internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-06 13:22:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup with ruff check (#963)

Browse Source 
* Implement improvements suggested by ruff check.

* Add ruff check to CI.

* Add changelog fragment.
This commit is contained in:
Felix Fontein
2025-10-28 07:21:11 +01:00
committed by GitHub
parent 6f0c58f483
commit 5420f9baaf
39 changed files with 198 additions and 199 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
plugins/module_utils/_acme/acme.py
View File

@@ -56,9 +56,6 @@ if t.TYPE_CHECKING:
from ansible.module_utils.basic import AnsibleModule # pragma: no cover
from ansible_collections.community.crypto.plugins.module_utils._acme.account import ( # pragma: no cover
ACMEAccount,
)
from ansible_collections.community.crypto.plugins.module_utils._acme.backends import ( # pragma: no cover
CertificateInformation,
CryptoBackend,
@@ -132,12 +129,10 @@ def _is_failed(
) -> bool:
if info["status"] < 200 or info["status"] >= 400:
return True
if (
return bool(
expected_status_codes is not None
and info["status"] not in expected_status_codes
):
return True
return False
)
class ACMEDirectory:

2
plugins/module_utils/_acme/certificates.py
View File

@@ -46,7 +46,7 @@ class CertificateChain:
@classmethod
def download(
cls: t.Type[_CertificateChain], *, client: ACMEClient, url: str
cls: type[_CertificateChain], *, client: ACMEClient, url: str
) -> _CertificateChain:
content, info = client.get_request(
url,

10
plugins/module_utils/_acme/challenges.py
View File

@@ -82,7 +82,7 @@ class Challenge:
@classmethod
def from_json(
cls: t.Type[_Challenge],
cls: type[_Challenge],
*,
client: ACMEClient,
data: dict[str, t.Any],
@@ -188,7 +188,7 @@ class Authorization:
@classmethod
def from_json(
cls: t.Type[_Authorization],
cls: type[_Authorization],
*,
client: ACMEClient,
data: dict[str, t.Any],
@@ -200,7 +200,7 @@ class Authorization:
@classmethod
def from_url(
cls: t.Type[_Authorization], *, client: ACMEClient, url: str
cls: type[_Authorization], *, client: ACMEClient, url: str
) -> _Authorization:
result = cls(url=url)
result.refresh(client=client)
@@ -208,7 +208,7 @@ class Authorization:
@classmethod
def create(
cls: t.Type[_Authorization],
cls: type[_Authorization],
*,
client: ACMEClient,
identifier_type: str,
@@ -384,7 +384,7 @@ class Authorization:
@classmethod
def deactivate_url(
cls: t.Type[_Authorization], *, client: ACMEClient, url: str
cls: type[_Authorization], *, client: ACMEClient, url: str
) -> _Authorization:
"""
Deactivates this authorization.

8
plugins/module_utils/_acme/orders.py
View File

@@ -63,21 +63,21 @@ class Order:
@classmethod
def from_json(
cls: t.Type[_Order], *, client: ACMEClient, data: dict[str, t.Any], url: str
cls: type[_Order], *, client: ACMEClient, data: dict[str, t.Any], url: str
) -> _Order:
result = cls(url=url)
result._setup(client=client, data=data)
return result
@classmethod
def from_url(cls: t.Type[_Order], *, client: ACMEClient, url: str) -> _Order:
def from_url(cls: type[_Order], *, client: ACMEClient, url: str) -> _Order:
result = cls(url=url)
result.refresh(client=client)
return result
@classmethod
def create(
cls: t.Type[_Order],
cls: type[_Order],
*,
client: ACMEClient,
identifiers: list[tuple[str, str]],
@@ -117,7 +117,7 @@ class Order:
@classmethod
def create_with_error_handling(
cls: t.Type[_Order],
cls: type[_Order],
*,
client: ACMEClient,
identifiers: list[tuple[str, str]],

