Ensure that *everything* is typed in community.crypto (#917)

* Ensure that *everything* is typed in community.crypto.

* Fix comment.

* Ignore type definitions/imports and AssertionErrors for code coverage.

plugins/modules/acme_account.py

@@ -252,7 +252,7 @@ def main() -> t.NoReturn:
                 if client.account_key_data:
                     diff_before["public_account_key"] = client.account_key_data["jwk"]
             if created:
-                raise AssertionError("Unwanted account creation")
+                raise AssertionError("Unwanted account creation")  # pragma: no cover
             if account_data is not None:
                 # Account is not yet deactivated
                 if not module.check_mode:
@@ -310,7 +310,7 @@ def main() -> t.NoReturn:
             # Verify that the account exists and has not been deactivated
             created, account_data = account.setup_account(allow_creation=False)
             if created:
-                raise AssertionError("Unwanted account creation")
+                raise AssertionError("Unwanted account creation")  # pragma: no cover
             if account_data is None:
                 raise ModuleFailException(
                     msg="Account does not exist or is deactivated."

plugins/modules/acme_account_info.py

@@ -224,7 +224,7 @@ from ansible_collections.community.crypto.plugins.module_utils._acme.utils impor
 
 
 if t.TYPE_CHECKING:
-    from ansible.module_utils.basic import AnsibleModule
+    from ansible.module_utils.basic import AnsibleModule  # pragma: no cover
 
 
 def get_orders_list(
@@ -310,7 +310,7 @@ def main() -> t.NoReturn:
             remove_account_uri_if_not_exists=True,
         )
         if created:
-            raise AssertionError("Unwanted account creation")
+            raise AssertionError("Unwanted account creation")  # pragma: no cover
         result: dict[str, t.Any] = {
             "changed": False,
             "exists": False,

plugins/modules/acme_certificate.py

@@ -594,12 +594,12 @@ from ansible_collections.community.crypto.plugins.module_utils._acme.utils impor
 
 
 if t.TYPE_CHECKING:
-    from ansible.module_utils.basic import AnsibleModule
-    from ansible_collections.community.crypto.plugins.module_utils._acme.backends import (
+    from ansible.module_utils.basic import AnsibleModule  # pragma: no cover
+    from ansible_collections.community.crypto.plugins.module_utils._acme.backends import (  # pragma: no cover
         CertificateInformation,
         CryptoBackend,
     )
-    from ansible_collections.community.crypto.plugins.module_utils._acme.challenges import (
+    from ansible_collections.community.crypto.plugins.module_utils._acme.challenges import (  # pragma: no cover
         Authorization,
     )
 

plugins/modules/acme_certificate_order_finalize.py

@@ -332,7 +332,7 @@ from ansible_collections.community.crypto.plugins.module_utils._acme.errors impo
 
 
 if t.TYPE_CHECKING:
-    from ansible_collections.community.crypto.plugins.module_utils._acme.certificates import (
+    from ansible_collections.community.crypto.plugins.module_utils._acme.certificates import (  # pragma: no cover
         CertificateChain,
     )
 

plugins/modules/acme_certificate_order_validate.py

@@ -244,7 +244,7 @@ from ansible_collections.community.crypto.plugins.module_utils._acme.errors impo
 
 
 if t.TYPE_CHECKING:
-    from ansible_collections.community.crypto.plugins.module_utils._acme.challenges import (
+    from ansible_collections.community.crypto.plugins.module_utils._acme.challenges import (  # pragma: no cover
         Authorization,
     )
 

plugins/modules/acme_certificate_renewal_info.py

@@ -206,7 +206,7 @@ def main() -> t.NoReturn:
         "supports_ari": False,
     }
 
-    def complete(should_renew: bool, **kwargs) -> t.NoReturn:
+    def complete(should_renew: bool, **kwargs: t.Any) -> t.NoReturn:
         result["should_renew"] = should_renew
         result.update(kwargs)
         module.exit_json(**result)

plugins/modules/acme_certificate_revoke.py

@@ -205,7 +205,7 @@ def main() -> t.NoReturn:
             # Step 1: get hold of account URI
             created, account_data = account.setup_account(allow_creation=False)
             if created:
-                raise AssertionError("Unwanted account creation")
+                raise AssertionError("Unwanted account creation")  # pragma: no cover
             if account_data is None:
                 raise ModuleFailException(
                     msg="Account does not exist or is deactivated."

