* Allow to configure PBKDF.
* Also add PBKDF options to key add operation.
* Simplify code.
* Update plugins/modules/luks_device.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Fix indent.
* Use more of the options.
* Bump iteration count.
* Increase memory limit.
* Fall back to default PBKDF.
* Apply suggestions from code review
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Added sever name option to use for SNI
* cleanup code
Co-authored-by: Felix Fontein <felix@fontein.de>
* added module version for new parameter
Co-authored-by: Felix Fontein <felix@fontein.de>
* added SNI explanation
Co-authored-by: Felix Fontein <felix@fontein.de>
* added SNI link to module description
* linting
* cleanup code
* Update plugins/modules/get_certificate.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* integration test for SNI server_name option
Co-authored-by: Felix Fontein <felix@fontein.de>
* Improve openssh_* tests.
* Use 2048 instead of 4096 bit keys in many places.
ci_complete
* Parameterize default RSA key length for tests.
* Reduce default RSA key size to 1024.
ci_complete
* Fix error.
ci_complete
* Use variable more often.
* Use 2048 bits for RSA keys for certificates on RHEL8 and CentOS8.
ci_complete
* Fix missing constant.
ci_complete
* Print default key sizes.
* openssl_pkcs12: Add a check for parsed pkcs12 files
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
* Add changelog fragment
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
* openssl_pkcs12: Report changed state when a pkcs12 file is dumped
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
* Add a basic test for dumping a pkcs12 file
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
* Update changelog fragment
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
* Add test for dumped pkcs12 file in check mode
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
* Run tests with macOS 10.15.
* Update prepare_http_tests as in https://github.com/ansible/ansible/pull/71841/files.
* Also skip luks_device tests on macOS.
* Temporarily restrict to macOS/OSX nodes.
* Show full OpenSSL version.
* Show pyOpenSSL debug details.
* Make location of openssl binary configurable.
* Try to upgrade openssl on macOS when LibreSSL is found.
* Use other variable.
* Use found binary instead of default.
* Revert "Temporarily restrict to macOS/OSX nodes."
This reverts commit ea379382e5.
ci_complete
* Avoid crashing when OpenSSL.debug does not exist.
* Combine setup_openssl_cli with setup_openssl
* Split up setup_openssl in setup_openssl (openssl + cryptography) and setup_pyopenssl.
* Fix package name.
* Don't install cryptography on CentOS 6, print environment.
* Work around ansible-test limitation.
* Move disk-independent parts of openssl_privatekey to module_utils and doc_fragments.
* Improve documentation.
* Add openssl_privatekey_pipe module.
* Fallback in case no fingerprints are returned.
* Prevent no_log=True for content to stop module from working correctly.
* Forgot version_added.
* Update copyright. All the interesting code is no longer in this file anyway.
* Remove file arguments.
* Add framework for action modules.
* Convert openssl_privatekey_pipe to action plugin.
* Linting.
* Bump version.
* Add return_current_key option.
* Add no_log to examples.
* Remove preparation for potential later extensibility (easy to re-add when needed).
* Fix deprecation version in docs.
* Use new ArgumentSpec object for AnsibleActionModule as well.
* Extract doc fragment from openssl_csr.
* Refactor openssl_csr module into backend + module.
* Add openssl_csr_pipe module.
* Add seealso references.
* ...
* Use /dev/stdin instead of -, which seems to be only supported by newer openssl versions.
* Bump version.
* DRY: use select_message_digest.
* Fix deprecation version in docs.
* Docs improvements.
* Improve argument spec handling for module backends.
* Linting.
* Fix linting problems by using kwargs.
* Allow to pass CSR to acme_certificate as csr_content.
* Make sure contents are bytes.
* No need to write CSR to disk.
* Forgot version_added.
* Fix documentation.
* Do not crash when PKCS#12 file contains no private key and/or main certificate.
* Add changelog fragment.
* Call getters only once each, check explicitly for None.
* Add test.
* Also 'parse' correctly PKCS#12 file with no private key.
* Use module_utils from collection, clean up code a bit
* add DSA keys, because why not...
* sign/verify was added in pyOpenSSL 0.11 apparently
* Add signing capability detection to module_utils.crypto.basic
* Rework feature detection of signature types.
