Get rid of backend parameter whenever possible (#883)

* Get rid of backend parameter whenever possible.

* Always auto-detect if backend choices are 'cryptography' and 'auto', resp. always check cryptography version.

* Improve error message.

* Update documentation.

plugins/modules/openssl_signature.py

@@ -58,6 +58,9 @@ options:
       - Determines which crypto backend to use.
       - The default choice is V(auto), which tries to use C(cryptography) if available.
       - If set to V(cryptography), will try to use the L(cryptography,https://cryptography.io/) library.
+      - Note that with community.crypto 3.0.0, all values behave the same.
+        This option will be deprecated in a later version.
+        We recommend to not set it explicitly.
     type: str
     default: auto
     choices: [auto, cryptography]
@@ -96,10 +99,10 @@ signature:
 
 import base64
 import os
-import traceback
 
 from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
     COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
+    assert_required_cryptography_version,
 )
 from ansible_collections.community.crypto.plugins.module_utils.version import (
     LooseVersion,
@@ -108,7 +111,6 @@ from ansible_collections.community.crypto.plugins.module_utils.version import (
 
 MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
 
-CRYPTOGRAPHY_IMP_ERR = None
 try:
     import cryptography
     import cryptography.hazmat.primitives.asymmetric.padding
@@ -116,12 +118,9 @@ try:
 
     CRYPTOGRAPHY_VERSION = LooseVersion(cryptography.__version__)
 except ImportError:
-    CRYPTOGRAPHY_IMP_ERR = traceback.format_exc()
-    CRYPTOGRAPHY_FOUND = False
-else:
-    CRYPTOGRAPHY_FOUND = True
+    CRYPTOGRAPHY_VERSION = LooseVersion("0.0")
 
-from ansible.module_utils.basic import AnsibleModule, missing_required_lib
+from ansible.module_utils.basic import AnsibleModule
 from ansible_collections.community.crypto.plugins.module_utils.crypto.basic import (
     OpenSSLObjectError,
 )
@@ -133,7 +132,7 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.support im
 
 class SignatureBase(OpenSSLObject):
 
-    def __init__(self, module, backend):
+    def __init__(self, module):
         super(SignatureBase, self).__init__(
             path=module.params["path"],
             state="present",
@@ -141,8 +140,6 @@ class SignatureBase(OpenSSLObject):
             check_mode=module.check_mode,
         )
 
-        self.backend = backend
-
         self.privatekey_path = module.params["privatekey_path"]
         self.privatekey_content = module.params["privatekey_content"]
         if self.privatekey_content is not None:
@@ -161,8 +158,8 @@ class SignatureBase(OpenSSLObject):
 # Implementation with using cryptography
 class SignatureCryptography(SignatureBase):
 
-    def __init__(self, module, backend):
-        super(SignatureCryptography, self).__init__(module, backend)
+    def __init__(self, module):
+        super(SignatureCryptography, self).__init__(module)
 
     def run(self):
         _padding = cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15()
@@ -178,7 +175,6 @@ class SignatureCryptography(SignatureBase):
                 path=self.privatekey_path,
                 content=self.privatekey_content,
                 passphrase=self.privatekey_passphrase,
-                backend=self.backend,
             )
 
             signature = None
@@ -249,33 +245,10 @@ def main():
             msg=f"The file {module.params['path']} does not exist",
         )
 
-    backend = module.params["select_crypto_backend"]
-    if backend == "auto":
-        # Detection what is possible
-        can_use_cryptography = (
-            CRYPTOGRAPHY_FOUND
-            and CRYPTOGRAPHY_VERSION >= LooseVersion(MINIMAL_CRYPTOGRAPHY_VERSION)
-        )
+    assert_required_cryptography_version(MINIMAL_CRYPTOGRAPHY_VERSION)
 
-        # Decision
-        if can_use_cryptography:
-            backend = "cryptography"
-
-        # Success?
-        if backend == "auto":
-            module.fail_json(
-                msg=f"Cannot detect the required Python library cryptography (>= {MINIMAL_CRYPTOGRAPHY_VERSION})",
-            )
     try:
-        if backend == "cryptography":
-            if not CRYPTOGRAPHY_FOUND:
-                module.fail_json(
-                    msg=missing_required_lib(
-                        f"cryptography >= {MINIMAL_CRYPTOGRAPHY_VERSION}"
-                    ),
-                    exception=CRYPTOGRAPHY_IMP_ERR,
-                )
-            _sign = SignatureCryptography(module, backend)
+        _sign = SignatureCryptography(module)
 
         result = _sign.run()