plugins/modules/certificate_complete_chain.py

@@ -179,7 +179,7 @@ def is_parent(
             public_key, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey
         ):
             if cert.cert.signature_hash_algorithm is None:
-                raise AssertionError(
+                raise AssertionError(  # pragma: no cover
                     "signature_hash_algorithm should be present for RSA certificates"
                 )
             public_key.verify(
@@ -193,7 +193,7 @@ def is_parent(
             cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey,
         ):
             if cert.cert.signature_hash_algorithm is None:
-                raise AssertionError(
+                raise AssertionError(  # pragma: no cover
                     "signature_hash_algorithm should be present for EC certificates"
                 )
             public_key.verify(

plugins/modules/openssh_cert.py

@@ -421,11 +421,17 @@ class Certificate(OpensshModule):
 
     def _is_fully_valid(self) -> bool:
         if self.original_data is None:
-            raise AssertionError("Contract violation original_data not provided")
+            raise AssertionError(
+                "Contract violation original_data not provided"
+            )  # pragma: no cover
         if self.public_key is None:
-            raise AssertionError("Contract violation public_key not provided")
+            raise AssertionError(
+                "Contract violation public_key not provided"
+            )  # pragma: no cover
         if self.signing_key is None:
-            raise AssertionError("Contract violation signing_key not provided")
+            raise AssertionError(
+                "Contract violation signing_key not provided"
+            )  # pragma: no cover
         return self._is_partially_valid() and all(
             [
                 self._compare_options() if self.original_data.type == "user" else True,
@@ -439,7 +445,9 @@ class Certificate(OpensshModule):
 
     def _is_partially_valid(self) -> bool:
         if self.original_data is None:
-            raise AssertionError("Contract violation original_data not provided")
+            raise AssertionError(
+                "Contract violation original_data not provided"
+            )  # pragma: no cover
         return all(
             [
                 set(self.original_data.principals) == set(self.principals),
@@ -460,7 +468,9 @@ class Certificate(OpensshModule):
 
     def _compare_time_parameters(self) -> bool:
         if self.original_data is None:
-            raise AssertionError("Contract violation original_data not provided")
+            raise AssertionError(
+                "Contract violation original_data not provided"
+            )  # pragma: no cover
         try:
             original_time_parameters = OpensshCertificateTimeParameters(
                 valid_from=self.original_data.valid_after,
@@ -481,7 +491,9 @@ class Certificate(OpensshModule):
 
     def _compare_options(self) -> bool:
         if self.original_data is None:
-            raise AssertionError("Contract violation original_data not provided")
+            raise AssertionError(
+                "Contract violation original_data not provided"
+            )  # pragma: no cover
         try:
             critical_options, extensions = parse_option_list(self.options)
         except ValueError as e:
@@ -518,11 +530,17 @@ class Certificate(OpensshModule):
 
     def _generate_temp_certificate(self) -> str:
         if self.public_key is None:
-            raise AssertionError("Contract violation public_key not provided")
+            raise AssertionError(
+                "Contract violation public_key not provided"
+            )  # pragma: no cover
         if self.signing_key is None:
-            raise AssertionError("Contract violation signing_key not provided")
+            raise AssertionError(
+                "Contract violation signing_key not provided"
+            )  # pragma: no cover
         if self.time_parameters is None:
-            raise AssertionError("Contract violation time_parameters not provided")
+            raise AssertionError(
+                "Contract violation time_parameters not provided"
+            )  # pragma: no cover
 
         key_copy = os.path.join(self.module.tmpdir, os.path.basename(self.public_key))
 

plugins/modules/openssl_csr.py

@@ -258,8 +258,8 @@ from ansible_collections.community.crypto.plugins.module_utils._io import (
 
 
 if t.TYPE_CHECKING:
-    from ansible.module_utils.basic import AnsibleModule
-    from ansible_collections.community.crypto.plugins.module_utils._crypto.module_backends.csr import (
+    from ansible.module_utils.basic import AnsibleModule  # pragma: no cover
+    from ansible_collections.community.crypto.plugins.module_utils._crypto.module_backends.csr import (  # pragma: no cover
         CertificateSigningRequestBackend,
     )
 

plugins/modules/openssl_csr_pipe.py

@@ -139,8 +139,8 @@ from ansible_collections.community.crypto.plugins.module_utils._crypto.module_ba
 
 
 if t.TYPE_CHECKING:
-    from ansible.module_utils.basic import AnsibleModule
-    from ansible_collections.community.crypto.plugins.module_utils._crypto.module_backends.csr import (
+    from ansible.module_utils.basic import AnsibleModule  # pragma: no cover
+    from ansible_collections.community.crypto.plugins.module_utils._crypto.module_backends.csr import (  # pragma: no cover
         CertificateSigningRequestBackend,
     )
 

plugins/modules/openssl_dhparam.py

@@ -416,7 +416,7 @@ def main() -> t.NoReturn:
             )
             dhparam = DHParameterCryptography(module)
         else:
-            raise AssertionError("Internal error: unknown backend")
+            raise AssertionError("Internal error: unknown backend")  # pragma: no cover
 
         if module.check_mode:
             result = dhparam.dump()

plugins/modules/openssl_pkcs12.py

@@ -334,7 +334,7 @@ else:
     CRYPTOGRAPHY_HAS_COMPATIBILITY2022 = True
 
 if t.TYPE_CHECKING:
-    from ansible_collections.community.crypto.plugins.module_utils._crypto.cryptography_support import (
+    from ansible_collections.community.crypto.plugins.module_utils._crypto.cryptography_support import (  # pragma: no cover
         CertificateIssuerPrivateKeyTypes,
     )
 