* Rename parameters to match other modules
* Add initial version of integration tests
* fix whitespace in tests
* More whitespace fixes
* small fixes for issues in testing
* Organize integration tests as test matrix
* another indentation fix to make pep8 happy
* use openssl pkeyutl when possible, otherwise fall back to openssl dgst
* More linter fixes
* openssl pkeyutl -help can apparently return 1
* ignore errors on openssl call and another try at formatting
* Remove the OpenSSL calls in tests
* Add collection name to deprecation notice and deprecate at version 2.0.0
* Exclude Ed448/25519 tests on pyopenssl
* revert the collection name in the deprecation notice (breaks 2.9)
* limit test platforms even more
* disable FreeBSD DSA and ECC tests
* Add module name to README
* rewrite and split into 2 modules instead
* add module to README and fix whitespace issue
* remove duplicated tests
* address review remarks
* resolve another comment
* acme_account: add support for External Account Binding.
* Add changelog fragment.
* Error if externalAccountRequired is set in ACME directory meta, but external account data is not provided.
* Validate that EAB key is Base64URL encoded.
* Improve documentation.
* Add padding to Base64 encoded key if necessary.
* Make account creation idempotent with ZeroSSL.
* Fix CI test groups.
* Make files more similar.
* Run most tests in both cloud and OS-specific environments.
* Run ACME tests in both cloud and OS-specific environments.
* Use different Python version for 2.9 cloud test.
* Revert "Run ACME tests in both cloud and OS-specific environments."
This reverts commit 967bda9438.
* Revert "Run most tests in both cloud and OS-specific environments."
This reverts commit 6e9f090afd.
* Improve changelog generator config.
* We don't have docs at that URL.
* Require Ansible(-base) 2.9.10 or newer.
Needed for deprecation syntax.
* Update all deprecations from Ansible 2.1x to community.crypto 2.0.0.
* Forgot to check in fixes.
* Shorten lines.
* Fix unit test requirements.
* Fix YAML strings which only had a closing quote.
* Galaxy neither likes uppercase nor spaces in tags.
* General README improvements.
* Add roadmap section to README.
* Next release will be 1.0.0.
* Extend using instructions.
* Tags with dashes are also not allowed.
* Fix changelog link.
* Support otherName in subAltName in CSR for UTF8 strings
* Remove uneeded docs and added changelog fragment
* Missed a merge conflict
* Fix up sanity issues and added test expectation
* Rename function
* Prepare extra sanity tests.
* Run some extra sanity tests.
* Linting.
* Experimenting
* Linting.
* Run tests in docker container.
* Improve run code.
* Use requests instead of Ansible code (which needs to be installed first).
* Refactor and add more debugging.
* More ls.
* More ls.
* More ls in container.
* Copy cwd into container.
* Improve container handling.
* Make tests configurable.
* Using proper argument parser.
* Add colors.
* Allow to disable test.
* Always run all tests for now. (Change detection needs to know about git I think).
* Use argument parser for main executable. Force colors for CI.
* Allow to specify targets.
* Linting.
* Switch to ansibulled-changelog.
* Use runner from community.internal_test_tools (current dev branch for runner).
* Clone official repository instead of my fork/branch.
* Add CI group 2 for Ansible 2.9 tests.
* Temporarily disable some nodes.
* Fix ignore.txt.
* Use version prefix instead of groups.
* Ansible 2.9 doesn't support Python 3.9
ci_complete
* Make Ansible 2.9 compatible.
* Replace archive/unarchive with copy.
* Remove dependency on community.general in integration tests for Ansible 2.9.
* Let's see.
* Ansible 2.9's copy doesn't create directories.
* Re-enable no dependency.
ci_complete
* path should be bytes.
* Reenable nodes, add two more.
* Force complete CI run for Ansible 2.9.
* Used wrong variable.
* Fix Ansible 2.9 compatibility...
* Get rid of ansible.netcommon requirement by integrating module_utils/compat/ipaddress.py.
* Reorder imports.
* Update ignore.txt for plugins/module_utils/compat/ipaddress.py.
* Linting (flake8 / pep8).
* Remove accidentally commited test for ansible/ansible#66920.
Felix Fontein
NorthFuture
John R Barker
Norman Ziegner
Doug Stanley
Andrew Klychkov
Markus Teufelberger
Arnoways
Jordan Borean
Ansible Core Team