Release 2.26.3.

* Check for 'externalAccountRequired' error.

* Add changelog fragment.

(cherry picked from commit 056ae1cf69)

.azure-pipelines/azure-pipelines.yml

@@ -212,6 +212,8 @@ stages:
           targets:
             - name: macOS 15.3
               test: macos/15.3
+            - name: RHEL 10.0
+              test: rhel/10.0
             - name: RHEL 9.5
               test: rhel/9.5
             - name: FreeBSD 14.2

.github/workflows/ansible-test.yml

@@ -284,7 +284,7 @@ jobs:
           pre-test-cmd: >-
             git clone --depth=1 --single-branch https://github.com/ansible-collections/community.internal_test_tools.git ../../community/internal_test_tools
             ;
-            git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git ../../community/general
+            git clone --depth=1 --single-branch --branch stable-10 https://github.com/ansible-collections/community.general.git ../../community/general
           pull-request-change-detection: 'true'
           target: ${{ matrix.target }}
           target-python-version: ${{ matrix.python }}

CHANGELOG.rst

@@ -4,6 +4,36 @@ Community Crypto Release Notes
 
 .. contents:: Topics
 
+v2.26.3
+=======
+
+Release Summary
+---------------
+
+Bugfix release.
+
+Bugfixes
+--------
+
+- acme_account - make work with CAs that do not accept any account request without External Account Binding data (https://github.com/ansible-collections/community.crypto/issues/918, https://github.com/ansible-collections/community.crypto/pull/919).
+
+v2.26.2
+=======
+
+Release Summary
+---------------
+
+Maintenance release announcing removal of the Entrust content from community.crypto 3.0.0.
+
+Deprecated Features
+-------------------
+
+- The Entrust service in currently being sunsetted after the sale of Entrust's Public Certificates Business to Sectigo; see `the announcement with key dates <https://www.entrust.com/tls-certificate-information-center>`__ and `the migration brief for customers <https://www.sectigo.com/uploads/resources/EOL_Migration-Brief-End-Customer.pdf>`__ for details (https://github.com/ansible-collections/community.crypto/issues/895, https://github.com/ansible-collections/community.crypto/pull/901).
+- ecs_certificate - the module will be removed from community.crypto 3.0.0 (https://github.com/ansible-collections/community.crypto/issues/895, https://github.com/ansible-collections/community.crypto/pull/901).
+- ecs_domain - the module will be removed from community.crypto 3.0.0 (https://github.com/ansible-collections/community.crypto/issues/895, https://github.com/ansible-collections/community.crypto/pull/901).
+- x509_certificate - the ``entrust`` provider will be removed from community.crypto 3.0.0 (https://github.com/ansible-collections/community.crypto/issues/895, https://github.com/ansible-collections/community.crypto/pull/901).
+- x509_certificate_pipe - the ``entrust`` provider will be removed from community.crypto 3.0.0 (https://github.com/ansible-collections/community.crypto/issues/895, https://github.com/ansible-collections/community.crypto/pull/901).
+
 v2.26.1
 =======
 

README.md

@@ -7,9 +7,9 @@ SPDX-License-Identifier: GPL-3.0-or-later
 # Ansible Community Crypto Collection
 
 [![Documentation](https://img.shields.io/badge/docs-brightgreen.svg)](https://docs.ansible.com/ansible/devel/collections/community/crypto/)
-[![Build Status](https://dev.azure.com/ansible/community.crypto/_apis/build/status/CI?branchName=main)](https://dev.azure.com/ansible/community.crypto/_build?definitionId=21)
+[![Build Status](https://dev.azure.com/ansible/community.crypto/_apis/build/status/CI?branchName=stable-2)](https://dev.azure.com/ansible/community.crypto/_build?definitionId=21)
-[![EOL CI](https://github.com/ansible-collections/community.crypto/actions/workflows/ansible-test.yml/badge.svg?branch=main)](https://github.com/ansible-collections/community.crypto/actions)
+[![EOL CI](https://github.com/ansible-collections/community.crypto/actions/workflows/ansible-test.yml/badge.svg?branch=stable-2)](https://github.com/ansible-collections/community.crypto/actions)
-[![Nox CI](https://github.com/ansible-collections/community.crypto/actions/workflows/nox.yml/badge.svg?branch=main)](https://github.com/ansible-collections/community.crypto/actions)
+[![Nox CI](https://github.com/ansible-collections/community.crypto/actions/workflows/nox.yml/badge.svg?branch=stable-2)](https://github.com/ansible-collections/community.crypto/actions)
 [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.crypto)](https://codecov.io/gh/ansible-collections/community.crypto)
 [![REUSE status](https://api.reuse.software/badge/github.com/ansible-collections/community.crypto)](https://api.reuse.software/info/github.com/ansible-collections/community.crypto)
 
@@ -54,7 +54,7 @@ Browsing the [**latest** collection documentation](https://docs.ansible.com/ansi
 
 Browsing the [**devel** collection documentation](https://docs.ansible.com/ansible/devel/collections/community/crypto) shows docs for the _latest version released on Galaxy_.
 
-We also separately publish [**latest commit** collection documentation](https://ansible-collections.github.io/community.crypto/branch/main/) which shows docs for the _latest commit in the `main` branch_.
+We also separately publish [**latest commit** collection documentation](https://ansible-collections.github.io/community.crypto/branch/stable-2/) which shows docs for the _latest commit in the `stable-2` branch_.
 
 If you use the Ansible package and do not update collections independently, use **latest**. If you install or update this collection directly from Galaxy, use **devel**. If you are looking to contribute, use **latest commit**.
 
@@ -109,7 +109,7 @@ If you use the Ansible package and do not update collections independently, use
   - luks_device module
   - parse_serial and to_serial filters
 
-You can also find a list of all modules and plugins with documentation on the [Ansible docs site](https://docs.ansible.com/ansible/latest/collections/community/crypto/), or the [latest commit collection documentation](https://ansible-collections.github.io/community.crypto/branch/main/).
+You can also find a list of all modules and plugins with documentation on the [Ansible docs site](https://docs.ansible.com/ansible/latest/collections/community/crypto/), or the [latest commit collection documentation](https://ansible-collections.github.io/community.crypto/branch/stable-2/).
 
 ## Using this collection
 
@@ -141,19 +141,15 @@ See [Ansible's dev guide](https://docs.ansible.com/ansible/devel/dev_guide/devel
 
 ## Release notes
 
-See the [changelog](https://github.com/ansible-collections/community.crypto/blob/main/CHANGELOG.md).
+See the [changelog](https://github.com/ansible-collections/community.crypto/blob/stable-2/CHANGELOG.md).
 
 ## Roadmap
 
 We plan to regularly release minor and patch versions, whenever new features are added or bugs fixed. Our collection follows [semantic versioning](https://semver.org/), so breaking changes will only happen in major releases.
 
-Most modules will drop PyOpenSSL support in version 2.0.0 of the collection, i.e. in the next major version. We currently plan to release 2.0.0 somewhen during 2021. Around then, the supported versions of the most common distributions will contain a new enough version of ``cryptography``.
+In 2.0.0, the following notable features have been removed:
-
+* PyOpenSSL backends of all modules, except ``openssl_pkcs12`` which did now have a ``cryptography`` backend for a long time due to lack of support of PKCS#12 functionality in ``cryptography``. (This changed.)
-Once 2.0.0 has been released, bugfixes will still be backported to 1.0.0 for some time, and some features might also be backported. If we do not want to backport something ourselves because we think it is not worth the effort, backport PRs by non-maintainers are usually accepted.
+* The ``assertonly`` provider of ``x509_certificate`` has been removed.
-
-In 2.0.0, the following notable features will be removed:
-* PyOpenSSL backends of all modules, except ``openssl_pkcs12`` which does not have a ``cryptography`` backend due to lack of support of PKCS#12 functionality in ``cryptography``.
-* The ``assertonly`` provider of ``x509_certificate`` will be removed.
 
 ## More information
 
@@ -166,8 +162,8 @@ In 2.0.0, the following notable features will be removed:
 
 This collection is primarily licensed and distributed as a whole under the GNU General Public License v3.0 or later.
 
-See [LICENSES/GPL-3.0-or-later.txt](https://github.com/ansible-collections/community.crypto/blob/main/COPYING) for the full text.
+See [LICENSES/GPL-3.0-or-later.txt](https://github.com/ansible-collections/community.crypto/blob/stable-2/COPYING) for the full text.
 
-Parts of the collection are licensed under the [Apache 2.0 license](https://github.com/ansible-collections/community.crypto/blob/main/LICENSES/Apache-2.0.txt) (`plugins/module_utils/crypto/_obj2txt.py` and `plugins/module_utils/crypto/_objects_data.py`), the [BSD 2-Clause license](https://github.com/ansible-collections/community.crypto/blob/main/LICENSES/BSD-2-Clause.txt) (`plugins/module_utils/ecs/api.py`), the [BSD 3-Clause license](https://github.com/ansible-collections/community.crypto/blob/main/LICENSES/BSD-3-Clause.txt) (`plugins/module_utils/crypto/_obj2txt.py`, `tests/integration/targets/prepare_jinja2_compat/filter_plugins/jinja_compatibility.py`), and the [PSF 2.0 license](https://github.com/ansible-collections/community.crypto/blob/main/LICENSES/PSF-2.0.txt) (`plugins/module_utils/_version.py`). This only applies to vendored files in ``plugins/module_utils/`` and to the ECS module utils.
+Parts of the collection are licensed under the [Apache 2.0 license](https://github.com/ansible-collections/community.crypto/blob/stable-2/LICENSES/Apache-2.0.txt) (`plugins/module_utils/crypto/_obj2txt.py` and `plugins/module_utils/crypto/_objects_data.py`), the [BSD 2-Clause license](https://github.com/ansible-collections/community.crypto/blob/stable-2/LICENSES/BSD-2-Clause.txt) (`plugins/module_utils/ecs/api.py`), the [BSD 3-Clause license](https://github.com/ansible-collections/community.crypto/blob/stable-2/LICENSES/BSD-3-Clause.txt) (`plugins/module_utils/crypto/_obj2txt.py`, `tests/integration/targets/prepare_jinja2_compat/filter_plugins/jinja_compatibility.py`), and the [PSF 2.0 license](https://github.com/ansible-collections/community.crypto/blob/stable-2/LICENSES/PSF-2.0.txt) (`plugins/module_utils/_version.py`). This only applies to vendored files in ``plugins/module_utils/`` and to the ECS module utils.
 
 All files have a machine readable `SDPX-License-Identifier:` comment denoting its respective license(s) or an equivalent entry in an accompanying `.license` file. Only changelog fragments (which will not be part of a release) are covered by a blanket statement in `REUSE.toml`. This conforms to the [REUSE specification](https://reuse.software/spec/).

changelogs/changelog.yaml

@@ -1643,3 +1643,39 @@ releases:
       - 867-passphrase-encoding-nolog.yml
       - 868-luks-remove-keyslot.yml
     release_date: '2025-04-28'
+  2.26.2:
+    changes:
+      deprecated_features:
+        - The Entrust service in currently being sunsetted after the sale of Entrust's
+          Public Certificates Business to Sectigo; see `the announcement with key
+          dates <https://www.entrust.com/tls-certificate-information-center>`__ and
+          `the migration brief for customers <https://www.sectigo.com/uploads/resources/EOL_Migration-Brief-End-Customer.pdf>`__
+          for details (https://github.com/ansible-collections/community.crypto/issues/895,
+          https://github.com/ansible-collections/community.crypto/pull/901).
+        - ecs_certificate - the module will be removed from community.crypto 3.0.0
+          (https://github.com/ansible-collections/community.crypto/issues/895, https://github.com/ansible-collections/community.crypto/pull/901).
+        - ecs_domain - the module will be removed from community.crypto 3.0.0 (https://github.com/ansible-collections/community.crypto/issues/895,
+          https://github.com/ansible-collections/community.crypto/pull/901).
+        - x509_certificate - the ``entrust`` provider will be removed from community.crypto
+          3.0.0 (https://github.com/ansible-collections/community.crypto/issues/895,
+          https://github.com/ansible-collections/community.crypto/pull/901).
+        - x509_certificate_pipe - the ``entrust`` provider will be removed from community.crypto
+          3.0.0 (https://github.com/ansible-collections/community.crypto/issues/895,
+          https://github.com/ansible-collections/community.crypto/pull/901).
+      release_summary: Maintenance release announcing removal of the Entrust content
+        from community.crypto 3.0.0.
+    fragments:
+      - 2.26.2.yml
+      - 901-remove-entrust.yml
+    release_date: '2025-05-22'
+  2.26.3:
+    changes:
+      bugfixes:
+        - acme_account - make work with CAs that do not accept any account request
+          without External Account Binding data (https://github.com/ansible-collections/community.crypto/issues/918,
+          https://github.com/ansible-collections/community.crypto/pull/919).
+      release_summary: Bugfix release.
+    fragments:
+      - 2.26.3.yml
+      - 919-acme_account-ear.yml
+    release_date: '2025-06-14'

galaxy.yml

@@ -5,7 +5,7 @@
 
 namespace: community
 name: crypto
-version: 2.26.1
+version: 2.26.3
 readme: README.md
 authors:
   - Ansible (github.com/ansible)

plugins/doc_fragments/acme.py

@@ -120,7 +120,7 @@ notes:
     the module can in principle be used with any CA providing an ACME endpoint, such as L(Buypass Go SSL,https://www.buypass.com/ssl/products/acme).
   - So far, the ACME modules have only been tested by the developers against Let's Encrypt (staging and production), Buypass
     (staging and production), ZeroSSL (production), and L(Pebble testing server,https://github.com/letsencrypt/Pebble). We
-    have got community feedback that they also work with Sectigo ACME Service for InCommon. If you experience problems with
+    have got community feedback that they also work with Sectigo ACME Service for InCommon and with HARICA. If you experience problems with
     another ACME server, please L(create an issue,https://github.com/ansible-collections/community.crypto/issues/new/choose)
     to help us supporting it. Feedback that an ACME server not mentioned does work is also appreciated.
 requirements:
@@ -146,6 +146,7 @@ options:
       - For B(Buypass), the production directory URL for ACME v2 and v1 is U(https://api.buypass.com/acme/directory).
       - For B(ZeroSSL), the production directory URL for ACME v2 is U(https://acme.zerossl.com/v2/DV90).
       - For B(Sectigo), the production directory URL for ACME v2 is U(https://acme-qa.secure.trust-provider.com/v2/DV).
+      - For B(HARICA), the production directory URL for ACME v2 is U(https://acme.harica.gr/XXX/directory) with XXX being specific to your account.
       - The notes for this module contain a list of ACME services this module has been tested against.
     required: true
     type: str
@@ -185,6 +186,7 @@ options:
   account_key_src:
     description:
       - Path to a file containing the ACME account RSA or Elliptic Curve key.
+      - "For Elliptic Curve keys only the following curves are supported: V(secp256r1), V(secp384r1), and V(secp521r1)."
       - 'Private keys can be created with the M(community.crypto.openssl_privatekey) or M(community.crypto.openssl_privatekey_pipe)
         modules. If the requisite (cryptography) is not available, keys can also be created directly with the C(openssl) command
         line tool: RSA keys can be created with C(openssl genrsa ...). Elliptic curve keys can be created with C(openssl ecparam
@@ -192,10 +194,12 @@ options:
       - Mutually exclusive with O(account_key_content).
       - Required if O(account_key_content) is not used.
     type: path
-    aliases: [account_key]
+    aliases:
+      - account_key
   account_key_content:
     description:
       - Content of the ACME account RSA or Elliptic Curve key.
+      - "For Elliptic Curve keys only the following curves are supported: V(secp256r1), V(secp384r1), and V(secp521r1)."
       - Mutually exclusive with O(account_key_src).
       - Required if O(account_key_src) is not used.
       - B(Warning:) the content will be written into a temporary file, which will be deleted by Ansible when the module completes.