15
plugins/module_utils/_crypto/cryptography_support.py
View File

@@ -114,19 +114,16 @@ if t.TYPE_CHECKING:
PrivateKeyTypes,
PublicKeyTypes,
)
from cryptography.hazmat.primitives.serialization.pkcs12 import ( # pragma: no cover
PKCS12KeyAndCertificates,
)
CertificatePrivateKeyTypes = t.Union[
CertificatePrivateKeyTypes = t.Union[ # noqa: UP007
CertificateIssuerPrivateKeyTypes,
cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey,
cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey,
] # pragma: no cover
PublicKeyTypesWOEdwards = t.Union[ # pylint: disable=invalid-name
PublicKeyTypesWOEdwards = t.Union[ # noqa: UP007 # pylint: disable=invalid-name
DHPublicKey, DSAPublicKey, EllipticCurvePublicKey, RSAPublicKey
] # pragma: no cover
PrivateKeyTypesWOEdwards = t.Union[ # pylint: disable=invalid-name
PrivateKeyTypesWOEdwards = t.Union[ # noqa: UP007 # pylint: disable=invalid-name
DHPrivateKey, DSAPrivateKey, EllipticCurvePrivateKey, RSAPrivateKey
] # pragma: no cover
else:
@@ -727,9 +724,9 @@ def cryptography_key_needs_digest_for_signing(
key, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey
):
return False
if isinstance(key, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey):
return False
return True
return not isinstance(
key, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey
)
def _compare_public_keys(

21
plugins/module_utils/_crypto/module_backends/certificate.py
View File

@@ -41,9 +41,6 @@ if t.TYPE_CHECKING:
import datetime # pragma: no cover
from ansible.module_utils.basic import AnsibleModule # pragma: no cover
from cryptography.hazmat.primitives.asymmetric.types import ( # pragma: no cover
CertificateIssuerPrivateKeyTypes,
)
from ansible_collections.community.crypto.plugins.module_utils._crypto.cryptography_support import ( # pragma: no cover
CertificatePrivateKeyTypes,
@@ -324,15 +321,19 @@ class CertificateBackend(metaclass=abc.ABCMeta):
return True
# Check not before
if not_before is not None and not self.ignore_timestamps:
if get_not_valid_before(self.existing_certificate) != not_before:
return True
if (
not_before is not None
and not self.ignore_timestamps
and get_not_valid_before(self.existing_certificate) != not_before
):
return True
# Check not after
if not_after is not None and not self.ignore_timestamps:
if get_not_valid_after(self.existing_certificate) != not_after:
return True
return False
return bool(
not_after is not None
and not self.ignore_timestamps
and get_not_valid_after(self.existing_certificate) != not_after
)
def dump(self, *, include_certificate: bool) -> dict[str, t.Any]:
"""Serialize the object into a dictionary."""

18
plugins/module_utils/_crypto/module_backends/certificate_info.py
View File

@@ -46,9 +46,6 @@ if t.TYPE_CHECKING:
PublicKeyTypes, # pragma: no cover
)
from ansible_collections.community.crypto.plugins.module_utils._argspec import ( # pragma: no cover
ArgumentSpec,
)
from ansible_collections.community.crypto.plugins.plugin_utils._action_module import ( # pragma: no cover
AnsibleActionModule,
)
@@ -56,7 +53,7 @@ if t.TYPE_CHECKING:
FilterModuleMock,
)
GeneralAnsibleModule = t.Union[
GeneralAnsibleModule = t.Union[ # noqa: UP007
AnsibleModule, AnsibleActionModule, FilterModuleMock
] # pragma: no cover
@@ -270,9 +267,11 @@ class CertificateInfoRetrieval:
x509.AuthorityInformationAccess
)
for desc in ext.value:
if desc.access_method == x509.oid.AuthorityInformationAccessOID.OCSP:
if isinstance(desc.access_location, x509.UniformResourceIdentifier):
return desc.access_location.value
if (
desc.access_method == x509.oid.AuthorityInformationAccessOID.OCSP
and isinstance(desc.access_location, x509.UniformResourceIdentifier)
):
return desc.access_location.value
except x509.ExtensionNotFound:
pass
return None
@@ -286,9 +285,8 @@ class CertificateInfoRetrieval:
if (
desc.access_method
== x509.oid.AuthorityInformationAccessOID.CA_ISSUERS
):
if isinstance(desc.access_location, x509.UniformResourceIdentifier):
return desc.access_location.value
) and isinstance(desc.access_location, x509.UniformResourceIdentifier):
return desc.access_location.value
except x509.ExtensionNotFound:
pass
return None

