mirror of
https://github.com/ansible-collections/community.crypto.git
synced 2026-03-26 21:33:25 +00:00
Support cryptography 3.3 (#882)
* Re-add Debian Bullseye to CI. * Support cryptography 3.3 as well.
This commit is contained in:
Felix Fontein
GitHub
@@ -147,6 +147,8 @@ stages:
|
||||
targets:
|
||||
- name: Debian Bookworm
|
||||
test: debian-bookworm/3.11
|
||||
- name: Debian Bullseye
|
||||
test: debian-bullseye/3.9
|
||||
- name: ArchLinux
|
||||
test: archlinux/3.13
|
||||
groups:
|
||||
|
||||
@@ -45,7 +45,7 @@ Tested with the current ansible-core-2.17, ansible-core 2.18, and ansible-core 2
|
||||
|
||||
The exact requirements for every module are listed in the module documentation.
|
||||
|
||||
Most modules require a recent enough version of [the Python cryptography library](https://pypi.org/project/cryptography/); the minimum supported version by this collection is 3.4. See the module documentations for the minimal version supported for each module.
|
||||
Most modules require a recent enough version of [the Python cryptography library](https://pypi.org/project/cryptography/); the minimum supported version by this collection is 3.3. See the module documentations for the minimal version supported for each module.
|
||||
|
||||
## Collection Documentation
|
||||
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
minor_changes:
|
||||
- "No longer provide cryptography's ``backend`` parameter. This will break with cryptography < 3.1 (https://github.com/ansible-collections/community.crypto/pull/878)."
|
||||
- "Remove various compatibility code for cryptography < 3.4 (https://github.com/ansible-collections/community.crypto/pull/878)."
|
||||
- "Remove various compatibility code for cryptography < 3.3 (https://github.com/ansible-collections/community.crypto/pull/878)."
|
||||
- "On cryptography 36.0.0+, always use ``public_bytes()`` for X.509 extension objects instead of using cryptography internals to obtain DER value of extension (https://github.com/ansible-collections/community.crypto/pull/878)."
|
||||
removed_features:
|
||||
- "crypto.basic module utils - remove ``CRYPTOGRAPHY_HAS_*`` flags. All tested features are supported since cryptography 3.0 (https://github.com/ansible-collections/community.crypto/pull/878)."
|
||||
- "crypto.cryptography_support module utils - remove ``cryptography_serial_number_of_cert()`` helper function (https://github.com/ansible-collections/community.crypto/pull/878)."
|
||||
- "The collection no longer supports cryptography < 3.4 (https://github.com/ansible-collections/community.crypto/pull/878)."
|
||||
- "The collection no longer supports cryptography < 3.3 (https://github.com/ansible-collections/community.crypto/pull/878, https://github.com/ansible-collections/community.crypto/pull/882)."
|
||||
|
||||
@@ -18,7 +18,8 @@ notes:
|
||||
another ACME server, please L(create an issue,https://github.com/ansible-collections/community.crypto/issues/new/choose)
|
||||
to help us supporting it. Feedback that an ACME server not mentioned does work is also appreciated.
|
||||
requirements:
|
||||
- either openssl or L(cryptography,https://cryptography.io/) >= 3.4
|
||||
- either C(openssl)
|
||||
- or L(cryptography,https://cryptography.io/) >= 3.3
|
||||
options:
|
||||
acme_version:
|
||||
description:
|
||||
|
||||
20
plugins/doc_fragments/cryptography_dep.py
Normal file
20
plugins/doc_fragments/cryptography_dep.py
Normal file
@@ -0,0 +1,20 @@
|
||||
# Copyright (c) 2025 Ansible project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
class ModuleDocFragment:
|
||||
"""
|
||||
Doc fragments for cryptography requirements.
|
||||
|
||||
Must be kept in sync with plugins/module_utils/cryptography_dep.py.
|
||||
"""
|
||||
|
||||
# Corresponds to the plugins.module_utils.cryptography_dep.COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION constant
|
||||
MINIMUM = r"""
|
||||
requirements:
|
||||
- cryptography >= 3.3
|
||||
options: {}
|
||||
"""
|
||||
@@ -22,7 +22,7 @@ attributes:
|
||||
- If relative timestamps are used and O(ignore_timestamps=false), the module is not idempotent.
|
||||
- The option O(force=true) generally disables idempotency.
