Refactor x509_certificate module, add x509_certificate_pipe module (#135)

* Move documentation to doc fragment. * Prepare module backends. * Linting. * Fix comments. * First shot at actually moving code. * Forgot SKI check. * Remove unused imports. * Improve check mode. * Fix 'returned'. * Move csr_* checks. * Explicitly specify parameter. * Add x509_certificate_pipe module. * Update other seealsos. * Forgot to remove doc fragment. * Adjust to work with macOS 10.15. * Update plugins/module_utils/crypto/module_backends/certificate_entrust.py Co-authored-by: Chris Trufan <31186388+ctrufan@users.noreply.github.com> * Add changelog fragments for entrust bugfix and module refactorings. * Restore old behavior of Entrust backend when existing certificate cannot be parsed. * Update plugins/modules/x509_certificate_pipe.py Co-authored-by: Chris Trufan <31186388+ctrufan@users.noreply.github.com> * Remove Entrust provider from x509_certificate_pipe for now. * Add own CA tests. * One more fix for Entrust provider, when csr_content is used. * Update plugins/modules/x509_certificate_pipe.py Co-authored-by: Chris Trufan <31186388+ctrufan@users.noreply.github.com> * Fix another broken example. * Revert "Remove Entrust provider from x509_certificate_pipe for now." This reverts commit 6ee5d7d4f99f0fe2218276a2d3f1f38b676c29b9. * ci_complete * Apply suggestions from code review Co-authored-by: MarkusTeufelberger <mteufelberger@mgit.at> * Improve example. * Improve readability of example, add another one. * Extend descriptions of csr_* for selfsigned. * Improve documentation. * Move deprecation message up. * Explain empty choices. Co-authored-by: Chris Trufan <31186388+ctrufan@users.noreply.github.com> Co-authored-by: MarkusTeufelberger <mteufelberger@mgit.at>
2026-05-06 21:33:00 +00:00 · 2020-11-24 17:21:52 +01:00
parent 86b39733e1
commit 69335a8bac
22 changed files with 3244 additions and 2369 deletions
--- a/plugins/module_utils/crypto/module_backends/csr.py
+++ b/plugins/module_utils/crypto/module_backends/csr.py
@@ -173,7 +173,7 @@ class CertificateSigningRequestBackend(object):

    @abc.abstractmethod
    def generate_csr(self):
-        """(Re-)Generate private key."""
+        """(Re-)Generate CSR."""
        pass

    @abc.abstractmethod
@@ -182,11 +182,11 @@ class CertificateSigningRequestBackend(object):
        pass

    def set_existing(self, csr_bytes):
-        """Set existing private key bytes. None indicates that the key does not exist."""
+        """Set existing CSR bytes. None indicates that the CSR does not exist."""
        self.existing_csr_bytes = csr_bytes

    def has_existing(self):
-        """Query whether an existing private key is/has been there."""
+        """Query whether an existing CSR is/has been there."""
        return self.existing_csr_bytes is not None

    def _ensure_private_key_loaded(self):
@@ -253,7 +253,7 @@ class CertificateSigningRequestPyOpenSSLBackend(CertificateSigningRequestBackend
        super(CertificateSigningRequestPyOpenSSLBackend, self).__init__(module, 'pyopenssl')

    def generate_csr(self):
-        """(Re-)Generate private key."""
+        """(Re-)Generate CSR."""
        self._ensure_private_key_loaded()

        req = crypto.X509Req()
@@ -418,7 +418,7 @@ class CertificateSigningRequestCryptographyBackend(CertificateSigningRequestBack
            module.warn('The cryptography backend only supports version 1. (The only valid value according to RFC 2986.)')

    def generate_csr(self):
-        """(Re-)Generate private key."""
+        """(Re-)Generate CSR."""
        self._ensure_private_key_loaded()

        csr = cryptography.x509.CertificateSigningRequestBuilder()