3
plugins/module_utils/_crypto/module_backends/certificate_ownca.py
View File

@@ -45,9 +45,6 @@ if t.TYPE_CHECKING:
import datetime # pragma: no cover
from ansible.module_utils.basic import AnsibleModule # pragma: no cover
from cryptography.hazmat.primitives.asymmetric.types import ( # pragma: no cover
CertificateIssuerPrivateKeyTypes,
)
from ansible_collections.community.crypto.plugins.module_utils._argspec import ( # pragma: no cover
ArgumentSpec,

2
plugins/module_utils/_crypto/module_backends/certificate_selfsigned.py
View File

@@ -181,7 +181,7 @@ class SelfSignedCertificateBackendCryptography(CertificateBackend):
assert self.existing_certificate is not None
# Check whether certificate is signed by private key
if not cryptography_verify_certificate_signature(
if not cryptography_verify_certificate_signature( # noqa: SIM103
certificate=self.existing_certificate,
signer_public_key=self.privatekey.public_key(),
):

5
plugins/module_utils/_crypto/module_backends/crl_info.py
View File

@@ -29,9 +29,6 @@ from ansible_collections.community.crypto.plugins.module_utils._cryptography_dep
if t.TYPE_CHECKING:
from ansible.module_utils.basic import AnsibleModule # pragma: no cover
from cryptography.hazmat.primitives.asymmetric.types import ( # pragma: no cover
PrivateKeyTypes,
)
from ansible_collections.community.crypto.plugins.plugin_utils._action_module import ( # pragma: no cover
AnsibleActionModule,
@@ -40,7 +37,7 @@ if t.TYPE_CHECKING:
FilterModuleMock,
)
GeneralAnsibleModule = t.Union[
GeneralAnsibleModule = t.Union[ # noqa: UP007
AnsibleModule, AnsibleActionModule, FilterModuleMock
] # pragma: no cover

32
plugins/module_utils/_crypto/module_backends/csr.py
View File

@@ -52,11 +52,6 @@ if t.TYPE_CHECKING:
from ansible.module_utils.basic import AnsibleModule # pragma: no cover
from cryptography.hazmat.primitives.asymmetric.types import ( # pragma: no cover
CertificateIssuerPrivateKeyTypes,
PrivateKeyTypes,
)
from ansible_collections.community.crypto.plugins.module_utils._crypto.cryptography_support import ( # pragma: no cover
CertificatePrivateKeyTypes,
)
_ET = t.TypeVar("_ET", bound="cryptography.x509.ExtensionType") # pragma: no cover
@@ -533,10 +528,11 @@ class CertificateSigningRequestBackend:
)
if set(altnames) != set(current_altnames):
return False
if altnames and current_altnames_ext:
if current_altnames_ext.critical != self.subject_alt_name_critical:
return False
return True
return not (
altnames
and current_altnames_ext
and current_altnames_ext.critical != self.subject_alt_name_critical
)
def _check_key_usage(extensions: cryptography.x509.Extensions) -> bool:
current_keyusage_ext = _find_extension(
@@ -578,10 +574,11 @@ class CertificateSigningRequestBackend:
)
if set(current_usages) != set(usages):
return False
if usages and current_usages_ext:
if current_usages_ext.critical != self.extended_key_usage_critical:
return False
return True
return not (
usages
and current_usages_ext
and current_usages_ext.critical != self.extended_key_usage_critical
)
def _check_basic_constraints(extensions: cryptography.x509.Extensions) -> bool:
bc_ext = _find_extension(extensions, cryptography.x509.BasicConstraints)
@@ -652,10 +649,11 @@ class CertificateSigningRequestBackend:
current_nc_excl
):
return False
if (nc_perm or nc_excl) and current_nc_ext:
if current_nc_ext.critical != self.name_constraints_critical:
return False
return True
return not (
(nc_perm or nc_excl)
and current_nc_ext
and current_nc_ext.critical != self.name_constraints_critical
)
def _check_subject_key_identifier(
extensions: cryptography.x509.Extensions,

