829707fc5a
fix: add warning when openssh-keypair has private_key_format specified with opensshbin ( #512 )
2022-09-19 20:10:21 +02:00
a0d862e1f1
Support 429 Too Many Requests for acme module_utils. ( #508 )
2022-09-19 20:10:03 +02:00
1dcc135da5
feat: add private_key_format choices for openssh_keypair ( #511 )
...
* feat: add private_key_format choices for openssh_keypair
* chore: add changelog fragment
2022-09-18 20:10:29 -04:00
98bfdb322a
Make sure that escape sequence in YAML is not interpreted by Python. ( #507 )
2022-09-04 22:09:06 +02:00
0e15d6cea8
Convert yes/no to true/false. ( #503 )
2022-08-23 21:33:29 +02:00
fd1263c9aa
Fix some new linting errors ( #499 )
...
* Fix some new linting errors.
* More linting errors.
ci_complete
2022-08-12 08:34:51 +02:00
2dafef1fab
Fix docs ( #497 )
...
* Fix docs.
* Fix YAML.
* Prevent crashes with older pyyaml versions.
2022-08-04 20:02:56 +02:00
d83f7639be
add production directory URL for ACME v2 for Sectigo ( #496 )
...
According the to official Sectigo documentation [1] the directory URL
for ACME v2 is: https://acme-qa.secure.trust-provider.com/v2/DV
[1] https://docs.sectigo.com/scm/acme-integration-docs/1/eab-clients-sectigo-acme-integration.html
Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at>
2022-07-26 18:10:43 +02:00
e08efe2598
Correctly mark plugins/module_utils/crypto/_obj2txt.py as having two licenses. ( #495 )
2022-07-25 07:17:56 +02:00
6bf3ef47e1
Move licenses to LICENSES/, use SPDX-License-Identifier, mention all licenses in galaxy.yml ( #491 )
...
* Add SPDX license identifiers, mention all licenses in galaxy.yml.
* Add default copyright headers.
* Add headers for documents.
* Fix/add more copyright statements.
* Add copyright / license info for vendored code.
* Add extra sanity test.
* Add changelog fragment.
* Comment PSF-2.0 license out in galaxy.yml for now.
* Remove colon after 'Copyright'.
* Avoid colon after 'Copyright' in lint script.
* Mention correct filename.
* Add BSD-3-Clause.
* Improve lint script.
* Update README.
* Symlinks...
2022-07-21 07:27:26 +02:00
9ed4526fee
openssl_pkcs12: fix crash when trying to get non-existing other certificates ( #487 )
...
* Fix crash when trying to get non-existing other certificates.
* Add test.
2022-07-07 22:30:22 +02:00
de0ec1f739
Add Apache 2.0 license; simplify and standardize license headers ( #478 )
...
* Add Apache 2.0 license for Apache 2.0 licensed parts.
* Unify license headers.
* Move additional licenses to licenses/.
* Revert "Move additional licenses to licenses/."
This reverts commit c12b22de1c
2022-06-17 08:20:40 +02:00
b29f238083
Fix ValueError: excluded_subtrees must be a non-empty list or None ( #481 )
2022-06-17 07:53:07 +02:00
297b44f24b
x509_crl: do not crash when signing with Ed25519 or Ed448 ( #475 )
...
* Do not crash when signing with Ed25519 or Ed448.
* Forgot replace.
2022-06-15 22:06:40 +02:00
ccd66419f4
Add simplified_bsd.txt license file ( #467 )
...
* Add simplified_bsd.txt and adjust references.
* Add changelog.
2022-06-02 07:45:50 +02:00
c49102d688
certificate_complete_chain: do not stop execution on unsupported algorithm ( #457 )
...
* Do not stop execution on unsupported algorithm.
* Fix typo.
2022-05-20 07:22:35 +02:00
5664bfe4b6
Add PSF-license.txt file. ( #453 )
2022-05-16 07:40:04 +02:00
4cf951596f
Improve handling of IDNA/Unicode domains ( #436 )
...
* Prepare IDNA/Unicode conversion code. Use to normalize input.
* Use IDNA library first (IDNA2008) and Python's IDNA2003 implementation as a fallback.
* Make sure idna is installed.
* Add changelog fragment.
* 'punycode' → 'idna'.
* Add name_encoding options and tests.
* Avoid invalid character for IDNA2008.
* Linting.
* Forgot to upate value.
* Work around cryptography bug. Fix port handling for URIs.
* Forgot other place sensitive to cryptography bug.
* Forgot one. (Will likely still fail.)
