1097371cf4
Be more precise about which private keys are supported in openssl_publickey. ( #532 )
2022-11-27 18:13:59 +01:00
2a746115ca
fix #529 issuer_uri in x509_certificate_info ( #530 )
...
The issuer_uri is retrieved from the Authority Information Access field the same way as the OCSP responder URI is.
Handling is exactly the same since they reside in the same OID space and have the same data type.
Tests have also been added based on the integration test certificates.
Signed-off-by: benaryorg <binary@benary.org>
Signed-off-by: benaryorg <binary@benary.org>
2022-11-17 12:40:44 +01:00
37fddc61d8
openssl_privatekey: fix example for cipher ( #527 )
...
the cipher parameter required for encrypted private keys only accepts the value "auto"
as described in /plugins/doc_fragments/module_privatekey.py.
The previously documented value of "aes256" is invalid here.
2022-11-10 20:25:56 +01:00
7bbe8f467c
Document attributes ( #526 )
...
* Add 'acme' action group attribute.
* Compatibility with older ansible-core releases.
* Fix typo.
* Document standard attributes.
* Improve docs.
* Add shortcuts for common combinations.
2022-11-06 21:10:56 +01:00
9ba0e25bfe
Handle new nonce call more gracefully when it does not return nonce. ( #525 )
2022-11-02 08:32:01 +00:00
e4e2b804bc
Allow to configure encryption level. ( #523 )
2022-11-01 19:51:28 +01:00
4533b3e934
Include symbolic HTTP status codes in error and log messages when available. ( #524 )
2022-10-31 21:33:27 +01:00
516be406e0
Improve import error handling for ACME modules ( #519 )
...
* Improve import error handling for ACME modules
* Update plugins/module_utils/acme/acme.py
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2022-10-17 21:38:54 +02:00
b3f589df62
Action plugin support code: ensure compatibility with newer versions of ansible-core ( #515 )
...
* Only access C.STRING_CONVERSION_ACTION for old ansible-base / Ansible versions.
* Always use self.__xxx instead of xxx directly.
2022-09-23 07:02:46 +02:00
c24e5c63e8
acme modules: also support 503 for retries ( #513 )
...
* Also support 503 for retries.
* Forgot to adjust status code comparison.
* Also support 408.
2022-09-21 13:50:26 +02:00
829707fc5a
fix: add warning when openssh-keypair has private_key_format specified with opensshbin ( #512 )
2022-09-19 20:10:21 +02:00
a0d862e1f1
Support 429 Too Many Requests for acme module_utils. ( #508 )
2022-09-19 20:10:03 +02:00
1dcc135da5
feat: add private_key_format choices for openssh_keypair ( #511 )
...
* feat: add private_key_format choices for openssh_keypair
* chore: add changelog fragment
2022-09-18 20:10:29 -04:00
98bfdb322a
Make sure that escape sequence in YAML is not interpreted by Python. ( #507 )
2022-09-04 22:09:06 +02:00
0e15d6cea8
Convert yes/no to true/false. ( #503 )
2022-08-23 21:33:29 +02:00
fd1263c9aa
Fix some new linting errors ( #499 )
...
* Fix some new linting errors.
* More linting errors.
ci_complete
2022-08-12 08:34:51 +02:00
2dafef1fab
Fix docs ( #497 )
...
* Fix docs.
* Fix YAML.
* Prevent crashes with older pyyaml versions.
2022-08-04 20:02:56 +02:00
d83f7639be
add production directory URL for ACME v2 for Sectigo ( #496 )
...
According the to official Sectigo documentation [1] the directory URL
for ACME v2 is: https://acme-qa.secure.trust-provider.com/v2/DV
[1] https://docs.sectigo.com/scm/acme-integration-docs/1/eab-clients-sectigo-acme-integration.html
Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at>
2022-07-26 18:10:43 +02:00
e08efe2598
Correctly mark plugins/module_utils/crypto/_obj2txt.py as having two licenses. ( #495 )
2022-07-25 07:17:56 +02:00
6bf3ef47e1
Move licenses to LICENSES/, use SPDX-License-Identifier, mention all licenses in galaxy.yml ( #491 )
...
* Add SPDX license identifiers, mention all licenses in galaxy.yml.
* Add default copyright headers.
* Add headers for documents.
* Fix/add more copyright statements.
* Add copyright / license info for vendored code.
* Add extra sanity test.
