ansible

Commit Graph

Author	SHA1	Message	Date
Felix Fontein	fed267df03	openssl_csr and openssl_certificate: fix support for Ed25519 and Ed448 private keys (#63984 ) * Move X25519, X448, Ed25519 and Ed448 feature tests to module_utils. * Correctly sign with Ed25519 and Ed448 keys. * Fix public key comparison. Ed25519 and Ed448 do not have public_numbers(). * Add tests. * Add changelog. * Give better errors for cryptography 2.6.x and 2.7.x. * Test for new errors. * Forgot one. * Used wrong private key. * Use private key password for CA key. Add more stuff to its certificate.	5 years ago
Felix Fontein	35a412fab7	openssl_csr: fix tests (#63994 ) * Make sure tests are validated with correct backend in mind. * Fix tests.	5 years ago
Felix Fontein	fa70690e5c	openssl_certificate/csr(_info): add support for SubjectKeyIdentifier and AuthorityKeyIdentifier (#60741 ) * Add support for SubjectKeyIdentifier and AuthorityKeyIdentifier to _info modules. * Adding SubjectKeyIdentifier and AuthorityKeyIdentifier support to openssl_certificate and openssl_csr. * Fix type of authority_cert_issuer. * Add basic tests. * Add changelog. * Added proper tests for _info modules. * Fix docs bug. * Make sure new features are only used when cryptography backend for openssl_csr is available. * Work around jinja2 being too old on some CI hosts. * Add tests for openssl_csr. * Add openssl_certificate tests. * Fix idempotence test. * Move one level up. * Add ownca_create_authority_key_identifier option. * Add ownca_create_authority_key_identifier option. * Add idempotency check. * Apparently the function call expected different args for cryptography < 2.7. * Fix copy'n'paste errors and typos. * string -> general name. * Add disclaimer. * Implement always_create / create_if_not_provided / never_create for openssl_certificate. * Update changelog and porting guide. * Add comments for defaults.	5 years ago
Felix Fontein	cb5c57bcd5	openssl_csr: fix idempotency problems (#55142 ) * Add test for generating a CSR with everything, and testing idempotency. * Proper SAN normalization before comparison. * Fix check in cryptography backend. * Convert SANs to text. Update comments. * Add changelog.	6 years ago
Felix Fontein	188903448a	openssl_*: add backup option (#54294 )	6 years ago
Felix Fontein	90c067e947	openssl_* modules: private key errors (#54088 ) * Improve error handling, in particular with respect to private key loading problems. * Add tests to validate that modules regenerate invalid input and don't crash. * Don't crash when input is invalid. * Create 'better' broken input. * Fix paths. * Simplifying pyOpenSSL error handling.	6 years ago
Felix Fontein	caf7fd2245	openssl_: improve passphrase handling for private keys in PyOpenSSL (#53489 ) Raise OpenSSLBadPassphraseError if passphrase is wrong. * Improve handling of passphrase errors. Current behavior for modules is: if passphrase is wrong (or wrongly specified), fail. Current behavior for openssl_privatekey is: if passphrase is worng (or wrongly specified), regenerate. * Add changelog. * Add tests. * Adjustments for some versions of PyOpenSSL. * Update lib/ansible/modules/crypto/openssl_certificate.py Improve text. Co-Authored-By: felixfontein <felix@fontein.de>	6 years ago
Felix Fontein	b2e992cecd	openssl_csr: improve subject validation (#53198 ) * Improve subject field validation. * Add country name idempotency test. * Add failed country name test. * Add changelog.	6 years ago
Felix Fontein	628326b879	openssl_csr: improve invalid SAN error messages (#53201 ) * Improve invalid SAN error messages. * Add changelog.	6 years ago
Felix Fontein	9b1cbcf3a4	openssl_csr: ignore empty strings in altnames (#51473 ) * Ignore empty strings in altnames. * Add changelog. * Add idempotence check without SAN. * Fix bug in cryptography backend.	6 years ago
Felix Fontein	345011e024	openssl_csr cryptography backend, try II (#50894 ) * Revert "Revert "openssl_csr: Allow to use cryptography as backend (#50324)"" This reverts commit `bbd2e31e9f`. * Remove more complicated selection copy'n'pasted from openssl_privatekey. * Add tests for backend selection. * Add openssl_csr test for arbitrary string commonName. * Allow to disable commonName -> SAN copying (fixes #36690).	6 years ago
Felix Fontein	a5bf71ac6a	openssl_csr: idempotency doesn't work correctly for keyUsage (#50361 ) * Fix key usage idempotency bug. * Extend tests. * Add changelog.	6 years ago
Felix Fontein	e1218ca10f	Elliptic curve tests for crypto modules (#50109 ) * Add openssl_csr ECC test. * Add openssl_publickey ECC test. * Add openssl_certificate ECC test.	6 years ago
Felix Fontein	d1f19125a5	openssl_csr: added support for the OCSP Must Staple extension (#35082 ) * Added support for the OCSP Must Staple extension. * Trying to clean up magic constants a bit.	7 years ago
MarkusTeufelberger	9ea1b18ff7	Allow multiple values per key in name fields in openssl_certificate/csr (#30338 ) * allow multiple values per key in name fields in openssl_certificate * check correct side of comparison * trigger only on lists * add subject parameter to openssl_csr * fix key: value mapping not skipping None elements * temporary fix for undefined "subject" field * fix iteration over subject entries * fix docs * quote sample string * allow csr with only subject defined * fix integration test * look up NIDs before comparing, add hidden _strict params * deal with empty issuer/subject fields * adapt integration tests * also normalize output from pyopenssl * fix issue with _sanitize_inputs * don't convert empty lists * workaround for pyopenssl limitations * properly encode the input to the txt2nid function * another to_bytes fix * make subject, commonname and subjecAltName completely optional * don't compare hashes of keys in openssl_csr integration tests * add integration test for old API in openssl_csr * compare keys directly in certificate and publickey integration tests * fix typo	7 years ago
Yanis Guenane	0648e339a7	openssl: remove static dict for keyUsage (#30339 ) keyUsage and extendedKeyUsage are currently statically limited via a static dict defined in modules_utils/crypto.py. If one specify a value that isn't in there, idempotency won't work. Instead of having static dict, we uses keyUsage and extendedKyeUsage values OpenSSL NID and compare those rather than comparing strings. Fixes: https://github.com/ansible/ansible/issues/30316	7 years ago
Yanis Guenane	8b22c45a45	Enable integration tests for the crypto/ namespace (#26684 ) Crypto namespace contains the openssl modules. It has no integration testing as of now. This commits aims to add integration tests for the crypto namespace. This will make it easier to spot breaking changes in the future. This tests currently apply to: * openssl_privatekey * openssl_publickey * openssl_csr	7 years ago

17 Commits (5d2a3ecbc4a78d1ef95fbb093aa2f79a9cddc475)