|
||||
requirements:
|
||||
- cryptography >= 3.4 (if using V(selfsigned) or V(ownca) provider)
|
||||
- cryptography >= 3.3 (if using V(selfsigned) or V(ownca) provider)
|
||||
options:
|
||||
force:
|
||||
description:
|
||||
|
||||
@@ -18,7 +18,7 @@ attributes:
|
||||
idempotent:
|
||||
support: full
|
||||
requirements:
|
||||
- cryptography >= 3.4
|
||||
- cryptography >= 3.3
|
||||
options:
|
||||
digest:
|
||||
description:
|
||||
|
||||
@@ -22,7 +22,7 @@ attributes:
|
||||
details:
|
||||
- The option O(regenerate=always) generally disables idempotency.
|
||||
requirements:
|
||||
- cryptography >= 3.4
|
||||
- cryptography >= 3.3
|
||||
options:
|
||||
size:
|
||||
description:
|
||||
|
||||
@@ -10,7 +10,7 @@ class ModuleDocFragment:
|
||||
# Standard files documentation fragment
|
||||
DOCUMENTATION = r"""
|
||||
requirements:
|
||||
- cryptography >= 3.4
|
||||
- cryptography >= 3.3
|
||||
attributes:
|
||||
diff_mode:
|
||||
support: none
|
||||
|
||||
@@ -30,12 +30,15 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.support im
|
||||
load_certificate_request,
|
||||
load_privatekey,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
LooseVersion,
|
||||
)
|
||||
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
CRYPTOGRAPHY_VERSION = None
|
||||
|
||||
@@ -28,6 +28,9 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.support im
|
||||
get_fingerprint_of_bytes,
|
||||
load_certificate,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.time import (
|
||||
get_now_datetime,
|
||||
)
|
||||
@@ -36,7 +39,7 @@ from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
)
|
||||
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
try:
|
||||
|
||||
@@ -19,6 +19,9 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.cryptograp
|
||||
from ansible_collections.community.crypto.plugins.module_utils.crypto.pem import (
|
||||
identify_pem_format,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
LooseVersion,
|
||||
)
|
||||
@@ -26,7 +29,7 @@ from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
|
||||
# crypto_utils
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
try:
|
||||
|
||||
@@ -40,12 +40,15 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.support im
|
||||
parse_ordered_name_field,
|
||||
select_message_digest,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
LooseVersion,
|
||||
)
|
||||
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
try:
|
||||
|
||||
@@ -24,12 +24,15 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.module_bac
|
||||
from ansible_collections.community.crypto.plugins.module_utils.crypto.support import (
|
||||
load_certificate_request,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
LooseVersion,
|
||||
)
|
||||
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
try:
|
||||
|
||||
@@ -29,12 +29,15 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.pem import
|
||||
from ansible_collections.community.crypto.plugins.module_utils.crypto.support import (
|
||||
get_fingerprint_of_privatekey,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
LooseVersion,
|
||||
)
|
||||
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
try:
|
||||
|
||||
@@ -22,13 +22,16 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.cryptograp
|
||||
from ansible_collections.community.crypto.plugins.module_utils.crypto.pem import (
|
||||
identify_private_key_format,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.io import load_file
|
||||
from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
LooseVersion,
|
||||
)
|
||||
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
try:
|
||||
|
||||
@@ -26,12 +26,15 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.support im
|
||||
get_fingerprint_of_bytes,
|
||||
load_privatekey,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
LooseVersion,
|
||||
)
|
||||
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
try:
|
||||
|
||||
@@ -16,12 +16,15 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.support im
|
||||
get_fingerprint_of_bytes,
|
||||
load_publickey,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
LooseVersion,
|
||||
)
|
||||
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
try:
|
||||
|
||||
15
plugins/module_utils/cryptography_dep.py
Normal file
15
plugins/module_utils/cryptography_dep.py
Normal file
@@ -0,0 +1,15 @@
|
||||
# Copyright (c) 2025 Ansible project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
"""
|
||||
Module utils for cryptography requirements.
|
||||
|
||||
Must be kept in sync with plugins/doc_fragments/cryptography_dep.py.
|
||||
"""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
# Corresponds to the community.crypto.cryptography_dep.minimum doc fragment
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION = "3.3"
|
||||
@@ -11,6 +11,9 @@ import os
|
||||
from ansible.module_utils import six
|
||||
from ansible.module_utils.basic import missing_required_lib
|
||||
from ansible.module_utils.common.text.converters import to_bytes, to_text
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.openssh.backends.common import (
|
||||
KeygenCommand,
|
||||
OpensshModule,
|
||||
@@ -19,7 +22,6 @@ from ansible_collections.community.crypto.plugins.module_utils.openssh.backends.