plugins/doc_fragments/module_certificate.py

@@ -377,7 +377,8 @@ options:
       - This is only used by the V(selfsigned) provider.
     type: str
     default: +0s
-    aliases: [ selfsigned_notBefore ]
+    aliases:
+      - selfsigned_notBefore
 
   selfsigned_not_after:
     description:
@@ -395,7 +396,8 @@ options:
         Please see U(https://support.apple.com/en-us/HT210176) for more details.
     type: str
     default: +3650d
-    aliases: [ selfsigned_notAfter ]
+    aliases:
+      - selfsigned_notAfter
 
   selfsigned_create_subject_key_identifier:
     description:

plugins/doc_fragments/module_csr.py

@@ -75,37 +75,51 @@ options:
     description:
       - The countryName field of the certificate signing request subject.
     type: str
-    aliases: [C, countryName]
+    aliases:
+      - C
+      - countryName
   state_or_province_name:
     description:
       - The stateOrProvinceName field of the certificate signing request subject.
     type: str
-    aliases: [ST, stateOrProvinceName]
+    aliases:
+      - ST
+      - stateOrProvinceName
   locality_name:
     description:
       - The localityName field of the certificate signing request subject.
     type: str
-    aliases: [L, localityName]
+    aliases:
+      - L
+      - localityName
   organization_name:
     description:
       - The organizationName field of the certificate signing request subject.
     type: str
-    aliases: [O, organizationName]
+    aliases:
+      - O
+      - organizationName
   organizational_unit_name:
     description:
       - The organizationalUnitName field of the certificate signing request subject.
     type: str
-    aliases: [OU, organizationalUnitName]
+    aliases:
+      - OU
+      - organizationalUnitName
   common_name:
     description:
       - The commonName field of the certificate signing request subject.
     type: str
-    aliases: [CN, commonName]
+    aliases:
+      - CN
+      - commonName
   email_address:
     description:
       - The emailAddress field of the certificate signing request subject.
     type: str
-    aliases: [E, emailAddress]
+    aliases:
+      - E
+      - emailAddress
   subject_alt_name:
     description:
       - Subject Alternative Name (SAN) extension to attach to the certificate signing request.
@@ -116,63 +130,75 @@ options:
       - More at U(https://tools.ietf.org/html/rfc5280#section-4.2.1.6).
     type: list
     elements: str
-    aliases: [subjectAltName]
+    aliases:
+      - subjectAltName
   subject_alt_name_critical:
     description:
       - Should the subjectAltName extension be considered as critical.
     type: bool
     default: false
-    aliases: [subjectAltName_critical]
+    aliases:
+      - subjectAltName_critical
   use_common_name_for_san:
     description:
       - If set to V(true), the module will fill the common name in for O(subject_alt_name) with C(DNS:) prefix if no SAN is
         specified.
     type: bool
     default: true
-    aliases: [useCommonNameForSAN]
+    aliases:
+      - useCommonNameForSAN
   key_usage:
     description:
       - This defines the purpose (for example encipherment, signature, certificate signing) of the key contained in the certificate.
     type: list
     elements: str
-    aliases: [keyUsage]
+    aliases:
+      - keyUsage
   key_usage_critical:
     description:
       - Should the keyUsage extension be considered as critical.
     type: bool
     default: false
-    aliases: [keyUsage_critical]
+    aliases:
+      - keyUsage_critical
   extended_key_usage:
     description:
       - Additional restrictions (for example client authentication, server authentication) on the allowed purposes for which
         the public key may be used.
     type: list
     elements: str
-    aliases: [extKeyUsage, extendedKeyUsage]
+    aliases:
+      - extKeyUsage
+      - extendedKeyUsage
   extended_key_usage_critical:
     description:
       - Should the extkeyUsage extension be considered as critical.
     type: bool
     default: false
-    aliases: [extKeyUsage_critical, extendedKeyUsage_critical]
+    aliases:
+      - extKeyUsage_critical
+      - extendedKeyUsage_critical
   basic_constraints:
     description:
       - Indicates basic constraints, such as if the certificate is a CA.
     type: list
     elements: str
-    aliases: [basicConstraints]
+    aliases:
+      - basicConstraints
   basic_constraints_critical:
     description:
       - Should the basicConstraints extension be considered as critical.
     type: bool
     default: false
-    aliases: [basicConstraints_critical]
+    aliases:
+      - basicConstraints_critical
   ocsp_must_staple:
     description:
       - Indicates that the certificate should contain the OCSP Must Staple extension (U(https://tools.ietf.org/html/rfc7633)).
     type: bool
     default: false
-    aliases: [ocspMustStaple]
+    aliases:
+      - ocspMustStaple
   ocsp_must_staple_critical:
     description:
       - Should the OCSP Must Staple extension be considered as critical.
@@ -180,7 +206,8 @@ options:
         OCSP Must Staple are required to reject such certificates (see U(https://tools.ietf.org/html/rfc7633#section-4)).
     type: bool
     default: false
-    aliases: [ocspMustStaple_critical]
+    aliases:
+      - ocspMustStaple_critical
   name_constraints_permitted:
     description:
       - For CA certificates, this specifies a list of identifiers which describe subtrees of names that this CA is allowed

plugins/module_utils/acme/account.py

@@ -73,6 +73,10 @@ class ACMEAccount(object):
                 # and provide external_account_binding credentials. Thus we first send a request with allow_creation=False
                 # to see whether the account already exists.
 
+                # Unfortunately, for other ACME servers it's the other way around: (at least some) HARICA endpoints
+                # do not allow *any* access without external account data. That's why we catch errors and check
+                # for 'externalAccountRequired'.
+                try:
                     # Note that we pass contact here: ZeroSSL does not accept registration calls without contacts, even
                     # if onlyReturnExisting is set to true.
                     created, data = self._new_reg(contact=contact, allow_creation=False)
@@ -80,6 +84,17 @@ class ACMEAccount(object):
                         # An account already exists! Return data
                         return created, data
                     # An account does not yet exist. Try to create one next.
+                except ACMEProtocolException as exc:
+                    if (
+                        exc.error_type
+                        != "urn:ietf:params:acme:error:externalAccountRequired"
+                        or external_account_binding is None
+                    ):
+                        # Either another error happened, or we got 'externalAccountRequired' and external account data was not supplied
+                        # => re-raise exception!
+                        raise
+                    # In this case, the server really wants external account data.
+                    # The below code tries to create the account with external account data present.
 
             new_reg = {"contact": contact}
             if not allow_creation:

plugins/modules/acme_account.py

@@ -105,8 +105,8 @@ options:
   external_account_binding:
     description:
       - Allows to provide external account binding data during account creation.
-      - This is used by CAs like Sectigo to bind a new ACME account to an existing CA-specific account, to be able to properly
+      - This is used by CAs like Sectigo, HARICA, or ZeroSSL to bind a new ACME account to an existing CA-specific account,
-        identify a customer.
+        to be able to properly identify a customer.
       - Only used when creating a new account. Can not be specified for ACME v1.
     type: dict
     suboptions:

tests/ee/all.yml

@@ -6,11 +6,11 @@
 - hosts: localhost
   tasks:
     - name: Show Python info
-      debug:
+      ansible.builtin.debug:
         var: ansible_python
 
     - name: Register cryptography version
-      command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'"
+      ansible.builtin.command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'"
       register: cryptography_version
 
     - name: Register pyOpenSSL version
@@ -19,7 +19,7 @@
       register: pyopenssl_version
 
     - name: Determine output directory
-      set_fact:
+      ansible.builtin.set_fact:
         output_path: "{{ 'output-%0x' % ((2**32) | random) }}"
 
     - name: Find all roles

tests/ee/roles/crypto_info/tasks/main.yml

@@ -8,11 +8,11 @@
   register: result
 
 - name: Dump result
-  debug:
+  ansible.builtin.debug:
     var: result
 
 - name: Validate result
-  assert:
+  ansible.builtin.assert:
     that:
       - result.openssl_present
       - result.python_cryptography_installed

tests/ee/roles/luks_device/tasks/main.yml

@@ -24,13 +24,13 @@
   when: false
   block:
     - name: Create lookback device
-      command: losetup -f {{ cryptfile_path }}
+      ansible.builtin.command: losetup -f {{ cryptfile_path }}
 
     - name: Determine loop device name
-      command: losetup -j {{ cryptfile_path }} --output name
+      ansible.builtin.command: losetup -j {{ cryptfile_path }} --output name
       register: cryptfile_device_output
 
-    - set_fact:
+    - ansible.builtin.set_fact:
         cryptfile_device: "{{ cryptfile_device_output.stdout_lines[1] }}"
 
     - name: Create LUKS container

tests/ee/roles/smoke/tasks/main.yml

@@ -8,7 +8,7 @@
   register: result
 
 - name: Validate result
-  assert:
+  ansible.builtin.assert:
     that:
       - result.msg == 'Everything is ok'
 
@@ -17,6 +17,6 @@
   register: result
 
 - name: Validate result
-  assert:
+  ansible.builtin.assert:
     that:
       - result.msg == 'Everything is ok'

tests/integration/targets/acme_account/tasks/impl.yml

@@ -5,7 +5,7 @@
 
 - block:
     - name: Generate account keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
         path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
         passphrase: "{{ item.pass | default(omit) | default(omit, true) }}"
         type: ECC
@@ -14,7 +14,7 @@
       loop: "{{ account_keys }}"
 
     - name: Parse account keys (to ease debugging some test failures)
-      openssl_privatekey_info:
+      community.crypto.openssl_privatekey_info:
         path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
         passphrase: "{{ item.pass | default(omit) | default(omit, true) }}"
         return_private_key_data: true
@@ -30,7 +30,7 @@
       - name: accountkey5
 
 - name: Do not try to create account
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     acme_version: 2
@@ -42,7 +42,7 @@
   register: account_not_created
 
 - name: Create it now (check mode, diff)
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     acme_version: 2
@@ -58,7 +58,7 @@
   register: account_created_check
 
 - name: Create it now
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     acme_version: 2
@@ -72,7 +72,7 @@
   register: account_created
 
 - name: Create it now (idempotent)
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     acme_version: 2
@@ -86,12 +86,12 @@
   register: account_created_idempotent
 
 - name: Read account key
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/accountkey.pem'
   register: slurp
 
 - name: Change email address (check mode, diff)
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_content: "{{ slurp.content | b64decode }}"
     acme_version: 2
@@ -106,7 +106,7 @@
   register: account_modified_check
 
 - name: Change email address
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_content: "{{ slurp.content | b64decode }}"
     acme_version: 2
@@ -119,7 +119,7 @@
   register: account_modified
 
 - name: Change email address (idempotent)
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     account_uri: "{{ account_created.account_uri }}"
@@ -133,7 +133,7 @@
   register: account_modified_idempotent
 
 - name: Cannot access account with wrong URI
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     account_uri: "{{ account_created.account_uri ~ '12345thisdoesnotexist' }}"
@@ -146,7 +146,7 @@
   register: account_modified_wrong_uri
 
 - name: Clear contact email addresses (check mode, diff)
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     acme_version: 2
@@ -160,7 +160,7 @@
   register: account_modified_2_check
 
 - name: Clear contact email addresses
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     acme_version: 2
@@ -172,7 +172,7 @@
   register: account_modified_2
 
 - name: Clear contact email addresses (idempotent)
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     acme_version: 2
@@ -184,7 +184,7 @@
   register: account_modified_2_idempotent
 
 - name: Change account key (check mode, diff)
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     acme_version: 2
@@ -200,7 +200,7 @@
   register: account_change_key_check
 
 - name: Change account key
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     acme_version: 2
@@ -214,7 +214,7 @@
   register: account_change_key
 
 - name: Deactivate account (check mode, diff)
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
     account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
@@ -227,7 +227,7 @@
   register: account_deactivate_check
 
 - name: Deactivate account
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
     account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
@@ -238,7 +238,7 @@
   register: account_deactivate
 
 - name: Deactivate account (idempotent)
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
     account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
@@ -249,7 +249,7 @@
   register: account_deactivate_idempotent
 
 - name: Do not try to create account II
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
     account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
@@ -262,7 +262,7 @@
   register: account_not_created_2
 
 - name: Do not try to create account III
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     acme_version: 2
@@ -274,7 +274,7 @@
   register: account_not_created_3
 
 - name: Create account with External Account Binding
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/{{ item.account }}.pem"
     acme_version: 2
@@ -304,4 +304,4 @@
       kid: kid-3
       alg: HS512
       key: zWNDZM6eQGHWpSRTPal5eIUYFTu7EajVIoguysqZ9wG44nMEtx3MUAsUDkMTQ12W
-- debug: var=account_created_eab
+- ansible.builtin.debug: var=account_created_eab

tests/integration/targets/acme_account/tasks/main.yml

@@ -10,31 +10,31 @@
 
 - block:
     - name: Running tests with OpenSSL backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
       vars:
         select_crypto_backend: openssl
 
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
 
   # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
   when: openssl_version.stdout is version('1.0.0', '>=')
 
 - name: Remove output directory
-  file:
+  ansible.builtin.file:
     path: "{{ remote_tmp_dir }}"
     state: absent
 
 - name: Re-create output directory
-  file:
+  ansible.builtin.file:
     path: "{{ remote_tmp_dir }}"
     state: directory
 
 - block:
     - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
       vars:
         select_crypto_backend: cryptography
 
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
 
   when: cryptography_version.stdout is version('1.5', '>=')

tests/integration/targets/acme_account/tests/validate.yml

@@ -4,13 +4,13 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Validate that account wasn't created in the first step
-  assert:
+  ansible.builtin.assert:
     that:
       - account_not_created is failed
       - account_not_created.msg == 'Account does not exist or is deactivated.'
 
