3951e6ceb4
Include cert ID in warning.
...
This prevents the warning to be not shown for different certificates
in the same playbook due to warning de-duplication.
2025-01-19 08:58:49 +01:00
bf70f8d717
Prepare 2.24.0.
2025-01-18 11:25:37 +01:00
214794d056
acme_certificate and acme_certificate_create_order: add order_creation_error_strategy and order_creation_max_retries options ( #842 )
...
* Provide error information.
* Add helper function for order creation retrying.
* Improve existing documentation.
* Document 'replaces' return value.
* Add order_creation_error_strategy and order_creation_max_retries options.
* Add changelog fragment.
* Fix authz deactivation for finalizing step.
* Fix profile handling on order creation.
* Improve existing tests.
* Add ARI and profile tests.
* Warn when 'replaces' is removed when retrying to create an order.
2025-01-18 10:51:10 +01:00
b9fa5b5193
Deprecate ansible-core < 2.17 and cryptography < 3.4. ( #839 )
2025-01-17 21:27:01 +00:00
5366b9e5ba
Improve ACME tests; add acme_ari_info tests; use ARI and profiles features in acme_certificate tests ( #841 )
...
* Fix description.
* Add basic acme_ari_info test.
* Refactoring.
* Extend acme_certificate tests.
2025-01-14 23:49:24 +01:00
fd67767538
Move EOL'ed ansible-core 2.15 from AZP to GHA ( #840 )
...
* Move EOL'ed ansible-core 2.15 from AZP to GHA.
* CentOS 7 does not work in GHA.
2025-01-14 19:31:03 +01:00
ae35be3437
Adjust ARI tests to new Pebble ( #837 )
...
* Adjust ARI tests to new Pebble.
* Fix key size for certificates to 2048 on all systems.
2025-01-13 21:43:29 +01:00
01e7bf1f33
acme_certificate_renewal_info: add treat_parsing_error_as_non_existing option and existing and parsable return values ( #838 )
...
* Fix error reporting for OpenSSL backend: raise BackendExceptions instead of directly failing the module.
* Add treat_parsing_error_as_non_existing option and existing and parsable return values.
2025-01-12 21:42:24 +01:00
49354f2121
Add new ACME modules for working with orders. ( #757 )
2025-01-12 17:10:58 +01:00
072318466e
Update ACME tests ( #836 )
...
* Restrict remaining days to also work with short-lived profiles.
* Adjust boolean cases.
* Fix spelling error.
* Use larger key size for TLS-ALPN test certificate.
2025-01-12 13:59:08 +01:00
248250514f
Fix profile implementation.
2025-01-12 13:57:17 +01:00
2419e6c6ad
Implement profile option. ( #835 )
2025-01-12 10:24:24 +01:00
029e009db1
CI: Add Fedora 41, Alpine 3.21, RHEL 9.5, FreeBSD 14.2 to CI for devel ( #834 )
...
* Add Fedora 41, Alpine 3.21, RHEL 9.5, FreeBSD 14.2 to CI for devel.
* Fedora 41 also doesn't allow SHA-1 apparently.
Ref: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
* Work around broken cryptography in Fedora 41.
2025-01-08 22:08:18 +01:00
cfd524f345
Fix CI badge image URL. Add documentation badge.
2025-01-04 11:27:22 +01:00
355480601d
Make 2.9, 2.10, and 2.11 sanity tests shut up.
2025-01-03 15:26:19 +01:00
f956ddcc77
Add extra sanity test for acme action group.
2025-01-03 14:56:36 +01:00
ccb4ecfbd8
The next expected release will be 2.24.0.
2024-12-30 22:36:49 +01:00
95886d1cf9
Release 2.23.0.
2024-12-30 22:04:25 +01:00
9b53f4b382
Prepare 2.23.0 release.
2024-12-30 21:17:40 +01:00
3f0e292246
Add 'idempotent' attribute ( #833 )
...
* Add 'idempotent' attribute.
* Mention check mode in attribute description.
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
2024-12-30 21:11:12 +01:00
0d4b16aadb
acme_certificate: be nicer to non-compliant CAs ( #832 )
...
* Be nicer to non-compliant CAs.
* Mark as a feature, not a bugfix.
2024-12-30 10:30:33 +00:00
db04914ab6
Deprecate PyOpenSSL. ( #831 )
2024-12-30 10:10:10 +01:00
abb0d67774
Add validation option. ( #830 )
2024-12-30 10:09:51 +01:00
05c442ab5e
luks_device: allow to provide passphrases base64-encoded ( #829 )
...
* Allow to provide passphrases base64-encoded.
* Add note on binary passphrases.
2024-12-30 10:09:32 +01:00
4ce9745d35
Put appropriate module attributes into doc fragments.
