* luks_device: allow passphrases to contain newlines
This is useful when passing binary keyfiles from an ansible vault, as
it removes the restriction that the binary data cannot contain newlines.
The only exception is adding a new key to an existing container, as in
that case the two passphrases are separated by a new line.
* add integration tests and a changelog fragment
* attempt to also make luks_add_key work with passphrases containing
newlines
* use a deterministic method to generate keyfile 3, improve changelog
formatting
* add licence and copyright to keyfile3.txt to satisfy CI
* Provide error information.
* Add helper function for order creation retrying.
* Improve existing documentation.
* Document 'replaces' return value.
* Add order_creation_error_strategy and order_creation_max_retries options.
* Add changelog fragment.
* Fix authz deactivation for finalizing step.
* Fix profile handling on order creation.
* Improve existing tests.
* Add ARI and profile tests.
* Warn when 'replaces' is removed when retrying to create an order.
* Fix error reporting for OpenSSL backend: raise BackendExceptions instead of directly failing the module.
* Add treat_parsing_error_as_non_existing option and existing and parsable return values.
* Restrict remaining days to also work with short-lived profiles.
* Adjust boolean cases.
* Fix spelling error.
* Use larger key size for TLS-ALPN test certificate.
* Fix cryptsetup version for RHEL 9.1/9.2/9.3.
* Also fix version for RHEL 9.4.
* Trigger change in openssh_cert.
* Use lower-case names.
* Actually install the right version.
Revert "Fix documentation. (#751)"
Revert "ACME modules: simplify code, refactor argspec handling code, move csr/csr_content to own docs fragment (#750)"
Revert "Refactor and extend argument spec helper, use for ACME modules (#749)"
Revert "Avoid exception if certificate has no AKI in acme_certificate. (#748)"
Revert "ACME: improve acme_certificate docs, include cert_id in acme_certificate_renewal_info return value (#747)"
Revert "Add acme_certificate_renewal_info module (#746)"
Revert "Refactor time code, add tests, fix bug when parsing absolute timestamps that omit seconds (#745)"
Revert "Add tests for acme_certificate_deactivate_authz module. (#744)"
Revert "Create acme_certificate_deactivate_authz module (#741)"
Revert "acme_certificate: allow to request renewal of a certificate according to ARI (#739)"
Revert "Implement basic acme_ari_info module. (#732)"
Revert "Add function for retrieval of ARI information. (#738)"
Revert "acme module utils: add functions for parsing Retry-After header values and computation of ARI certificate IDs (#737)"
Revert "Implement certificate information retrieval code in the ACME backends. (#736)"
Revert "Split up the default acme docs fragment to allow modules ot not need account data. (#735)"
This reverts commits 5e59c5261e, aa82575a78,
f3c9cb7a8a, f82b335916, 553ab45f46,
59606d48ad, 0a15be1017, 9501a28a93,
d906914737, 33d278ad8f, 6d4fc589ae,
9614b09f7a, af5f4b57f8, c6fbe58382,
and afe7f7522c.
* Fix time idempotence.
* Lint and add changelog fragment.
* Add tests.
* Make sure 'ignore_timestamps: false' is passed for time idempotence tests; pass right private key for OwnCA tests
* Use community.dns.quote_txt filter instead of regex replace to quote TXT entry value.
* Fix documentation of acme_certificate's challenge_data return value.
* Also return cert_id from acme_certificate_renewal_info module.
* The cert ID cannot be computed if the certificate has no AKI.
This happens with older Pebble versions, which are used when
testing against older ansible-core/-base/Ansible versions.
* Fix AKI extraction for older OpenSSL versions.
* Allow to provide cert_info object to get_renewal_info().
* Add acme_certificate_renewal_info module.
* Allow to provide value for 'now'.
* Actually append msg_append.
* Fix bug in module timestamp param parsing, and add tests.
* Fix quick_is_not_prime() for small primes. Add some tests.
* Fix return value of convert_int_to_bytes(0, 0) on Python 2.
* Add some more test cases.
* Simplify the changelog and point out that these errors only happen for cases not happening in regular use.
* luks_device: fix remove_keyslot not working when set to 0
* luks_device: fix module outputting 'ok' when trying to add a key that is already present in another keyslot
* luks_device: fix breaking unit tests
* luks_device: Duplicate key test case code cleanup
* luks_device: Fix testing of LUKS passphrases when only testing one key slot
* luks_device: Fix testing of LUKS passphrases when only testing one key slot
* luks_device: Add changelog fragment for PR #710
* luks_device: Update changlog fragment
* add allow discard option for luks devices
* Add allow_discards to perfomance tests
* Fix version for luks devices doc
* Update plugins/modules/luks_device.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* add changelog fragment
* Update changelogs/fragments/693-allow-discards.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* added allow_discards to the persistently stored option list
* allow_discards works with not only luks2 containers
* Update plugins/modules/luks_device.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
ilia-kats
Felix Fontein
Steffen Gufler
0x00ace