Release 2.0.0.

changelogs/changelog.yaml

@@ -562,3 +562,115 @@ releases:
     - 279-acme-openssl.yml
     - 282-acme_challenge_cert_helper-error.yml
     release_date: '2021-09-28'
+  2.0.0:
+    changes:
+      breaking_changes:
+      - Adjust ``dirName`` text parsing and to text converting code to conform to
+        `Sections 2 and 3 of RFC 4514 <https://datatracker.ietf.org/doc/html/rfc4514.html>`_.
+        This is similar to how `cryptography handles this <https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Name.rfc4514_string>`_
+        (https://github.com/ansible-collections/community.crypto/pull/274).
+      - acme module utils - removing compatibility code (https://github.com/ansible-collections/community.crypto/pull/290).
+      - acme_* modules - removed vendored copy of the Python library ``ipaddress``.
+        If you are using Python 2.x, please make sure to install the library (https://github.com/ansible-collections/community.crypto/pull/287).
+      - compatibility module_utils - removed vendored copy of the Python library ``ipaddress``
+        (https://github.com/ansible-collections/community.crypto/pull/287).
+      - crypto module utils - removing compatibility code (https://github.com/ansible-collections/community.crypto/pull/290).
+      - get_certificate, openssl_csr_info, x509_certificate_info - depending on the
+        ``cryptography`` version used, the modules might not return the ASN.1 value
+        for an extension as contained in the certificate respectively CSR, but a re-encoded
+        version of it. This should usually be identical to the value contained in
+        the source file, unless the value was malformed. For extensions not handled
+        by C(cryptography) the value contained in the source file is always returned
+        unaltered (https://github.com/ansible-collections/community.crypto/pull/318).
+      - module_utils - removed various PyOpenSSL support functions and default backend
+        values that are not needed for the openssl_pkcs12 module (https://github.com/ansible-collections/community.crypto/pull/273).
+      - openssl_csr, openssl_csr_pipe, x509_crl - the ``subject`` respectively ``issuer``
+        fields no longer ignore empty values, but instead fail when encountering them
+        (https://github.com/ansible-collections/community.crypto/pull/316).
+      - openssl_privatekey_info - by default consistency checks are not run; they
+        need to be explicitly requested by passing ``check_consistency=true`` (https://github.com/ansible-collections/community.crypto/pull/309).
+      - x509_crl - for idempotency checks, the ``issuer`` order is ignored. If order
+        is important, use the new ``issuer_ordered`` option (https://github.com/ansible-collections/community.crypto/pull/316).
+      bugfixes:
+      - cryptography backend - improve Unicode handling for Python 2 (https://github.com/ansible-collections/community.crypto/pull/313).
+      - get_certificate - fix compatibility with the cryptography 35.0.0 release (https://github.com/ansible-collections/community.crypto/pull/294).
+      - openssl_csr_info - fix compatibility with the cryptography 35.0.0 release
+        (https://github.com/ansible-collections/community.crypto/pull/294).
+      - openssl_pkcs12 - fix compatibility with the cryptography 35.0.0 release (https://github.com/ansible-collections/community.crypto/pull/296).
+      - x509_certificate_info - fix compatibility with the cryptography 35.0.0 release
+        (https://github.com/ansible-collections/community.crypto/pull/294).
+      deprecated_features:
+      - acme_* modules - ACME version 1 is now deprecated and support for it will
+        be removed in community.crypto 2.0.0 (https://github.com/ansible-collections/community.crypto/pull/288).
+      minor_changes:
+      - acme_certificate - the ``subject`` and ``issuer`` fields in in the ``select_chain``
+        entries are now more strictly validated (https://github.com/ansible-collections/community.crypto/pull/316).
+      - openssl_csr, openssl_csr_pipe - provide a new ``subject_ordered`` option if
+        the order of the components in the subject is of importance (https://github.com/ansible-collections/community.crypto/issues/291,
+        https://github.com/ansible-collections/community.crypto/pull/316).
+      - openssl_csr, openssl_csr_pipe - there is now stricter validation of the values
+        of the ``subject`` option (https://github.com/ansible-collections/community.crypto/pull/316).
+      - openssl_privatekey_info - add ``check_consistency`` option to request private