|
||||
parse_private_key_format,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.openssh.cryptography import (
|
||||
HAS_OPENSSH_PRIVATE_FORMAT,
|
||||
HAS_OPENSSH_SUPPORT,
|
||||
InvalidCommentError,
|
||||
InvalidPassphraseError,
|
||||
@@ -434,15 +436,6 @@ class KeypairBackendCryptography(KeypairBackend):
|
||||
# OpenSSH made SSH formatted private keys available in version 6.5,
|
||||
# but still defaulted to PKCS1 format with the exception of ed25519 keys
|
||||
result = "PKCS1"
|
||||
|
||||
if result == "SSH" and not HAS_OPENSSH_PRIVATE_FORMAT:
|
||||
self.module.fail_json(
|
||||
msg=missing_required_lib(
|
||||
"cryptography >= 3.4",
|
||||
reason="to load/dump private keys in the default OpenSSH format for OpenSSH >= 7.8 "
|
||||
+ "or for ed25519 keys",
|
||||
)
|
||||
)
|
||||
else:
|
||||
result = key_format.upper()
|
||||
|
||||
@@ -548,8 +541,10 @@ def select_backend(module, backend):
|
||||
backend = "cryptography"
|
||||
else:
|
||||
module.fail_json(
|
||||
msg="Cannot find either the OpenSSH binary in the PATH "
|
||||
+ "or cryptography >= 3.4 installed on this system"
|
||||
msg=(
|
||||
"Cannot find either the OpenSSH binary in the PATH "
|
||||
f"or cryptography >= {COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION} installed on this system"
|
||||
)
|
||||
)
|
||||
|
||||
if backend == "opensshbin":
|
||||
@@ -558,7 +553,11 @@ def select_backend(module, backend):
|
||||
return backend, KeypairBackendOpensshBin(module)
|
||||
elif backend == "cryptography":
|
||||
if not can_use_cryptography:
|
||||
module.fail_json(msg=missing_required_lib("cryptography >= 3.4"))
|
||||
module.fail_json(
|
||||
msg=missing_required_lib(
|
||||
f"cryptography >= {COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION}"
|
||||
)
|
||||
)
|
||||
return backend, KeypairBackendCryptography(module)
|
||||
else:
|
||||
raise ValueError(f"Unsupported value for backend: {backend}")
|
||||
|
||||
@@ -9,10 +9,6 @@ from base64 import b64decode, b64encode
|
||||
from getpass import getuser
|
||||
from socket import gethostname
|
||||
|
||||
from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
LooseVersion,
|
||||
)
|
||||
|
||||
|
||||
try:
|
||||
from cryptography import __version__ as CRYPTOGRAPHY_VERSION
|
||||
@@ -25,11 +21,6 @@ try:
|
||||
Ed25519PublicKey,
|
||||
)
|
||||
|
||||
if LooseVersion(CRYPTOGRAPHY_VERSION) >= LooseVersion("3.4"):
|
||||
HAS_OPENSSH_PRIVATE_FORMAT = True
|
||||
else:
|
||||
HAS_OPENSSH_PRIVATE_FORMAT = False
|
||||
|
||||
HAS_OPENSSH_SUPPORT = True
|
||||
|
||||
_ALGORITHM_PARAMETERS = {
|
||||
@@ -70,7 +61,6 @@ try:
|
||||
},
|
||||
}
|
||||
except ImportError:
|
||||
HAS_OPENSSH_PRIVATE_FORMAT = False
|
||||
HAS_OPENSSH_SUPPORT = False
|
||||
CRYPTOGRAPHY_VERSION = "0.0"
|
||||
_ALGORITHM_PARAMETERS = {}
|
||||
@@ -413,11 +403,7 @@ class OpensshKeypair:
|
||||
"""
|
||||
|
||||
if key_format == "SSH":
|
||||
# Default to PEM format if SSH not available
|
||||
if not HAS_OPENSSH_PRIVATE_FORMAT:
|
||||
privatekey_format = serialization.PrivateFormat.PKCS8
|
||||
else:
|
||||
privatekey_format = serialization.PrivateFormat.OpenSSH
|
||||
privatekey_format = serialization.PrivateFormat.OpenSSH
|
||||
elif key_format == "PKCS8":
|
||||
privatekey_format = serialization.PrivateFormat.PKCS8
|
||||
elif key_format == "PKCS1":
|
||||
|
||||
@@ -21,10 +21,9 @@ seealso:
|
||||
- name: ACME TLS ALPN Challenge Extension
|
||||
description: The specification of the C(tls-alpn-01) challenge (RFC 8737).
