* Always generate a new key pair if the private key doesn't exist (#597)
This commit updates `KeypairBackend._should_generate()` to first check
if the original private key named by the `path` argument exists, and
return True if it does not. This brings the code in line with
the documentation, which says that a new key will always be generated if
the key file doesn't already exist.
As an alternative to the approach implemented here, I also considered
only modifying the condition in the `fail` branch of the if statement,
but I thought that would not map as cleanly to the behavior specified in
the documentation, so doing it the way I did should make it easier to
check that the code is doing the right thing just by looking at it.
I also considered doing something to make the logic more similar to
`PrivateKeyBackend.needs_regeneration()` (the openssl version of this
functionality), because the two are supposed to be acting the same way,
but I thought that'd be going beyond the scope of just fixing this bug.
If it'd be useful to make both methods work the same way, someone can
refactor the code in a future commit.
* Test different regenerate values with nonexistent keys
This commit changes the test task that generates new keys to use each of
the different values for the `regenerate` argument, which will ensure
that the module is capable of generating a key when no previous key
exists regardless of the value of `regenerate`. Previously, the task
would always run with the `partial_idempotence` value, and that obscured
a bug (#597) that would occur when it was set to `fail`. The bug was
fixed in the previous commit.
* Do extra docs validation. Explicitly disallow semantic markup in docs.
* Forgot to add new requirement.
* Improve test.
* TEMP - make CI fail.
* Revert "TEMP - make CI fail."
This reverts commit a71b8901c1.
* Remove unnecessary import.
* Make sure ANSIBLE_COLLECTIONS_PATH is set.
* Make sure sanity tests from older Ansible versions don't complain.
* Enable custom cipher selection for get_certificate
* get_certificate ciphers desc grammar fix
Co-authored-by: Felix Fontein <felix@fontein.de>
* get_certificate ciphers desc grammar fix
Co-authored-by: Felix Fontein <felix@fontein.de>
* get_certificate ciphers include version_added
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add changelog fragment
* Fail if ciphers is set and Python < 2.7.9
* Standardize ciphers conditionals in get_certificate
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Show timings with devel, and skip everything else.
* Move to other group.
* Try smaller SSH key size (i.e. make tests run faster).
* Add implicit size that now must be explicit.
* Change group of luks_device.
* Revert "Show timings with devel, and skip everything else."
This reverts commit 7b73f7e4d7.
Felix Fontein
David Zaslavsky
Thomas Anderson
Austin Lane
dlehrman