 - name: Validate that account was created in the second step (check mode)
-  assert:
+  ansible.builtin.assert:
     that:
       - account_created_check is changed
       - account_created_check.account_uri is none
@@ -21,19 +21,19 @@
       - account_created_check.diff.after.contact[0] in ['mailto:example@example.org', 'mailto:********@********.org']
 
 - name: Validate that account was created in the second step
-  assert:
+  ansible.builtin.assert:
     that:
       - account_created is changed
       - account_created.account_uri is not none
 
 - name: Validate that account was created in the second step (idempotency)
-  assert:
+  ansible.builtin.assert:
     that:
       - account_created_idempotent is not changed
       - account_created_idempotent.account_uri is not none
 
 - name: Validate that email address was changed (check mode)
-  assert:
+  ansible.builtin.assert:
     that:
       - account_modified_check is changed
       - account_modified_check.account_uri is not none
@@ -44,24 +44,24 @@
       - account_modified_check.diff.after.contact[0] in ['mailto:example@example.com', 'mailto:********@********.com']
 
 - name: Validate that email address was changed
-  assert:
+  ansible.builtin.assert:
     that:
       - account_modified is changed
       - account_modified.account_uri is not none
 
 - name: Validate that email address was not changed a second time (idempotency)
-  assert:
+  ansible.builtin.assert:
     that:
       - account_modified_idempotent is not changed
       - account_modified_idempotent.account_uri is not none
 
 - name: Make sure that with the wrong account URI, the account cannot be changed
-  assert:
+  ansible.builtin.assert:
     that:
       - account_modified_wrong_uri is failed
 
 - name: Validate that email address was cleared (check mode)
-  assert:
+  ansible.builtin.assert:
     that:
       - account_modified_2_check is changed
       - account_modified_2_check.account_uri is not none
@@ -71,19 +71,19 @@
       - account_modified_2_check.diff.after.contact | length == 0
 
 - name: Validate that email address was cleared
-  assert:
+  ansible.builtin.assert:
     that:
       - account_modified_2 is changed
       - account_modified_2.account_uri is not none
 
 - name: Validate that email address was not cleared a second time (idempotency)
-  assert:
+  ansible.builtin.assert:
     that:
       - account_modified_2_idempotent is not changed
       - account_modified_2_idempotent.account_uri is not none
 
 - name: Validate that the account key was changed (check mode)
-  assert:
+  ansible.builtin.assert:
     that:
       - account_change_key_check is changed
       - account_change_key_check.account_uri is not none
@@ -91,13 +91,13 @@
       - account_change_key_check.diff.before.public_account_key != account_change_key_check.diff.after.public_account_key
 
 - name: Validate that the account key was changed
-  assert:
+  ansible.builtin.assert:
     that:
       - account_change_key is changed
       - account_change_key.account_uri is not none
 
 - name: Validate that the account was deactivated (check mode)
-  assert:
+  ansible.builtin.assert:
     that:
       - account_deactivate_check is changed
       - account_deactivate_check.account_uri is not none
@@ -106,13 +106,13 @@
       - "account_deactivate_check.diff.after == {}"
 
 - name: Validate that the account was deactivated
-  assert:
+  ansible.builtin.assert:
     that:
       - account_deactivate is changed
       - account_deactivate.account_uri is not none
 
 - name: Validate that the account was really deactivated (idempotency)
-  assert:
+  ansible.builtin.assert:
     that:
       - account_deactivate_idempotent is not changed
       # The next condition should be true for all conforming ACME servers.
@@ -121,19 +121,19 @@
       - account_deactivate_idempotent.account_uri is none
 
 - name: Validate that the account is gone (new account key)
-  assert:
+  ansible.builtin.assert:
     that:
       - account_not_created_2 is failed
       - account_not_created_2.msg == 'Account does not exist or is deactivated.'
 
 - name: Validate that the account is gone (old account key)
-  assert:
+  ansible.builtin.assert:
     that:
       - account_not_created_3 is failed
       - account_not_created_3.msg == 'Account does not exist or is deactivated.'
 
 - name: Validate that the account with External Account Binding has been created
-  assert:
+  ansible.builtin.assert:
     that:
       - account_created_eab.results[0] is changed
       - account_created_eab.results[1] is changed

tests/integration/targets/acme_account_info/tasks/impl.yml

@@ -5,7 +5,7 @@
 
 - block:
     - name: Generate account keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
         path: "{{ remote_tmp_dir }}/{{ item }}.pem"
         type: ECC
         curve: secp256r1
@@ -13,7 +13,7 @@
       loop: "{{ account_keys }}"
 
     - name: Parse account keys (to ease debugging some test failures)
-      openssl_privatekey_info:
+      community.crypto.openssl_privatekey_info:
         path: "{{ remote_tmp_dir }}/{{ item }}.pem"
         return_private_key_data: true
       loop: "{{ account_keys }}"
@@ -24,7 +24,7 @@
       - accountkey2
 
 - name: Check that account does not exist
-  acme_account_info:
+  community.crypto.acme_account_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     acme_version: 2
@@ -33,7 +33,7 @@
   register: account_not_created
 
 - name: Create it now
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     acme_version: 2
@@ -46,7 +46,7 @@
       - mailto:example@example.org
 
 - name: Check that account exists
-  acme_account_info:
+  community.crypto.acme_account_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     acme_version: 2
@@ -55,12 +55,12 @@
   register: account_created
 
 - name: Read account key
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/accountkey.pem'
   register: slurp
 
 - name: Clear email address
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_content: "{{ slurp.content | b64decode }}"
     acme_version: 2
@@ -71,7 +71,7 @@
     contact: []
 
 - name: Check that account was modified
-  acme_account_info:
+  community.crypto.acme_account_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     acme_version: 2
@@ -81,7 +81,7 @@
   register: account_modified
 
 - name: Check with wrong account URI
-  acme_account_info:
+  community.crypto.acme_account_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
     acme_version: 2
@@ -91,7 +91,7 @@
   register: account_not_exist
 
 - name: Check with wrong account key
-  acme_account_info:
+  community.crypto.acme_account_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
     acme_version: 2

tests/integration/targets/acme_account_info/tasks/main.yml

@@ -10,31 +10,31 @@
 
 - block:
     - name: Running tests with OpenSSL backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
       vars:
         select_crypto_backend: openssl
 
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
 
   # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
   when: openssl_version.stdout is version('1.0.0', '>=')
 
 - name: Remove output directory
-  file:
+  ansible.builtin.file:
     path: "{{ remote_tmp_dir }}"
     state: absent
 
 - name: Re-create output directory
-  file:
+  ansible.builtin.file:
     path: "{{ remote_tmp_dir }}"
     state: directory
 
 - block:
     - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
       vars:
         select_crypto_backend: cryptography
 
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
 
   when: cryptography_version.stdout is version('1.5', '>=')

tests/integration/targets/acme_account_info/tests/validate.yml

@@ -4,14 +4,14 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Validate that account wasn't there
-  assert:
+  ansible.builtin.assert:
     that:
       - not account_not_created.exists
       - account_not_created.account_uri is none
       - "'account' not in account_not_created"
 
 - name: Validate that account was created
-  assert:
+  ansible.builtin.assert:
     that:
       - account_created.exists
       - account_created.account_uri is not none
@@ -22,7 +22,7 @@
       - "account_created.account.contact[0] == 'mailto:example@example.org'"
 
 - name: Validate that account email was removed
-  assert:
+  ansible.builtin.assert:
     that:
       - account_modified.exists
       - account_modified.account_uri is not none
@@ -32,13 +32,13 @@
       - account_modified.account.contact | length == 0
 
 - name: Validate that account does not exist with wrong account URI
-  assert:
+  ansible.builtin.assert:
     that:
       - not account_not_exist.exists
       - account_not_exist.account_uri is none
       - "'account' not in account_not_exist"
 
 - name: Validate that account cannot be accessed with wrong key
-  assert:
+  ansible.builtin.assert:
     that:
       - account_wrong_key is failed

tests/integration/targets/acme_ari_info/tasks/impl.yml

@@ -6,7 +6,7 @@
 ## SET UP ACCOUNT KEYS ########################################################################
 - block:
     - name: Generate account keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
         path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
         type: "{{ item.type }}"
         size: "{{ item.size | default(omit) }}"
@@ -21,7 +21,7 @@
         curve: secp256r1
 ## CREATE ACCOUNTS AND OBTAIN CERTIFICATES ####################################################
 - name: Obtain cert 1
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
   vars:
     certgen_title: Certificate 1 for renewal check
     certificate_name: cert-1
@@ -39,18 +39,18 @@
     account_email: "example@example.org"
 ## OBTAIN CERTIFICATE INFOS ###################################################################
 - name: Dump OpenSSL x509 info
-  command:
+  ansible.builtin.command:
     cmd: openssl x509 -in {{ remote_tmp_dir }}/cert-1.pem -noout -text
 - name: Obtain certificate information
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
     path: "{{ remote_tmp_dir }}/cert-1.pem"
   register: cert_1_info
 - name: Read certificate
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/cert-1.pem'
   register: slurp_cert_1
 - name: Obtain certificate information
-  acme_ari_info:
+  community.crypto.acme_ari_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
     acme_version: 2

tests/integration/targets/acme_ari_info/tasks/main.yml

@@ -14,31 +14,31 @@
   block:
     - block:
         - name: Running tests with OpenSSL backend
-          include_tasks: impl.yml
+          ansible.builtin.include_tasks: impl.yml
           vars:
             select_crypto_backend: openssl
 
-        - import_tasks: ../tests/validate.yml
+        - ansible.builtin.import_tasks: ../tests/validate.yml
 
       # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
       when: openssl_version.stdout is version('1.0.0', '>=')
 
     - name: Remove output directory
-      file:
+      ansible.builtin.file:
         path: "{{ remote_tmp_dir }}"
         state: absent
 
     - name: Re-create output directory
-      file:
+      ansible.builtin.file:
         path: "{{ remote_tmp_dir }}"
         state: directory
 
     - block:
         - name: Running tests with cryptography backend
-          include_tasks: impl.yml
+          ansible.builtin.include_tasks: impl.yml
           vars:
             select_crypto_backend: cryptography
 
-        - import_tasks: ../tests/validate.yml
+        - ansible.builtin.import_tasks: ../tests/validate.yml
 
       when: cryptography_version.stdout is version('1.5', '>=')

tests/integration/targets/acme_ari_info/tests/validate.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Validate results
-  assert:
+  ansible.builtin.assert:
     that:
       - cert_1 is not changed
       - cert_1.renewal_info.explanationURL is not defined or cert_1.renewal_info.explanationURL is string

tests/integration/targets/acme_certificate/tasks/impl.yml

@@ -6,7 +6,7 @@
 ## SET UP ACCOUNT KEYS ########################################################################
 - block:
     - name: Generate account keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
         path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
         type: "{{ item.type }}"
         size: "{{ item.size | default(omit) }}"
@@ -28,7 +28,7 @@
 
 ## SET UP ACCOUNTS ############################################################################
 - name: Make sure ECC256 account hasn't been created yet
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     acme_version: 2
     acme_directory: "{{ acme_directory_url }}"
@@ -36,11 +36,11 @@
     account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
     state: absent
 - name: Read account key (EC384)
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/account-ec384.pem'
   register: slurp
 - name: Create ECC384 account
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     acme_version: 2
     acme_directory: "{{ acme_directory_url }}"
@@ -53,7 +53,7 @@
       - mailto:example@example.org
       - mailto:example@example.com
 - name: Create RSA account
-  acme_account:
+  community.crypto.acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     acme_version: 2
     acme_directory: "{{ acme_directory_url }}"
@@ -66,7 +66,7 @@
 