* Decode IDNA in _compress_entry() to avoid comparison screw-ups.
* Work around Python 3.5 problem in Ansible 2.9's default test container.
* Update changelog fragment.
* Fix error, add tests.
* Python 2 compatibility.
* Update requirements.
2022-05-09 19:57:14 +02:00
90efcc1ca7
Add privatekey_content option. ( #452 )
2022-05-09 19:56:08 +02:00
8a1c60e54a
Incorporate feedback from #443 that ACME modules work with Sectigo ACME Service for InCommon ( #451 )
...
* Incorporate feedback from #443 .
* Update comment.
2022-05-09 13:28:03 +02:00
c16d9f78b8
Make request timeout configurable for all acme modules ( #448 )
...
* Make request timeout configurable for all acme modules
Fixes #447 .
* Log change made in #448
2022-05-03 17:29:38 +02:00
91f192ce5b
Fix main for new cryptography 37.0.0 release ( #445 )
...
* Fix empty check for openssl_pkcs12 tests.
* Remove unnecessary imports.
* Prevent crash if PyOpenSSL cannot be imported because of an AttributeError.
* Add changelog fragment.
* Fix constraints file.
* Use Python 2.7 instead of 3.5 for 2.9 cloud tests (pip module is broken).
* Prevent upgrading cryptography on ansible-core 2.12's default container with Python 3.9.
2022-04-26 22:18:37 +02:00
9d03178b00
Fix crash in x509_crl when certificate issuer is specified ( #441 )
...
* Fix x509_crl certificate issuer issue.
* Add tests.
* Add changelog fragment.
2022-04-18 08:17:27 +02:00
041fff5057
Add persistent and perf options to the luks_device ( #434 )
...
Read and write work queue significantly degrades performance on
SSD/NVME devices[1].
In Debian 11 crypttab does not support no-read-workqueue and
no-write-workqueue flags, so the persistent flag is workaround: once
opened with perf parameters persists forever.
[1] https://blog.cloudflare.com/speeding-up-linux-disk-encryption/
Signed-off-by: Yauhen Artsiukhou <jsirex@gmail.com>
2022-04-10 14:30:10 +02:00
635b25519b
Document OpenSSH 7.7 required for validity always ( #429 )
...
* Document OpenSSH 7.7 required for validity always
* Document cert start time option for OpenSSH <7.7
* Improve language of "always" time support
* Update language on `always` to suggested
* Fix indetation
2022-04-02 12:02:42 -04:00
033bab7db1
openssh_* - catch and report top-level exceptions via `fail_json` ( #417 )
...
* ensure exceptions are properly reported
* adding changelog fragment
* applying review suggestions
* typo
* adding back exception msg
2022-03-08 13:23:09 +01:00
010f1a4d2d
fixing public key return value docs ( #412 )
2022-03-02 13:52:07 +01:00
0d4b3ed991
Fix parsing of lsblk output. ( #410 )
2022-03-02 13:48:38 +01:00
28729657ac
x509_certificate: check existing certificate's signature for selfsigned and ownca provider ( #407 )
...
* Verify whether signature matches.
* Add changelog fragment.
* Forgot imports.
* Fix wrong name.
* Check whether the CA private key fits to the CA certificate. Use correct key in tests.
* Refactor code.
2022-02-16 07:38:11 +01:00
3ebc132c03
Regenerate certificate on CA's subject change. ( #402 )
2022-02-14 18:04:29 +01:00
11a14543c8
certificate_complete_chain: handle duplicate intermediate subjects ( #403 )
...
* Allow multiple intermediate CAs to have same subject.
* Add tests.
* Fix test name.
* Don't use CN for SAN.
* Make a bit more compatible.
* Include jinja2 compat for CentOS 6.
2022-02-14 13:29:19 +01:00
a307618872
openssh_cert - fix full_idempotence for host certificates ( #396 )
...
* fixing host cert idempotence
* adding changelog fragment
2022-02-04 20:53:50 +01:00
ea2e45d63f
Set LANG and similar env variables to prevent translated cryptsetup output. ( #388 )
2022-01-30 21:30:56 +01:00
b339e71973
Added 'ignore_timestamps' parameter ( #381 )
...