+        key consistency checks to be done (https://github.com/ansible-collections/community.crypto/pull/309).
+      - x509_certificate, x509_certificate_pipe - add ``ignore_timestamps`` option
+        which allows to enable idempotency for 'not before' and 'not after' options
+        (https://github.com/ansible-collections/community.crypto/issues/295, https://github.com/ansible-collections/community.crypto/pull/317).
+      - x509_crl - provide a new ``issuer_ordered`` option if the order of the components
+        in the issuer is of importance (https://github.com/ansible-collections/community.crypto/issues/291,
+        https://github.com/ansible-collections/community.crypto/pull/316).
+      - x509_crl - there is now stricter validation of the values of the ``issuer``
+        option (https://github.com/ansible-collections/community.crypto/pull/316).
+      release_summary: 'A new major release of the ``community.crypto`` collection.
+        The main changes are removal of the PyOpenSSL backends for almost all modules
+        (``openssl_pkcs12`` being the only exception), and removal of the ``assertonly``
+        provider in the ``x509_certificate`` provider. There are also some other breaking
+        changes which should improve the user interface/experience of this collection
+        long-term.
+
+        '
+      removed_features:
+      - acme_* modules - the ``acme_directory`` option is now required (https://github.com/ansible-collections/community.crypto/pull/290).
+      - acme_* modules - the ``acme_version`` option is now required (https://github.com/ansible-collections/community.crypto/pull/290).
+      - acme_account_facts - the deprecated redirect has been removed. Use community.crypto.acme_account_info
+        instead (https://github.com/ansible-collections/community.crypto/pull/290).
+      - acme_account_info - ``retrieve_orders=url_list`` no longer returns the return
+        value ``orders``. Use the ``order_uris`` return value instead (https://github.com/ansible-collections/community.crypto/pull/290).
+      - crypto.info module utils - the deprecated redirect has been removed. Use ``crypto.pem``
+        instead (https://github.com/ansible-collections/community.crypto/pull/290).
+      - get_certificate - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273).
+      - openssl_certificate - the deprecated redirect has been removed. Use community.crypto.x509_certificate
+        instead (https://github.com/ansible-collections/community.crypto/pull/290).
+      - openssl_certificate_info - the deprecated redirect has been removed. Use community.crypto.x509_certificate_info
+        instead (https://github.com/ansible-collections/community.crypto/pull/290).
+      - openssl_csr - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273).
+      - openssl_csr and openssl_csr_pipe - ``version`` now only accepts the (default)
+        value 1 (https://github.com/ansible-collections/community.crypto/pull/290).
+      - openssl_csr_info - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273).
+      - openssl_csr_pipe - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273).
+      - openssl_privatekey - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273).
+      - openssl_privatekey_info - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273).
+      - openssl_privatekey_pipe - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273).
+      - openssl_publickey - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273).
+      - openssl_publickey_info - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273).
+      - openssl_signature - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273).
+      - openssl_signature_info - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273).
+      - x509_certificate - remove ``assertonly`` provider (https://github.com/ansible-collections/community.crypto/pull/289).
+      - x509_certificate - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273).
+      - x509_certificate_info - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273).
+      - x509_certificate_pipe - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273).
+    fragments:
+    - 2.0.0.yml
+    - 273-pyopenssl-removal.yml
+    - 274-dirname-rfc4514.yml
+    - 287-remove-ipaddress.yml
+    - 288-depecate-acme-v1.yml
+    - 289-assertonly-removed.yml
+    - 290-remove-deprecations.yml
+    - 294-cryptography-35.0.0.yml
+    - 296-openssl_pkcs12-cryptography-35.yml
+    - 309-openssl_privatekey_info-consistency.yml
+    - 313-unicode-names.yml
+    - 315-ordered-names.yml
+    - 317-ignore-timestamps.yml
+    - 318-extension-value-note.yml
+    release_date: '2021-11-01'