 ## OBTAIN CERTIFICATES ########################################################################
 - name: Obtain cert 1
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
   vars:
     certgen_title: Certificate 1
     certificate_name: cert-1
@@ -89,11 +89,11 @@
         issuer: "{{ acme_roots[1].subject }}"
     use_csr_content: true
 - name: Store obtain results for cert 1
-  set_fact:
+  ansible.builtin.set_fact:
     cert_1_obtain_results: "{{ certificate_obtain_result }}"
     cert_1_alternate: "{{ 1 if select_crypto_backend == 'cryptography' else 0 }}"
 - name: Obtain cert 2
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
   vars:
     certgen_title: Certificate 2
     certificate_name: cert-2
@@ -122,15 +122,15 @@
         issuer: "{{ acme_roots[2].subject }}"
     use_csr_content: false
 - name: Store obtain results for cert 2
-  set_fact:
+  ansible.builtin.set_fact:
     cert_2_obtain_results: "{{ certificate_obtain_result }}"
     cert_2_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}"
 - name: Read account key (RSA)
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/account-rsa.pem'
   register: slurp_account_key
 - name: Obtain cert 3
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
   vars:
     certgen_title: Certificate 3
     certificate_name: cert-3
@@ -152,11 +152,11 @@
         subject: "{{ acme_roots[1].subject }}"
     use_csr_content: true
 - name: Store obtain results for cert 3
-  set_fact:
+  ansible.builtin.set_fact:
     cert_3_obtain_results: "{{ certificate_obtain_result }}"
     cert_3_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}"
 - name: Obtain cert 4
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
   vars:
     certgen_title: Certificate 4
     certificate_name: cert-4
@@ -181,11 +181,11 @@
         issuer: "{{ acme_roots[1].subject }}"
     use_csr_content: false
 - name: Store obtain results for cert 4
-  set_fact:
+  ansible.builtin.set_fact:
     cert_4_obtain_results: "{{ certificate_obtain_result }}"
     cert_4_alternate: "{{ 2 if select_crypto_backend == 'cryptography' else 0 }}"
 - name: Obtain cert 5
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
   vars:
     certgen_title: Certificate 5, Iteration 1/4
     certificate_name: cert-5
@@ -202,11 +202,11 @@
     account_email: ""
     use_csr_content: true
 - name: Store obtain results for cert 5a
-  set_fact:
+  ansible.builtin.set_fact:
     cert_5a_obtain_results: "{{ certificate_obtain_result }}"
     cert_5_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}"
 - name: Obtain cert 5 (should not, since already there and valid for more than 1 days)
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
   vars:
     certgen_title: Certificate 5, Iteration 2/4
     certificate_name: cert-5
@@ -223,10 +223,10 @@
     account_email: ""
     use_csr_content: false
 - name: Store obtain results for cert 5b
-  set_fact:
+  ansible.builtin.set_fact:
     cert_5_recreate_1: "{{ challenge_data is changed }}"
 - name: Obtain cert 5 (should again by less days)
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
   vars:
     certgen_title: Certificate 5, Iteration 3/4
     certificate_name: cert-5
@@ -245,15 +245,15 @@
     acme_certificate_profile: "{{ '6days' if acme_supports_profiles else omit }}"
     acme_certificate_include_renewal_cert_id: when_ari_supported
 - name: Store obtain results for cert 5c
-  set_fact:
+  ansible.builtin.set_fact:
     cert_5_recreate_2: "{{ challenge_data is changed }}"
     cert_5c_obtain_results: "{{ certificate_obtain_result }}"
 - name: Read account key (EC384)
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/account-ec384.pem'
   register: slurp_account_key
 - name: Obtain cert 5 (should again by force)
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
   vars:
     certgen_title: Certificate 5, Iteration 4/4
     certificate_name: cert-5
@@ -270,12 +270,12 @@
     account_email: ""
     use_csr_content: false
 - name: Store obtain results for cert 5d
-  set_fact:
+  ansible.builtin.set_fact:
     cert_5_recreate_3: "{{ challenge_data is changed }}"
     cert_5d_obtain_results: "{{ certificate_obtain_result }}"
 - block:
     - name: Obtain cert 6
-      include_tasks: obtain-cert.yml
+      ansible.builtin.include_tasks: obtain-cert.yml
       vars:
         certgen_title: Certificate 6
         certificate_name: cert-6
@@ -303,13 +303,13 @@
             issuer: "{{ acme_roots[1].subject }}"
         use_csr_content: true
     - name: Store obtain results for cert 6
-      set_fact:
+      ansible.builtin.set_fact:
         cert_6_obtain_results: "{{ certificate_obtain_result }}"
         cert_6_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}"
   when: acme_intermediates[0].subject_key_identifier is defined
 - block:
     - name: Obtain cert 7
-      include_tasks: obtain-cert.yml
+      ansible.builtin.include_tasks: obtain-cert.yml
       vars:
         certgen_title: Certificate 7
         certificate_name: cert-7
@@ -333,13 +333,13 @@
             authority_key_identifier: "{{ acme_roots[2].subject_key_identifier }}"
         use_csr_content: false
     - name: Store obtain results for cert 7
-      set_fact:
+      ansible.builtin.set_fact:
         cert_7_obtain_results: "{{ certificate_obtain_result }}"
         cert_7_alternate: "{{ 2 if select_crypto_backend == 'cryptography' else 0 }}"
   when: acme_roots[2].subject_key_identifier is defined
 - block:
     - name: Obtain cert 8
-      include_tasks: obtain-cert.yml
+      ansible.builtin.include_tasks: obtain-cert.yml
       vars:
         certgen_title: Certificate 8
         certificate_name: cert-8
@@ -361,7 +361,7 @@
         account_email: "example@example.org"
         use_csr_content: true
     - name: Store obtain results for cert 8
-      set_fact:
+      ansible.builtin.set_fact:
         cert_8_obtain_results: "{{ certificate_obtain_result }}"
         cert_8_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}"
   when: cryptography_version.stdout is version('1.3', '>=')
@@ -369,110 +369,110 @@
 ## DISSECT CERTIFICATES #######################################################################
 # Make sure certificates are valid. Root certificate for Pebble equals the chain certificate.
 - name: Verifying cert 1
-  command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-1-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-1-chain.pem" "{{ remote_tmp_dir }}/cert-1.pem"'
+  ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-1-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-1-chain.pem" "{{ remote_tmp_dir }}/cert-1.pem"'
   ignore_errors: true
   register: cert_1_valid
 - name: Verifying cert 2
-  command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-2-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-2-chain.pem" "{{ remote_tmp_dir }}/cert-2.pem"'
+  ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-2-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-2-chain.pem" "{{ remote_tmp_dir }}/cert-2.pem"'
   ignore_errors: true
   register: cert_2_valid
 - name: Verifying cert 3
-  command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-3-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-3-chain.pem" "{{ remote_tmp_dir }}/cert-3.pem"'
+  ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-3-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-3-chain.pem" "{{ remote_tmp_dir }}/cert-3.pem"'
   ignore_errors: true
   register: cert_3_valid
 - name: Verifying cert 4
-  command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-4-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-4-chain.pem" "{{ remote_tmp_dir }}/cert-4.pem"'
+  ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-4-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-4-chain.pem" "{{ remote_tmp_dir }}/cert-4.pem"'
   ignore_errors: true
   register: cert_4_valid
 - name: Verifying cert 5
-  command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-5-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-5-chain.pem" "{{ remote_tmp_dir }}/cert-5.pem"'
+  ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-5-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-5-chain.pem" "{{ remote_tmp_dir }}/cert-5.pem"'
   ignore_errors: true
   register: cert_5_valid
 - name: Verifying cert 6
-  command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-6-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-6-chain.pem" "{{ remote_tmp_dir }}/cert-6.pem"'
+  ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-6-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-6-chain.pem" "{{ remote_tmp_dir }}/cert-6.pem"'
   ignore_errors: true
   register: cert_6_valid
   when: acme_intermediates[0].subject_key_identifier is defined
 - name: Verifying cert 7
-  command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-7-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-7-chain.pem" "{{ remote_tmp_dir }}/cert-7.pem"'
+  ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-7-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-7-chain.pem" "{{ remote_tmp_dir }}/cert-7.pem"'
   ignore_errors: true
   register: cert_7_valid
   when: acme_roots[2].subject_key_identifier is defined
 - name: Verifying cert 8
-  command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-8-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-8-chain.pem" "{{ remote_tmp_dir }}/cert-8.pem"'
+  ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-8-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-8-chain.pem" "{{ remote_tmp_dir }}/cert-8.pem"'
   ignore_errors: true
   register: cert_8_valid
   when: cryptography_version.stdout is version('1.3', '>=')
 
 # Dump certificate info
 - name: Dumping cert 1
-  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-1.pem" -noout -text'
+  ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-1.pem" -noout -text'
   register: cert_1_text
 - name: Dumping cert 2
-  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-2.pem" -noout -text'
+  ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-2.pem" -noout -text'
   register: cert_2_text
 - name: Dumping cert 3
-  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-3.pem" -noout -text'
+  ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-3.pem" -noout -text'
   register: cert_3_text
 - name: Dumping cert 4
-  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-4.pem" -noout -text'
+  ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-4.pem" -noout -text'
   register: cert_4_text
 - name: Dumping cert 5
-  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-5.pem" -noout -text'
+  ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-5.pem" -noout -text'
   register: cert_5_text
 - name: Dumping cert 6
-  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-6.pem" -noout -text'
+  ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-6.pem" -noout -text'
   register: cert_6_text
   when: acme_intermediates[0].subject_key_identifier is defined
 - name: Dumping cert 7
-  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-7.pem" -noout -text'
+  ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-7.pem" -noout -text'
   register: cert_7_text
   when: acme_roots[2].subject_key_identifier is defined
 - name: Dumping cert 8
-  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-8.pem" -noout -text'
+  ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-8.pem" -noout -text'
   register: cert_8_text
   when: cryptography_version.stdout is version('1.3', '>=')
 
 # Dump certificate info
 - name: Dumping cert 1
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
     path: "{{ remote_tmp_dir }}/cert-1.pem"
   register: cert_1_info
 - name: Dumping cert 2
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
     path: "{{ remote_tmp_dir }}/cert-2.pem"
   register: cert_2_info
 - name: Dumping cert 3
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
     path: "{{ remote_tmp_dir }}/cert-3.pem"
   register: cert_3_info
 - name: Dumping cert 4
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
     path: "{{ remote_tmp_dir }}/cert-4.pem"
   register: cert_4_info
 - name: Dumping cert 5
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
     path: "{{ remote_tmp_dir }}/cert-5.pem"
   register: cert_5_info
 - name: Dumping cert 6
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
     path: "{{ remote_tmp_dir }}/cert-6.pem"
   register: cert_6_info
   when: acme_intermediates[0].subject_key_identifier is defined
 - name: Dumping cert 7
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
     path: "{{ remote_tmp_dir }}/cert-7.pem"
   register: cert_7_info
   when: acme_roots[2].subject_key_identifier is defined
 - name: Dumping cert 8
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
     path: "{{ remote_tmp_dir }}/cert-8.pem"
   register: cert_8_info
   when: cryptography_version.stdout is version('1.3', '>=')
 
 ## GET ACCOUNT ORDERS #########################################################################
 - name: Don't retrieve orders
-  acme_account_info:
+  community.crypto.acme_account_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
     acme_version: 2
@@ -481,7 +481,7 @@
     retrieve_orders: ignore
   register: account_orders_not
 - name: Retrieve orders as URL list (1/2)
-  acme_account_info:
+  community.crypto.acme_account_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
     acme_version: 2
@@ -490,7 +490,7 @@
     retrieve_orders: url_list
   register: account_orders_urls
 - name: Retrieve orders as URL list (2/2)
-  acme_account_info:
+  community.crypto.acme_account_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem"
     acme_version: 2
@@ -499,7 +499,7 @@
     retrieve_orders: url_list
   register: account_orders_urls2
 - name: Retrieve orders as object list (1/2)
-  acme_account_info:
+  community.crypto.acme_account_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
     acme_version: 2
@@ -508,7 +508,7 @@
     retrieve_orders: object_list
   register: account_orders_full
 - name: Retrieve orders as object list (2/2)
-  acme_account_info:
+  community.crypto.acme_account_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem"
     acme_version: 2

tests/integration/targets/acme_certificate/tasks/main.yml

@@ -10,46 +10,46 @@
 
 - block:
     - name: Obtain root and intermediate certificates
-      get_url:
+      ansible.builtin.get_url:
         url: "http://{{ acme_host }}:5000/{{ item.0 }}-certificate-for-ca/{{ item.1 }}"
         dest: "{{ remote_tmp_dir }}/acme-{{ item.0 }}-{{ item.1 }}.pem"
       loop: "{{ query('nested', types, root_numbers) }}"
 
     - name: Analyze root certificates
-      x509_certificate_info:
+      community.crypto.x509_certificate_info:
         path: "{{ remote_tmp_dir }}/acme-root-{{ item }}.pem"
       loop: "{{ root_numbers }}"
       register: acme_roots
 
     - name: Analyze intermediate certificates
-      x509_certificate_info:
+      community.crypto.x509_certificate_info:
         path: "{{ remote_tmp_dir }}/acme-intermediate-{{ item }}.pem"
       loop: "{{ root_numbers }}"
       register: acme_intermediates
 
     - name: Read root certificates
-      slurp:
+      ansible.builtin.slurp:
         src: "{{ remote_tmp_dir ~ '/acme-root-' ~ item ~ '.pem' }}"
       loop: "{{ root_numbers }}"
       register: slurp_roots
 
-    - set_fact:
+    - ansible.builtin.set_fact:
         x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}"
       loop: "{{ acme_roots.results }}"
       register: acme_roots_tmp
 
     - name: Read intermediate certificates
-      slurp:
+      ansible.builtin.slurp:
         src: "{{ remote_tmp_dir ~ '/acme-intermediate-' ~ item ~ '.pem' }}"
       loop: "{{ root_numbers }}"
       register: slurp_intermediates
 
-    - set_fact:
+    - ansible.builtin.set_fact:
         x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}"
       loop: "{{ acme_intermediates.results }}"
       register: acme_intermediates_tmp
 
-    - set_fact:
+    - ansible.builtin.set_fact:
         acme_roots: "{{ acme_roots_tmp.results | map(attribute='ansible_facts.x__') | list }}"
         acme_root_certs: "{{ slurp_roots.results | map(attribute='content') | map('b64decode') | list }}"
         acme_intermediates: "{{ acme_intermediates_tmp.results | map(attribute='ansible_facts.x__') | list }}"
@@ -74,48 +74,48 @@
       # - public_key_fingerprints
 
 - name: ACME root certificate info
-  debug:
+  ansible.builtin.debug:
     var: acme_roots
 
 # - name: ACME root certificates as PEM
-#   debug:
+#   ansible.builtin.debug:
 #     var: acme_root_certs
 
 - name: ACME intermediate certificate info
-  debug:
+  ansible.builtin.debug:
     var: acme_intermediates
 
 # - name: ACME intermediate certificates as PEM
-#   debug:
+#   ansible.builtin.debug:
 #     var: acme_intermediate_certs
 
 - block:
     - name: Running tests with OpenSSL backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
       vars:
         select_crypto_backend: openssl
 
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
 
   # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
   when: openssl_version.stdout is version('1.0.0', '>=')
 
 - name: Remove output directory
-  file:
+  ansible.builtin.file:
     path: "{{ remote_tmp_dir }}"
     state: absent
 
 - name: Re-create output directory
-  file:
+  ansible.builtin.file:
     path: "{{ remote_tmp_dir }}"
     state: directory
 
 - block:
     - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
       vars:
         select_crypto_backend: cryptography
 
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
 
   when: cryptography_version.stdout is version('1.5', '>=')

tests/integration/targets/acme_certificate/tests/validate.yml

@@ -4,15 +4,15 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Check that certificate 1 is valid
-  assert:
+  ansible.builtin.assert:
     that:
       - cert_1_valid is not failed
 - name: Check that certificate 1 contains correct SANs
-  assert:
+  ansible.builtin.assert:
     that:
       - "'DNS:example.com' in cert_1_text.stdout"
 - name: Read certificate 1 files
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/{{ item }}'
   loop:
     - cert-1.pem
@@ -20,7 +20,7 @@
     - cert-1-fullchain.pem
   register: slurp
 - name: Check that certificate 1 retrieval got all chains
-  assert:
+  ansible.builtin.assert:
     that:
       - "'all_chains' in cert_1_obtain_results"
       - "cert_1_obtain_results.all_chains | length > 1"
@@ -32,16 +32,16 @@
       - "(slurp.results[2].content | b64decode) == cert_1_obtain_results.all_chains[cert_1_alternate | int].full_chain"
 