3
plugins/module_utils/_crypto/module_backends/csr_info.py
View File

@@ -35,7 +35,6 @@ if t.TYPE_CHECKING:
from ansible.module_utils.basic import AnsibleModule # pragma: no cover
from cryptography.hazmat.primitives.asymmetric.types import ( # pragma: no cover
CertificatePublicKeyTypes,
PrivateKeyTypes,
)
from ansible_collections.community.crypto.plugins.plugin_utils._action_module import ( # pragma: no cover
@@ -45,7 +44,7 @@ if t.TYPE_CHECKING:
FilterModuleMock,
)
GeneralAnsibleModule = t.Union[
GeneralAnsibleModule = t.Union[ # noqa: UP007
AnsibleModule, AnsibleActionModule, FilterModuleMock
] # pragma: no cover

42
plugins/module_utils/_crypto/module_backends/privatekey.py
View File

@@ -47,7 +47,7 @@ if t.TYPE_CHECKING:
AnsibleActionModule,
)
GeneralAnsibleModule = t.Union[
GeneralAnsibleModule = t.Union[ # noqa: UP007
AnsibleModule, AnsibleActionModule
] # pragma: no cover
@@ -495,26 +495,28 @@ class PrivateKeyBackend:
" set to `full_idempotence` or `always`, or with `force=true`."
)
self._ensure_existing_private_key_loaded()
if self.regenerate != "never":
if not self._check_size_and_type():
if self.regenerate in ("partial_idempotence", "full_idempotence"):
return True
self.module.fail_json(
msg="Key has wrong type and/or size."
" Will not proceed. To force regeneration, call the module with `generate`"
" set to `partial_idempotence`, `full_idempotence` or `always`, or with `force=true`."
)
if self.regenerate != "never" and not self._check_size_and_type():
if self.regenerate in ("partial_idempotence", "full_idempotence"):
return True
self.module.fail_json(
msg="Key has wrong type and/or size."
" Will not proceed. To force regeneration, call the module with `generate`"
" set to `partial_idempotence`, `full_idempotence` or `always`, or with `force=true`."
)
# During generation step, regenerate if format does not match and format_mismatch == 'regenerate'
if self.format_mismatch == "regenerate" and self.regenerate != "never":
if not self._check_format():
if self.regenerate in ("partial_idempotence", "full_idempotence"):
return True
self.module.fail_json(
msg="Key has wrong format."
" Will not proceed. To force regeneration, call the module with `generate`"
" set to `partial_idempotence`, `full_idempotence` or `always`, or with `force=true`."
" To convert the key, set `format_mismatch` to `convert`."
)
if (
self.format_mismatch == "regenerate"
and self.regenerate != "never"
and not self._check_format()
):
if self.regenerate in ("partial_idempotence", "full_idempotence"):
return True
self.module.fail_json(
msg="Key has wrong format."
" Will not proceed. To force regeneration, call the module with `generate`"
" set to `partial_idempotence`, `full_idempotence` or `always`, or with `force=true`."
" To convert the key, set `format_mismatch` to `convert`."
)
return False
def needs_conversion(self) -> bool:

