* Remove Entrust modules and certificate providers.
* Add more information on Entrust removal.
* Remove Entrust content from ignore.txt files.
* Work around bug in ansible-test.
* Look at possibly-used-before-assignment.
* Use latest beta releases of ansible-core 2.19 for mypy and pylint.
* Look at unsupported-*.
* Look at unknown-option-value.
* Look at redefined-builtin.
* Look at superfluous-parens.
* Look at unspecified-encoding.
* Adjust to new cryptography version and to ansible-core 2.17's pylint.
* Look at super-with-arguments.
* Look at no-else-*.
* Look at try-except-raise.
* Look at inconsistent-return-statements.
* Look at redefined-outer-name.
* Look at redefined-argument-from-local.
* Look at attribute-defined-outside-init.
* Look at unused-variable.
* Look at protected-access.
* Look at raise-missing-from.
* Look at arguments-differ.
* Look at useless-suppression and use-symbolic-message-instead.
* Look at consider-using-dict-items.
* Look at consider-using-in.
* Look at consider-using-set-comprehension.
* Look at consider-using-with.
* Look at use-dict-literal.
* Move mypy/flake8/isort config files to more 'natural' places.
* Add pylint.
* Look at no-member.
* Look at pointless-* and unnecessary-pass.
* Look at useless-*.
* Lint.
* Enable basic type checking.
* Fix first errors.
* Add changelog fragment.
* Add types to module_utils and plugin_utils (without module backends).
* Add typing hints for acme_* modules.
* Add typing to X.509 certificate modules, and add more helpers.
* Add typing to remaining module backends.
* Add typing for action, filter, and lookup plugins.
* Bump ansible-core 2.19 beta requirement for typing.
* Add more typing definitions.
* Add typing to some unit tests.
* Get rid of backend parameter whenever possible.
* Always auto-detect if backend choices are 'cryptography' and 'auto', resp. always check cryptography version.
* Improve error message.
* Update documentation.
* Get rid of Python 2 special handling.
* Get rid of more Python 2 specific handling.
* Stop using six.
* ipaddress is part of the standard library since Python 3.
* Add changelog.
* Fix import.
* Remove unneeded imports.
* openssl_pkcs12: Add support for `certificate_content` and `other_certificates_content`
Co-authored-by: Felix Fontein <felix@fontein.de>
* Added minimal tests.
The tests are minimal because internally it always ends up with the
_content variants, so even when supplying a file most of the internal
code paths then use the content.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* luks_device: allow passphrases to contain newlines
This is useful when passing binary keyfiles from an ansible vault, as
it removes the restriction that the binary data cannot contain newlines.
The only exception is adding a new key to an existing container, as in
that case the two passphrases are separated by a new line.
* add integration tests and a changelog fragment
* attempt to also make luks_add_key work with passphrases containing
newlines
* use a deterministic method to generate keyfile 3, improve changelog
formatting
* add licence and copyright to keyfile3.txt to satisfy CI
* Provide error information.
* Add helper function for order creation retrying.
* Improve existing documentation.
* Document 'replaces' return value.
* Add order_creation_error_strategy and order_creation_max_retries options.
* Add changelog fragment.
* Fix authz deactivation for finalizing step.
* Fix profile handling on order creation.
* Improve existing tests.
* Add ARI and profile tests.
* Warn when 'replaces' is removed when retrying to create an order.
* Fix error reporting for OpenSSL backend: raise BackendExceptions instead of directly failing the module.
* Add treat_parsing_error_as_non_existing option and existing and parsable return values.
* lookup lowercase domain names when verifying authorizations to prevent failure when CSR has mixed-case names
Signed-off-by: Lyas Spiehler <lspiehler@gmail.com>
* remove .lower() method
* make authorizations keys lowercase
Signed-off-by: Lyas Spiehler <lspiehler@gmail.com>
* use lowercase keys for authorizations dict
Signed-off-by: Lyas Spiehler <lspiehler@gmail.com>
* use new normalize_combined_identifier function to normalize identifiers
* include two blank lines after functions to pass tests
* Update plugins/module_utils/acme/challenges.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* add changelog fragment
Signed-off-by: Lyas Spiehler <lspiehler@gmail.com>
* Update changelogs/fragments/803-fix-authorization-failure-with-mixed-case-sans.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Signed-off-by: Lyas Spiehler <lspiehler@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Enable SSL CTX options for get_certificate
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
* Support both str and int SSL CTX options, override defaults
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
* Add changelog fragment
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
* Resolve doc builder error
ssl_ctx_options can be a mix of str and int, but `elements: [ str, int ]` made the Ansible doc builder angry.
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
* Set ssl_ctx_options version_added
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
* Initial application of suggestions from code review
Working on completing application of suggestions
Co-authored-by: Felix Fontein <felix@fontein.de>
* Finish applying suggestions from code review
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
* Documentation update
Co-authored-by: Felix Fontein <felix@fontein.de>
* Include value in fail output for wrong data type
Co-authored-by: Felix Fontein <felix@fontein.de>
* Handle invalid tls_ctx_option strings
Co-authored-by: Felix Fontein <felix@fontein.de>
* Minor documentation update
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
---------
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
Co-authored-by: Felix Fontein <felix@fontein.de>