|
||||
link: https://www.rfc-editor.org/rfc/rfc8737.html
|
||||
requirements:
|
||||
- "cryptography >= 3.4"
|
||||
extends_documentation_fragment:
|
||||
- community.crypto.attributes
|
||||
- community.crypto.cryptography_dep.minimum
|
||||
attributes:
|
||||
check_mode:
|
||||
support: none
|
||||
@@ -163,6 +162,9 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.cryptograp
|
||||
set_not_valid_after,
|
||||
set_not_valid_before,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.time import (
|
||||
get_now_datetime,
|
||||
)
|
||||
@@ -184,7 +186,9 @@ try:
|
||||
import cryptography.x509
|
||||
import cryptography.x509.oid
|
||||
|
||||
HAS_CRYPTOGRAPHY = LooseVersion(cryptography.__version__) >= LooseVersion("3.4")
|
||||
HAS_CRYPTOGRAPHY = LooseVersion(cryptography.__version__) >= LooseVersion(
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
)
|
||||
except ImportError:
|
||||
CRYPTOGRAPHY_IMP_ERR = traceback.format_exc()
|
||||
HAS_CRYPTOGRAPHY = False
|
||||
@@ -215,10 +219,16 @@ def main():
|
||||
# Some callbacks die when exception is provided with value None
|
||||
if CRYPTOGRAPHY_IMP_ERR:
|
||||
module.fail_json(
|
||||
msg=missing_required_lib("cryptography >= 3.4"),
|
||||
msg=missing_required_lib(
|
||||
f"cryptography >= {COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION}"
|
||||
),
|
||||
exception=CRYPTOGRAPHY_IMP_ERR,
|
||||
)
|
||||
module.fail_json(msg=missing_required_lib("cryptography >= 3.4"))
|
||||
module.fail_json(
|
||||
msg=missing_required_lib(
|
||||
f"cryptography >= {COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION}"
|
||||
)
|
||||
)
|
||||
|
||||
try:
|
||||
# Get parameters
|
||||
|
||||
@@ -17,11 +17,10 @@ description:
|
||||
- Note that this module does I(not) check for validity of the chains. It only checks that issuer and subject match, and
|
||||
that the signature is correct. It ignores validity dates and key usage completely. If you need to verify that a generated
|
||||
chain is valid, please use C(openssl verify ...).
|
||||
requirements:
|
||||
- "cryptography >= 3.4"
|
||||
extends_documentation_fragment:
|
||||
- community.crypto.attributes
|
||||
- community.crypto.attributes.idempotent_not_modify_state
|
||||
- community.crypto.cryptography_dep.minimum
|
||||
attributes:
|
||||
check_mode:
|
||||
support: full
|
||||
@@ -129,6 +128,9 @@ from ansible.module_utils.common.text.converters import to_bytes
|
||||
from ansible_collections.community.crypto.plugins.module_utils.crypto.pem import (
|
||||
split_pem_list,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
LooseVersion,
|
||||
)
|
||||
@@ -148,7 +150,9 @@ try:
|
||||
import cryptography.x509
|
||||
import cryptography.x509.oid
|
||||
|
||||
HAS_CRYPTOGRAPHY = LooseVersion(cryptography.__version__) >= LooseVersion("3.4")
|
||||
HAS_CRYPTOGRAPHY = LooseVersion(cryptography.__version__) >= LooseVersion(
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
)
|
||||
except ImportError:
|
||||
CRYPTOGRAPHY_IMP_ERR = traceback.format_exc()
|
||||
HAS_CRYPTOGRAPHY = False
|
||||
@@ -331,7 +335,9 @@ def main():
|
||||
|
||||
if not HAS_CRYPTOGRAPHY:
|
||||
module.fail_json(
|
||||
msg=missing_required_lib("cryptography >= 3.4"),
|
||||
msg=missing_required_lib(
|
||||
f"cryptography >= {COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION}"
|
||||
),
|
||||
exception=CRYPTOGRAPHY_IMP_ERR,
|
||||
)
|
||||
|
||||
|
||||
@@ -19,11 +19,10 @@ description:
|
||||
validated in the ECS system. It is I(not) the responsibility of this module to perform those steps.
|
||||
notes:
|
||||
- O(path) must be specified as the output location of the certificate.
