2433fdab98
luks_device: allow passphrases to contain newlines ( #844 )
...
* luks_device: allow passphrases to contain newlines
This is useful when passing binary keyfiles from an ansible vault, as
it removes the restriction that the binary data cannot contain newlines.
The only exception is adding a new key to an existing container, as in
that case the two passphrases are separated by a new line.
* add integration tests and a changelog fragment
* attempt to also make luks_add_key work with passphrases containing
newlines
* use a deterministic method to generate keyfile 3, improve changelog
formatting
* add licence and copyright to keyfile3.txt to satisfy CI
2025-02-09 14:24:16 +01:00
cb6edf1a5f
The next expected release will be 2.25.0.
2025-01-19 13:28:11 +01:00
3d4c5346c6
Release 2.24.0.
2025-01-19 13:03:31 +01:00
a8aa05ac4e
Avoid reserved variable name 'order'.
2025-01-19 10:59:55 +01:00
0e122e5f56
Improve ACME profile support.
2025-01-19 10:55:26 +01:00
47ea1af180
Forgot to adjust warnings.
2025-01-19 10:47:24 +01:00
3951e6ceb4
Include cert ID in warning.
...
This prevents the warning to be not shown for different certificates
in the same playbook due to warning de-duplication.
2025-01-19 08:58:49 +01:00
bf70f8d717
Prepare 2.24.0.
2025-01-18 11:25:37 +01:00
214794d056
acme_certificate and acme_certificate_create_order: add order_creation_error_strategy and order_creation_max_retries options ( #842 )
...
* Provide error information.
* Add helper function for order creation retrying.
* Improve existing documentation.
* Document 'replaces' return value.
* Add order_creation_error_strategy and order_creation_max_retries options.
* Add changelog fragment.
* Fix authz deactivation for finalizing step.
* Fix profile handling on order creation.
* Improve existing tests.
* Add ARI and profile tests.
* Warn when 'replaces' is removed when retrying to create an order.
2025-01-18 10:51:10 +01:00
b9fa5b5193
Deprecate ansible-core < 2.17 and cryptography < 3.4. ( #839 )
2025-01-17 21:27:01 +00:00
5366b9e5ba
Improve ACME tests; add acme_ari_info tests; use ARI and profiles features in acme_certificate tests ( #841 )
...
* Fix description.
* Add basic acme_ari_info test.
* Refactoring.
* Extend acme_certificate tests.
2025-01-14 23:49:24 +01:00
fd67767538
Move EOL'ed ansible-core 2.15 from AZP to GHA ( #840 )
...
* Move EOL'ed ansible-core 2.15 from AZP to GHA.
* CentOS 7 does not work in GHA.
2025-01-14 19:31:03 +01:00
ae35be3437
Adjust ARI tests to new Pebble ( #837 )
...
* Adjust ARI tests to new Pebble.
* Fix key size for certificates to 2048 on all systems.
2025-01-13 21:43:29 +01:00
01e7bf1f33
acme_certificate_renewal_info: add treat_parsing_error_as_non_existing option and existing and parsable return values ( #838 )
...
* Fix error reporting for OpenSSL backend: raise BackendExceptions instead of directly failing the module.
* Add treat_parsing_error_as_non_existing option and existing and parsable return values.
2025-01-12 21:42:24 +01:00
49354f2121
Add new ACME modules for working with orders. ( #757 )
2025-01-12 17:10:58 +01:00
072318466e
Update ACME tests ( #836 )
...
* Restrict remaining days to also work with short-lived profiles.
* Adjust boolean cases.
* Fix spelling error.
* Use larger key size for TLS-ALPN test certificate.
2025-01-12 13:59:08 +01:00
248250514f
Fix profile implementation.
2025-01-12 13:57:17 +01:00
2419e6c6ad
Implement profile option. ( #835 )
2025-01-12 10:24:24 +01:00
029e009db1
CI: Add Fedora 41, Alpine 3.21, RHEL 9.5, FreeBSD 14.2 to CI for devel ( #834 )
...
* Add Fedora 41, Alpine 3.21, RHEL 9.5, FreeBSD 14.2 to CI for devel.
* Fedora 41 also doesn't allow SHA-1 apparently.
Ref: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
* Work around broken cryptography in Fedora 41.
2025-01-08 22:08:18 +01:00
cfd524f345
Fix CI badge image URL. Add documentation badge.
2025-01-04 11:27:22 +01:00
355480601d
Make 2.9, 2.10, and 2.11 sanity tests shut up.