6
plugins/module_utils/_crypto/module_backends/privatekey_info.py
View File

@@ -47,7 +47,7 @@ if t.TYPE_CHECKING:
FilterModuleMock,
)
GeneralAnsibleModule = t.Union[
GeneralAnsibleModule = t.Union[ # noqa: UP007
AnsibleModule, AnsibleActionModule, FilterModuleMock
] # pragma: no cover
@@ -122,9 +122,7 @@ def _check_dsa_consistency(
if binary_exp_mod(g, x, m=p) != y:
return False
# Check (quickly) whether p or q are not primes
if quick_is_not_prime(q) or quick_is_not_prime(p):
return False
return True
return not (quick_is_not_prime(q) or quick_is_not_prime(p))
def _is_cryptography_key_consistent(

2
plugins/module_utils/_crypto/module_backends/publickey_info.py
View File

@@ -35,7 +35,7 @@ if t.TYPE_CHECKING:
FilterModuleMock,
)
GeneralAnsibleModule = t.Union[
GeneralAnsibleModule = t.Union[ # noqa: UP007
AnsibleModule, AnsibleActionModule, FilterModuleMock
] # pragma: no cover

4
plugins/module_utils/_cryptography_dep.py
View File

@@ -33,7 +33,7 @@ if t.TYPE_CHECKING:
FilterModuleMock,
)
GeneralAnsibleModule = t.Union[
GeneralAnsibleModule = t.Union[ # noqa: UP007
AnsibleModule, AnsibleActionModule, FilterModuleMock
] # pragma: no cover
@@ -69,7 +69,7 @@ def assert_required_cryptography_version(
msg=missing_required_lib(f"cryptography >= {minimum_cryptography_version}"),
exception=_CRYPTOGRAPHY_IMP_ERR,
)
if CRYPTOGRAPHY_VERSION < LooseVersion(minimum_cryptography_version):
if LooseVersion(minimum_cryptography_version) > CRYPTOGRAPHY_VERSION:
module.fail_json(
msg=(
f"Cannot detect the required Python library cryptography (>= {minimum_cryptography_version})."

14
plugins/module_utils/_openssh/backends/common.py
View File

@@ -21,10 +21,6 @@ from ansible_collections.community.crypto.plugins.module_utils._openssh.utils im
if t.TYPE_CHECKING:
from ansible.module_utils.basic import AnsibleModule # pragma: no cover
from cryptography.hazmat.primitives.asymmetric.types import ( # pragma: no cover
CertificateIssuerPrivateKeyTypes,
PrivateKeyTypes,
)
from ansible_collections.community.crypto.plugins.module_utils._openssh.certificate import ( # pragma: no cover
OpensshCertificateTimeParameters,
@@ -96,7 +92,7 @@ def _restore_all_on_failure(
os.path.abspath(backup), os.path.abspath(destination)
)
raise
for destination, backup in backups:
for dummy_destination, backup in backups:
self.module.add_cleanup_file(backup)
return backup_and_restore
@@ -373,7 +369,9 @@ class PrivateKey:
return self._format
@classmethod
def from_string(cls: t.Type[_PrivateKey], string: str) -> _PrivateKey:
def from_string(
cls: t.Type[_PrivateKey], string: str # noqa: UP006
) -> _PrivateKey:
properties = string.split()
return cls(
@@ -439,7 +437,7 @@ class PublicKey:
return self._type_string
@classmethod
def from_string(cls: t.Type[_PublicKey], string: str) -> _PublicKey:
def from_string(cls: type[_PublicKey], string: str) -> _PublicKey:
properties = string.strip("\n").split(" ", 2)
return cls(
@@ -449,7 +447,7 @@ class PublicKey:
)
@classmethod
def load(cls: t.Type[_PublicKey], path: str | os.PathLike) -> _PublicKey | None:
def load(cls: type[_PublicKey], path: str | os.PathLike) -> _PublicKey | None:
with open(path, "r", encoding="utf-8") as f:
properties = f.read().strip(" \n").split(" ", 2)

