs/fragments/58973-luks_device_add-type-option.yml b/changelogs/fragments/58973-luks_device_add-type-option.yml deleted file mode 100644 index 78c1458c..00000000 --- a/changelogs/fragments/58973-luks_device_add-type-option.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- luks_device - added the ``type`` option that allows user explicit define the LUKS container format version diff --git a/changelogs/fragments/58973_luks_device-add-label-and-uuid-support.yml b/changelogs/fragments/58973_luks_device-add-label-and-uuid-support.yml deleted file mode 100644 index a8a26030..00000000 --- a/changelogs/fragments/58973_luks_device-add-label-and-uuid-support.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - luks_device - added support to use UUIDs, and labels with LUKS2 containers diff --git a/changelogs/fragments/60388-openssl_privatekey-format.yml b/changelogs/fragments/60388-openssl_privatekey-format.yml deleted file mode 100644 index ad3eff91..00000000 --- a/changelogs/fragments/60388-openssl_privatekey-format.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- "openssl_privatekey - add ``format`` and ``format_mismatch`` options." diff --git a/changelogs/fragments/61522-luks-device-add-option-to-define-keysize.yml b/changelogs/fragments/61522-luks-device-add-option-to-define-keysize.yml deleted file mode 100644 index b2d68e6f..00000000 --- a/changelogs/fragments/61522-luks-device-add-option-to-define-keysize.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - luks_device - add ``keysize`` parameter to set key size at LUKS container creation diff --git a/changelogs/fragments/61658-openssh_keypair-public-key-permissions.yml b/changelogs/fragments/61658-openssh_keypair-public-key-permissions.yml deleted file mode 100644 index ad4b9dcc..00000000 --- a/changelogs/fragments/61658-openssh_keypair-public-key-permissions.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- "openssh_keypair - public key's file attributes (permissions, owner, group, etc.) are now set to the same values as the private key." diff --git a/changelogs/fragments/61693-acme-buypass-acme-v1.yml b/changelogs/fragments/61693-acme-buypass-acme-v1.yml deleted file mode 100644 index 285d9f4a..00000000 --- a/changelogs/fragments/61693-acme-buypass-acme-v1.yml +++ /dev/null @@ -1,3 +0,0 @@ -bugfixes: -- "ACME modules: support Buypass' ACME v1 endpoint" -- "ACME modules: fix bug in ACME v1 account update code" diff --git a/changelogs/fragments/61738-ecs-certificate-invalid-chain.yaml b/changelogs/fragments/61738-ecs-certificate-invalid-chain.yaml deleted file mode 100644 index 6643e9d2..00000000 --- a/changelogs/fragments/61738-ecs-certificate-invalid-chain.yaml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - ecs_certificate - Fix formatting of contents of ``full_chain_path``. diff --git a/changelogs/fragments/62218-fix-to-entrust-api.yml b/changelogs/fragments/62218-fix-to-entrust-api.yml deleted file mode 100644 index 6454f1c6..00000000 --- a/changelogs/fragments/62218-fix-to-entrust-api.yml +++ /dev/null @@ -1,3 +0,0 @@ -bugfixes: -- "openssl_certificate - When provider is ``entrust``, use a ``connection: keep-alive`` header for ECS API connections." -- "ecs_certificate - Always specify header ``connection: keep-alive`` for ECS API connections." diff --git a/changelogs/fragments/62790-openssl_certificate_fix_assert.yml b/changelogs/fragments/62790-openssl_certificate_fix_assert.yml deleted file mode 100644 index fb692104..00000000 --- a/changelogs/fragments/62790-openssl_certificate_fix_assert.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- "openssl_certificate - fix ``assertonly`` provider certificate verification, causing 'private key mismatch' and 'subject mismatch' errors." diff --git a/changelogs/fragments/62991-openssl_dhparam-cryptography-backend.yml b/changelogs/fragments/62991-openssl_dhparam-cryptography-backend.yml deleted file mode 100644 index d9d1f7fc..00000000 --- a/changelogs/fragments/62991-openssl_dhparam-cryptography-backend.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- "openssl_dhparam - now supports a ``cryptography``-based backend. Auto-detection can be overwritten with the ``select_crypto_backend`` option." diff --git a/changelogs/fragments/63140-acme-fix-fetch-url-status-codes.yaml b/changelogs/fragments/63140-acme-fix-fetch-url-status-codes.yaml deleted file mode 100644 index 7c7c86ff..00000000 --- a/changelogs/fragments/63140-acme-fix-fetch-url-status-codes.yaml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- "ACME modules: make sure some connection errors are handled properly" diff --git a/changelogs/fragments/63432-openssl_csr-version.yml b/changelogs/fragments/63432-openssl_csr-version.yml deleted file mode 100644 