b000491514
Support Custom Cipher Selection ( #571 )
...
* Enable custom cipher selection for get_certificate
* get_certificate ciphers desc grammar fix
Co-authored-by: Felix Fontein <felix@fontein.de>
* get_certificate ciphers desc grammar fix
Co-authored-by: Felix Fontein <felix@fontein.de>
* get_certificate ciphers include version_added
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add changelog fragment
* Fail if ciphers is set and Python < 2.7.9
* Standardize ciphers conditionals in get_certificate
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
2023-02-10 21:01:13 +01:00
70c4585b88
Fix deprecation handling. ( #572 )
2023-02-09 15:36:23 +01:00
aea3713484
Remove unneccessary imports ( #569 )
...
* Remove unneccessary imports.
* Add noqas.
* Add comment which name is actually ignored.
2023-02-09 11:57:54 +01:00
ddfb18b609
openssl_csr: fix bad tests, avoid accepting invalid crl_distribution_points records ( #560 )
...
* Improve error handling.
* Remove invalid tests.
* Add changelog fragment.
* Fix tests.
* Improve exception catching.
Co-authored-by: Kristian Heljas <11139388+kristianheljas@users.noreply.github.com>
* Prevent empty full_name.
* Fix condition. Make sure errors are caught.
* Add more checks.
Co-authored-by: Kristian Heljas <11139388+kristianheljas@users.noreply.github.com>
2023-01-02 14:52:59 +00:00
8a80ced4b8
Add openssl_privatekey_info filter ( #555 )
...
* Add openssl_privatekey_info filter.
* Update description.
2022-12-31 17:45:45 +01:00
ef2bb6d510
Add openssl_csr_info ilter. ( #554 )
2022-12-31 07:58:37 +01:00
889cfdf47e
Add openssl_publickey_info filter. ( #556 )
2022-12-31 07:56:54 +01:00
c173449c46
Add x509_crl_info filter ( #558 )
...
* Add x509_crl_info filter.
* Work around bugs in Ansible 2.9 and ansible-base 2.10.
2022-12-31 07:56:34 +01:00
c08bae8308
Add x509_certificate_info filter. ( #557 )
2022-12-31 07:56:11 +01:00
80f7b084c0
Add filter module base, prepare adding filters ( #553 )
...
* Improve string handling.
* Cleanup tests.
* Add filter module mock.
2022-12-30 20:44:13 +01:00
5d24d04adf
Fix crash when public key cannot be parsed. ( #551 )
2022-12-28 18:28:50 +01:00
7cc9a70e43
Add split_pem filter ( #549 )
...
* Add split_pem filter.
* Fix documentation.
* Python 2.7.
* Improve error message matching.
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
2022-12-27 21:57:20 +01:00
1097371cf4
Be more precise about which private keys are supported in openssl_publickey. ( #532 )
2022-11-27 18:13:59 +01:00
2a746115ca
fix #529 issuer_uri in x509_certificate_info ( #530 )
...
The issuer_uri is retrieved from the Authority Information Access field the same way as the OCSP responder URI is.
Handling is exactly the same since they reside in the same OID space and have the same data type.
Tests have also been added based on the integration test certificates.
Signed-off-by: benaryorg <binary@benary.org>
Signed-off-by: benaryorg <binary@benary.org>
2022-11-17 12:40:44 +01:00
37fddc61d8
openssl_privatekey: fix example for cipher ( #527 )
...
the cipher parameter required for encrypted private keys only accepts the value "auto"
as described in /plugins/doc_fragments/module_privatekey.py.
The previously documented value of "aes256" is invalid here.
2022-11-10 20:25:56 +01:00
7bbe8f467c
Document attributes ( #526 )
...
* Add 'acme' action group attribute.
* Compatibility with older ansible-core releases.
* Fix typo.
* Document standard attributes.
* Improve docs.
* Add shortcuts for common combinations.
2022-11-06 21:10:56 +01:00
9ba0e25bfe
Handle new nonce call more gracefully when it does not return nonce. ( #525 )
2022-11-02 08:32:01 +00:00
e4e2b804bc
Allow to configure encryption level. ( #523 )
2022-11-01 19:51:28 +01:00
4533b3e934
Include symbolic HTTP status codes in error and log messages when available. ( #524 )
2022-10-31 21:33:27 +01:00
516be406e0
Improve import error handling for ACME modules ( #519 )
...