* Add changelog fragment.
* Comment PSF-2.0 license out in galaxy.yml for now.
* Remove colon after 'Copyright'.
* Avoid colon after 'Copyright' in lint script.
* Mention correct filename.
* Add BSD-3-Clause.
* Improve lint script.
* Update README.
* Symlinks...
2022-07-21 07:27:26 +02:00
9ed4526fee
openssl_pkcs12: fix crash when trying to get non-existing other certificates ( #487 )
...
* Fix crash when trying to get non-existing other certificates.
* Add test.
2022-07-07 22:30:22 +02:00
de0ec1f739
Add Apache 2.0 license; simplify and standardize license headers ( #478 )
...
* Add Apache 2.0 license for Apache 2.0 licensed parts.
* Unify license headers.
* Move additional licenses to licenses/.
* Revert "Move additional licenses to licenses/."
This reverts commit c12b22de1c
2022-06-17 08:20:40 +02:00
b29f238083
Fix ValueError: excluded_subtrees must be a non-empty list or None ( #481 )
2022-06-17 07:53:07 +02:00
297b44f24b
x509_crl: do not crash when signing with Ed25519 or Ed448 ( #475 )
...
* Do not crash when signing with Ed25519 or Ed448.
* Forgot replace.
2022-06-15 22:06:40 +02:00
ccd66419f4
Add simplified_bsd.txt license file ( #467 )
...
* Add simplified_bsd.txt and adjust references.
* Add changelog.
2022-06-02 07:45:50 +02:00
c49102d688
certificate_complete_chain: do not stop execution on unsupported algorithm ( #457 )
...
* Do not stop execution on unsupported algorithm.
* Fix typo.
2022-05-20 07:22:35 +02:00
5664bfe4b6
Add PSF-license.txt file. ( #453 )
2022-05-16 07:40:04 +02:00
4cf951596f
Improve handling of IDNA/Unicode domains ( #436 )
...
* Prepare IDNA/Unicode conversion code. Use to normalize input.
* Use IDNA library first (IDNA2008) and Python's IDNA2003 implementation as a fallback.
* Make sure idna is installed.
* Add changelog fragment.
* 'punycode' → 'idna'.
* Add name_encoding options and tests.
* Avoid invalid character for IDNA2008.
* Linting.
* Forgot to upate value.
* Work around cryptography bug. Fix port handling for URIs.
* Forgot other place sensitive to cryptography bug.
* Forgot one. (Will likely still fail.)
* Decode IDNA in _compress_entry() to avoid comparison screw-ups.
* Work around Python 3.5 problem in Ansible 2.9's default test container.
* Update changelog fragment.
* Fix error, add tests.
* Python 2 compatibility.
* Update requirements.
2022-05-09 19:57:14 +02:00
90efcc1ca7
Add privatekey_content option. ( #452 )
2022-05-09 19:56:08 +02:00
8a1c60e54a
Incorporate feedback from #443 that ACME modules work with Sectigo ACME Service for InCommon ( #451 )
...
* Incorporate feedback from #443 .
* Update comment.
2022-05-09 13:28:03 +02:00
c16d9f78b8
Make request timeout configurable for all acme modules ( #448 )
...
* Make request timeout configurable for all acme modules
Fixes #447 .
* Log change made in #448
2022-05-03 17:29:38 +02:00
91f192ce5b
Fix main for new cryptography 37.0.0 release ( #445 )
...
* Fix empty check for openssl_pkcs12 tests.
* Remove unnecessary imports.
* Prevent crash if PyOpenSSL cannot be imported because of an AttributeError.
* Add changelog fragment.
* Fix constraints file.
* Use Python 2.7 instead of 3.5 for 2.9 cloud tests (pip module is broken).
* Prevent upgrading cryptography on ansible-core 2.12's default container with Python 3.9.
2022-04-26 22:18:37 +02:00
9d03178b00
Fix crash in x509_crl when certificate issuer is specified ( #441 )
...
* Fix x509_crl certificate issuer issue.
* Add tests.
* Add changelog fragment.
2022-04-18 08:17:27 +02:00
041fff5057
Add persistent and perf options to the luks_device ( #434 )
...
Read and write work queue significantly degrades performance on
SSD/NVME devices[1].
In Debian 11 crypttab does not support no-read-workqueue and
no-write-workqueue flags, so the persistent flag is workaround: once
opened with perf parameters persists forever.