2024-12-29 16:17:03 +01:00
37af200ecb
Fix doc fragments indents.
2024-12-29 15:47:51 +01:00
ddbcf49868
Improve formulations.
2024-12-28 17:02:42 +01:00
942be86635
Reformat documentation with 'andebox yaml-doc' ( #828 )
...
* Reformat documentation with 'andebox yaml-doc'.
* Fix/improve.
* Remaining fixes.
* One more.
2024-12-28 16:00:28 +00:00
2ed7f69b83
Improve language.
2024-12-28 14:30:08 +01:00
91504cda85
Arch Linux updated to Python 3.13. ( #826 )
2024-12-22 21:27:54 +01:00
16434d9ad8
Fix some issues pointed out by zizmor. ( #823 )
2024-12-14 14:56:00 +01:00
9e10cfb53a
Update the PKCS#12 encryption warning. ( #820 )
2024-11-23 15:44:06 +01:00
32047dccc5
Add test with device name starting with 'crypt'. ( #821 )
2024-11-21 21:46:26 +01:00
0f7c5f0de1
CI: Fix cryptsetup version for RHEL 9.1/9.2/9.3/9.4 ( #819 )
...
* Fix cryptsetup version for RHEL 9.1/9.2/9.3.
* Also fix version for RHEL 9.4.
* Trigger change in openssh_cert.
* Use lower-case names.
* Actually install the right version.
2024-11-18 21:36:53 +01:00
8b831dbe59
Bump fsfe/reuse-action from 4 to 5 ( #818 )
...
Bumps [fsfe/reuse-action](https://github.com/fsfe/reuse-action ) from 4 to 5.
- [Release notes](https://github.com/fsfe/reuse-action/releases )
- [Commits](https://github.com/fsfe/reuse-action/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: fsfe/reuse-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-18 19:38:22 +01:00
8e33aafdba
Add FreeBSD 13.4 to CI. ( #815 )
2024-11-08 23:05:44 +01:00
1b134f2d13
Next expected release will be 2.23.0.
2024-10-27 09:19:31 +01:00
7adca3efff
Release 2.22.3.
2024-10-27 08:49:30 +01:00
6731b38baa
Explicitly use UTC timezone in ACME OpenSSL backend ( #811 )
...
* Allow abstract backend class to handle both with and without timezone.
* Explicitly use UTC timezone in OpenSSL backend code.
2024-10-27 08:13:05 +01:00
feee571bc8
Fix time code to work in timezones other than UTC, and add tests in multiple timezones ( #810 )
...
* Add tests in multiple timezones.
* Fix get_epoch_seconds() for timestamps without timezones.
* Add changelog fragment.
* Pin version for Python 2.6.
2024-10-24 20:24:55 +02:00
21e344e283
Prepare 2.22.3 release.
2024-10-23 21:24:21 +02:00
7c93b61532
Fix reuse workflow branches.
2024-10-19 12:34:56 +02:00
dd8b90f9d3
Next expected release is 2.23.0.
2024-10-15 20:52:43 +02:00
e1c0ab5bd2
Release 2.22.2.
2024-10-15 20:34:01 +02:00
a57be5ceb3
Prepare 2.22.2 release.
2024-10-15 20:11:26 +02:00
6d4a8435c7
Add test for mixed-case DNS name. ( #807 )
2024-10-15 20:10:00 +02:00
a39b3bc882
lookup lowercase domain names when verifying authorizations to preven… ( #803 )
...
* lookup lowercase domain names when verifying authorizations to prevent failure when CSR has mixed-case names
Signed-off-by: Lyas Spiehler <lspiehler@gmail.com>
* remove .lower() method
* make authorizations keys lowercase
Signed-off-by: Lyas Spiehler <lspiehler@gmail.com>
* use lowercase keys for authorizations dict
Signed-off-by: Lyas Spiehler <lspiehler@gmail.com>
* use new normalize_combined_identifier function to normalize identifiers
* include two blank lines after functions to pass tests
* Update plugins/module_utils/acme/challenges.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* add changelog fragment
Signed-off-by: Lyas Spiehler <lspiehler@gmail.com>
* Update changelogs/fragments/803-fix-authorization-failure-with-mixed-case-sans.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Signed-off-by: Lyas Spiehler <lspiehler@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
2024-10-15 19:48:47 +02:00
30a16c8f60
Update SOPS example. ( #806 )
2024-10-03 22:33:47 +02:00
0638512cf9
Next expected release is 2.23.0.
2024-10-01 23:15:32 +03:00
4ee90e5ea2
Release 2.22.1.
2024-10-01 22:51:02 +03:00
Felix Fontein
dependabot[bot]
Lyas Spiehler