Current openssl_certificate is mistakenly taking its derivating its
version number from the csr version number.
Thos two fields are completly unrelated and hence the version number of
the certificate should be able to be directly specified (via
selfsigned_version parameter).
* openssl_certificate: Fix parameter assertion in Python3
Parameter assertion in Python3 is broken. pyOpenSSL get_X() functions
returns b'' type string and tries to compare it with '' string, leading
to failure.
The error mentionned above has been fixed by sanitizing the inputs from
a user to the assert only backend.
Also, this error was hidden by the fact that the improper check method
was called in the generate() functions.
* Add simple integration test for openssl_certificate
* remove subject == issuer assertion
* run integration tests only on supported hosts
* change min supported version to 0.15.x
* Add test for more CSR fields
* also convert dict members to bytes
* fix version_compare
* openssl_{csr, certificate}: Fail if pyOpenSSL <= 0.15
Previous 0.13 pyOpenSSL was a C-binding, and required the parameter
passed to add_extention to be in ASN.1. This has changed with the move
to 0.14 and it is now all pythong and string based.
Previous the 0.15 release, the `get_extensions()` method didn't exist,
since the modules rely heavily on it we ensure pyOpenSSL version is at
last 0.15.0.
* check pyopenssl version in openssl_csr integration test
This commit aims to add the openssl_certificate module.
This module allows a user to manage openssl certificates.
This module implement the notion of backend provider, making this module
extensible to anyone wish as long as a provider is coded for it.
The current three providers are the following:
* selfsigned: Allows a user to self signed a certificate
* acme: Allow a user to generate acme-based CA challenges certificate.
(As of this writing this targets letsencrypt)
* assertonly: Allow a user to assert the characteristic of her SSL
certificate
Co-Authored-By: Markus Teufelberger <mteufelberger+ansible@mgit.at>
* openssl_privatekey: Extend test coverage
Extend the coverage of the integration test for the module
openssl_privatekey.
New tests have been added:
* passphrase
* idempotence
* removal
Co-Authored-By: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>
* openssl_publickey: Extend test coverage
Extend the coverage on the integration test for the module
openssl_publickey.
New tests have been added:
* OpenSSH format
* passphrase
* idempotence
* removal
When comparing expected and current value for keyUsage and
extendedKeyUsage current behavior is not deterministic.
As we compare two arrays, based on the order the value have been
specified, False might be returned when the two arrays actually matches.
In order to have a deterministic comparison we compare sets rather than
arrays.
Allow user to mark the x509v3 extensions as critical, by specifying the
$extension_critical boolean, where $extension is the name of the
extension.
Currently this module supports only 3 differents x509v3 extensions:
* keyUsage
* extendedKeyUsage
* subjectAtlName
There are more to come.
* openssl_csr: make subjectAltNames a list
* csr module now uses the new standard way to build openssl crypto modules
* add check functions for subject and subjectAltNames
* added support for keyUsage and extendedKeyUsage
* check if CSR signature is correct (aka the privatekey belongs to the CSR)
* fixes for first PR review
* fixes for second PR review
* openssl_csr: there is no need to pass on privatekey as it can be accessed directly
* openssl_csr: documentation fixes
The OpenSSLObject class has been merged[1]. This commit makes the
openssl_publickey rely on this class and standardize the way openssl
module should be written.
[1] #26945
The OpenSSLObject class has been merged[1]. This commit makes the
openssl_privatekey rely on this class and standardize the way openssl
module should be written.
Co-Authored-By: Christian Pointner <cpointner@mgit.at>
[1] https://github.com/ansible/ansible/pull/26945
Crypto namespace contains the openssl modules. It has no integration
testing as of now.
This commits aims to add integration tests for the crypto namespace.
This will make it easier to spot breaking changes in the future.
This tests currently apply to:
* openssl_privatekey
* openssl_publickey
* openssl_csr
Public key can be extracted extracted in different format from
the PEM formatted RSA pair.
This commit allows the user to specify the format s/he wants to generate
the public key:
* PEM
* OpenSSH
* openssl_publickey: Allow one to specify file permission
Allow a user to specify file permissions on the generated publickey via
the file module common arguments.
* openssl: Add documentation regarding file_common_args
Add documentation for those modules to let the user know that he can
rely on file_common_args to specify file permissions.
The commit was started before 2.3 was branched, but was only merged once
2.3 was actually branched. This leads to documentation stating this
module is new in 2.3 when it will be actually new in 2.4
Changes to the metadata format were approved here:
https://github.com/ansible/proposals/issues/54
* Update documentation to the new metadata format
* Changes to metadata-tool to account for new metadata
* Add GPL license header
* Add upgrade subcommand to upgrade metadata version
* Change default metadata to the new format
* Fix exclusion of non-modules from the metadata report
* Fix ansible-doc for new module metadata
* Exclude metadata version from ansible-doc output
* Fix website docs generation for the new metadata
* Update metadata schema in valiate-modules test
* Update the metadata in all modules to the new version
* Update validate-modules
* Validates ANSIBLE_METADATA
* Ensures imports happen after documentation vars
* Some pep8 cleanup
* Clean up some left over unneeded code
* Update modules for new module guidelines and validate-modules checks
* Update imports for ec2_vpc_route_table and ec2_vpc_nat_gateway
Yanis Guenane
MarkusTeufelberger
Christian Pointner
René Moser
Toshio Kuratomi
Yanis Guenane
Christian Pointner
Abhijeet Kasurde
Andrea Tartaglia
Matt Martz
Matt Clay
James Cammarata