index 771f44cc..00000000 --- a/changelogs/fragments/63432-openssl_csr-version.yml +++ /dev/null @@ -1,4 +0,0 @@ -deprecated_features: -- "openssl_csr - all values for the ``version`` option except ``1`` are deprecated. The value 1 denotes the current only standardized CSR version." -bugfixes: -- "openssl_csr - a warning is issued if an unsupported value for ``version`` is used for the ``cryptography`` backend." diff --git a/changelogs/fragments/63984-openssl-ed25519-ed448.yml b/changelogs/fragments/63984-openssl-ed25519-ed448.yml deleted file mode 100644 index ee7ad550..00000000 --- a/changelogs/fragments/63984-openssl-ed25519-ed448.yml +++ /dev/null @@ -1,4 +0,0 @@ -bugfixes: -- "openssl_certificate and openssl_csr - fix Ed25519 and Ed448 private key support for ``cryptography`` backend. - This probably needs at least cryptography 2.8, since older versions have problems with signing certificates - or CSRs with such keys. (https://github.com/ansible/ansible/issues/59039, PR https://github.com/ansible/ansible/pull/63984)" diff --git a/changelogs/fragments/64436-openssh_keypair-add-password-protected-key-check.yml b/changelogs/fragments/64436-openssh_keypair-add-password-protected-key-check.yml deleted file mode 100644 index 53b9680b..00000000 --- a/changelogs/fragments/64436-openssh_keypair-add-password-protected-key-check.yml +++ /dev/null @@ -1,4 +0,0 @@ -bugfixes: - - openssh_keypair - add logic to avoid breaking password protected keys. -minor_changes: - - openssh_keypair - instead of regenerating some broken or password protected keys, fail the module. Keys can still be regenerated by calling the module with ``force=yes``. diff --git a/changelogs/fragments/64501-fix-python2.x-backward-compatibility.yaml b/changelogs/fragments/64501-fix-python2.x-backward-compatibility.yaml deleted file mode 100644 index 42c4761c..00000000 --- a/changelogs/fragments/64501-fix-python2.x-backward-compatibility.yaml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- "acme_certificate - fix crash when module is used with Python 2.x." diff --git a/changelogs/fragments/64648-acme_certificate-acmev1.yml b/changelogs/fragments/64648-acme_certificate-acmev1.yml deleted file mode 100644 index 56776b0a..00000000 --- a/changelogs/fragments/64648-acme_certificate-acmev1.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- "acme_certificate - fix misbehavior when ACME v1 is used with ``modify_account`` set to ``false``." \ No newline at end of file diff --git a/changelogs/fragments/65017-openssh_keypair-idempotence.yml b/changelogs/fragments/65017-openssh_keypair-idempotence.yml deleted file mode 100644 index 411b7149..00000000 --- a/changelogs/fragments/65017-openssh_keypair-idempotence.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- "openssh_keypair - fixes idempotence issue with public key (https://github.com/ansible/ansible/issues/64969)." diff --git a/changelogs/fragments/65400-openssl-output.yml b/changelogs/fragments/65400-openssl-output.yml deleted file mode 100644 index fd5e2bcf..00000000 --- a/changelogs/fragments/65400-openssl-output.yml +++ /dev/null @@ -1,7 +0,0 @@ -minor_changes: -- "openssl_certificate - allow to return the existing/generated certificate directly as ``certificate`` by setting ``return_content`` to ``yes``." -- "openssl_csr - allow to return the existing/generated CSR directly as ``csr`` by setting ``return_content`` to ``yes``." -- "openssl_dhparam - allow to return the existing/generated DH params directly as ``dhparams`` by setting ``return_content`` to ``yes``." -- "openssl_pkcs12 - allow to return the existing/generated PKCS#12 directly as ``pkcs12`` by setting ``return_content`` to ``yes``." -- "openssl_privatekey - allow to return the existing/generated private key directly as ``privatekey`` by setting ``return_content`` to ``yes``." -- "openssl_publickey - allow to return the existing/generated public key directly as ``publickey`` by setting ``return_content`` to ``yes``." diff --git a/changelogs/fragments/65435-openssl_csr-privatekey_path-required.yml b/changelogs/fragments/65435-openssl_csr-privatekey_path-required.yml deleted file mode 100644 index e7bb5a15..00000000 --- a/changelogs/fragments/65435-openssl_csr-privatekey_path-required.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- "openssl_csr - the module will now enforce that ``privatekey_path`` is specified when ``state=present``." diff --git a/changelogs/fragments/65633-crypto-argspec-fixup.yml b/changelogs/fragments/65633-crypto-argspec-fixup.yml deleted file mode 100644 index 7f4ae281..00000000 --- a/changelogs/fragments/65633-crypto-argspec-fixup.