 - name: Check that certificate 2 is valid
-  assert:
+  ansible.builtin.assert:
     that:
       - cert_2_valid is not failed
 - name: Check that certificate 2 contains correct SANs
-  assert:
+  ansible.builtin.assert:
     that:
       - "'DNS:*.example.com' in cert_2_text.stdout"
       - "'DNS:example.com' in cert_2_text.stdout"
 - name: Read certificate 2 files
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/{{ item }}'
   loop:
     - cert-2.pem
@@ -49,7 +49,7 @@
     - cert-2-fullchain.pem
   register: slurp
 - name: Check that certificate 1 retrieval got all chains
-  assert:
+  ansible.builtin.assert:
     that:
       - "'all_chains' in cert_2_obtain_results"
       - "cert_2_obtain_results.all_chains | length > 1"
@@ -61,17 +61,17 @@
       - "(slurp.results[2].content | b64decode) == cert_2_obtain_results.all_chains[cert_2_alternate | int].full_chain"
 
 - name: Check that certificate 3 is valid
-  assert:
+  ansible.builtin.assert:
     that:
       - cert_3_valid is not failed
 - name: Check that certificate 3 contains correct SANs
-  assert:
+  ansible.builtin.assert:
     that:
       - "'DNS:*.example.com' in cert_3_text.stdout"
       - "'DNS:example.org' in cert_3_text.stdout"
       - "'DNS:t1.example.com' in cert_3_text.stdout"
 - name: Read certificate 3 files
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/{{ item }}'
   loop:
     - cert-3.pem
@@ -79,7 +79,7 @@
     - cert-3-fullchain.pem
   register: slurp
 - name: Check that certificate 1 retrieval got all chains
-  assert:
+  ansible.builtin.assert:
     that:
       - "'all_chains' in cert_3_obtain_results"
       - "cert_3_obtain_results.all_chains | length > 1"
@@ -91,11 +91,11 @@
       - "(slurp.results[2].content | b64decode) == cert_3_obtain_results.all_chains[cert_3_alternate | int].full_chain"
 
 - name: Check that certificate 4 is valid
-  assert:
+  ansible.builtin.assert:
     that:
       - cert_4_valid is not failed
 - name: Check that certificate 4 contains correct SANs
-  assert:
+  ansible.builtin.assert:
     that:
       - "'DNS:example.com' in cert_4_text.stdout"
       - "'DNS:t1.example.com' in cert_4_text.stdout"
@@ -103,72 +103,72 @@
       - "'DNS:example.org' in cert_4_text.stdout"
       - "'DNS:TesT.example.org' in cert_4_text.stdout"
 - name: Check that certificate 4 retrieval did not get all chains
-  assert:
+  ansible.builtin.assert:
     that:
       - "'all_chains' not in cert_4_obtain_results"
 
 - name: Check that certificate 5 is valid
-  assert:
+  ansible.builtin.assert:
     that:
       - cert_5_valid is not failed
 - name: Check that certificate 5 contains correct SANs
-  assert:
+  ansible.builtin.assert:
     that:
       - "'DNS:t2.example.com' in cert_5_text.stdout"
 - name: Check that certificate 5 was not recreated on the first try
-  assert:
+  ansible.builtin.assert:
     that:
       - cert_5_recreate_1 == false
 - name: Check that certificate 5 was recreated on the second try
-  assert:
+  ansible.builtin.assert:
     that:
       - cert_5_recreate_2 == true
 - name: Check that certificate 5 was recreated on the third try
-  assert:
+  ansible.builtin.assert:
     that:
       - cert_5_recreate_3 == true
 
 - block:
     - name: Check that certificate 6 is valid
-      assert:
+      ansible.builtin.assert:
         that:
           - cert_6_valid is not failed
     - name: Check that certificate 6 contains correct SANs
-      assert:
+      ansible.builtin.assert:
         that:
           - "'DNS:example.org' in cert_6_text.stdout"
   when: acme_intermediates[0].subject_key_identifier is defined
 
 - block:
     - name: Check that certificate 7 is valid
-      assert:
+      ansible.builtin.assert:
         that:
           - cert_7_valid is not failed
     - name: Check that certificate 7 contains correct SANs
-      assert:
+      ansible.builtin.assert:
         that:
           - "'IP Address:127.0.0.1' in cert_8_text.stdout or 'IP:127.0.0.1' in cert_8_text.stdout"
   when: acme_roots[2].subject_key_identifier is defined
 
 - block:
     - name: Check that certificate 8 is valid
-      assert:
+      ansible.builtin.assert:
         that:
           - cert_8_valid is not failed
     - name: Check that certificate 8 contains correct SANs
-      assert:
+      ansible.builtin.assert:
         that:
           - "'IP Address:127.0.0.1' in cert_8_text.stdout or 'IP:127.0.0.1' in cert_8_text.stdout"
   when: cryptography_version.stdout is version('1.3', '>=')
 
 - name: Validate that orders were not retrieved
-  assert:
+  ansible.builtin.assert:
     that:
       - "'account' in account_orders_not"
       - "'orders' not in account_orders_not"
 
 - name: Validate that orders were retrieved as list of URLs (1/2)
-  assert:
+  ansible.builtin.assert:
     that:
       - "'account' in account_orders_urls"
       - "'orders' not in account_orders_urls"
@@ -176,7 +176,7 @@
       - "account_orders_urls.order_uris[0] is string"
 
 - name: Validate that orders were retrieved as list of URLs (2/2)
-  assert:
+  ansible.builtin.assert:
     that:
       - "'account' in account_orders_urls2"
       - "'orders' not in account_orders_urls2"
@@ -184,7 +184,7 @@
       - "account_orders_urls2.order_uris[0] is string"
 
 - name: Validate that orders were retrieved as list of objects (1/2)
-  assert:
+  ansible.builtin.assert:
     that:
       - "'account' in account_orders_full"
       - "'orders' in account_orders_full"
@@ -193,7 +193,7 @@
       - "account_orders_full.order_uris[0] is string"
 
 - name: Validate that orders were retrieved as list of objects (2/2)
-  assert:
+  ansible.builtin.assert:
     that:
       - "'account' in account_orders_full2"
       - "'orders' in account_orders_full2"

tests/integration/targets/acme_certificate_deactivate_authz/tasks/impl.yml

@@ -9,24 +9,24 @@
     account_email: example@example.org
   block:
     - name: Generate account key
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
         path: "{{ remote_tmp_dir }}/account-ec256.pem"
         type: ECC
         curve: secp256r1
         force: true
     - name: Create cert private key
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
         path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key"
         type: ECC
         curve: secp256r1
         force: true
     - name: Create cert CSR
-      openssl_csr:
+      community.crypto.openssl_csr:
         path: "{{ remote_tmp_dir }}/{{ certificate_name }}.csr"
         privatekey_path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key"
         subject_alt_name: "{{ subject_alt_name }}"
     - name: Start process of obtaining certificate
-      acme_certificate:
+      community.crypto.acme_certificate:
         select_crypto_backend: "{{ select_crypto_backend }}"
         acme_version: 2
         acme_directory: "{{ acme_directory_url }}"
@@ -42,7 +42,7 @@
       register: certificate_data
 
 - name: Inspect order
-  acme_inspect:
+  community.crypto.acme_inspect:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -52,11 +52,11 @@
     method: get
   register: order_1
 - name: Show order
-  debug:
+  ansible.builtin.debug:
     var: order_1.output_json
 
 - name: Deactivate order (check mode)
-  acme_certificate_deactivate_authz:
+  community.crypto.acme_certificate_deactivate_authz:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -67,7 +67,7 @@
   register: deactivate_1
 
 - name: Inspect order again
-  acme_inspect:
+  community.crypto.acme_inspect:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -77,11 +77,11 @@
     method: get
   register: order_2
 - name: Show order
-  debug:
+  ansible.builtin.debug:
     var: order_2.output_json
 
 - name: Deactivate order
-  acme_certificate_deactivate_authz:
+  community.crypto.acme_certificate_deactivate_authz:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -91,7 +91,7 @@
   register: deactivate_2
 
 - name: Inspect order again
-  acme_inspect:
+  community.crypto.acme_inspect:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -101,11 +101,11 @@
     method: get
   register: order_3
 - name: Show order
-  debug:
+  ansible.builtin.debug:
     var: order_3.output_json
 
 - name: Deactivate order (check mode, idempotent)
-  acme_certificate_deactivate_authz:
+  community.crypto.acme_certificate_deactivate_authz:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -116,7 +116,7 @@
   register: deactivate_3
 
 - name: Inspect order again
-  acme_inspect:
+  community.crypto.acme_inspect:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -126,11 +126,11 @@
     method: get
   register: order_4
 - name: Show order
-  debug:
+  ansible.builtin.debug:
     var: order_4.output_json
 
 - name: Deactivate order (idempotent)
-  acme_certificate_deactivate_authz:
+  community.crypto.acme_certificate_deactivate_authz:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -140,7 +140,7 @@
   register: deactivate_4
 
 - name: Inspect order again
-  acme_inspect:
+  community.crypto.acme_inspect:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -150,5 +150,5 @@
     method: get
   register: order_5
 - name: Show order
-  debug:
+  ansible.builtin.debug:
     var: order_5.output_json

tests/integration/targets/acme_certificate_deactivate_authz/tasks/main.yml

@@ -10,31 +10,31 @@
 
 - block:
     - name: Running tests with OpenSSL backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
       vars:
         select_crypto_backend: openssl
 
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
 
   # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
   when: openssl_version.stdout is version('1.0.0', '>=')
 
 - name: Remove output directory
-  file:
+  ansible.builtin.file:
     path: "{{ remote_tmp_dir }}"
     state: absent
 
 - name: Re-create output directory
-  file:
+  ansible.builtin.file:
     path: "{{ remote_tmp_dir }}"
     state: directory
 
 - block:
     - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
       vars:
         select_crypto_backend: cryptography
 
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
 
   when: cryptography_version.stdout is version('1.5', '>=')

tests/integration/targets/acme_certificate_deactivate_authz/tests/validate.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Checks
-  assert:
+  ansible.builtin.assert:
     that:
       - order_1.output_json.status == 'pending'
       - deactivate_1 is changed

tests/integration/targets/acme_certificate_order/tasks/impl.yml

@@ -4,23 +4,23 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: "({{ select_crypto_backend }}) Generate random domain name"
-  set_fact:
+  ansible.builtin.set_fact:
     domain_name: "host{{ '%0x' % ((2**32) | random) }}.example.com"
 
 - name: "({{ select_crypto_backend }}) Generate account key"
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: "{{ remote_tmp_dir }}/accountkey.pem"
     type: ECC
     curve: secp256r1
     force: true
 
 - name: "({{ select_crypto_backend }}) Parse account keys (to ease debugging some test failures)"
-  openssl_privatekey_info:
+  community.crypto.openssl_privatekey_info:
     path: "{{ remote_tmp_dir }}/accountkey.pem"
     return_private_key_data: true
 
 - name: "({{ select_crypto_backend }}) Create ACME account"
-  acme_account:
+  community.crypto.acme_account:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -31,14 +31,14 @@
   register: account
 
 - name: "({{ select_crypto_backend }}) Generate certificate key"
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: "{{ remote_tmp_dir }}/cert.key"
     type: ECC
     curve: secp256r1
     force: true
 
 - name: "({{ select_crypto_backend }}) Generate certificate CSR"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: "{{ remote_tmp_dir }}/cert.csr"
     privatekey_path: "{{ remote_tmp_dir }}/cert.key"
     subject:
@@ -47,7 +47,7 @@
   register: csr
 
 - name: "({{ select_crypto_backend }}) Create certificate order"
-  acme_certificate_order_create:
+  community.crypto.acme_certificate_order_create:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -57,11 +57,11 @@
   register: order_1
 
 - name: "({{ select_crypto_backend }}) Show order information"
-  debug:
+  ansible.builtin.debug:
     var: order_1
 
 - name: "({{ select_crypto_backend }}) Check order"
-  assert:
+  ansible.builtin.assert:
     that:
       - order_1 is changed
       - order_1.order_uri.startswith('https://' ~ acme_host ~ ':14000/')
@@ -81,7 +81,7 @@
       - order_1.account_uri == account.account_uri
 
 - name: "({{ select_crypto_backend }}) Get order information"
-  acme_certificate_order_info:
+  community.crypto.acme_certificate_order_info:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -91,11 +91,11 @@
   register: order_info_1
 
 - name: "({{ select_crypto_backend }}) Show order information"
-  debug:
+  ansible.builtin.debug:
     var: order_info_1
 
 - name: "({{ select_crypto_backend }}) Check order information"
-  assert:
+  ansible.builtin.assert:
     that:
       - order_info_1 is not changed
       - order_info_1.authorizations_by_identifier | length == 1
@@ -120,8 +120,8 @@
       - order_info_1.account_uri == account.account_uri
 
 - name: "({{ select_crypto_backend }}) Create HTTP challenges"
-  uri:
+  ansible.builtin.uri:
-    url: "http://{{ acme_host }}:5000/http/{{ item.identifier }}/{{ item.challenges['http-01'].resource[('.well-known/acme-challenge/'|length):] }}"
+    url: "http://{{ acme_host }}:5000/http/{{ item.identifier }}/{{ item.challenges['http-01'].resource[('.well-known/acme-challenge/' | length) :] }}"
     method: PUT
     body_format: raw
     body: "{{ item.challenges['http-01'].resource_value }}"
@@ -142,7 +142,7 @@
   register: validate_1
 
 - name: "({{ select_crypto_backend }}) Check validation result"
-  assert:
+  ansible.builtin.assert:
     that:
       - validate_1 is changed
       - validate_1.account_uri == account.account_uri
@@ -153,7 +153,7 @@
   when: ansible_version.full is version('2.12', '<')
 
 - name: "({{ select_crypto_backend }}) Get order information"
-  acme_certificate_order_info:
+  community.crypto.acme_certificate_order_info:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -163,11 +163,11 @@
   register: order_info_2
 
 - name: "({{ select_crypto_backend }}) Show order information"
-  debug:
+  ansible.builtin.debug:
     var: order_info_2
 
 - name: "({{ select_crypto_backend }}) Check order information"
-  assert:
+  ansible.builtin.assert:
     that:
       - order_info_2 is not changed
       - order_info_2.authorizations_by_identifier | length == 1
@@ -203,7 +203,7 @@
   register: validate_2
 