* Improve import error handling for ACME modules
* Update plugins/module_utils/acme/acme.py
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2022-10-17 21:38:54 +02:00
b3f589df62
Action plugin support code: ensure compatibility with newer versions of ansible-core ( #515 )
...
* Only access C.STRING_CONVERSION_ACTION for old ansible-base / Ansible versions.
* Always use self.__xxx instead of xxx directly.
2022-09-23 07:02:46 +02:00
c24e5c63e8
acme modules: also support 503 for retries ( #513 )
...
* Also support 503 for retries.
* Forgot to adjust status code comparison.
* Also support 408.
2022-09-21 13:50:26 +02:00
829707fc5a
fix: add warning when openssh-keypair has private_key_format specified with opensshbin ( #512 )
2022-09-19 20:10:21 +02:00
a0d862e1f1
Support 429 Too Many Requests for acme module_utils. ( #508 )
2022-09-19 20:10:03 +02:00
1dcc135da5
feat: add private_key_format choices for openssh_keypair ( #511 )
...
* feat: add private_key_format choices for openssh_keypair
* chore: add changelog fragment
2022-09-18 20:10:29 -04:00
98bfdb322a
Make sure that escape sequence in YAML is not interpreted by Python. ( #507 )
2022-09-04 22:09:06 +02:00
0e15d6cea8
Convert yes/no to true/false. ( #503 )
2022-08-23 21:33:29 +02:00
fd1263c9aa
Fix some new linting errors ( #499 )
...
* Fix some new linting errors.
* More linting errors.
ci_complete
2022-08-12 08:34:51 +02:00
2dafef1fab
Fix docs ( #497 )
...
* Fix docs.
* Fix YAML.
* Prevent crashes with older pyyaml versions.
2022-08-04 20:02:56 +02:00
d83f7639be
add production directory URL for ACME v2 for Sectigo ( #496 )
...
According the to official Sectigo documentation [1] the directory URL
for ACME v2 is: https://acme-qa.secure.trust-provider.com/v2/DV
[1] https://docs.sectigo.com/scm/acme-integration-docs/1/eab-clients-sectigo-acme-integration.html
Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at>
2022-07-26 18:10:43 +02:00
e08efe2598
Correctly mark plugins/module_utils/crypto/_obj2txt.py as having two licenses. ( #495 )
2022-07-25 07:17:56 +02:00
6bf3ef47e1
Move licenses to LICENSES/, use SPDX-License-Identifier, mention all licenses in galaxy.yml ( #491 )
...
* Add SPDX license identifiers, mention all licenses in galaxy.yml.
* Add default copyright headers.
* Add headers for documents.
* Fix/add more copyright statements.
* Add copyright / license info for vendored code.
* Add extra sanity test.
* Add changelog fragment.
* Comment PSF-2.0 license out in galaxy.yml for now.
* Remove colon after 'Copyright'.
* Avoid colon after 'Copyright' in lint script.
* Mention correct filename.
* Add BSD-3-Clause.
* Improve lint script.
* Update README.
* Symlinks...
2022-07-21 07:27:26 +02:00
9ed4526fee
openssl_pkcs12: fix crash when trying to get non-existing other certificates ( #487 )
...
* Fix crash when trying to get non-existing other certificates.
* Add test.
2022-07-07 22:30:22 +02:00
de0ec1f739
Add Apache 2.0 license; simplify and standardize license headers ( #478 )
...
* Add Apache 2.0 license for Apache 2.0 licensed parts.
* Unify license headers.
* Move additional licenses to licenses/.
* Revert "Move additional licenses to licenses/."
This reverts commit c12b22de1c
2022-06-17 08:20:40 +02:00
b29f238083
Fix ValueError: excluded_subtrees must be a non-empty list or None ( #481 )
2022-06-17 07:53:07 +02:00
297b44f24b
x509_crl: do not crash when signing with Ed25519 or Ed448 ( #475 )
...
* Do not crash when signing with Ed25519 or Ed448.
* Forgot replace.
2022-06-15 22:06:40 +02:00
ccd66419f4
Add simplified_bsd.txt license file ( #467 )
...
