Bump version to 3.0.0-dev0, remove deprecated functionality and implement announced breaking changes (#873)

* Bump verison to 3.0.0-dev0.

* Change check mode behavior for *_pipe modules.

* Remove PyOpenSSL backend.

* Remove PyOpenSSL setup.

* Change default of asn1_base64.

* Remove deprecated common module utils.

* Remove get_default_argspec().

* Mark two methods as abstract.

* Remove ACME v1 support.

* Remove retrieve_acme_v1_certificate().

* Remove deprecated docs fragment.

* Change meaning of mode parameter.

* Mark no longer used option as 'to deprecate'.

tests/integration/targets/acme_certificate/meta/main.yml

@@ -5,6 +5,5 @@
 
 dependencies:
   - setup_acme
-  - setup_pyopenssl  # needed for Ubuntu 16.04
   - setup_remote_tmp_dir
   - prepare_jinja2_compat

tests/integration/targets/openssl_pkcs12/meta/main.yml

@@ -5,5 +5,4 @@
 
 dependencies:
   - setup_openssl
-  - setup_pyopenssl
   - setup_remote_tmp_dir

tests/integration/targets/openssl_pkcs12/tasks/main.yml

@@ -62,17 +62,6 @@
         path: '{{ remote_tmp_dir }}/ansible.p12'
         state: absent
 
-    - block:
-        - name: Running tests with pyOpenSSL backend
-          include_tasks: impl.yml
-          vars:
-            select_crypto_backend: pyopenssl
-
-      when: >-
-        (pyopenssl_version.stdout | default('0.0')) is version('0.15', '>=')
-        and
-        (pyopenssl_version.stdout | default('0.0')) is version('23.3.0', '<')
-
     - block:
         - name: Running tests with cryptography backend
           include_tasks: impl.yml
@@ -82,10 +71,4 @@
       when: cryptography_version.stdout is version('3.0', '>=')
 
   when: >-
-    (
-      (pyopenssl_version.stdout | default('0.0')) is version('0.15', '>=')
-      and
-      (pyopenssl_version.stdout | default('0.0')) is version('23.3.0', '<')
-    )
-    or
     cryptography_version.stdout is version('3.0', '>=')

tests/integration/targets/openssl_pkcs12/tests/validate.yml

@@ -81,8 +81,7 @@
 - name: '({{ select_crypto_backend }}) Load "empty" file'
   set_fact:
     empty_contents: "{{ slurp.results[0].content | b64decode }}"
-    empty_expected_pyopenssl: "{{ (slurp.results[2].content | b64decode) ~ (slurp.results[1].content | b64decode) }}"
-    empty_expected_cryptography: "{{ (slurp.results[1].content | b64decode) ~ (slurp.results[2].content | b64decode) }}"
+    empty_expected: "{{ (slurp.results[1].content | b64decode) ~ (slurp.results[2].content | b64decode) }}"
 
 - name: '({{ select_crypto_backend }}) Check "empty" file'
   assert:
@@ -91,7 +90,7 @@
       - p12_empty_idem is not changed
       - p12_empty_concat_idem is not changed
       - p12_empty_concat_content_idem is not changed
-      - (empty_contents == empty_expected_cryptography) or (empty_contents == empty_expected_pyopenssl and select_crypto_backend == 'pyopenssl')
+      - empty_contents == empty_expected
 
 - name: '({{ select_crypto_backend }}) PKCS#12 with compatibility2022 settings'
   when:

tests/integration/targets/openssl_privatekey_pipe/tasks/impl.yml

@@ -91,9 +91,11 @@
 - assert:
     that:
       - update_check is changed
-      - update_check.privatekey == 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
+      - update_check.privatekey != 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
+      - update_check.privatekey != result.privatekey
       - update_check_return is changed
-      - update_check_return.privatekey == result.privatekey
+      - update_check_return.privatekey != 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
+      - update_check_return.privatekey != result.privatekey
       - update is changed
       - update.privatekey != result.privatekey
       - update_info.public_data.size == default_rsa_key_size

tests/integration/targets/setup_pyopenssl/defaults/main.yml

@@ -1,6 +0,0 @@
----
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-has_pyopenssl: true

tests/integration/targets/setup_pyopenssl/meta/main.yml

@@ -1,9 +0,0 @@
----
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-dependencies:
-  - setup_python_info
-  - setup_remote_constraints
-  - setup_pkg_mgr