 - name: "({{ select_crypto_backend }}) Check validation result"
-  assert:
+  ansible.builtin.assert:
     that:
       - validate_2 is not changed
       - validate_2.account_uri == account.account_uri
@@ -225,7 +225,7 @@
   register: finalize_1
 
 - name: "({{ select_crypto_backend }}) Check finalization result"
-  assert:
+  ansible.builtin.assert:
     that:
       - finalize_1 is changed
       - finalize_1.account_uri == account.account_uri
@@ -236,7 +236,7 @@
       - finalize_1.selected_chain.full_chain == finalize_1.selected_chain.cert + finalize_1.selected_chain.chain
 
 - name: "({{ select_crypto_backend }}) Read files from disk"
-  slurp:
+  ansible.builtin.slurp:
     src: "{{ remote_tmp_dir }}/{{ item }}.pem"
   loop:
     - cert
@@ -245,14 +245,14 @@
   register: slurp
 
 - name: "({{ select_crypto_backend }}) Compare finalization result with files on disk"
-  assert:
+  ansible.builtin.assert:
     that:
       - finalize_1.selected_chain.cert == slurp.results[0].content | b64decode
       - finalize_1.selected_chain.chain == slurp.results[1].content | b64decode
       - finalize_1.selected_chain.full_chain == slurp.results[2].content | b64decode
 
 - name: "({{ select_crypto_backend }}) Get order information"
-  acme_certificate_order_info:
+  community.crypto.acme_certificate_order_info:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -262,11 +262,11 @@
   register: order_info_3
 
 - name: "({{ select_crypto_backend }}) Show order information"
-  debug:
+  ansible.builtin.debug:
     var: order_info_3
 
 - name: "({{ select_crypto_backend }}) Check order information"
-  assert:
+  ansible.builtin.assert:
     that:
       - order_info_3 is not changed
       - order_info_3.authorizations_by_identifier['dns:' ~ domain_name].identifier.type == 'dns'
@@ -304,7 +304,7 @@
   register: finalize_2
 
 - name: "({{ select_crypto_backend }}) Check finalization result"
-  assert:
+  ansible.builtin.assert:
     that:
       - finalize_2 is not changed
       - finalize_2.account_uri == account.account_uri
@@ -316,7 +316,7 @@
       - finalize_2.selected_chain == finalize_1.selected_chain
 
 - name: "({{ select_crypto_backend }}) Get order information"
-  acme_certificate_order_info:
+  community.crypto.acme_certificate_order_info:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -326,11 +326,11 @@
   register: order_info_4
 
 - name: "({{ select_crypto_backend }}) Show order information"
-  debug:
+  ansible.builtin.debug:
     var: order_info_4
 
 - name: "({{ select_crypto_backend }}) Check order information"
-  assert:
+  ansible.builtin.assert:
     that:
       - order_info_4 is not changed
       - order_info_4.authorizations_by_identifier['dns:' ~ domain_name].identifier.type == 'dns'
@@ -356,7 +356,7 @@
 - when: acme_supports_ari
   block:
     - name: "({{ select_crypto_backend }}) Get certificate renewal information"
-      acme_certificate_renewal_info:
+      community.crypto.acme_certificate_renewal_info:
         acme_directory: "{{ acme_directory_url }}"
         acme_version: 2
         validate_certs: false
@@ -366,14 +366,14 @@
       register: cert_info
 
     - name: "({{ select_crypto_backend }}) Verify information"
-      assert:
+      ansible.builtin.assert:
         that:
           - cert_info.supports_ari == true
           - cert_info.should_renew == false
           - cert_info.cert_id is string
 
     - name: "({{ select_crypto_backend }}) Create replacement order 1"
-      acme_certificate_order_create:
+      community.crypto.acme_certificate_order_create:
         acme_directory: "{{ acme_directory_url }}"
         acme_version: 2
         validate_certs: false
@@ -386,7 +386,7 @@
       register: replacement_order_1
 
     - name: "({{ select_crypto_backend }}) Get replacement order 1 information"
-      acme_certificate_order_info:
+      community.crypto.acme_certificate_order_info:
         acme_directory: "{{ acme_directory_url }}"
         acme_version: 2
         validate_certs: false
@@ -396,7 +396,7 @@
       register: order_info_5
 
     - name: "({{ select_crypto_backend }}) Check replacement order 1"
-      assert:
+      ansible.builtin.assert:
         that:
           - replacement_order_1 is changed
           - replacement_order_1.order_uri.startswith('https://' ~ acme_host ~ ':14000/')
@@ -417,7 +417,7 @@
           - replacement_order_1.order_uri not in [order_1.order_uri]
 
     - name: "({{ select_crypto_backend }}) Check replacement order 1 information"
-      assert:
+      ansible.builtin.assert:
         that:
           - order_info_5 is not changed
           - order_info_5.authorizations_by_identifier | length == 1
@@ -446,7 +446,7 @@
     - when: false  # TODO get Pebble improved
       block:
         - name: "({{ select_crypto_backend }}) Create replacement order 2 (should fail)"
-          acme_certificate_order_create:
+          community.crypto.acme_certificate_order_create:
             acme_directory: "{{ acme_directory_url }}"
             acme_version: 2
             validate_certs: false
@@ -459,7 +459,7 @@
           ignore_errors: true
 
         - name: "({{ select_crypto_backend }}) Check replacement order 2"
-          assert:
+          ansible.builtin.assert:
             that:
               - replacement_order_2 is failed
               - >-
@@ -470,7 +470,7 @@
                 )
 
         - name: "({{ select_crypto_backend }}) Create replacement order 3 with error handling"
-          acme_certificate_order_create:
+          community.crypto.acme_certificate_order_create:
             acme_directory: "{{ acme_directory_url }}"
             acme_version: 2
             validate_certs: false
@@ -482,7 +482,7 @@
           register: replacement_order_3
 
         - name: "({{ select_crypto_backend }}) Get replacement order 3 information"
-          acme_certificate_order_info:
+          community.crypto.acme_certificate_order_info:
             acme_directory: "{{ acme_directory_url }}"
             acme_version: 2
             validate_certs: false
@@ -492,7 +492,7 @@
           register: order_info_6
 
         - name: "({{ select_crypto_backend }}) Check replacement order 3"
-          assert:
+          ansible.builtin.assert:
             that:
               - replacement_order_3 is changed
               - replacement_order_3.order_uri.startswith('https://' ~ acme_host ~ ':14000/')
@@ -515,7 +515,7 @@
                 ('Stop passing `replaces=' ~ cert_info.cert_id ~ '` due to error 409 urn:ietf:params:acme:error:malformed when creating ACME order') in replacement_order_3.warnings
 
         - name: "({{ select_crypto_backend }}) Check replacement order 3 information"
-          assert:
+          ansible.builtin.assert:
             that:
               - order_info_6 is not changed
               - order_info_6.authorizations_by_identifier | length == 1
@@ -540,7 +540,7 @@
               - order_info_6.account_uri == account.account_uri
 
         - name: "({{ select_crypto_backend }}) Deactivate authzs for replacement order 3"
-          acme_certificate_deactivate_authz:
+          community.crypto.acme_certificate_deactivate_authz:
             acme_directory: "{{ acme_directory_url }}"
             acme_version: 2
             validate_certs: false
@@ -551,8 +551,8 @@
     # Complete replacement order 1
 
     - name: "({{ select_crypto_backend }}) Create HTTP challenges (replacement order 1)"
-      uri:
+      ansible.builtin.uri:
-        url: "http://{{ acme_host }}:5000/http/{{ item.identifier }}/{{ item.challenges['http-01'].resource[('.well-known/acme-challenge/'|length):] }}"
+        url: "http://{{ acme_host }}:5000/http/{{ item.identifier }}/{{ item.challenges['http-01'].resource[('.well-known/acme-challenge/' | length) :] }}"
         method: PUT
         body_format: raw
         body: "{{ item.challenges['http-01'].resource_value }}"
@@ -590,7 +590,7 @@
     - when: true
       block:
         - name: "({{ select_crypto_backend }}) Create replacement order 4 (should fail)"
-          acme_certificate_order_create:
+          community.crypto.acme_certificate_order_create:
             acme_directory: "{{ acme_directory_url }}"
             acme_version: 2
             validate_certs: false
@@ -603,7 +603,7 @@
           ignore_errors: true
 
         - name: "({{ select_crypto_backend }}) Check replacement order 4"
-          assert:
+          ansible.builtin.assert:
             that:
               - replacement_order_4 is failed
               - replacement_order_4.msg.startswith('Failed to start new order for https://' ~ acme_host)
@@ -611,7 +611,7 @@
                 ' with status 409 Conflict. Error urn:ietf:params:acme:error:malformed: ' in replacement_order_4.msg
 
         - name: "({{ select_crypto_backend }}) Create replacement order 5 with error handling"
-          acme_certificate_order_create:
+          community.crypto.acme_certificate_order_create:
             acme_directory: "{{ acme_directory_url }}"
             acme_version: 2
             validate_certs: false
@@ -623,7 +623,7 @@
           register: replacement_order_5
 
         - name: "({{ select_crypto_backend }}) Get replacement order 5 information"
-          acme_certificate_order_info:
+          community.crypto.acme_certificate_order_info:
             acme_directory: "{{ acme_directory_url }}"
             acme_version: 2
             validate_certs: false
@@ -633,7 +633,7 @@
           register: order_info_7
 
         - name: "({{ select_crypto_backend }}) Check replacement order 5"
-          assert:
+          ansible.builtin.assert:
             that:
               - replacement_order_5 is changed
               - replacement_order_5.order_uri.startswith('https://' ~ acme_host ~ ':14000/')
@@ -656,7 +656,7 @@
                 ('Stop passing `replaces=' ~ cert_info.cert_id ~ '` due to error 409 urn:ietf:params:acme:error:malformed when creating ACME order') in replacement_order_5.warnings
 
         - name: "({{ select_crypto_backend }}) Check replacement order 5 information"
-          assert:
+          ansible.builtin.assert:
             that:
               - order_info_7 is not changed
               - order_info_7.authorizations_by_identifier | length == 1
@@ -681,7 +681,7 @@
               - order_info_7.account_uri == account.account_uri
 
         - name: "({{ select_crypto_backend }}) Deactivate authzs for replacement order 5"
-          acme_certificate_deactivate_authz:
+          community.crypto.acme_certificate_deactivate_authz:
             acme_directory: "{{ acme_directory_url }}"
             acme_version: 2
             validate_certs: false
@@ -694,7 +694,7 @@
 - when: acme_supports_profiles
   block:
     - name: "({{ select_crypto_backend }}) Create order with invalid profile (should fail)"
-      acme_certificate_order_create:
+      community.crypto.acme_certificate_order_create:
         acme_directory: "{{ acme_directory_url }}"
         acme_version: 2
         validate_certs: false
@@ -707,7 +707,7 @@
       ignore_errors: true
 
     - name: "({{ select_crypto_backend }}) Check invalid profile order"
-      assert:
+      ansible.builtin.assert:
         that:
           - invalid_profile_order is failed
           - invalid_profile_order.msg == "The ACME CA does not support selected profile 'does-not-exist'."
@@ -717,7 +717,7 @@
 - when: not acme_supports_profiles
   block:
     - name: "({{ select_crypto_backend }}) Create order with profile when server does not support it (should fail)"
-      acme_certificate_order_create:
+      community.crypto.acme_certificate_order_create:
         acme_directory: "{{ acme_directory_url }}"
         acme_version: 2
         validate_certs: false
@@ -729,7 +729,7 @@
       ignore_errors: true
 
     - name: "({{ select_crypto_backend }}) Check profile without server support order"
-      assert:
+      ansible.builtin.assert:
         that:
           - profile_without_server_support is failed
           - profile_without_server_support.msg == 'The ACME CA does not support profiles. Please omit the "profile" option.'

tests/integration/targets/acme_certificate_order/tasks/main.yml

@@ -10,7 +10,7 @@
 
 - block:
     - name: Running tests with OpenSSL backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
       vars:
         select_crypto_backend: openssl
 
@@ -18,18 +18,18 @@
   when: openssl_version.stdout is version('1.0.0', '>=')
 
 - name: Remove output directory
-  file:
+  ansible.builtin.file:
     path: "{{ remote_tmp_dir }}"
     state: absent
 
 - name: Re-create output directory
-  file:
+  ansible.builtin.file:
     path: "{{ remote_tmp_dir }}"
     state: directory
 
 - block:
     - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
       vars:
         select_crypto_backend: cryptography
 

tests/integration/targets/acme_certificate_renewal_info/tasks/impl.yml

@@ -6,7 +6,7 @@
 ## SET UP ACCOUNT KEYS ########################################################################
 - block:
     - name: Generate account keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
         path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
         type: "{{ item.type }}"
         size: "{{ item.size | default(omit) }}"
@@ -22,7 +22,7 @@
 
 ## CREATE ACCOUNTS AND OBTAIN CERTIFICATES ####################################################
 - name: Obtain cert 1
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
   vars:
     certgen_title: Certificate 1 for renewal check
     certificate_name: cert-1
@@ -41,18 +41,18 @@
 