* Add simplified_bsd.txt and adjust references.
* Add changelog.
2022-06-02 07:45:50 +02:00
c49102d688
certificate_complete_chain: do not stop execution on unsupported algorithm ( #457 )
...
* Do not stop execution on unsupported algorithm.
* Fix typo.
2022-05-20 07:22:35 +02:00
5664bfe4b6
Add PSF-license.txt file. ( #453 )
2022-05-16 07:40:04 +02:00
4cf951596f
Improve handling of IDNA/Unicode domains ( #436 )
...
* Prepare IDNA/Unicode conversion code. Use to normalize input.
* Use IDNA library first (IDNA2008) and Python's IDNA2003 implementation as a fallback.
* Make sure idna is installed.
* Add changelog fragment.
* 'punycode' → 'idna'.
* Add name_encoding options and tests.
* Avoid invalid character for IDNA2008.
* Linting.
* Forgot to upate value.
* Work around cryptography bug. Fix port handling for URIs.
* Forgot other place sensitive to cryptography bug.
* Forgot one. (Will likely still fail.)
* Decode IDNA in _compress_entry() to avoid comparison screw-ups.
* Work around Python 3.5 problem in Ansible 2.9's default test container.
* Update changelog fragment.
* Fix error, add tests.
* Python 2 compatibility.
* Update requirements.
2022-05-09 19:57:14 +02:00
90efcc1ca7
Add privatekey_content option. ( #452 )
2022-05-09 19:56:08 +02:00
8a1c60e54a
Incorporate feedback from #443 that ACME modules work with Sectigo ACME Service for InCommon ( #451 )
...
* Incorporate feedback from #443 .
* Update comment.
2022-05-09 13:28:03 +02:00
c16d9f78b8
Make request timeout configurable for all acme modules ( #448 )
...
* Make request timeout configurable for all acme modules
Fixes #447 .
* Log change made in #448
2022-05-03 17:29:38 +02:00
91f192ce5b
Fix main for new cryptography 37.0.0 release ( #445 )
...
* Fix empty check for openssl_pkcs12 tests.
* Remove unnecessary imports.
* Prevent crash if PyOpenSSL cannot be imported because of an AttributeError.
* Add changelog fragment.
* Fix constraints file.
* Use Python 2.7 instead of 3.5 for 2.9 cloud tests (pip module is broken).
* Prevent upgrading cryptography on ansible-core 2.12's default container with Python 3.9.
2022-04-26 22:18:37 +02:00
9d03178b00
Fix crash in x509_crl when certificate issuer is specified ( #441 )
...
* Fix x509_crl certificate issuer issue.
* Add tests.
* Add changelog fragment.
2022-04-18 08:17:27 +02:00
041fff5057
Add persistent and perf options to the luks_device ( #434 )
...
Read and write work queue significantly degrades performance on
SSD/NVME devices[1].
In Debian 11 crypttab does not support no-read-workqueue and
no-write-workqueue flags, so the persistent flag is workaround: once
opened with perf parameters persists forever.
[1] https://blog.cloudflare.com/speeding-up-linux-disk-encryption/
Signed-off-by: Yauhen Artsiukhou <jsirex@gmail.com>
2022-04-10 14:30:10 +02:00
635b25519b
Document OpenSSH 7.7 required for validity always ( #429 )
...
* Document OpenSSH 7.7 required for validity always
* Document cert start time option for OpenSSH <7.7
* Improve language of "always" time support
* Update language on `always` to suggested
* Fix indetation
2022-04-02 12:02:42 -04:00
033bab7db1
openssh_* - catch and report top-level exceptions via `fail_json` ( #417 )
...
* ensure exceptions are properly reported
* adding changelog fragment
* applying review suggestions
* typo
* adding back exception msg
2022-03-08 13:23:09 +01:00
010f1a4d2d
fixing public key return value docs ( #412 )
2022-03-02 13:52:07 +01:00
0d4b3ed991
Fix parsing of lsblk output. ( #410 )
2022-03-02 13:48:38 +01:00
dlehrman
Felix Fontein
Katze
Christoph
Andrew Pantuso
Andrew Pantuso
Daniel Ziegenberg
Songmin Li
Jonas Verhofsté
Yauhen
bluikko