Refactor openssl_privatekey module, move add openssl_privatekey_pipe module (#119)

* Move disk-independent parts of openssl_privatekey to module_utils and doc_fragments.

* Improve documentation.

* Add openssl_privatekey_pipe module.

* Fallback in case no fingerprints are returned.

* Prevent no_log=True for content to stop module from working correctly.

* Forgot version_added.

* Update copyright. All the interesting code is no longer in this file anyway.

* Remove file arguments.

* Add framework for action modules.

* Convert openssl_privatekey_pipe to action plugin.

* Linting.

* Bump version.

* Add return_current_key option.

* Add no_log to examples.

* Remove preparation for potential later extensibility (easy to re-add when needed).

* Fix deprecation version in docs.

* Use new ArgumentSpec object for AnsibleActionModule as well.

tests/integration/targets/openssl_privatekey_pipe/aliases

@@ -0,0 +1,2 @@
+shippable/posix/group1
+destructive

tests/integration/targets/openssl_privatekey_pipe/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - setup_openssl

tests/integration/targets/openssl_privatekey_pipe/tasks/impl.yml

@@ -0,0 +1,103 @@
+---
+- name: ({{select_crypto_backend}}) Create key
+  openssl_privatekey_pipe:
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: result
+
+- name: ({{select_crypto_backend}}) Get key info
+  openssl_privatekey_info:
+    content: "{{ result.privatekey }}"
+  register: result_info
+
+- assert:
+    that:
+      - result is changed
+      - result.privatekey.startswith('----')
+      - result_info.type == 'RSA'
+      - result_info.public_data.size == 4096
+      - result_info.public_data.exponent >= 5
+
+- assert:
+    that:
+      - result_info.public_key_fingerprints.sha256 | length > 10
+      - result.fingerprint.sha256 == result_info.public_key_fingerprints.sha256
+  when: result.fingerprint is not none
+
+- name: ({{select_crypto_backend}}) Update key (check mode)
+  openssl_privatekey_pipe:
+    select_crypto_backend: '{{ select_crypto_backend }}'
+    content: "{{ result.privatekey }}"
+    size: 2048
+  register: update_check
+  check_mode: true
+
+- name: ({{select_crypto_backend}}) Update key (check mode, with return_current_key=true)
+  openssl_privatekey_pipe:
+    select_crypto_backend: '{{ select_crypto_backend }}'
+    content: "{{ result.privatekey }}"
+    size: 2048
+    return_current_key: true
+  register: update_check_return
+  check_mode: true
+
+- name: ({{select_crypto_backend}}) Update key
+  openssl_privatekey_pipe:
+    select_crypto_backend: '{{ select_crypto_backend }}'
+    content: "{{ result.privatekey }}"
+    size: 2048
+  register: update
+
+- name: ({{select_crypto_backend}}) Update key (idempotent, check mode)
+  openssl_privatekey_pipe:
+    select_crypto_backend: '{{ select_crypto_backend }}'
+    content: "{{ update.privatekey }}"
+    size: 2048
+  register: update_idempotent_check
+  check_mode: true
+
+- name: ({{select_crypto_backend}}) Update key (idempotent)
+  openssl_privatekey_pipe:
+    select_crypto_backend: '{{ select_crypto_backend }}'
+    content: "{{ update.privatekey }}"
+    size: 2048
+  register: update_idempotent
+
+- name: ({{select_crypto_backend}}) Update key (idempotent, check mode, with return_current_key=true)
+  openssl_privatekey_pipe:
+    select_crypto_backend: '{{ select_crypto_backend }}'
+    content: "{{ update.privatekey }}"
+    size: 2048
+    return_current_key: true
+  register: update_idempotent_return_check
+  check_mode: true
+
+- name: ({{select_crypto_backend}}) Update key (idempotent, with return_current_key=true)
+  openssl_privatekey_pipe:
+    select_crypto_backend: '{{ select_crypto_backend }}'
+    content: "{{ update.privatekey }}"
+    size: 2048
+    return_current_key: true
+  register: update_idempotent_return
+
+- name: ({{select_crypto_backend}}) Get key info
+  openssl_privatekey_info:
+    content: "{{ update.privatekey }}"
+  register: update_info
+
+- assert:
+    that:
+      - update_check is changed
+      - update_check.privatekey == 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
+      - update_check_return is changed
+      - update_check_return.privatekey == result.privatekey
+      - update is changed
+      - update.privatekey != result.privatekey
+      - update_info.public_data.size == 2048
+      - update_idempotent_check is not changed
+      - update_idempotent_check.privatekey is undefined
+      - update_idempotent is not changed
+      - update_idempotent.privatekey is undefined
+      - update_idempotent_return_check is not changed
+      - update_idempotent_return_check.privatekey == update.privatekey
+      - update_idempotent_return is not changed
+      - update_idempotent_return.privatekey == update.privatekey

tests/integration/targets/openssl_privatekey_pipe/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+####################################################################
+# WARNING: These are designed specifically for Ansible tests       #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+- name: Run module with backend autodetection
+  openssl_privatekey_pipe:
+
+- block:
+  - name: Running tests with pyOpenSSL backend
+    include_tasks: impl.yml
+    vars:
+      select_crypto_backend: pyopenssl
+
+  # FIXME: minimal pyOpenSSL version?!
+  when: pyopenssl_version.stdout is version('0.6', '>=')
+
+- name: Remove output directory
+  file:
+    path: "{{ output_dir }}"
+    state: absent
+
+- name: Re-create output directory
+  file:
+    path: "{{ output_dir }}"
+    state: directory
+
+- block:
+  - name: Running tests with cryptography backend
+    include_tasks: impl.yml
+    vars:
+      select_crypto_backend: cryptography
+
+  when: cryptography_version.stdout is version('0.5', '>=')