|
||||
requirements:
|
||||
- cryptography >= 3.4
|
||||
extends_documentation_fragment:
|
||||
- community.crypto.attributes
|
||||
- community.crypto.attributes.files
|
||||
- community.crypto.cryptography_dep.minimum
|
||||
- community.crypto.ecs_credential
|
||||
attributes:
|
||||
check_mode:
|
||||
@@ -558,6 +557,9 @@ from ansible.module_utils.common.text.converters import to_bytes
|
||||
from ansible_collections.community.crypto.plugins.module_utils.crypto.support import (
|
||||
load_certificate,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.ecs.api import (
|
||||
ECSClient,
|
||||
RestOperationException,
|
||||
@@ -581,7 +583,7 @@ except ImportError:
|
||||
else:
|
||||
CRYPTOGRAPHY_FOUND = True
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
|
||||
def validate_cert_expiry(cert_expiry):
|
||||
|
||||
@@ -16,6 +16,7 @@ description:
|
||||
extends_documentation_fragment:
|
||||
- community.crypto.attributes
|
||||
- community.crypto.attributes.idempotent_not_modify_state
|
||||
- community.crypto.cryptography_dep.minimum
|
||||
attributes:
|
||||
check_mode:
|
||||
support: none
|
||||
@@ -121,7 +122,6 @@ notes:
|
||||
- When using ca_cert on OS X it has been reported that in some conditions the validate will always succeed.
|
||||
requirements:
|
||||
- "Python >= 3.10 when O(get_certificate_chain=true)"
|
||||
- "cryptography >= 3.4"
|
||||
|
||||
seealso:
|
||||
- plugin: community.crypto.to_serial
|
||||
@@ -284,6 +284,9 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.cryptograp
|
||||
get_not_valid_after,
|
||||
get_not_valid_before,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.time import (
|
||||
get_now_datetime,
|
||||
)
|
||||
@@ -292,7 +295,7 @@ from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
)
|
||||
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
try:
|
||||
|
||||
@@ -15,7 +15,7 @@ description:
|
||||
V(rsa), V(dsa), V(rsa1), V(ed25519) or V(ecdsa) private keys.
|
||||
requirements:
|
||||
- ssh-keygen (if O(backend=openssh))
|
||||
- cryptography >= 3.4 (if O(backend=cryptography))
|
||||
- cryptography >= 3.3 (if O(backend=cryptography))
|
||||
extends_documentation_fragment:
|
||||
- ansible.builtin.files
|
||||
- community.crypto.attributes
|
||||
|
||||
@@ -14,16 +14,15 @@ description:
|
||||
- This module allows one to query information on OpenSSL Certificate Signing Requests (CSR).
|
||||
- In case the CSR signature cannot be validated, the module will fail. In this case, all return variables are still returned.
|
||||
- It uses the cryptography python library to interact with OpenSSL.
|
||||
requirements:
|
||||
- cryptography >= 3.4
|
||||
author:
|
||||
- Felix Fontein (@felixfontein)
|
||||
- Yanis Guenane (@Spredzy)
|
||||
extends_documentation_fragment:
|
||||
- community.crypto.attributes
|
||||
- community.crypto.attributes.info_module
|
||||
- community.crypto.name_encoding
|
||||
- community.crypto.attributes.idempotent_not_modify_state
|
||||
- community.crypto.cryptography_dep.minimum
|
||||
- community.crypto.name_encoding
|
||||
options:
|
||||
path:
|
||||
description:
|
||||
|
||||
@@ -17,7 +17,7 @@ description:
|
||||
- The module can use the cryptography Python library, or the C(openssl) executable. By default, it tries to detect which
|
||||
one is available. This can be overridden with the O(select_crypto_backend) option.
|
||||
requirements:
|
||||
- Either cryptography >= 3.4
|
||||
- Either cryptography >= 3.3
|
||||
- Or OpenSSL binary C(openssl)
|
||||
author:
|
||||
- Thom Wiggers (@thomwiggers)
|
||||
@@ -139,6 +139,9 @@ from ansible.module_utils.common.text.converters import to_native
|
||||
from ansible_collections.community.crypto.plugins.module_utils.crypto.math import (
|
||||
count_bits,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.io import (
|
||||
load_file_if_exists,
|
||||
write_file,
|
||||
@@ -148,7 +151,7 @@ from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
)
|
||||
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
try:
|
||||
|
||||
@@ -14,12 +14,11 @@ short_description: Generate OpenSSL PKCS#12 archive
|
||||
description:
|
||||
- This module allows one to (re-)generate PKCS#12.
