mirror of
https://github.com/ansible-collections/community.crypto.git
synced 2026-03-26 21:33:25 +00:00
Add pylint (#892)
* Move mypy/flake8/isort config files to more 'natural' places. * Add pylint. * Look at no-member. * Look at pointless-* and unnecessary-pass. * Look at useless-*. * Lint.
This commit is contained in:
Felix Fontein
GitHub
@@ -13,23 +13,21 @@ import re
|
||||
from ansible.module_utils.common.text.converters import to_bytes
|
||||
|
||||
|
||||
"""
|
||||
An ASN.1 serialized as a string in the OpenSSL format:
|
||||
[modifier,]type[:value]
|
||||
|
||||
modifier:
|
||||
The modifier can be 'IMPLICIT:<tag_number><tag_class>,' or 'EXPLICIT:<tag_number><tag_class>' where IMPLICIT
|
||||
changes the tag of the universal value to encode and EXPLICIT prefixes its tag to the existing universal value.
|
||||
The tag_number must be set while the tag_class can be 'U', 'A', 'P', or 'C" for 'Universal', 'Application',
|
||||
'Private', or 'Context Specific' with C being the default.
|
||||
|
||||
type:
|
||||
The underlying ASN.1 type of the value specified. Currently only the following have been implemented:
|
||||
UTF8: The value must be a UTF-8 encoded string.
|
||||
|
||||
value:
|
||||
The value to encode, the format of this value depends on the <type> specified.
|
||||
"""
|
||||
# An ASN.1 serialized as a string in the OpenSSL format:
|
||||
# [modifier,]type[:value]
|
||||
#
|
||||
# 'modifier':
|
||||
# The modifier can be 'IMPLICIT:<tag_number><tag_class>,' or 'EXPLICIT:<tag_number><tag_class>' where IMPLICIT
|
||||
# changes the tag of the universal value to encode and EXPLICIT prefixes its tag to the existing universal value.
|
||||
# The tag_number must be set while the tag_class can be 'U', 'A', 'P', or 'C" for 'Universal', 'Application',
|
||||
# 'Private', or 'Context Specific' with C being the default.
|
||||
#
|
||||
# 'type':
|
||||
# The underlying ASN.1 type of the value specified. Currently only the following have been implemented:
|
||||
# UTF8: The value must be a UTF-8 encoded string.
|
||||
#
|
||||
# 'value':
|
||||
# The value to encode, the format of this value depends on the <type> specified.
|
||||
ASN1_STRING_REGEX = re.compile(
|
||||
r"^((?P<tag_type>IMPLICIT|EXPLICIT):(?P<tag_number>\d+)(?P<tag_class>U|A|P|C)?,)?"
|
||||
r"(?P<value_type>[\w\d]+):(?P<value>.*)"
|
||||
|
||||
@@ -40,9 +40,8 @@ try:
|
||||
|
||||
_HAS_CRYPTOGRAPHY = True
|
||||
except ImportError:
|
||||
_HAS_CRYPTOGRAPHY = False
|
||||
# Error handled in the calling module.
|
||||
pass
|
||||
_HAS_CRYPTOGRAPHY = False
|
||||
|
||||
try:
|
||||
import cryptography.hazmat.primitives.asymmetric.dh
|
||||
@@ -906,12 +905,13 @@ def _parse_pkcs12_35_0_0(
|
||||
# Since load_key_and_certificates succeeded, it should not fail.
|
||||
pkcs12 = backend._ffi.gc(
|
||||
backend._lib.d2i_PKCS12_bio(
|
||||
backend._bytes_to_bio(pkcs12_bytes).bio, backend._ffi.NULL
|
||||
backend._bytes_to_bio(pkcs12_bytes).bio, # pylint: disable=no-member
|
||||
backend._ffi.NULL,
|
||||
),
|
||||
backend._lib.PKCS12_free,
|
||||
)
|
||||
certificate_x509_ptr = backend._ffi.new("X509 **")
|
||||
with backend._zeroed_null_terminated_buf(
|
||||
with backend._zeroed_null_terminated_buf( # pylint: disable=no-member
|
||||
to_bytes(passphrase) if passphrase is not None else None
|
||||
) as passphrase_buffer:
|
||||
backend._lib.PKCS12_parse(
|
||||
|
||||
@@ -114,12 +114,10 @@ class CertificateBackend(metaclass=abc.ABCMeta):
|
||||
@abc.abstractmethod
|
||||
def generate_certificate(self) -> None:
|
||||
"""(Re-)Generate certificate."""