tests/integration/targets/setup_pyopenssl/tasks/main.yml

@@ -1,71 +0,0 @@
----
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-####################################################################
-# WARNING: These are designed specifically for Ansible tests       #
-# and should not be used as examples of how to write Ansible roles #
-####################################################################
-
-- name: Install from system packages
-  when: ansible_os_family != "Darwin" and target_system_python
-  block:
-
-    - name: Include OS-specific variables
-      include_vars: '{{ lookup("first_found", search) }}'
-      vars:
-        search:
-          files:
-            - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml'
-            - '{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml'
-            - '{{ ansible_distribution }}.yml'
-            - '{{ ansible_os_family }}.yml'
-          paths:
-            - vars
-
-    - when: has_pyopenssl
-      block:
-
-        - name: Install pyOpenSSL (Python 3 from system packages)
-          become: true
-          package:
-            name: '{{ pyopenssl_package_name_python3 }}'
-          when: ansible_python_version is version('3.0', '>=')
-
-        - name: Install pyOpenSSL (Python 2 from system packages)
-          become: true
-          package:
-            name: '{{ pyopenssl_package_name }}'
-          when: ansible_python_version is version('3.0', '<')
-
-- name: Install from PyPi
-  when: ansible_os_family == "Darwin" or not target_system_python
-  block:
-
-    - name: Install pyOpenSSL (PyPi)
-      become: true
-      pip:
-        name: pyOpenSSL
-        state: "{{ 'latest' if not target_system_python_cannot_upgrade_cryptography else omit }}"
-        extra_args: "-c {{ remote_constraints }}"
-
-- when: has_pyopenssl
-  block:
-
-    - name: Register pyOpenSSL version
-      command: "{{ ansible_python.executable }} -c 'import OpenSSL; print(OpenSSL.__version__)'"
-      register: pyopenssl_version
-
-    - name: Register pyOpenSSL debug details
-      command: "{{ ansible_python.executable }} -m OpenSSL.debug"
-      register: pyopenssl_debug_version
-      ignore_errors: true
-
-# Depending on which pyOpenSSL version has been installed, it could be that cryptography has
-# been upgraded to a newer version. Make sure to register cryptography_version another time here
-# to avoid strange testing behavior due to wrong values of cryptography_version.
-- name: Register cryptography version
-  command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'"
-  register: cryptography_version
-  ignore_errors: true  # in case cryptography was not installed, and setup_openssl hasn't been run before, ignore errors

tests/integration/targets/setup_pyopenssl/vars/Alpine.yml

@@ -1,7 +0,0 @@
----
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-pyopenssl_package_name: py-openssl
-pyopenssl_package_name_python3: py3-openssl

tests/integration/targets/setup_pyopenssl/vars/Archlinux.yml

@@ -1,7 +0,0 @@
----
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-pyopenssl_package_name: python-pyopenssl
-pyopenssl_package_name_python3: python-pyopenssl

tests/integration/targets/setup_pyopenssl/vars/Debian.yml

@@ -1,7 +0,0 @@
----
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-pyopenssl_package_name: python-openssl
-pyopenssl_package_name_python3: python3-openssl

tests/integration/targets/setup_pyopenssl/vars/FreeBSD.yml

@@ -1,7 +0,0 @@
----
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-pyopenssl_package_name: py27-openssl
-pyopenssl_package_name_python3: "py{{ ansible_python.version.major }}{{ ansible_python.version.minor }}-openssl"

tests/integration/targets/setup_pyopenssl/vars/RedHat-9.yml

@@ -1,6 +0,0 @@
----
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-has_pyopenssl: false

tests/integration/targets/setup_pyopenssl/vars/RedHat.yml

@@ -1,7 +0,0 @@
----
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-pyopenssl_package_name: pyOpenSSL
-pyopenssl_package_name_python3: python3-pyOpenSSL

tests/integration/targets/setup_pyopenssl/vars/Suse.yml

@@ -1,7 +0,0 @@
----
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-pyopenssl_package_name: python-pyOpenSSL
-pyopenssl_package_name_python3: python3-pyOpenSSL

tests/integration/targets/x509_certificate-acme/meta/main.yml

@@ -5,6 +5,5 @@
 
 dependencies:
   - setup_acme
-  - setup_pyopenssl  # needed for Ubuntu 16.04
   - setup_remote_tmp_dir
   - prepare_jinja2_compat

tests/unit/plugins/module_utils/acme/test_challenges.py

@@ -68,20 +68,6 @@ def test_challenge_from_to_json():
     assert challenge.token == "foo"
     assert challenge.to_json() == data
 
-    data = {
-        "uri": "xxx",
-        "type": "type",
-        "status": "valid",
-    }
-    client.version = 1
-    challenge = Challenge.from_json(client, data)
-    assert challenge.data == data
-    assert challenge.type == "type"
-    assert challenge.url == "xxx"
-    assert challenge.status == "valid"
-    assert challenge.token is None
-    assert challenge.to_json() == data
-
 
 def test_authorization_from_to_json():
     client = MagicMock()
@@ -154,30 +140,6 @@ def test_authorization_from_to_json():
         "wildcard": True,
     }
 
-    client.version = 1
-
-    data = {
-        "challenges": [],
-        "identifier": {
-            "type": "dns",
-            "value": "example.com",
-        },
-    }
-    authz = Authorization.from_json(client, data, "xxx")
-    assert authz.url == "xxx"
-    assert authz.status == "pending"
-    assert authz.identifier == "example.com"
-    assert authz.identifier_type == "dns"
-    assert authz.challenges == []
-    assert authz.to_json() == {
-        "uri": "xxx",
-        "challenges": [],
-        "identifier": {
-            "type": "dns",
-            "value": "example.com",
-        },
-    }
-
 
 def test_authorization_create_error():
     client = MagicMock()