* Look at possibly-used-before-assignment.
* Use latest beta releases of ansible-core 2.19 for mypy and pylint.
* Look at unsupported-*.
* Look at unknown-option-value.
* Look at redefined-builtin.
* Look at superfluous-parens.
* Look at unspecified-encoding.
* Adjust to new cryptography version and to ansible-core 2.17's pylint.
* Look at super-with-arguments.
* Look at no-else-*.
* Look at try-except-raise.
* Look at inconsistent-return-statements.
* Look at redefined-outer-name.
* Look at redefined-argument-from-local.
* Look at attribute-defined-outside-init.
* Look at unused-variable.
* Look at protected-access.
* Look at raise-missing-from.
* Look at arguments-differ.
* Look at useless-suppression and use-symbolic-message-instead.
* Look at consider-using-dict-items.
* Look at consider-using-in.
* Look at consider-using-set-comprehension.
* Look at consider-using-with.
* Look at use-dict-literal.
* Enable basic type checking.
* Fix first errors.
* Add changelog fragment.
* Add types to module_utils and plugin_utils (without module backends).
* Add typing hints for acme_* modules.
* Add typing to X.509 certificate modules, and add more helpers.
* Add typing to remaining module backends.
* Add typing for action, filter, and lookup plugins.
* Bump ansible-core 2.19 beta requirement for typing.
* Add more typing definitions.
* Add typing to some unit tests.
* Get rid of backend parameter whenever possible.
* Always auto-detect if backend choices are 'cryptography' and 'auto', resp. always check cryptography version.
* Improve error message.
* Update documentation.
* Get rid of Python 2 special handling.
* Get rid of more Python 2 specific handling.
* Stop using six.
* ipaddress is part of the standard library since Python 3.
* Add changelog.
* Fix import.
* Remove unneeded imports.
Revert "Fix documentation. (#751)"
Revert "ACME modules: simplify code, refactor argspec handling code, move csr/csr_content to own docs fragment (#750)"
Revert "Refactor and extend argument spec helper, use for ACME modules (#749)"
Revert "Avoid exception if certificate has no AKI in acme_certificate. (#748)"
Revert "ACME: improve acme_certificate docs, include cert_id in acme_certificate_renewal_info return value (#747)"
Revert "Add acme_certificate_renewal_info module (#746)"
Revert "Refactor time code, add tests, fix bug when parsing absolute timestamps that omit seconds (#745)"
Revert "Add tests for acme_certificate_deactivate_authz module. (#744)"
Revert "Create acme_certificate_deactivate_authz module (#741)"
Revert "acme_certificate: allow to request renewal of a certificate according to ARI (#739)"
Revert "Implement basic acme_ari_info module. (#732)"
Revert "Add function for retrieval of ARI information. (#738)"
Revert "acme module utils: add functions for parsing Retry-After header values and computation of ARI certificate IDs (#737)"
Revert "Implement certificate information retrieval code in the ACME backends. (#736)"
Revert "Split up the default acme docs fragment to allow modules ot not need account data. (#735)"
This reverts commits 5e59c5261e, aa82575a78,
f3c9cb7a8a, f82b335916, 553ab45f46,
59606d48ad, 0a15be1017, 9501a28a93,
d906914737, 33d278ad8f, 6d4fc589ae,
9614b09f7a, af5f4b57f8, c6fbe58382,
and afe7f7522c.
* Use timezone aware functionality when using cryptography >= 42.0.0.
* Adjust OpenSSH certificate code to avoid functions deprecated in Python 3.12.
* Strip timezone info from isoformat() output.
* InvalidityDate.invalidity_date currently has no _utc variant.
* Added support for DER format
* Updated description
* Adjusted description
The content of the certificate cannot be in DER format due to an input encoding problem in the Ansible module, but it works fine when reading the certificate from a file
* Update support.py
* Added der_support_enabled flag for DER-format support
* Added changelog fragment for #603
* Fixed typo
* Fixed missing import
* Resolved issues found by static code analysis
* Update plugins/module_utils/crypto/support.py
Committed suggested change
Co-authored-by: Felix Fontein <felix@fontein.de>
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Improve examples: use FQCNs and always add name: to tasks.
* Improve formulation.
Co-authored-by: Don Naro <dnaro@redhat.com>
* Accidentally added a period.
---------
Co-authored-by: Don Naro <dnaro@redhat.com>
The issuer_uri is retrieved from the Authority Information Access field the same way as the OCSP responder URI is.
Handling is exactly the same since they reside in the same OID space and have the same data type.
Tests have also been added based on the integration test certificates.
Signed-off-by: benaryorg <binary@benary.org>
Signed-off-by: benaryorg <binary@benary.org>
* Prepare IDNA/Unicode conversion code. Use to normalize input.
* Use IDNA library first (IDNA2008) and Python's IDNA2003 implementation as a fallback.
* Make sure idna is installed.
* Add changelog fragment.
* 'punycode' → 'idna'.
* Add name_encoding options and tests.
* Avoid invalid character for IDNA2008.
* Linting.
* Forgot to upate value.
* Work around cryptography bug. Fix port handling for URIs.
* Forgot other place sensitive to cryptography bug.
* Forgot one. (Will likely still fail.)
* Decode IDNA in _compress_entry() to avoid comparison screw-ups.
* Work around Python 3.5 problem in Ansible 2.9's default test container.
* Update changelog fragment.
* Fix error, add tests.
* Python 2 compatibility.
* Update requirements.
* Add warning that ASN.1 encoded extension values returned by some modules might not reflect the exact byte sequence in the source file anymore depending on the cryptography version.
* Apply suggestions from code review
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Remove Ubuntu 16.04 (Xenial Xerus) from CI.
* Removing PyOpenSSL backend from everywhere but openssl_pkcs12.
* Remove PyOpenSSL support from module_utils that's not needed for openssl_pkcs12.
* Add changelog fragment.
* Return more public key information.
* Make sure bit size is converted to int first.
* Apply suggestions from code review
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Remove no longer necessary code.
* Use correct return value's name.
* Add trailing commas.
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Improve changelog generator config.
* We don't have docs at that URL.
* Require Ansible(-base) 2.9.10 or newer.
Needed for deprecation syntax.
* Update all deprecations from Ansible 2.1x to community.crypto 2.0.0.
* Forgot to check in fixes.
* Shorten lines.
* Fix unit test requirements.
* Fix YAML strings which only had a closing quote.
* Galaxy neither likes uppercase nor spaces in tags.
* General README improvements.
* Add roadmap section to README.
* Next release will be 1.0.0.
* Extend using instructions.
* Tags with dashes are also not allowed.
* Fix changelog link.