|
||||
pass
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_certificate_data(self) -> bytes:
|
||||
"""Return bytes for self.cert."""
|
||||
pass
|
||||
|
||||
def set_existing(self, certificate_bytes: bytes | None) -> None:
|
||||
"""Set existing certificate bytes. None indicates that the key does not exist."""
|
||||
|
||||
@@ -140,7 +140,9 @@ class EntrustCertificateBackend(CertificateBackend):
|
||||
}
|
||||
|
||||
try:
|
||||
result = self.ecs_client.NewCertRequest(Body=body)
|
||||
result = self.ecs_client.NewCertRequest( # pylint: disable=no-member
|
||||
Body=body
|
||||
)
|
||||
self.trackingId = result.get("trackingId")
|
||||
except RestOperationException as e:
|
||||
self.module.fail_json(
|
||||
@@ -204,9 +206,11 @@ class EntrustCertificateBackend(CertificateBackend):
|
||||
# If a trackingId is not already defined (from the result of a generate)
|
||||
# use the serial number to identify the tracking Id
|
||||
if self.trackingId is None and serial_number is not None:
|
||||
cert_results = self.ecs_client.GetCertificates(
|
||||
serialNumber=serial_number
|
||||
).get("certificates", {})
|
||||
cert_results = (
|
||||
self.ecs_client.GetCertificates( # pylint: disable=no-member
|
||||
serialNumber=serial_number
|
||||
).get("certificates", {})
|
||||
)
|
||||
|
||||
# Finding 0 or more than 1 result is a very unlikely use case, it simply means we cannot perform additional checks
|
||||
# on the 'state' as returned by Entrust Certificate Services (ECS). The general certificate validity is
|
||||
@@ -216,7 +220,9 @@ class EntrustCertificateBackend(CertificateBackend):
|
||||
|
||||
if self.trackingId is not None:
|
||||
cert_details.update(
|
||||
self.ecs_client.GetCertificate(trackingId=self.trackingId)
|
||||
self.ecs_client.GetCertificate( # pylint: disable=no-member
|
||||
trackingId=self.trackingId
|
||||
)
|
||||
)
|
||||
|
||||
return cert_details
|
||||
|
||||
@@ -132,7 +132,6 @@ class PrivateKeyBackend(metaclass=abc.ABCMeta):
|
||||
@abc.abstractmethod
|
||||
def generate_private_key(self) -> None:
|
||||
"""(Re-)Generate private key."""
|
||||
pass
|
||||
|
||||
def convert_private_key(self) -> None:
|
||||
"""Convert existing private key (self.existing_private_key) to new private key (self.private_key).
|
||||
|
||||
@@ -91,7 +91,6 @@ class PrivateKeyConvertBackend(metaclass=abc.ABCMeta):
|
||||
@abc.abstractmethod
|
||||
def get_private_key_data(self) -> bytes:
|
||||
"""Return bytes for self.src_private_key in output format."""
|
||||
pass
|
||||
|
||||
def set_existing_destination(self, *, privatekey_bytes: bytes | None) -> None:
|
||||
"""Set existing private key bytes. None indicates that the key does not exist."""
|
||||
|
||||
@@ -31,7 +31,6 @@ class GPGRunner(metaclass=abc.ABCMeta):
|
||||
|
||||
Raises a ``GPGError`` in case of errors.
