* Only one exit point.
* Refactoring account handling.
* Add diff support for acme_account.
* Insert public_account_key into acme_account_facts result and into acme_account diff.
* Add changelog.
* Fixed#47505: Type error in openssl_certificate
* Use to_bytes instead of str.encode in SelfSignedCertificate. Updates #47508
* Use to_bytes instead of str.encode in OwnCACertificate
* Added integration tests for openssl_certificate: selfsigned_not_before/after and ownca_not_before/after
* Override description for account_key_src and account_key_content to also mention private_key_*.
* Convert generic OpenSSL/cryptography remark from description to note.
This avoids the whole description list to be sorted alphabetically, which will be done by plugin_docs.py in case description is mentioned in both module fragment and module itself.
* Moving more notes to the notes: section.
* Uniformization of first paragraph. Mainly mention ACME supporting CAs, and only then mention Let's Encrypt as one of them.
* Adjusting to current drafts.
* Adjusting to updated drafts.
* Harmonizing short module descriptions.
* Referencing helper modules.
* Move general Let's Encrypt remark to doc fragment.
* Changing some Let's Encrypt references to more generic statements.
* Added helper module for generating ACME challenge certificates.
* Soft-fail on missing cryptography. Also check version.
* Adding integration test.
* Move acme_challenge_cert_helper from web_infrastructure to crypto/acme.
* Adjusting to draft-05.
* The cryptography branch has already been merged.
Wow, this does not seem to be an uncommon misspelling. Might be there
are some left that span over two lines. I noticed the one in the git
module and then used `grep -rw 'the the'` to find some more.
Currently, when ones run the module in check_mode it tries to retrieve
values from the actual certificate generated in the generate() function.
Since in check_mode we call dump() without calling generate(), self.cert
is None, leading to self.cert.get_notBefore(), self.cert.get_notAfter()
and self.cert.get_serial_number() raising an error.
> NoneType' object has no attribute 'get_notBefore'
The solution is to have two way to handle dump() method, whether its run
in check_mode=True or check_mode=False leading to different way the
information is retrieved.
Currently, the module fail with a error saying that --acme-dir is mandatory.
Looking at the commandline:
/usr/sbin/acme-tiny --chain --account-key /srv/letsencrypt/acme_key/acme.key
--csr /srv/letsencrypt/nginx_certs/www.example.org.csr--acme-dir /srv/letsencrypt/webroot",
We can see that the space before --acme-dir is missing.
* Module to generate Diffie-Hellman parameters
Implements #32577
* Add integration tests for openssl_dhparam
* Slightly refactor check to prevent unnecessary regeneration
* Fix code smell in tests
Highly annoying to have to do this again and again and again as the rules change during the game
* Using module.run_command() and module.atomic_move() from a tempfile.
* Remove underscore variable
Ansible prefers dummy
Otherwise, it fail with:
Traceback (most recent call last):
File \"/tmp/ansible_c1zmq3i9/ansible_module_openssl_certificate.py\", line 808, in <module>
main()
File \"/tmp/ansible_c1zmq3i9/ansible_module_openssl_certificate.py\", line 787, in main
certificate.generate(module)
File \"/tmp/ansible_c1zmq3i9/ansible_module_openssl_certificate.py\", line 692, in generate
certfile.write(str(crt))
TypeError: a bytes-like object is required, not 'str'
* Verify that acme-tiny is present
* Use run_command rather than subprocess for acme-tiny
Besides consistency with the rest of the code base, this also
add 2 bug fixes:
- ansible should no longer show "warning, junk after json" when using the module
- it also verify the return code of acme-tiny, and so fail when the
verification fail. The previous code didn't check rc, so it would continue
with a empty file
* Module DOCUMENTATION should match argspec
Large update of many modules so that DOCUMENTATION option name and
aliases match those defined in the argspec.
Issues identified by https://github.com/ansible/ansible/pull/34809
In addition to many typos and missing aliases, the following notable
changes were made:
* Create `module_docs_fragments/url.py` for `url_argument_spec`
* `dellos*_command` shouldn't have ever had `waitfor` (was incorrectly copied)
* `ce_aaa_server_host.py` `s/raduis_server_type/radius_server_type/g`
* `Junos_lldp` enable should be part of `state`.
Currently when we make up the return value, we take values based of the
parameters rather than the generated openssl_certificate itself.
This commits returns the actual certificate values making it all time
accurate.
* allow multiple values per key in name fields in openssl_certificate
* check correct side of comparison
* trigger only on lists
* add subject parameter to openssl_csr
* fix key: value mapping not skipping None elements
* temporary fix for undefined "subject" field
* fix iteration over subject entries
* fix docs
* quote sample string
* allow csr with only subject defined
* fix integration test
* look up NIDs before comparing, add hidden _strict params
* deal with empty issuer/subject fields
* adapt integration tests
* also normalize output from pyopenssl
* fix issue with _sanitize_inputs
* don't convert empty lists
* workaround for pyopenssl limitations
* properly encode the input to the txt2nid function
* another to_bytes fix
* make subject, commonname and subjecAltName completely optional
* don't compare hashes of keys in openssl_csr integration tests
* add integration test for old API in openssl_csr
* compare keys directly in certificate and publickey integration tests
* fix typo
Currently the check() method for idempotence only assumes the public
key is under the form of a PEM file when its not always the case.
The module openssl_publickey allows one to generate OpenSSH format
publickey. This leads to idempotence not being detected.
Felix Fontein
John Westcott IV
Edoardo T
s3lph
lolcube
Jordan Borean
Guillaume Delpierre
♫ Christian Krause ♫
Xyon
Loïc
Abhijeet Kasurde
Michael Scherer
John R Barker
Yanis Guenane
Sam Doran
Yanis Guenane
Thom Wiggers
Ulf Tigerstedt
MarkusTeufelberger