Remove PyOpenSSL backends (except for openssl_pkcs12) (#273)

* Remove Ubuntu 16.04 (Xenial Xerus) from CI. * Removing PyOpenSSL backend from everywhere but openssl_pkcs12. * Remove PyOpenSSL support from module_utils that's not needed for openssl_pkcs12. * Add changelog fragment.
2026-05-07 22:03:01 +00:00 · 2021-09-28 17:46:35 +02:00
parent 24e7d07973
commit f644db3c79
72 changed files with 227 additions and 2638 deletions
--- a/tests/integration/targets/openssl_privatekey/tasks/impl.yml
+++ b/tests/integration/targets/openssl_privatekey/tasks/impl.yml
@@ -67,7 +67,7 @@
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey5.pem'
    passphrase: ansible
-    cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
+    cipher: auto
    size: '{{ default_rsa_key_size }}'
    select_crypto_backend: '{{ select_crypto_backend }}'

@@ -75,7 +75,7 @@
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey5.pem'
    passphrase: ansible
-    cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
+    cipher: auto
    size: '{{ default_rsa_key_size }}'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: privatekey5_idempotence
@@ -84,13 +84,10 @@
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey6.pem'
    passphrase: ànsïblé
-    cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
+    cipher: auto
    size: '{{ default_rsa_key_size }}'
    select_crypto_backend: '{{ select_crypto_backend }}'

- set_fact:
-    ecc_types: []
-  when: select_crypto_backend == 'pyopenssl'
 - set_fact:
    ecc_types:
    - curve: secp384r1
@@ -150,7 +147,6 @@
    - curve: sect163r2
      openssl_name: sect163r2
      min_cryptography_version: "0.5"
-  when: select_crypto_backend == 'cryptography'

 - name: "({{ select_crypto_backend }}) Test ECC key generation"
  openssl_privatekey:
@@ -221,7 +217,7 @@
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    passphrase: hunter2
-    cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
+    cipher: auto
    size: '{{ default_rsa_key_size }}'
    select_crypto_backend: '{{ select_crypto_backend }}'
    backup: yes
@@ -231,7 +227,7 @@
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    passphrase: hunter2
-    cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
+    cipher: auto
    size: '{{ default_rsa_key_size }}'
    select_crypto_backend: '{{ select_crypto_backend }}'
    backup: yes
@@ -257,7 +253,7 @@
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    passphrase: hunter2
-    cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
+    cipher: auto
    size: '{{ default_rsa_key_size }}'
    select_crypto_backend: '{{ select_crypto_backend }}'
    backup: yes
@@ -278,7 +274,7 @@
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    passphrase: hunter2
-    cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
+    cipher: auto
    size: '{{ default_rsa_key_size }}'
    select_crypto_backend: '{{ select_crypto_backend }}'
    backup: yes
@@ -289,7 +285,7 @@
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    passphrase: hunter2
-    cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
+    cipher: auto
    size: '{{ default_rsa_key_size }}'
    select_crypto_backend: '{{ select_crypto_backend }}'
    backup: yes
@@ -551,7 +547,7 @@
    type: RSA
    size: '{{ default_rsa_key_size }}'
    passphrase: hunter2
-    cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
+    cipher: auto
    select_crypto_backend: '{{ select_crypto_backend }}'
  loop: "{{ regenerate_values }}"
 - name: "({{ select_crypto_backend }}) Regenerate - setup broken keys"
--- a/tests/integration/targets/openssl_privatekey/tasks/main.yml
+++ b/tests/integration/targets/openssl_privatekey/tasks/main.yml
@@ -36,29 +36,6 @@
    path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem'
    size: '{{ default_rsa_key_size }}'

- block:
-  - name: Running tests with pyOpenSSL backend
-    include_tasks: impl.yml
-    vars:
-      select_crypto_backend: pyopenssl
-
-  - import_tasks: ../tests/validate.yml
-    vars:
-      select_crypto_backend: pyopenssl
-
-  # FIXME: minimal pyOpenSSL version?!
-  when: pyopenssl_version.stdout is version('0.6', '>=')
-
- name: Remove output directory
-  file:
-    path: "{{ remote_tmp_dir }}"
-    state: absent
-
- name: Re-create output directory
-  file:
-    path: "{{ remote_tmp_dir }}"
-    state: directory
-
 - block:
  - name: Running tests with cryptography backend
    include_tasks: impl.yml
@@ -70,45 +47,3 @@
      select_crypto_backend: cryptography

  when: cryptography_version.stdout is version('0.5', '>=')
-
- name: Check that fingerprints do not depend on the backend
-  block:
-  - name: "Fingerprint comparison: pyOpenSSL"
-    openssl_privatekey:
-      path: '{{ remote_tmp_dir }}/fingerprint-{{ item }}.pem'
-      type: "{{ item }}"
-      size: '{{ default_rsa_key_size }}'
-      select_crypto_backend: pyopenssl
-    loop:
-    - RSA
-    - DSA
-    register: fingerprint_pyopenssl
-
-  - name: "Fingerprint comparison: cryptography"
-    openssl_privatekey:
-      path: '{{ remote_tmp_dir }}/fingerprint-{{ item }}.pem'
-      type: "{{ item }}"
-      size: '{{ default_rsa_key_size }}'
-      select_crypto_backend: cryptography
-    loop:
-    - RSA
-    - DSA
-    register: fingerprint_cryptography
-
-  - name: Verify that keys were not regenerated
-    assert:
-      that:
-        - fingerprint_cryptography is not changed
-
-  - name: Verify that fingerprints match
-    assert:
-      that: item.0.fingerprint[item.2] == item.1.fingerprint[item.2]
-    when: item.0 is not skipped and item.1 is not skipped
-    loop: |
-      {{ query('nested',
-            fingerprint_pyopenssl.results | zip(fingerprint_cryptography.results),
-            fingerprint_pyopenssl.results[0].fingerprint.keys()
-      ) if fingerprint_pyopenssl.results[0].fingerprint else [] }}
-    loop_control:
-      label: "{{ [item.0.item, item.2] }}"
-  when: pyopenssl_version.stdout is version('0.6', '>=') and cryptography_version.stdout is version('0.5', '>=')