changelogs/fragments/2.0.0.yml

@@ -1,5 +0,0 @@
-release_summary: >
-  A new major release of the ``community.crypto`` collection.
-  The main changes are removal of the PyOpenSSL backends for almost all modules (``openssl_pkcs12`` being the only exception),
-  and removal of the ``assertonly`` provider in the ``x509_certificate`` provider.
-  There are also some other breaking changes which should improve the user interface/experience of this collection long-term.

changelogs/fragments/273-pyopenssl-removal.yml

@@ -1,17 +0,0 @@
-removed_features:
-  - "get_certificate - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273)."
-  - "openssl_csr - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273)."
-  - "openssl_csr_info - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273)."
-  - "openssl_csr_pipe - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273)."
-  - "openssl_privatekey - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273)."
-  - "openssl_privatekey_info - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273)."
-  - "openssl_privatekey_pipe - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273)."
-  - "openssl_publickey - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273)."
-  - "openssl_publickey_info - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273)."
-  - "openssl_signature - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273)."
-  - "openssl_signature_info - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273)."
-  - "x509_certificate - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273)."
-  - "x509_certificate_info - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273)."
-  - "x509_certificate_pipe - removed the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/273)."
-breaking_changes:
-  - "module_utils - removed various PyOpenSSL support functions and default backend values that are not needed for the openssl_pkcs12 module (https://github.com/ansible-collections/community.crypto/pull/273)."

changelogs/fragments/274-dirname-rfc4514.yml

@@ -1,2 +0,0 @@
-breaking_changes:
-- "Adjust ``dirName`` text parsing and to text converting code to conform to `Sections 2 and 3 of RFC 4514 <https://datatracker.ietf.org/doc/html/rfc4514.html>`_. This is similar to how `cryptography handles this <https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Name.rfc4514_string>`_ (https://github.com/ansible-collections/community.crypto/pull/274)."

changelogs/fragments/287-remove-ipaddress.yml

@@ -1,3 +0,0 @@
-breaking_changes:
-  - "acme_* modules - removed vendored copy of the Python library ``ipaddress``. If you are using Python 2.x, please make sure to install the library (https://github.com/ansible-collections/community.crypto/pull/287)."
-  - "compatibility module_utils - removed vendored copy of the Python library ``ipaddress`` (https://github.com/ansible-collections/community.crypto/pull/287)."

changelogs/fragments/288-depecate-acme-v1.yml

@@ -1,2 +0,0 @@
-deprecated_features:
-  - "acme_* modules - ACME version 1 is now deprecated and support for it will be removed in community.crypto 2.0.0 (https://github.com/ansible-collections/community.crypto/pull/288)."

changelogs/fragments/289-assertonly-removed.yml

@@ -1,2 +0,0 @@
-removed_features:
-  - "x509_certificate - remove ``assertonly`` provider (https://github.com/ansible-collections/community.crypto/pull/289)."

changelogs/fragments/290-remove-deprecations.yml

@@ -1,12 +0,0 @@
-removed_features:
-  - "acme_* modules - the ``acme_version`` option is now required (https://github.com/ansible-collections/community.crypto/pull/290)."
-  - "acme_* modules - the ``acme_directory`` option is now required (https://github.com/ansible-collections/community.crypto/pull/290)."
-  - "openssl_csr and openssl_csr_pipe - ``version`` now only accepts the (default) value 1 (https://github.com/ansible-collections/community.crypto/pull/290)."
-  - "acme_account_info - ``retrieve_orders=url_list`` no longer returns the return value ``orders``. Use the ``order_uris`` return value instead (https://github.com/ansible-collections/community.crypto/pull/290)."
-  - "acme_account_facts - the deprecated redirect has been removed. Use community.crypto.acme_account_info instead (https://github.com/ansible-collections/community.crypto/pull/290)."
-  - "openssl_certificate - the deprecated redirect has been removed. Use community.crypto.x509_certificate instead (https://github.com/ansible-collections/community.crypto/pull/290)."
-  - "openssl_certificate_info - the deprecated redirect has been removed. Use community.crypto.x509_certificate_info instead (https://github.com/ansible-collections/community.crypto/pull/290)."
-  - "crypto.info module utils - the deprecated redirect has been removed. Use ``crypto.pem`` instead (https://github.com/ansible-collections/community.crypto/pull/290)."
-breaking_changes:
-  - "acme module utils - removing compatibility code (https://github.com/ansible-collections/community.crypto/pull/290)."
-  - "crypto module utils - removing compatibility code (https://github.com/ansible-collections/community.crypto/pull/290)."

