* Adjust EE tests to ansible-builder 3.0.0.
* Remove other CI workflows.
* Use docker instead of podman...
* Support Rocky Linux 9+.
* Add CentOS Stream 9 to EE tests.
* Fix installation of PyOpenSSL on CentOS/RHEL/Rocky.
* ansible-builder only attempts to install EPEL deps on CentOS.
* Make EPEL also available on Rocky Linux 9, even though ansible-builder will ignore it.
* Make sure cryptography is already installed.
* Try ansible-runner < 2.0.0 for CentOS Stream 8 / RHEL 8.
* Show more info.
* Start restricting transitive dependencies...
* Looks like PyOpenSSL is **broken** on CentOS Stream 9 + EPEL.
* ansible-builder will NOT work with Python 3.6.
use Python 3.9 on RHEL8 / CentOS Stream 8. Manually install cryptography and PyOpenSSL for Python 3.9 as well.
* PyOpenSSL isn't available for Python 3.8 or 3.9.
* Revert "Remove other CI workflows."
This reverts commit 3a9d125f45.
* Use podman instead of docker.
* Re-order bindep entries.
* python3-pyOpenSSL does not exist on RHEL/CentOS 6 and 7.
* Always generate a new key pair if the private key doesn't exist (#597)
This commit updates `KeypairBackend._should_generate()` to first check
if the original private key named by the `path` argument exists, and
return True if it does not. This brings the code in line with
the documentation, which says that a new key will always be generated if
the key file doesn't already exist.
As an alternative to the approach implemented here, I also considered
only modifying the condition in the `fail` branch of the if statement,
but I thought that would not map as cleanly to the behavior specified in
the documentation, so doing it the way I did should make it easier to
check that the code is doing the right thing just by looking at it.
I also considered doing something to make the logic more similar to
`PrivateKeyBackend.needs_regeneration()` (the openssl version of this
functionality), because the two are supposed to be acting the same way,
but I thought that'd be going beyond the scope of just fixing this bug.
If it'd be useful to make both methods work the same way, someone can
refactor the code in a future commit.
* Test different regenerate values with nonexistent keys
This commit changes the test task that generates new keys to use each of
the different values for the `regenerate` argument, which will ensure
that the module is capable of generating a key when no previous key
exists regardless of the value of `regenerate`. Previously, the task
would always run with the `partial_idempotence` value, and that obscured
a bug (#597) that would occur when it was set to `fail`. The bug was
fixed in the previous commit.
* Do extra docs validation. Explicitly disallow semantic markup in docs.
* Forgot to add new requirement.
* Improve test.
* TEMP - make CI fail.
* Revert "TEMP - make CI fail."
This reverts commit a71b8901c1.
* Remove unnecessary import.
* Make sure ANSIBLE_COLLECTIONS_PATH is set.
* Make sure sanity tests from older Ansible versions don't complain.
* Show timings with devel, and skip everything else.
* Move to other group.
* Try smaller SSH key size (i.e. make tests run faster).
* Add implicit size that now must be explicit.
* Change group of luks_device.
* Revert "Show timings with devel, and skip everything else."
This reverts commit 7b73f7e4d7.
* Update CI scripts to be more close to the ones in ansible-core.
* Extend CI matrix.
* Mark more VMs.
* Revert "Mark more VMs."
This reverts commit 8bc79af636.
* Disable alpine VMs for get_certificate due to httptester problems.
* Improve retrieval of cryptsetup version.
* ACME 'emulator' won't work on Alpine either.
* Improve luks test setup.
* Make sure wipefs is installed on Alpine.
* dmsetup (from device-mapper) is used by the tests.
* Fix bcrypt install failure handling.
* String, not float.
* openssl_privatekey_convert is not an action module.
* Update Python info.
* Try out which VMs can be used by now.
* Enable ACME tests on all VMs but Alpine; update comment.
* Adjust acme-tiny shebang.
* Remove new entries from CI matrix.
The issuer_uri is retrieved from the Authority Information Access field the same way as the OCSP responder URI is.
Handling is exactly the same since they reside in the same OID space and have the same data type.
Tests have also been added based on the integration test certificates.
Signed-off-by: benaryorg <binary@benary.org>
Signed-off-by: benaryorg <binary@benary.org>
* tests.unit.compat.mock: Remove legacy compat code
This removes old Python 3.4 compatibility code that is no longer needed.
* Prefer unitest.mock by universally using compat.mock
`mock` is a backport of the `unittest.mock` module from the stdlib, and
there's no reason to use it on newer Python versions.
* Extend tests to check for privatekey_content together with privatekey_passphrase.
* Also test privatekey_content for private keys without passphrases.
* ci: enable rhel9.0 tests for openssh_cert
* ci: allow openssh_cert second signature algorithm test for versions >8.7
* ci: narrowing condition to not attempt RSA1 signing exclusively on RHEL >=9
* ci: grouping and documenting condition
* Add RHEL 9.0 and FreeBSD 13.1 to CI.
* Add Ubuntu 22.04 and Fedora 36 to CI.
* Switch orders so that root doesn't have a SHA1 signature.
* Skip openssh_cert test on RHEL 9.0.
* Make it possible that pyOpenSSL isn't installed *at all*.
* Work with default.
* Prepare IDNA/Unicode conversion code. Use to normalize input.
* Use IDNA library first (IDNA2008) and Python's IDNA2003 implementation as a fallback.
* Make sure idna is installed.
* Add changelog fragment.
* 'punycode' → 'idna'.
* Add name_encoding options and tests.
* Avoid invalid character for IDNA2008.
* Linting.
* Forgot to upate value.
* Work around cryptography bug. Fix port handling for URIs.
* Forgot other place sensitive to cryptography bug.
* Forgot one. (Will likely still fail.)
* Decode IDNA in _compress_entry() to avoid comparison screw-ups.
* Work around Python 3.5 problem in Ansible 2.9's default test container.
* Update changelog fragment.
* Fix error, add tests.
* Python 2 compatibility.
* Update requirements.
* Add EE files.
* Install cryptography and PyOpenSSL from PyPi.
* Revert "Install cryptography and PyOpenSSL from PyPi."
This reverts commit 6b90a1efae.
* Only run test when cryptography has a new enough version.
* And another one.
* Extend changelog.
Felix Fontein
David Zaslavsky
Katze
Andrew Pantuso
Maxwell G
Andrew Pantuso