|
||||
- The module uses the cryptography Python library.
|
||||
requirements:
|
||||
- cryptography >= 3.4
|
||||
extends_documentation_fragment:
|
||||
- ansible.builtin.files
|
||||
- community.crypto.attributes
|
||||
- community.crypto.attributes.files
|
||||
- community.crypto.cryptography_dep.minimum
|
||||
attributes:
|
||||
check_mode:
|
||||
support: full
|
||||
@@ -296,6 +295,9 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.support im
|
||||
load_certificate,
|
||||
load_privatekey,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.io import (
|
||||
load_file_if_exists,
|
||||
write_file,
|
||||
@@ -305,7 +307,7 @@ from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
)
|
||||
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
try:
|
||||
|
||||
@@ -16,8 +16,6 @@ description:
|
||||
return variables are still returned. Note that key consistency checks are not available all key types; if none is available,
|
||||
V(none) is returned for RV(key_is_consistent).
|
||||
- It uses the cryptography python library to interact with OpenSSL.
|
||||
requirements:
|
||||
- cryptography >= 3.4
|
||||
author:
|
||||
- Felix Fontein (@felixfontein)
|
||||
- Yanis Guenane (@Spredzy)
|
||||
@@ -25,6 +23,7 @@ extends_documentation_fragment:
|
||||
- community.crypto.attributes
|
||||
- community.crypto.attributes.info_module
|
||||
- community.crypto.attributes.idempotent_not_modify_state
|
||||
- community.crypto.cryptography_dep.minimum
|
||||
options:
|
||||
path:
|
||||
description:
|
||||
|
||||
@@ -14,8 +14,6 @@ description:
|
||||
- Public keys are generated in PEM or OpenSSH format. Private keys must be OpenSSL PEM keys. B(OpenSSH private keys are
|
||||
not supported), use the M(community.crypto.openssh_keypair) module to manage these.
|
||||
- The module uses the cryptography Python library.
|
||||
requirements:
|
||||
- cryptography >= 3.4
|
||||
author:
|
||||
- Yanis Guenane (@Spredzy)
|
||||
- Felix Fontein (@felixfontein)
|
||||
@@ -23,6 +21,7 @@ extends_documentation_fragment:
|
||||
- ansible.builtin.files
|
||||
- community.crypto.attributes
|
||||
- community.crypto.attributes.files
|
||||
- community.crypto.cryptography_dep.minimum
|
||||
attributes:
|
||||
check_mode:
|
||||
support: full
|
||||
@@ -200,6 +199,9 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.support im
|
||||
get_fingerprint,
|
||||
load_privatekey,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.io import (
|
||||
load_file_if_exists,
|
||||
write_file,
|
||||
@@ -209,7 +211,7 @@ from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
)
|
||||
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
try:
|
||||
|
||||
@@ -13,14 +13,13 @@ description:
|
||||
- This module allows one to query information on OpenSSL public keys.
|
||||
- It uses the cryptography python library to interact with OpenSSL.
|
||||
version_added: 1.7.0
|
||||
requirements:
|
||||
- cryptography >= 3.4
|
||||
author:
|
||||
- Felix Fontein (@felixfontein)
|
||||
extends_documentation_fragment:
|
||||
- community.crypto.attributes
|
||||
- community.crypto.attributes.info_module
|
||||
- community.crypto.attributes.idempotent_not_modify_state
|
||||
- community.crypto.cryptography_dep.minimum
|
||||
options:
|
||||
path:
|
||||
description:
|
||||
|
||||
@@ -13,13 +13,12 @@ short_description: Sign data with openssl
|
||||
description:
|
||||
- This module allows one to sign data using a private key.
|
||||
- The module uses the cryptography Python library.
|
||||
requirements:
|
||||
- cryptography >= 3.4
|
||||
author:
|
||||
- Patrick Pichler (@aveexy)
|
||||
- Markus Teufelberger (@MarkusTeufelberger)
|
||||
extends_documentation_fragment:
|
||||
- community.crypto.attributes
|
||||
- community.crypto.cryptography_dep.minimum
|
||||
attributes:
|
||||
check_mode:
|
||||
support: full
|
||||
@@ -99,12 +98,15 @@ import base64
|
||||
import os
|
||||
import traceback
|
||||
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
LooseVersion,
|
||||
)
|
||||
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
try:
|
||||
|
||||
@@ -13,8 +13,6 @@ short_description: Verify signatures with openssl
|
||||
description:
|
||||
- This module allows one to verify a signature for a file by a certificate.