changelogs/fragments/294-cryptography-35.0.0.yml

@@ -1,4 +0,0 @@
-bugfixes:
-  - "get_certificate - fix compatibility with the cryptography 35.0.0 release (https://github.com/ansible-collections/community.crypto/pull/294)."
-  - "openssl_csr_info - fix compatibility with the cryptography 35.0.0 release (https://github.com/ansible-collections/community.crypto/pull/294)."
-  - "x509_certificate_info - fix compatibility with the cryptography 35.0.0 release (https://github.com/ansible-collections/community.crypto/pull/294)."

changelogs/fragments/296-openssl_pkcs12-cryptography-35.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - "openssl_pkcs12 - fix compatibility with the cryptography 35.0.0 release (https://github.com/ansible-collections/community.crypto/pull/296)."

changelogs/fragments/309-openssl_privatekey_info-consistency.yml

@@ -1,4 +0,0 @@
-minor_changes:
-  - openssl_privatekey_info - add ``check_consistency`` option to request private key consistency checks to be done (https://github.com/ansible-collections/community.crypto/pull/309).
-breaking_changes:
-  - openssl_privatekey_info - by default consistency checks are not run; they need to be explicitly requested by passing ``check_consistency=true`` (https://github.com/ansible-collections/community.crypto/pull/309).

changelogs/fragments/313-unicode-names.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - "cryptography backend - improve Unicode handling for Python 2 (https://github.com/ansible-collections/community.crypto/pull/313)."

changelogs/fragments/315-ordered-names.yml

@@ -1,9 +0,0 @@
-minor_changes:
-  - "acme_certificate - the ``subject`` and ``issuer`` fields in in the ``select_chain`` entries are now more strictly validated (https://github.com/ansible-collections/community.crypto/pull/316)."
-  - "openssl_csr, openssl_csr_pipe - there is now stricter validation of the values of the ``subject`` option (https://github.com/ansible-collections/community.crypto/pull/316)."
-  - "openssl_csr, openssl_csr_pipe - provide a new ``subject_ordered`` option if the order of the components in the subject is of importance (https://github.com/ansible-collections/community.crypto/issues/291, https://github.com/ansible-collections/community.crypto/pull/316)."
-  - "x509_crl - there is now stricter validation of the values of the ``issuer`` option (https://github.com/ansible-collections/community.crypto/pull/316)."
-  - "x509_crl - provide a new ``issuer_ordered`` option if the order of the components in the issuer is of importance (https://github.com/ansible-collections/community.crypto/issues/291, https://github.com/ansible-collections/community.crypto/pull/316)."
-breaking_changes:
-  - "openssl_csr, openssl_csr_pipe, x509_crl - the ``subject`` respectively ``issuer`` fields no longer ignore empty values, but instead fail when encountering them (https://github.com/ansible-collections/community.crypto/pull/316)."
-  - "x509_crl - for idempotency checks, the ``issuer`` order is ignored. If order is important, use the new ``issuer_ordered`` option (https://github.com/ansible-collections/community.crypto/pull/316)."

changelogs/fragments/317-ignore-timestamps.yml

@@ -1,2 +0,0 @@
-minor_changes:
-  - "x509_certificate, x509_certificate_pipe - add ``ignore_timestamps`` option which allows to enable idempotency for 'not before' and 'not after' options (https://github.com/ansible-collections/community.crypto/issues/295, https://github.com/ansible-collections/community.crypto/pull/317)."

changelogs/fragments/318-extension-value-note.yml

@@ -1,6 +0,0 @@
-breaking_changes:
-  - "get_certificate, openssl_csr_info, x509_certificate_info - depending on the ``cryptography`` version used,
-     the modules might not return the ASN.1 value for an extension as contained in the certificate respectively CSR,
-     but a re-encoded version of it. This should usually be identical to the value contained in the source file,
-     unless the value was malformed. For extensions not handled by C(cryptography) the value contained in
-     the source file is always returned unaltered (https://github.com/ansible-collections/community.crypto/pull/318)."