|
||||
"""
|
||||
pass
|
||||
|
||||
|
||||
def get_fingerprint_from_stdout(*, stdout: str) -> str:
|
||||
|
||||
@@ -221,6 +221,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]:
|
||||
has_dsa = True
|
||||
try:
|
||||
# added later in 1.5
|
||||
# pylint: disable-next=pointless-statement
|
||||
cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey.sign
|
||||
has_dsa_sign = True
|
||||
except AttributeError:
|
||||
@@ -238,6 +239,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]:
|
||||
has_rsa = True
|
||||
try:
|
||||
# added later in 1.4
|
||||
# pylint: disable-next=pointless-statement
|
||||
cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey.sign
|
||||
has_rsa_sign = True
|
||||
except AttributeError:
|
||||
@@ -263,6 +265,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]:
|
||||
has_ed25519 = True
|
||||
try:
|
||||
# added with the primitive in 2.6
|
||||
# pylint: disable-next=pointless-statement
|
||||
cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey.sign
|
||||
has_ed25519_sign = True
|
||||
except AttributeError:
|
||||
@@ -286,6 +289,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]:
|
||||
has_ed448 = True
|
||||
try:
|
||||
# added with the primitive in 2.6
|
||||
# pylint: disable-next=pointless-statement
|
||||
cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey.sign
|
||||
has_ed448_sign = True
|
||||
except AttributeError:
|
||||
@@ -302,6 +306,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]:
|
||||
|
||||
try:
|
||||
# added later in 2.5
|
||||
# pylint: disable-next=pointless-statement
|
||||
cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.private_bytes
|
||||
full = True
|
||||
except AttributeError:
|
||||
@@ -351,6 +356,7 @@ def add_crypto_information(module: AnsibleModule) -> dict[str, t.Any]:
|
||||
has_ec = True
|
||||
try:
|
||||
# added later in 1.5
|
||||
# pylint: disable-next=pointless-statement
|
||||
cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign
|
||||
has_ec_sign = True
|
||||
except AttributeError:
|
||||
|
||||
@@ -658,7 +658,7 @@ class EcsCertificate:
|
||||
except SessionConfigurationException as e:
|
||||
module.fail_json(msg=f"Failed to initialize Entrust Provider: {e}")
|
||||
try:
|
||||
self.ecs_client.GetAppVersion()
|
||||
self.ecs_client.GetAppVersion() # pylint: disable=no-member
|
||||
except RestOperationException as e:
|
||||
module.fail_json(
|
||||
msg=f"Please verify credential information. Received exception when testing ECS connection: {e.message}"
|
||||
@@ -732,19 +732,21 @@ class EcsCertificate:
|
||||
# Use serial_number to identify if certificate is an Entrust Certificate
|
||||
# with an associated tracking ID
|
||||
serial_number = f"{self.cert.serial_number:X}"
|
||||
cert_results = self.ecs_client.GetCertificates(
|
||||
cert_results = self.ecs_client.GetCertificates( # pylint: disable=no-member
|
||||
serialNumber=serial_number
|
||||
).get("certificates", {})
|
||||
if len(cert_results) == 1:
|
||||
self.tracking_id = cert_results[0].get("trackingId")
|
||||
except RestOperationException:
|
||||
# If we fail to find a cert by serial number, that's fine, we just do not set self.tracking_id
|
||||
return
|
||||
pass
|
||||
|
||||
def set_cert_details(self, module):
|
||||
try:
|
||||
self.cert_details = self.ecs_client.GetCertificate(
|
||||
trackingId=self.tracking_id
|
||||
self.cert_details = (
|
||||
self.ecs_client.GetCertificate( # pylint: disable=no-member
|
||||