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- "openssl_certificate - ``provider`` option was documented as required, but it was not checked whether it was provided. It is now only required when ``state`` is ``present``." diff --git a/changelogs/fragments/66384-openssl-content.yml b/changelogs/fragments/66384-openssl-content.yml deleted file mode 100644 index 86e33428..00000000 --- a/changelogs/fragments/66384-openssl-content.yml +++ /dev/null @@ -1,7 +0,0 @@ -minor_changes: -- "openssl_certificate_info - allow to provide certificate content via ``content`` option (https://github.com/ansible/ansible/issues/64776)." -- "openssl_csr_info - allow to provide CSR content via ``content`` option." -- "openssl_privatekey_info - allow to provide private key content via ``content`` option." -- "openssl_certificate - allow to provide content of some input files via the ``csr_content``, ``privatekey_content``, ``ownca_privatekey_content`` and ``ownca_content`` options." -- "openssl_csr - allow to provide private key content via ``private_key_content`` option." -- "openssl_publickey - allow to provide private key content via ``private_key_content`` option." diff --git a/changelogs/fragments/67036-openssl_publickey-backend.yml b/changelogs/fragments/67036-openssl_publickey-backend.yml deleted file mode 100644 index 97093c20..00000000 --- a/changelogs/fragments/67036-openssl_publickey-backend.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- "openssl_publickey - fix a module crash caused when pyOpenSSL is not installed (https://github.com/ansible/ansible/issues/67035)." diff --git a/changelogs/fragments/67038-openssl-openssh-key-regenerate.yml b/changelogs/fragments/67038-openssl-openssh-key-regenerate.yml deleted file mode 100644 index de40804b..00000000 --- a/changelogs/fragments/67038-openssl-openssh-key-regenerate.yml +++ /dev/null @@ -1,3 +0,0 @@ -minor_changes: -- "openssh_keypair - the ``regenerate`` option allows to configure the module's behavior when it should or needs to regenerate private keys." -- "openssl_privatekey - the ``regenerate`` option allows to configure the module's behavior when it should or needs to regenerate private keys." diff --git a/changelogs/fragments/67109-openssl_certificate-acme-directory.yaml b/changelogs/fragments/67109-openssl_certificate-acme-directory.yaml deleted file mode 100644 index 27e87998..00000000 --- a/changelogs/fragments/67109-openssl_certificate-acme-directory.yaml +++ /dev/null @@ -1,3 +0,0 @@ -minor_changes: - - "openssl_certificate - Add option for changing which ACME directory to use with acme-tiny. Set the default ACME directory to Let's Encrypt instead of using acme-tiny's default. (acme-tiny also uses Let's Encrypt at the time being, so no action should be neccessary.)" - - "openssl_certificate - Change the required version of acme-tiny to >= 4.0.0" diff --git a/changelogs/fragments/67515-openssl-fingerprint-fips.yml b/changelogs/fragments/67515-openssl-fingerprint-fips.yml deleted file mode 100644 index 18738d1f..00000000 --- a/changelogs/fragments/67515-openssl-fingerprint-fips.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- "openssl_* modules - prevent crash on fingerprint determination in FIPS mode (https://github.com/ansible/ansible/issues/67213)." diff --git a/changelogs/fragments/67669-cryptography-names.yml b/changelogs/fragments/67669-cryptography-names.yml deleted file mode 100644 index 64bf2722..00000000 --- a/changelogs/fragments/67669-cryptography-names.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- "openssl_* modules - the cryptography backend now properly supports ``dirName``, ``otherName`` and ``RID`` (Registered ID) names." diff --git a/changelogs/fragments/67901-get_certificate-fix-cryptography.yml b/changelogs/fragments/67901-get_certificate-fix-cryptography.yml deleted file mode 100644 index 09f4c56a..00000000 --- a/changelogs/fragments/67901-get_certificate-fix-cryptography.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- get_certificate - Fix cryptography backend when pyopenssl is unavailable (https://github.com/ansible/ansible/issues/67900) diff --git a/changelogs/fragments/letsencrypt.yml b/changelogs/fragments/letsencrypt.yml deleted file mode 100644 index 1920b6c9..00000000 --- a/changelogs/fragments/letsencrypt.yml +++ /dev/null @@ -1,2 +0,0 @@ -removed_features: -- "The ``letsencrypt`` module has been removed. Use ``acme_certificate`` instead." diff --git a/changelogs/fragments/openssl_csr-otherName.yml b/changelogs/fragments/openssl_csr-otherName.yml deleted file mode 100644 index d97f9de3..00000000 --- a/changelogs/fragments/openssl_csr-otherName.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- openssl_csr - Add support for specifying the SAN ``otherName`` value in the OpenSSL ASN.1 UTF8 string format, ``otherName:;UTF8:string value``.