|
||||
- The module uses the cryptography Python library.
|
||||
requirements:
|
||||
- cryptography >= 3.4
|
||||
author:
|
||||
- Patrick Pichler (@aveexy)
|
||||
- Markus Teufelberger (@MarkusTeufelberger)
|
||||
@@ -22,6 +20,7 @@ extends_documentation_fragment:
|
||||
- community.crypto.attributes
|
||||
- community.crypto.attributes.info_module
|
||||
- community.crypto.attributes.idempotent_not_modify_state
|
||||
- community.crypto.cryptography_dep.minimum
|
||||
options:
|
||||
path:
|
||||
description:
|
||||
@@ -88,12 +87,15 @@ import base64
|
||||
import os
|
||||
import traceback
|
||||
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
LooseVersion,
|
||||
)
|
||||
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
try:
|
||||
|
||||
@@ -124,13 +124,16 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.pem import
|
||||
from ansible_collections.community.crypto.plugins.module_utils.crypto.support import (
|
||||
OpenSSLObject,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.io import (
|
||||
load_file_if_exists,
|
||||
write_file,
|
||||
)
|
||||
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
try:
|
||||
|
||||
@@ -19,8 +19,6 @@ description:
|
||||
to M(community.crypto.x509_certificate_info). When using FQCNs or when using the
|
||||
L(collections,https://docs.ansible.com/ansible/latest/user_guide/collections_using.html#using-collections-in-a-playbook)
|
||||
keyword, the new name M(community.crypto.x509_certificate_info) should be used to avoid a deprecation warning.
|
||||
requirements:
|
||||
- cryptography >= 3.4
|
||||
author:
|
||||
- Felix Fontein (@felixfontein)
|
||||
- Yanis Guenane (@Spredzy)
|
||||
@@ -29,6 +27,7 @@ extends_documentation_fragment:
|
||||
- community.crypto.attributes
|
||||
- community.crypto.attributes.info_module
|
||||
- community.crypto.attributes.idempotent_not_modify_state
|
||||
- community.crypto.cryptography_dep.minimum
|
||||
- community.crypto.name_encoding
|
||||
options:
|
||||
path:
|
||||
|
||||
@@ -14,14 +14,13 @@ description:
|
||||
- This module allows one to (re)generate or update Certificate Revocation Lists (CRLs).
|
||||
- Certificates on the revocation list can be either specified by serial number and (optionally) their issuer, or as a path
|
||||
to a certificate file in PEM format.
|
||||
requirements:
|
||||
- cryptography >= 3.4
|
||||
author:
|
||||
- Felix Fontein (@felixfontein)
|
||||
extends_documentation_fragment:
|
||||
- ansible.builtin.files
|
||||
- community.crypto.attributes
|
||||
- community.crypto.attributes.files
|
||||
- community.crypto.cryptography_dep.minimum
|
||||
- community.crypto.name_encoding
|
||||
attributes:
|
||||
check_mode:
|
||||
@@ -470,6 +469,9 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.support im
|
||||
parse_ordered_name_field,
|
||||
select_message_digest,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.cryptography_dep import (
|
||||
COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
|
||||
)
|
||||
from ansible_collections.community.crypto.plugins.module_utils.io import write_file
|
||||
from ansible_collections.community.crypto.plugins.module_utils.serial import (
|
||||
parse_serial,
|
||||
@@ -482,7 +484,7 @@ from ansible_collections.community.crypto.plugins.module_utils.version import (
|
||||
)
|
||||
|
||||
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
|
||||
MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
|
||||
|
||||
CRYPTOGRAPHY_IMP_ERR = None
|
||||
try:
|
||||
|
||||
@@ -12,14 +12,13 @@ version_added: '1.0.0'
|
||||
short_description: Retrieve information on Certificate Revocation Lists (CRLs)
|
||||
description:
|
||||
- This module allows one to retrieve information on Certificate Revocation Lists (CRLs).