[1] https://blog.cloudflare.com/speeding-up-linux-disk-encryption/
Signed-off-by: Yauhen Artsiukhou <jsirex@gmail.com>
2022-04-10 14:30:10 +02:00
635b25519b
Document OpenSSH 7.7 required for validity always ( #429 )
...
* Document OpenSSH 7.7 required for validity always
* Document cert start time option for OpenSSH <7.7
* Improve language of "always" time support
* Update language on `always` to suggested
* Fix indetation
2022-04-02 12:02:42 -04:00
033bab7db1
openssh_* - catch and report top-level exceptions via `fail_json` ( #417 )
...
* ensure exceptions are properly reported
* adding changelog fragment
* applying review suggestions
* typo
* adding back exception msg
2022-03-08 13:23:09 +01:00
010f1a4d2d
fixing public key return value docs ( #412 )
2022-03-02 13:52:07 +01:00
0d4b3ed991
Fix parsing of lsblk output. ( #410 )
2022-03-02 13:48:38 +01:00
28729657ac
x509_certificate: check existing certificate's signature for selfsigned and ownca provider ( #407 )
...
* Verify whether signature matches.
* Add changelog fragment.
* Forgot imports.
* Fix wrong name.
* Check whether the CA private key fits to the CA certificate. Use correct key in tests.
* Refactor code.
2022-02-16 07:38:11 +01:00
3ebc132c03
Regenerate certificate on CA's subject change. ( #402 )
2022-02-14 18:04:29 +01:00
11a14543c8
certificate_complete_chain: handle duplicate intermediate subjects ( #403 )
...
* Allow multiple intermediate CAs to have same subject.
* Add tests.
* Fix test name.
* Don't use CN for SAN.
* Make a bit more compatible.
* Include jinja2 compat for CentOS 6.
2022-02-14 13:29:19 +01:00
a307618872
openssh_cert - fix full_idempotence for host certificates ( #396 )
...
* fixing host cert idempotence
* adding changelog fragment
2022-02-04 20:53:50 +01:00
ea2e45d63f
Set LANG and similar env variables to prevent translated cryptsetup output. ( #388 )
2022-01-30 21:30:56 +01:00
b339e71973
Added 'ignore_timestamps' parameter ( #381 )
...
* Added 'ignore_timestamps' parameter
* Update plugins/modules/openssh_cert.py
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* Update plugins/modules/openssh_cert.py
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* Update plugins/modules/openssh_cert.py
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* Added fragment
* Update plugins/modules/openssh_cert.py
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* added ignore_timestamps to example
* corrected styling
* fixed styling (again)
* Update changelogs/fragments/381_openssh_cert_add_ignore_timestamps.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* splitted description as suggested by felixfontein
* fixed linebreak
* Mentioned ignore_timestamps in regenerate
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
2022-01-20 16:15:50 +01:00
a467f036b1
Fix indentation of when in example. ( #382 )
2022-01-18 21:52:53 +01:00
bd2bd79497
Add openssl_privatekey_convert module ( #362 )
...
* Add openssl_privatekey_convert module.
* Extend tests and fix bugs.
* Fix wrong required.
* Fix condition.
* Fix bad tests.
* Fix documentation for format.
* Fix copyright lines.
2022-01-10 21:01:52 +01:00
62272296da
Small docs improvements ( #374 )
...
* Small improvements.
* Document behavior changes.
2022-01-10 12:05:09 +00:00
1b0fcde862
Fix comment. ( #372 )
2022-01-06 12:56:10 +00:00
46f39efc43
Use vendored copy of distutils.version. ( #369 )
2022-01-05 21:30:11 +01:00
b2ea4a7ce5
Add basic crypto_info module ( #363 )
...
* Add basic crypto_info module.
* Improve check.
* Actually test capabilities.
* Also output EC curve list.
* Fix detections.
* Ed25519 and Ed448 are not supported on FreeBSD 12.1.
* Refactor.
* Also retrieve information on the OpenSSL binary.
* Improve splitting.
* Update plugins/modules/crypto_info.py
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* Replace list by tuple.
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
2022-01-05 18:19:42 +01:00
Felix Fontein
Katze
Christoph
Andrew Pantuso
Andrew Pantuso
Daniel Ziegenberg
Songmin Li
Jonas Verhofsté
Yauhen
bluikko
JochenKorge