 ## OBTAIN CERTIFICATE INFOS ###################################################################
 - name: Dump OpenSSL x509 info
-  command:
+  ansible.builtin.command:
     cmd: openssl x509 -in {{ remote_tmp_dir }}/cert-1.pem -noout -text
 - name: Obtain certificate information
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
     path: "{{ remote_tmp_dir }}/cert-1.pem"
   register: cert_1_info
 - name: Read certificate
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/cert-1.pem'
   register: slurp_cert_1
 - name: Obtain certificate information (1/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
     acme_version: 2
@@ -60,7 +60,7 @@
     validate_certs: false
   register: cert_1_renewal_1
 - name: Obtain certificate information (2/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
     acme_version: 2
@@ -70,7 +70,7 @@
     remaining_percentage: 0.5
   register: cert_1_renewal_2
 - name: Obtain certificate information (3/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     certificate_content: "{{ slurp_cert_1.content | b64decode }}"
     acme_version: 2
@@ -79,7 +79,7 @@
     now: +1800d
   register: cert_1_renewal_3
 - name: Obtain certificate information (4/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
     acme_version: 2
@@ -90,7 +90,7 @@
     remaining_percentage: 0.1
   register: cert_1_renewal_4
 - name: Obtain certificate information (5/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
     acme_version: 2
@@ -101,7 +101,7 @@
     remaining_percentage: 0.01
   register: cert_1_renewal_5
 - name: Obtain certificate information (6/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
     acme_version: 2
@@ -112,7 +112,7 @@
     remaining_percentage: 0.03
   register: cert_1_renewal_6
 - name: Obtain certificate information (7/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
     acme_version: 2
@@ -121,7 +121,7 @@
     now: +1830d
   register: cert_1_renewal_7
 - name: Obtain certificate information (8/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     acme_version: 2
     acme_directory: "{{ acme_directory_url }}"
@@ -129,7 +129,7 @@
     now: +1830d
   register: cert_1_renewal_8
 - name: Obtain certificate information (9/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
     select_crypto_backend: "{{ select_crypto_backend }}"
     certificate_path: "{{ remote_tmp_dir }}/cert-does-not-exist.pem"
     acme_version: 2
@@ -137,12 +137,12 @@
     validate_certs: false
   register: cert_1_renewal_9
 - name: Create broken file
-  copy:
+  ansible.builtin.copy:
     dest: "{{ remote_tmp_dir }}/cert-is-broken.pem"
     content: |
       --- THIS IS NOT A CERT ---
 - name: Obtain certificate information (10/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
     treat_parsing_error_as_non_existing: false
     select_crypto_backend: "{{ select_crypto_backend }}"
     certificate_path: "{{ remote_tmp_dir }}/cert-is-broken.pem"
@@ -152,7 +152,7 @@
   register: cert_1_renewal_10
   ignore_errors: true
 - name: Obtain certificate information (11/11)
-  acme_certificate_renewal_info:
+  community.crypto.acme_certificate_renewal_info:
     treat_parsing_error_as_non_existing: true
     select_crypto_backend: "{{ select_crypto_backend }}"
     certificate_path: "{{ remote_tmp_dir }}/cert-is-broken.pem"

tests/integration/targets/acme_certificate_renewal_info/tasks/main.yml

@@ -13,31 +13,31 @@
   block:
     - block:
         - name: Running tests with OpenSSL backend
-          include_tasks: impl.yml
+          ansible.builtin.include_tasks: impl.yml
           vars:
             select_crypto_backend: openssl
 
-        - import_tasks: ../tests/validate.yml
+        - ansible.builtin.import_tasks: ../tests/validate.yml
 
       # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
       when: openssl_version.stdout is version('1.0.0', '>=')
 
     - name: Remove output directory
-      file:
+      ansible.builtin.file:
         path: "{{ remote_tmp_dir }}"
         state: absent
 
     - name: Re-create output directory
-      file:
+      ansible.builtin.file:
         path: "{{ remote_tmp_dir }}"
         state: directory
 
     - block:
         - name: Running tests with cryptography backend
-          include_tasks: impl.yml
+          ansible.builtin.include_tasks: impl.yml
           vars:
             select_crypto_backend: cryptography
 
-        - import_tasks: ../tests/validate.yml
+        - ansible.builtin.import_tasks: ../tests/validate.yml
 
       when: cryptography_version.stdout is version('1.5', '>=')

tests/integration/targets/acme_certificate_renewal_info/tests/validate.yml

@@ -9,7 +9,7 @@
   block:
 
     - name: Validate results (generic)
-      assert:
+      ansible.builtin.assert:
         that:
           - cert_1_renewal_1.should_renew == false
           - cert_1_renewal_1.msg == 'The certificate is still valid and no condition was reached'
@@ -64,7 +64,7 @@
       when: not acme_supports_ari
 
     - name: Validate results without ARI
-      assert:
+      ansible.builtin.assert:
         that:
           - cert_1_renewal_1.supports_ari == false
           - cert_1_renewal_2.supports_ari == false
@@ -84,7 +84,7 @@
       when: not acme_supports_ari
 
     - name: Validate results with ARI
-      assert:
+      ansible.builtin.assert:
         that:
           - cert_1_renewal_1.supports_ari == true
           - cert_1_renewal_2.supports_ari == true

tests/integration/targets/acme_certificate_revoke/tasks/impl.yml

@@ -6,7 +6,7 @@
 ## SET UP ACCOUNT KEYS ########################################################################
 - block:
     - name: Generate account keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
         path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
         type: "{{ item.type }}"
         size: "{{ item.size | default(omit) }}"
@@ -28,11 +28,11 @@
 
 ## CREATE ACCOUNTS AND OBTAIN CERTIFICATES ####################################################
 - name: Read account key (EC256)
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/account-ec256.pem'
   register: slurp_account_key
 - name: Obtain cert 1
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
   vars:
     certgen_title: Certificate 1 for revocation
     certificate_name: cert-1
@@ -49,7 +49,7 @@
     terms_agreed: true
     account_email: "example@example.org"
 - name: Obtain cert 2
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
   vars:
     certgen_title: Certificate 2 for revocation
     certificate_name: cert-2
@@ -66,7 +66,7 @@
     terms_agreed: true
     account_email: "example@example.org"
 - name: Obtain cert 3
-  include_tasks: obtain-cert.yml
+  ansible.builtin.include_tasks: obtain-cert.yml
   vars:
     certgen_title: Certificate 3 for revocation
     certificate_name: cert-3
@@ -84,7 +84,7 @@
 
 ## REVOKE CERTIFICATES ########################################################################
 - name: Revoke certificate 1 via account key
-  acme_certificate_revoke:
+  community.crypto.acme_certificate_revoke:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
     certificate: "{{ remote_tmp_dir }}/cert-1.pem"
@@ -94,7 +94,7 @@
   ignore_errors: true
   register: cert_1_revoke
 - name: Revoke certificate 2 via certificate private key
-  acme_certificate_revoke:
+  community.crypto.acme_certificate_revoke:
     select_crypto_backend: "{{ select_crypto_backend }}"
     private_key_src: "{{ remote_tmp_dir }}/cert-2.key"
     private_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
@@ -105,11 +105,11 @@
   ignore_errors: true
   register: cert_2_revoke
 - name: Read account key (RSA)
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/account-rsa.pem'
   register: slurp_account_key
 - name: Revoke certificate 3 via account key (fullchain)
-  acme_certificate_revoke:
+  community.crypto.acme_certificate_revoke:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_content: "{{ slurp_account_key.content | b64decode }}"
     certificate: "{{ remote_tmp_dir }}/cert-3-fullchain.pem"

tests/integration/targets/acme_certificate_revoke/tasks/main.yml

@@ -10,31 +10,31 @@
 
 - block:
     - name: Running tests with OpenSSL backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
       vars:
         select_crypto_backend: openssl
 
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
 
   # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
   when: openssl_version.stdout is version('1.0.0', '>=')
 
 - name: Remove output directory
-  file:
+  ansible.builtin.file:
     path: "{{ remote_tmp_dir }}"
     state: absent
 
 - name: Re-create output directory
-  file:
+  ansible.builtin.file:
     path: "{{ remote_tmp_dir }}"
     state: directory
 
 - block:
     - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
       vars:
         select_crypto_backend: cryptography
 
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
 
   when: cryptography_version.stdout is version('1.5', '>=')

tests/integration/targets/acme_certificate_revoke/tests/validate.yml

@@ -4,17 +4,17 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Check that certificate 1 was revoked
-  assert:
+  ansible.builtin.assert:
     that:
       - cert_1_revoke is changed
       - cert_1_revoke is not failed
 - name: Check that certificate 2 was revoked
-  assert:
+  ansible.builtin.assert:
     that:
       - cert_2_revoke is changed
       - cert_2_revoke is not failed
 - name: Check that certificate 3 was revoked
-  assert:
+  ansible.builtin.assert:
     that:
       - cert_3_revoke is changed
       - cert_3_revoke is not failed

tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml

@@ -10,13 +10,13 @@
 
 - block:
     - name: Generate ECC256 account keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
         path: "{{ remote_tmp_dir }}/account-ec256.pem"
         type: ECC
         curve: secp256r1
         force: true
     - name: Obtain cert 1
-      include_tasks: obtain-cert.yml
+      ansible.builtin.include_tasks: obtain-cert.yml
       vars:
         select_crypto_backend: auto
         certgen_title: Certificate 1

tests/integration/targets/acme_inspect/tasks/impl.yml

@@ -5,7 +5,7 @@
 
 - block:
     - name: Generate account keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
         path: "{{ remote_tmp_dir }}/{{ item }}.pem"
         type: ECC
         curve: secp256r1
@@ -13,7 +13,7 @@
       loop: "{{ account_keys }}"
 
     - name: Parse account keys (to ease debugging some test failures)
-      openssl_privatekey_info:
+      community.crypto.openssl_privatekey_info:
         path: "{{ remote_tmp_dir }}/{{ item }}.pem"
         return_private_key_data: true
       loop: "{{ account_keys }}"
@@ -23,32 +23,32 @@
       - accountkey
 
 - name: Get directory
-  acme_inspect:
+  community.crypto.acme_inspect:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
     method: directory-only
     select_crypto_backend: "{{ select_crypto_backend }}"
   register: directory
-- debug: var=directory
+- ansible.builtin.debug: var=directory
 
 - name: Create an account
-  acme_inspect:
+  community.crypto.acme_inspect:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
     account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
-    url: "{{ directory.directory.newAccount}}"
+    url: "{{ directory.directory.newAccount }}"
     method: post
     content: '{"termsOfServiceAgreed":true}'
     select_crypto_backend: "{{ select_crypto_backend }}"
   register: account_creation
   # account_creation.headers.location contains the account URI
   # if creation was successful
-- debug: var=account_creation
+- ansible.builtin.debug: var=account_creation
 
 - name: Get account information
-  acme_inspect:
+  community.crypto.acme_inspect:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -58,10 +58,10 @@
     method: get
     select_crypto_backend: "{{ select_crypto_backend }}"
   register: account_get
-- debug: var=account_get
+- ansible.builtin.debug: var=account_get
 
 - name: Update account contacts
-  acme_inspect:
+  community.crypto.acme_inspect:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -78,10 +78,10 @@
       contact:
         - mailto:me@example.com
   register: account_update
-- debug: var=account_update
+- ansible.builtin.debug: var=account_update
 
 - name: Create certificate order
-  acme_inspect:
+  community.crypto.acme_inspect:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -102,10 +102,10 @@
         - type: dns
           value: example.org
   register: new_order
-- debug: var=new_order
+- ansible.builtin.debug: var=new_order
 
 - name: Get order information
-  acme_inspect:
+  community.crypto.acme_inspect:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -115,10 +115,10 @@
     method: get
     select_crypto_backend: "{{ select_crypto_backend }}"
   register: order
-- debug: var=order
+- ansible.builtin.debug: var=order
 
 - name: Get authzs for order
-  acme_inspect:
+  community.crypto.acme_inspect:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -129,10 +129,10 @@
     select_crypto_backend: "{{ select_crypto_backend }}"
   loop: "{{ order.output_json.authorizations }}"
   register: authz
-- debug: var=authz
+- ansible.builtin.debug: var=authz
 
 - name: Get HTTP-01 challenge for authz
-  acme_inspect:
+  community.crypto.acme_inspect:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -143,10 +143,10 @@
     select_crypto_backend: "{{ select_crypto_backend }}"
   register: http01challenge
   loop: "{{ authz.results | map(attribute='output_json') | list }}"
-- debug: var=http01challenge
+- ansible.builtin.debug: var=http01challenge
 
 - name: Activate HTTP-01 challenge manually
-  acme_inspect:
+  community.crypto.acme_inspect:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -158,10 +158,10 @@
     select_crypto_backend: "{{ select_crypto_backend }}"
   register: activation
   loop: "{{ http01challenge.results | map(attribute='output_json') | list }}"
-- debug: var=activation
+- ansible.builtin.debug: var=activation
 
 - name: Get HTTP-01 challenge results
-  acme_inspect:
+  community.crypto.acme_inspect:
     acme_directory: "{{ acme_directory_url }}"
     acme_version: 2
     validate_certs: false
@@ -175,4 +175,4 @@
   until: "validation_result.output_json.status not in ['pending', 'processing']"
   retries: 20
   delay: 1
-- debug: var=validation_result
+- ansible.builtin.debug: var=validation_result

tests/integration/targets/acme_inspect/tasks/main.yml

@@ -10,31 +10,31 @@
 
 - block:
     - name: Running tests with OpenSSL backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
       vars:
         select_crypto_backend: openssl
 
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
 
   # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
   when: openssl_version.stdout is version('1.0.0', '>=')
 
 - name: Remove output directory
-  file:
+  ansible.builtin.file:
     path: "{{ remote_tmp_dir }}"
     state: absent
 
 - name: Re-create output directory
-  file:
+  ansible.builtin.file:
     path: "{{ remote_tmp_dir }}"
     state: directory
 
 - block:
     - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
       vars:
         select_crypto_backend: cryptography
 
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
 
   when: cryptography_version.stdout is version('1.5', '>=')

tests/integration/targets/acme_inspect/tests/validate.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Check directory output
-  assert:
+  ansible.builtin.assert:
     that:
       - directory is not changed
       - "'directory' in directory"
@@ -16,7 +16,7 @@
       - "'output_json' not in directory"
 
 - name: Check account creation output
-  assert:
+  ansible.builtin.assert:
     that:
       - account_creation is changed
       - "'directory' in account_creation"
@@ -30,7 +30,7 @@
       - account_creation.output_text | from_json == account_creation.output_json
 
 - name: Check account get output
-  assert:
+  ansible.builtin.assert:
     that:
       - account_get is not changed
       - "'directory' in account_get"
@@ -41,7 +41,7 @@
       - account_get.output_json == account_creation.output_json
 
 - name: Check account update output
-  assert:
+  ansible.builtin.assert:
     that:
       - account_update is changed
       - "'directory' in account_update"
@@ -53,7 +53,7 @@
       - account_update.output_json.contact[0] in ['mailto:me@example.com', 'mailto:*******@example.com']
 
 - name: Check certificate request output
-  assert:
+  ansible.builtin.assert:
     that:
       - new_order is changed
       - "'directory' in new_order"
@@ -66,7 +66,7 @@
       - "'finalize' in new_order.output_json"
 
 - name: Check get order output
-  assert:
+  ansible.builtin.assert:
     that:
       - order is not changed
       - "'directory' in order"
@@ -77,7 +77,7 @@
       # - new_order.output_json == order.output_json
 
 - name: Check get authz output
-  assert:
+  ansible.builtin.assert:
     that:
       - item is not changed
       - "'directory' in item"
@@ -90,7 +90,7 @@
   loop: "{{ authz.results }}"
 
 - name: Check get challenge output
-  assert:
+  ansible.builtin.assert:
     that:
       - item is not changed
       - "'directory' in item"
@@ -104,7 +104,7 @@
   loop: "{{ http01challenge.results }}"
 