2025-01-03 15:26:19 +01:00
f956ddcc77
Add extra sanity test for acme action group.
2025-01-03 14:56:36 +01:00
ccb4ecfbd8
The next expected release will be 2.24.0.
2024-12-30 22:36:49 +01:00
95886d1cf9
Release 2.23.0.
2024-12-30 22:04:25 +01:00
9b53f4b382
Prepare 2.23.0 release.
2024-12-30 21:17:40 +01:00
3f0e292246
Add 'idempotent' attribute ( #833 )
...
* Add 'idempotent' attribute.
* Mention check mode in attribute description.
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
2024-12-30 21:11:12 +01:00
0d4b16aadb
acme_certificate: be nicer to non-compliant CAs ( #832 )
...
* Be nicer to non-compliant CAs.
* Mark as a feature, not a bugfix.
2024-12-30 10:30:33 +00:00
db04914ab6
Deprecate PyOpenSSL. ( #831 )
2024-12-30 10:10:10 +01:00
abb0d67774
Add validation option. ( #830 )
2024-12-30 10:09:51 +01:00
05c442ab5e
luks_device: allow to provide passphrases base64-encoded ( #829 )
...
* Allow to provide passphrases base64-encoded.
* Add note on binary passphrases.
2024-12-30 10:09:32 +01:00
4ce9745d35
Put appropriate module attributes into doc fragments.
2024-12-29 16:17:03 +01:00
37af200ecb
Fix doc fragments indents.
2024-12-29 15:47:51 +01:00
ddbcf49868
Improve formulations.
2024-12-28 17:02:42 +01:00
942be86635
Reformat documentation with 'andebox yaml-doc' ( #828 )
...
* Reformat documentation with 'andebox yaml-doc'.
* Fix/improve.
* Remaining fixes.
* One more.
2024-12-28 16:00:28 +00:00
2ed7f69b83
Improve language.
2024-12-28 14:30:08 +01:00
91504cda85
Arch Linux updated to Python 3.13. ( #826 )
2024-12-22 21:27:54 +01:00
16434d9ad8
Fix some issues pointed out by zizmor. ( #823 )
2024-12-14 14:56:00 +01:00
9e10cfb53a
Update the PKCS#12 encryption warning. ( #820 )
2024-11-23 15:44:06 +01:00
32047dccc5
Add test with device name starting with 'crypt'. ( #821 )
2024-11-21 21:46:26 +01:00
0f7c5f0de1
CI: Fix cryptsetup version for RHEL 9.1/9.2/9.3/9.4 ( #819 )
...
* Fix cryptsetup version for RHEL 9.1/9.2/9.3.
* Also fix version for RHEL 9.4.
* Trigger change in openssh_cert.
* Use lower-case names.
* Actually install the right version.
2024-11-18 21:36:53 +01:00
8b831dbe59
Bump fsfe/reuse-action from 4 to 5 ( #818 )
...
Bumps [fsfe/reuse-action](https://github.com/fsfe/reuse-action ) from 4 to 5.
- [Release notes](https://github.com/fsfe/reuse-action/releases )
- [Commits](https://github.com/fsfe/reuse-action/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: fsfe/reuse-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-18 19:38:22 +01:00
8e33aafdba
Add FreeBSD 13.4 to CI. ( #815 )
2024-11-08 23:05:44 +01:00
1b134f2d13
Next expected release will be 2.23.0.
2024-10-27 09:19:31 +01:00
7adca3efff
Release 2.22.3.
2024-10-27 08:49:30 +01:00
6731b38baa
Explicitly use UTC timezone in ACME OpenSSL backend ( #811 )
...
* Allow abstract backend class to handle both with and without timezone.
* Explicitly use UTC timezone in OpenSSL backend code.
2024-10-27 08:13:05 +01:00
feee571bc8
Fix time code to work in timezones other than UTC, and add tests in multiple timezones ( #810 )
...
* Add tests in multiple timezones.
* Fix get_epoch_seconds() for timestamps without timezones.
* Add changelog fragment.
* Pin version for Python 2.6.
2024-10-24 20:24:55 +02:00
21e344e283
Prepare 2.22.3 release.
2024-10-23 21:24:21 +02:00
7c93b61532
Fix reuse workflow branches.
2024-10-19 12:34:56 +02:00
dd8b90f9d3
Next expected release is 2.23.0.
2024-10-15 20:52:43 +02:00
e1c0ab5bd2
Release 2.22.2.
2024-10-15 20:34:01 +02:00
ilia-kats
Felix Fontein
dependabot[bot]