@@ -343,7 +343,7 @@ if t.TYPE_CHECKING:
         t.Union[cryptography.x509.Certificate, None],
         list[cryptography.x509.Certificate],
         t.Union[bytes, None],
-    ]
+    ]  # pragma: no cover
 
 
 def load_certificate_set(
@@ -688,7 +688,7 @@ class Pkcs(OpenSSLObject):
     ]:
         """Read PKCS#12 file."""
         if self.src is None:
-            raise AssertionError("Contract violation: src is None")
+            raise AssertionError("Contract violation: src is None")  # pragma: no cover
 
         try:
             with open(self.src, "rb") as pkcs12_fh:

plugins/modules/openssl_privatekey.py

@@ -174,8 +174,8 @@ from ansible_collections.community.crypto.plugins.module_utils._io import (
 
 
 if t.TYPE_CHECKING:
-    from ansible.module_utils.basic import AnsibleModule
-    from ansible_collections.community.crypto.plugins.module_utils._crypto.module_backends.privatekey import (
+    from ansible.module_utils.basic import AnsibleModule  # pragma: no cover
+    from ansible_collections.community.crypto.plugins.module_utils._crypto.module_backends.privatekey import (  # pragma: no cover
         PrivateKeyBackend,
     )
 

plugins/modules/openssl_privatekey_convert.py

@@ -79,8 +79,8 @@ from ansible_collections.community.crypto.plugins.module_utils._io import (
 
 
 if t.TYPE_CHECKING:
-    from ansible.module_utils.basic import AnsibleModule
-    from ansible_collections.community.crypto.plugins.module_utils._crypto.module_backends.privatekey_convert import (
+    from ansible.module_utils.basic import AnsibleModule  # pragma: no cover
+    from ansible_collections.community.crypto.plugins.module_utils._crypto.module_backends.privatekey_convert import (  # pragma: no cover
         PrivateKeyConvertBackend,
     )
 
@@ -115,7 +115,9 @@ class PrivateKeyConvertModule(OpenSSLObject):
             # Convert
             privatekey_data = self.module_backend.get_private_key_data()
             if privatekey_data is None:
-                raise AssertionError("Contract violation: privatekey_data is None")
+                raise AssertionError(
+                    "Contract violation: privatekey_data is None"
+                )  # pragma: no cover
             if not self.check_mode:
                 if self.backup:
                     self.backup_file = module.backup_local(self.path)

plugins/modules/openssl_publickey.py

@@ -220,7 +220,7 @@ except ImportError:
     pass
 
 if t.TYPE_CHECKING:
-    from cryptography.hazmat.primitives.asymmetric.types import (
+    from cryptography.hazmat.primitives.asymmetric.types import (  # pragma: no cover
         PrivateKeyTypes,
         PublicKeyTypes,
     )

plugins/modules/x509_certificate.py

@@ -238,8 +238,8 @@ from ansible_collections.community.crypto.plugins.module_utils._io import (
 
 
 if t.TYPE_CHECKING:
-    from ansible.module_utils.basic import AnsibleModule
-    from ansible_collections.community.crypto.plugins.module_utils._crypto.module_backends.certificate import (
+    from ansible.module_utils.basic import AnsibleModule  # pragma: no cover
+    from ansible_collections.community.crypto.plugins.module_utils._crypto.module_backends.certificate import (  # pragma: no cover
         CertificateBackend,
     )
 

plugins/modules/x509_certificate_pipe.py

@@ -136,8 +136,8 @@ from ansible_collections.community.crypto.plugins.module_utils._crypto.module_ba
 
 
 if t.TYPE_CHECKING:
-    from ansible.module_utils.basic import AnsibleModule
-    from ansible_collections.community.crypto.plugins.module_utils._crypto.module_backends.certificate import (
+    from ansible.module_utils.basic import AnsibleModule  # pragma: no cover
+    from ansible_collections.community.crypto.plugins.module_utils._crypto.module_backends.certificate import (  # pragma: no cover
         CertificateBackend,
     )
 

plugins/modules/x509_crl.py

@@ -497,7 +497,7 @@ except ImportError:
     pass
 
 if t.TYPE_CHECKING:
-    import datetime
+    import datetime  # pragma: no cover
 
 
 class CRLError(OpenSSLObjectError):