* Added 'ignore_timestamps' parameter
* Update plugins/modules/openssh_cert.py
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* Update plugins/modules/openssh_cert.py
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* Update plugins/modules/openssh_cert.py
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* Added fragment
* Update plugins/modules/openssh_cert.py
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* added ignore_timestamps to example
* corrected styling
* fixed styling (again)
* Update changelogs/fragments/381_openssh_cert_add_ignore_timestamps.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* splitted description as suggested by felixfontein
* fixed linebreak
* Mentioned ignore_timestamps in regenerate
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
2022-01-20 16:15:50 +01:00
a467f036b1
Fix indentation of when in example. ( #382 )
2022-01-18 21:52:53 +01:00
bd2bd79497
Add openssl_privatekey_convert module ( #362 )
...
* Add openssl_privatekey_convert module.
* Extend tests and fix bugs.
* Fix wrong required.
* Fix condition.
* Fix bad tests.
* Fix documentation for format.
* Fix copyright lines.
2022-01-10 21:01:52 +01:00
62272296da
Small docs improvements ( #374 )
...
* Small improvements.
* Document behavior changes.
2022-01-10 12:05:09 +00:00
1b0fcde862
Fix comment. ( #372 )
2022-01-06 12:56:10 +00:00
46f39efc43
Use vendored copy of distutils.version. ( #369 )
2022-01-05 21:30:11 +01:00
b2ea4a7ce5
Add basic crypto_info module ( #363 )
...
* Add basic crypto_info module.
* Improve check.
* Actually test capabilities.
* Also output EC curve list.
* Fix detections.
* Ed25519 and Ed448 are not supported on FreeBSD 12.1.
* Refactor.
* Also retrieve information on the OpenSSL binary.
* Improve splitting.
* Update plugins/modules/crypto_info.py
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* Replace list by tuple.
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
2022-01-05 18:19:42 +01:00
3e307fe062
Fix typo. ( #367 )
2022-01-05 18:16:27 +01:00
6ee238d961
certificate_complete_chain: avoid infinite loops, and double roots when root certificate was already part of chain ( #360 )
...
* Avoid infinite loops, and double roots when root certificate was already part of chain.
* Refactor tests for readability.
2022-01-04 07:00:09 +01:00
f3e431912d
Fix indentation in docs. ( #364 )
2022-01-03 21:38:37 +01:00
a539cd6939
Prepare for distutils.version being removed in Python 3.12 ( #353 )
...
* Prepare for distutils.version being removed in Python 2.12.
* Fix copy'n'paste error.
* Re-add Loose prefix.
* Fix Python version typo.
* Improve formulation.
* Move message into own line.
* Fix casing, now that the object is no longer called Version.
2021-12-24 11:28:14 +01:00
45b7aa797e
Fix module reference in example ( #351 )
...
openssl_privatekey -> openssl_publickey
2021-12-13 06:48:59 +01:00
3f40795a98
Extension parsing: add new fallback code which uses the new cryptography API ( #331 )
...
* Add new code as fallback which re-serializes de-serialized extensions using the new cryptography API.
* Forgot Base64 encoding.
* Add extension by OID tests.
* There's one value which is different with the new code.
* Differences in CI.
* Working around older Jinjas.
* Value depends on which SAN was included.
* Force complete CI run now since cryptography 36.0.0 is out.
ci_complete
2021-11-22 07:42:49 +01:00
73bc0f5de7
Use new PKCS#12 deserialization code from cryptography 36.0.0 if available ( #302 )
...
* Use new PKCS#12 deserialization code from cryptography 36.0.0 if available.
* Refactor into smaller functions.
* Force complete CI run now since cryptography 36.0.0 is out.
ci_complete
2021-11-22 07:41:54 +01:00
5de50b9f91
Fix compatibility to fetch_url change in ansible-core devel ( #339 )
...
* Fix compatibility to fetch_url change in ansible-core devel.
* Adjust tests.
2021-11-17 21:26:49 +01:00
ebbfd7c56f
luks_device: add built-in signature wiper to work around older wipefs versions with LUKS2 containers ( #327 )
...
* Use 'cryptsetup erase' to kill LUKS signature.
* Adjust unit test.
* Use own wiper for LUKS headers.
* Add comments.
* Fix tests.
* Update changelog.
* Remove 'cryptsetup erase'.
* Improve error messages.
2021-11-11 06:59:35 +01:00
51b6bb210d
acme_certificate: fix crash when using fullchain_dest ( #324 )
...
* Fix crash when using fullchain_dest.
* Adjust changelog.
* Update plugins/module_utils/acme/backend_cryptography.py
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
2021-11-05 08:51:43 +01:00
Andrew Pantuso
Felix Fontein
Andrew Pantuso
Daniel Ziegenberg
Songmin Li
Jonas Verhofsté
Yauhen
bluikko
JochenKorge
Jasmine Hegman