|
||||
requirements:
|
||||
- cryptography >= 3.4
|
||||
author:
|
||||
- Felix Fontein (@felixfontein)
|
||||
extends_documentation_fragment:
|
||||
- community.crypto.attributes
|
||||
- community.crypto.attributes.info_module
|
||||
- community.crypto.attributes.idempotent_not_modify_state
|
||||
- community.crypto.cryptography_dep.minimum
|
||||
- community.crypto.name_encoding
|
||||
options:
|
||||
path:
|
||||
|
||||
@@ -37,4 +37,4 @@
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -37,4 +37,4 @@
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -41,4 +41,4 @@
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -118,4 +118,4 @@
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -37,4 +37,4 @@
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -33,4 +33,4 @@
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -40,4 +40,4 @@
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -37,4 +37,4 @@
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -35,4 +35,4 @@
|
||||
terms_agreed: true
|
||||
account_email: "example@example.org"
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -37,4 +37,4 @@
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -24,4 +24,4 @@
|
||||
- name: Run tests with created certificates
|
||||
import_tasks: created.yml
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -129,4 +129,4 @@
|
||||
|
||||
- name: Running tests
|
||||
include_tasks: impl.yml
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -39,4 +39,4 @@
|
||||
|
||||
- name: Running tests
|
||||
include_tasks: impl.yml
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -44,4 +44,4 @@
|
||||
|
||||
- name: Running tests
|
||||
include_tasks: impl.yml
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -146,4 +146,4 @@
|
||||
|
||||
- name: Running tests
|
||||
include_tasks: impl.yml
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -88,4 +88,4 @@
|
||||
- name: Running tests
|
||||
include_tasks: impl.yml
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -37,7 +37,7 @@
|
||||
that:
|
||||
- result is success or skip_tests
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
- block:
|
||||
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
|
||||
- set_fact:
|
||||
backends: "{{ backends + ['cryptography'] }}"
|
||||
when: cryptography_version.stdout is version('3.4', '>=') and bcrypt_version.stdout is version('3.1.5', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=') and bcrypt_version.stdout is version('3.1.5', '>=')
|
||||
|
||||
- include_tasks: ../tests/core.yml
|
||||
loop: "{{ backends }}"
|
||||
@@ -47,4 +47,4 @@
|
||||
loop_var: backend
|
||||
|
||||
- include_tasks: ../tests/cryptography_backend.yml
|
||||
when: cryptography_version.stdout is version('3.4', '>=') and bcrypt_version.stdout is version('3.1.5', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=') and bcrypt_version.stdout is version('3.1.5', '>=')
|
||||
|
||||
@@ -29,4 +29,4 @@
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -132,4 +132,4 @@
|
||||
include_tasks: impl.yml
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -24,4 +24,4 @@
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -44,4 +44,4 @@
|
||||
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -62,13 +62,10 @@
|
||||
path: '{{ remote_tmp_dir }}/ansible.p12'
|
||||
state: absent
|
||||
|
||||
- block:
|
||||
- name: Running tests with cryptography backend
|
||||
include_tasks: impl.yml
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
- name: Running tests with cryptography backend
|
||||
include_tasks: impl.yml
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
|
||||
when: >-
|
||||
cryptography_version.stdout is version('3.4', '>=')
|
||||
cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -50,4 +50,4 @@
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -58,4 +58,4 @@
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -43,4 +43,4 @@
|
||||
include_tasks: impl.yml
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -18,4 +18,4 @@
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -28,4 +28,4 @@
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -46,4 +46,4 @@
|
||||
include_tasks: impl.yml
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -141,4 +141,4 @@
|
||||
- name: Running tests
|
||||
include_tasks: impl.yml
|
||||
# Make x509_certificate module happy
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -12,4 +12,4 @@
|
||||
include_tasks: impl.yml
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -658,6 +658,6 @@
|
||||
register: ownca_certificate_ed25519_ed448_2_idempotence
|
||||
ignore_errors: true
|
||||
|
||||
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('3.4', '>=')
|
||||
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
- import_tasks: ../tests/validate_ownca.yml
|
||||
|
||||
@@ -480,6 +480,6 @@
|
||||
register: selfsigned_certificate_ed25519_ed448_idempotence
|
||||
ignore_errors: true
|
||||
|
||||
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('3.4', '>=')
|
||||
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
- import_tasks: ../tests/validate_selfsigned.yml
|
||||
|
||||
@@ -149,4 +149,4 @@
|
||||
include_tasks: impl.yml
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -23,4 +23,4 @@
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -694,4 +694,4 @@
|
||||
- Ed448
|
||||
ignore_errors: true
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
@@ -90,4 +90,4 @@
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
||||
when: cryptography_version.stdout is version('3.4', '>=')
|
||||
when: cryptography_version.stdout is version('3.3', '>=')
|
||||
|
||||
Reference in New Issue
Block a user