4
plugins/module_utils/_openssh/backends/keypair_backend.py
View File

@@ -46,10 +46,6 @@ from ansible_collections.community.crypto.plugins.module_utils._version import (
if t.TYPE_CHECKING:
from ansible.module_utils.basic import AnsibleModule # pragma: no cover
from cryptography.hazmat.primitives.asymmetric.types import ( # pragma: no cover
CertificateIssuerPrivateKeyTypes,
PrivateKeyTypes,
)
class KeypairBackend(OpensshModule, metaclass=abc.ABCMeta):

4
plugins/module_utils/_openssh/certificate.py
View File

@@ -312,7 +312,7 @@ class OpensshCertificateOption:
@classmethod
def from_string(
cls: t.Type[_OpensshCertificateOption], option_string: str
cls: t.Type[_OpensshCertificateOption], option_string: str # noqa: UP006
) -> _OpensshCertificateOption:
if not isinstance(option_string, str):
raise ValueError(
@@ -573,7 +573,7 @@ class OpensshCertificate:
@classmethod
def load(
cls: t.Type[_OpensshCertificate], path: str | os.PathLike
cls: t.Type[_OpensshCertificate], path: str | os.PathLike # noqa: UP006
) -> _OpensshCertificate:
if not os.path.exists(path):
raise ValueError(f"{path} is not a valid path.")

12
plugins/module_utils/_openssh/cryptography.py
View File

@@ -79,13 +79,13 @@ if t.TYPE_CHECKING:
KeySerializationFormat = t.Literal["PEM", "DER", "SSH"] # pragma: no cover
KeyType = t.Literal["rsa", "dsa", "ed25519", "ecdsa"] # pragma: no cover
PrivateKeyTypes = t.Union[
PrivateKeyTypes = t.Union[ # noqa: UP007
rsa.RSAPrivateKey,
dsa.DSAPrivateKey,
ec.EllipticCurvePrivateKey,
Ed25519PrivateKey,
] # pragma: no cover
PublicKeyTypes = t.Union[
PublicKeyTypes = t.Union[ # noqa: UP007
rsa.RSAPublicKey, dsa.DSAPublicKey, ec.EllipticCurvePublicKey, Ed25519PublicKey
] # pragma: no cover
@@ -149,7 +149,7 @@ class AsymmetricKeypair:
@classmethod
def generate(
cls: t.Type[_AsymmetricKeypair],
cls: type[_AsymmetricKeypair],
*,
keytype: KeyType = "rsa",
size: int | None = None,
@@ -213,7 +213,7 @@ class AsymmetricKeypair:
@classmethod
def load(
cls: t.Type[_AsymmetricKeypair],
cls: type[_AsymmetricKeypair],
*,
path: str | os.PathLike,
passphrase: bytes | None = None,
@@ -412,7 +412,7 @@ class OpensshKeypair:
@classmethod
def generate(
cls: t.Type[_OpensshKeypair],
cls: type[_OpensshKeypair],
*,
keytype: KeyType = "rsa",
size: int | None = None,
@@ -451,7 +451,7 @@ class OpensshKeypair:
@classmethod
def load(
cls: t.Type[_OpensshKeypair],
cls: type[_OpensshKeypair],
*,
path: str | os.PathLike,
passphrase: bytes | None = None,

2
plugins/module_utils/_openssh/utils.py
View File

@@ -331,7 +331,7 @@ class _OpensshWriter:
for name, data in value:
writer.string(name)
# SSH option data is encoded twice though this behavior is not documented
writer.string(_OpensshWriter().string(data).bytes() if data else bytes())
writer.string(_OpensshWriter().string(data).bytes() if data else b"")
self.string(writer.bytes())