trackingId=self.tracking_id
|
||||
)
|
||||
)
|
||||
self.cert_status = self.cert_details.get("status")
|
||||
self.serial_number = self.cert_details.get("serialNumber")
|
||||
@@ -828,15 +830,23 @@ class EcsCertificate:
|
||||
try:
|
||||
if self.request_type == "validate_only":
|
||||
body["validateOnly"] = "true"
|
||||
result = self.ecs_client.NewCertRequest(Body=body)
|
||||
result = (
|
||||
self.ecs_client.NewCertRequest( # pylint: disable=no-member
|
||||
Body=body
|
||||
)
|
||||
)
|
||||
if self.request_type == "new":
|
||||
result = self.ecs_client.NewCertRequest(Body=body)
|
||||
result = (
|
||||
self.ecs_client.NewCertRequest( # pylint: disable=no-member
|
||||
Body=body
|
||||
)
|
||||
)
|
||||
elif self.request_type == "renew":
|
||||
result = self.ecs_client.RenewCertRequest(
|
||||
result = self.ecs_client.RenewCertRequest( # pylint: disable=no-member
|
||||
trackingId=self.tracking_id, Body=body
|
||||
)
|
||||
elif self.request_type == "reissue":
|
||||
result = self.ecs_client.ReissueCertRequest(
|
||||
result = self.ecs_client.ReissueCertRequest( # pylint: disable=no-member
|
||||
trackingId=self.tracking_id, Body=body
|
||||
)
|
||||
self.tracking_id = result.get("trackingId")
|
||||
|
||||
@@ -276,7 +276,7 @@ class EcsDomain:
|
||||
except SessionConfigurationException as e:
|
||||
module.fail_json(msg=f"Failed to initialize Entrust Provider: {e}")
|
||||
try:
|
||||
self.ecs_client.GetAppVersion()
|
||||
self.ecs_client.GetAppVersion() # pylint: disable=no-member
|
||||
except RestOperationException as e:
|
||||
module.fail_json(
|
||||
msg=f"Please verify credential information. Received exception when testing ECS connection: {e.message}"
|
||||
@@ -310,7 +310,7 @@ class EcsDomain:
|
||||
|
||||
def check(self, module):
|
||||
try:
|
||||
domain_details = self.ecs_client.GetDomain(
|
||||
domain_details = self.ecs_client.GetDomain( # pylint: disable=no-member
|
||||
clientId=module.params["client_id"], domain=module.params["domain_name"]
|
||||
)
|
||||
self.set_domain_details(domain_details)
|
||||
@@ -355,18 +355,18 @@ class EcsDomain:
|
||||
body["domainName"] = module.params["domain_name"]
|
||||
try:
|
||||
if not self.domain_status:
|
||||
self.ecs_client.AddDomain(
|
||||
self.ecs_client.AddDomain( # pylint: disable=no-member
|
||||
clientId=module.params["client_id"], Body=body
|
||||
)
|
||||
else:
|
||||
self.ecs_client.ReverifyDomain(
|
||||
self.ecs_client.ReverifyDomain( # pylint: disable=no-member
|
||||
clientId=module.params["client_id"],
|
||||
domain=module.params["domain_name"],
|
||||
Body=body,
|
||||
)
|
||||
|
||||
time.sleep(5)
|
||||
result = self.ecs_client.GetDomain(
|
||||
result = self.ecs_client.GetDomain( # pylint: disable=no-member
|
||||
clientId=module.params["client_id"],
|
||||
domain=module.params["domain_name"],
|
||||
)
|
||||
@@ -393,7 +393,7 @@ class EcsDomain:
|
||||
):
|
||||
break
|
||||
time.sleep(10)
|
||||
result = self.ecs_client.GetDomain(
|
||||
result = self.ecs_client.GetDomain( # pylint: disable=no-member
|
||||
clientId=module.params["client_id"],
|
||||
domain=module.params["domain_name"],
|
||||
)
|
||||
|
||||
@@ -188,7 +188,6 @@ class DHParameterBase:
|
||||
@abc.abstractmethod
|
||||
def _do_generate(self, module: AnsibleModule) -> None:
|
||||
"""Actually generate the DH params."""
|
||||
pass
|
||||
|
||||
def generate(self, module: AnsibleModule) -> None:
|
||||
"""Generate DH params."""
|
||||
|
||||
Reference in New Issue
Block a user