 - name: Check challenge activation output
-  assert:
+  ansible.builtin.assert:
     that:
       - item is changed
       - "'directory' in item"
@@ -118,7 +118,7 @@
   loop: "{{ activation.results }}"
 
 - name: Check validation result
-  assert:
+  ansible.builtin.assert:
     that:
       - item is not changed
       - "'directory' in item"

tests/integration/targets/certificate_complete_chain/tasks/create-single-certificate.yml

@@ -9,14 +9,14 @@
 ####################################################################
 
 - name: Generate CSR for {{ certificate.name }}
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/{{ certificate.name }}.csr'
     privatekey_path: '{{ remote_tmp_dir }}/{{ certificate.name }}.key'
     subject: '{{ certificate.subject }}'
     useCommonNameForSAN: false
 
 - name: Generate certificate for {{ certificate.name }}
-  x509_certificate:
+  community.crypto.x509_certificate:
     path: '{{ remote_tmp_dir }}/{{ certificate.name }}.pem'
     csr_path: '{{ remote_tmp_dir }}/{{ certificate.name }}.csr'
     privatekey_path: '{{ remote_tmp_dir }}/{{ certificate.name }}.key'

tests/integration/targets/certificate_complete_chain/tasks/create.yml

@@ -10,25 +10,25 @@
 
 - block:
     - name: Create private keys
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
         path: '{{ remote_tmp_dir }}/{{ item.name }}.key'
         size: '{{ default_rsa_key_size_certificates }}'
       loop: '{{ certificates }}'
 
     - name: Generate certificates
-      include_tasks: create-single-certificate.yml
+      ansible.builtin.include_tasks: create-single-certificate.yml
       loop: '{{ certificates }}'
       loop_control:
         loop_var: certificate
 
     - name: Read certificates
-      slurp:
+      ansible.builtin.slurp:
         src: '{{ remote_tmp_dir }}/{{ item.name }}.pem'
       loop: '{{ certificates }}'
       register: certificates_read
 
     - name: Store read certificates
-      set_fact:
+      ansible.builtin.set_fact:
         read_certificates: >-
           {{ certificates_read.results | map(attribute='content') | map('b64decode')
              | zip(certificates | map(attribute='name'))

tests/integration/targets/certificate_complete_chain/tasks/created.yml

@@ -9,7 +9,7 @@
 ####################################################################
 
 - name: Case A => works
-  certificate_complete_chain:
+  community.crypto.certificate_complete_chain:
     input_chain: "{{ read_certificates['d-leaf'] }}"
     intermediate_certificates:
       - '{{ remote_tmp_dir }}/b-intermediate.pem'
@@ -19,7 +19,7 @@
 - name: Case B => doesn't work, but this is expected
   failed_when: false
   register: caseb
-  certificate_complete_chain:
+  community.crypto.certificate_complete_chain:
     input_chain: "{{ read_certificates['d-leaf'] }}"
     intermediate_certificates:
       - '{{ remote_tmp_dir }}/c-intermediate.pem'
@@ -27,11 +27,11 @@
       - '{{ remote_tmp_dir }}/a-root.pem'
 
 - name: Assert that case B failed
-  assert:
+  ansible.builtin.assert:
     that: "'Cannot complete chain' in caseb.msg"
 
 - name: Case C => works
-  certificate_complete_chain:
+  community.crypto.certificate_complete_chain:
     input_chain: "{{ read_certificates['d-leaf'] }}"
     intermediate_certificates:
       - '{{ remote_tmp_dir }}/c-intermediate.pem'
@@ -40,7 +40,7 @@
       - '{{ remote_tmp_dir }}/a-root.pem'
 
 - name: Case D => works as well after PR 403
-  certificate_complete_chain:
+  community.crypto.certificate_complete_chain:
     input_chain: "{{ read_certificates['d-leaf'] }}"
     intermediate_certificates:
       - '{{ remote_tmp_dir }}/b-intermediate.pem'

tests/integration/targets/certificate_complete_chain/tasks/existing.yml

@@ -10,13 +10,13 @@
 
 - block:
     - name: Find root for cert 1 using directory
-      certificate_complete_chain:
+      community.crypto.certificate_complete_chain:
         input_chain: '{{ fullchain | trim }}'
         root_certificates:
           - '{{ remote_tmp_dir }}/files/roots/'
       register: cert1_root
     - name: Verify root for cert 1
-      assert:
+      ansible.builtin.assert:
         that:
           - cert1_root.complete_chain | join('') == (fullchain ~ root)
           - cert1_root.root == root
@@ -26,7 +26,7 @@
 
 - block:
     - name: Find rootchain for cert 1 using intermediate and root PEM
-      certificate_complete_chain:
+      community.crypto.certificate_complete_chain:
         input_chain: '{{ cert }}'
         intermediate_certificates:
           - '{{ remote_tmp_dir }}/files/cert1-chain.pem'
@@ -34,7 +34,7 @@
           - '{{ remote_tmp_dir }}/files/roots.pem'
       register: cert1_rootchain
     - name: Verify rootchain for cert 1
-      assert:
+      ansible.builtin.assert:
         that:
           - cert1_rootchain.complete_chain | join('') == (cert ~ chain ~ root)
           - cert1_rootchain.chain[:-1] | join('') == chain
@@ -46,13 +46,13 @@
 
 - block:
     - name: Find root for cert 2 using directory
-      certificate_complete_chain:
+      community.crypto.certificate_complete_chain:
         input_chain: "{{ fullchain | trim }}"
         root_certificates:
           - '{{ remote_tmp_dir }}/files/roots/'
       register: cert2_root
     - name: Verify root for cert 2
-      assert:
+      ansible.builtin.assert:
         that:
           - cert2_root.complete_chain | join('') == (fullchain ~ root)
           - cert2_root.root == root
@@ -62,7 +62,7 @@
 
 - block:
     - name: Find rootchain for cert 2 using intermediate and root PEM
-      certificate_complete_chain:
+      community.crypto.certificate_complete_chain:
         input_chain: '{{ cert }}'
         intermediate_certificates:
           - '{{ remote_tmp_dir }}/files/cert2-chain.pem'
@@ -70,7 +70,7 @@
           - '{{ remote_tmp_dir }}/files/roots.pem'
       register: cert2_rootchain
     - name: Verify rootchain for cert 2
-      assert:
+      ansible.builtin.assert:
         that:
           - cert2_rootchain.complete_chain | join('') == (cert ~ chain ~ root)
           - cert2_rootchain.chain[:-1] | join('') == chain
@@ -82,7 +82,7 @@
 
 - block:
     - name: Find alternate rootchain for cert 2 using intermediate and root PEM
-      certificate_complete_chain:
+      community.crypto.certificate_complete_chain:
         input_chain: '{{ cert }}'
         intermediate_certificates:
           - '{{ remote_tmp_dir }}/files/cert2-altchain.pem'
@@ -90,7 +90,7 @@
           - '{{ remote_tmp_dir }}/files/roots.pem'
       register: cert2_rootchain_alt
     - name: Verify rootchain for cert 2
-      assert:
+      ansible.builtin.assert:
         that:
           - cert2_rootchain_alt.complete_chain | join('') == (cert ~ chain ~ root)
           - cert2_rootchain_alt.chain[:-1] | join('') == chain
@@ -102,13 +102,13 @@
 
 - block:
     - name: Find alternate rootchain for cert 2 when complete chain is already presented to the module
-      certificate_complete_chain:
+      community.crypto.certificate_complete_chain:
         input_chain: '{{ cert ~ chain ~ root }}'
         root_certificates:
           - '{{ remote_tmp_dir }}/files/roots.pem'
       register: cert2_complete_chain
     - name: Verify rootchain for cert 2
-      assert:
+      ansible.builtin.assert:
         that:
           - cert2_complete_chain.complete_chain | join('') == (cert ~ chain ~ root)
           - cert2_complete_chain.chain == []
@@ -119,7 +119,7 @@
     root: "{{ lookup('file', 'cert2-altroot.pem', rstrip=False) }}"
 
 - name: Check failure when no intermediate certificate can be found
-  certificate_complete_chain:
+  community.crypto.certificate_complete_chain:
     input_chain: '{{ lookup("file", "cert2.pem", rstrip=true) }}'
     intermediate_certificates:
       - '{{ remote_tmp_dir }}/files/cert1-chain.pem'
@@ -128,13 +128,13 @@
   register: cert2_no_intermediate
   ignore_errors: true
 - name: Verify failure
-  assert:
+  ansible.builtin.assert:
     that:
       - cert2_no_intermediate is failed
       - "cert2_no_intermediate.msg.startswith('Cannot complete chain. Stuck at certificate ')"
 
 - name: Check failure when infinite loop is found
-  certificate_complete_chain:
+  community.crypto.certificate_complete_chain:
     input_chain: '{{ lookup("file", "cert1-fullchain.pem", rstrip=true) }}'
     intermediate_certificates:
       - '{{ remote_tmp_dir }}/files/roots.pem'
@@ -143,7 +143,7 @@
   register: cert2_infinite_loop
   ignore_errors: true
 - name: Verify failure
-  assert:
+  ansible.builtin.assert:
     that:
       - cert2_infinite_loop is failed
       - "cert2_infinite_loop.msg == 'Found cycle while building certificate chain'"

tests/integration/targets/certificate_complete_chain/tasks/main.yml

@@ -16,17 +16,17 @@
         state: directory
       when: ansible_version.string is version('2.10', '<')
     - name: Copy test files to testhost
-      copy:
+      ansible.builtin.copy:
         src: '{{ role_path }}/files/'
         dest: '{{ remote_tmp_dir }}/files/'
 
     - name: Run tests with copied certificates
-      import_tasks: existing.yml
+      ansible.builtin.import_tasks: existing.yml
 
     - name: Create more certificates
-      import_tasks: create.yml
+      ansible.builtin.import_tasks: create.yml
 
     - name: Run tests with created certificates
-      import_tasks: created.yml
+      ansible.builtin.import_tasks: created.yml
 
   when: cryptography_version.stdout is version('1.5', '>=')

tests/integration/targets/crypto_info/tasks/main.yml

@@ -9,19 +9,19 @@
 ####################################################################
 
 - name: Retrieve information
-  crypto_info:
+  community.crypto.crypto_info:
   register: result
 
 - name: Display information
-  debug:
+  ansible.builtin.debug:
     var: result
 
 - name: Register cryptography version
-  command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'"
+  ansible.builtin.command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'"
   register: local_cryptography_version
 
 - name: Determine complex version-based capabilities
-  set_fact:
+  ansible.builtin.set_fact:
     supports_ed25519: >-
       {{
         local_cryptography_version.stdout is version("2.6", ">=")
@@ -42,7 +42,7 @@
       }}
 
 - name: Verify cryptography information
-  assert:
+  ansible.builtin.assert:
     that:
       - result.python_cryptography_installed
       - "'python_cryptography_import_error' not in result"
@@ -63,15 +63,15 @@
       - result.python_cryptography_capabilities.has_x448 == (local_cryptography_version.stdout is version('2.5', '>='))
 
 - name: Find OpenSSL binary
-  command: which openssl
+  ansible.builtin.command: which openssl
   register: local_openssl_path
 
 - name: Find OpenSSL version
-  command: openssl version
+  ansible.builtin.command: openssl version
   register: local_openssl_version_full
 
 - name: Verify OpenSSL information
-  assert:
+  ansible.builtin.assert:
     that:
       - result.openssl_present
       - result.openssl.path == local_openssl_path.stdout

tests/integration/targets/filter_openssl_csr_info/tasks/impl.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: "Get CSR info"
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/csr_1.csr') | community.crypto.openssl_csr_info }}
     result_idna: >-
@@ -13,7 +13,7 @@
       {{ lookup('file', remote_tmp_dir ~ '/csr_1.csr') | community.crypto.openssl_csr_info(name_encoding='unicode') }}
 
 - name: "Check whether subject and extensions behaves as expected"
-  assert:
+  ansible.builtin.assert:
     that:
       - result.subject.organizationalUnitName == 'ACME Department'
       - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
@@ -40,7 +40,7 @@
       - result.extensions_by_oid['2.5.29.37'].value == 'MHQGCCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJBgRVHSUABggrBgEFBQcBAwYIKwYBBQUHAwoGCCsGAQUFBwMHBggrBgEFBQcBAg=='
 
 - name: "Check SubjectKeyIdentifier and AuthorityKeyIdentifier"
-  assert:
+  ansible.builtin.assert:
     that:
       - result.subject_key_identifier == "00:11:22:33"
       - result.authority_key_identifier == "44:55:66:77"
@@ -57,17 +57,17 @@
   when: cryptography_version.stdout is version('1.3', '>=')
 
 - name: "Get CSR info"
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/csr_2.csr') | community.crypto.openssl_csr_info }}
 
 - name: "Get CSR info"
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/csr_3.csr') | community.crypto.openssl_csr_info }}
 
 - name: "Check AuthorityKeyIdentifier"
-  assert:
+  ansible.builtin.assert:
     that:
       - result.authority_key_identifier is none
       - result.authority_cert_issuer == expected_authority_cert_issuer
@@ -79,12 +79,12 @@
   when: cryptography_version.stdout is version('1.3', '>=')
 
 - name: "Get CSR info"
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/csr_4.csr') | community.crypto.openssl_csr_info }}
 
 - name: "Check AuthorityKeyIdentifier"
-  assert:
+  ansible.builtin.assert:
     that:
       - result.authority_key_identifier == "44:55:66:77"
       - result.authority_cert_issuer is none
@@ -92,53 +92,53 @@
   when: cryptography_version.stdout is version('1.3', '>=')
 
 - name: Get invalid certificate info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ [] | community.crypto.openssl_csr_info }}
   ignore_errors: true
   register: output
 
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
     that:
       - output is failed
       - output.msg is search("The community.crypto.openssl_csr_info input must be a text type, not ")
 
 - name: Get invalid certificate info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ 'foo' | community.crypto.openssl_csr_info }}
   ignore_errors: true
   register: output
 
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
     that:
       - output is failed
       - output.msg is search("Unable to load (?:request|PEM file)(?:\.|$)")
 
 - name: Get invalid certificate info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ 'foo' | community.crypto.openssl_csr_info(name_encoding=[]) }}
   ignore_errors: true
   register: output
 
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
     that:
       - output is failed
       - output.msg is search("The name_encoding option must be of a text type, not ")
 
 - name: Get invalid name_encoding parameter
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ 'bar' | community.crypto.openssl_csr_info(name_encoding='foo') }}
   ignore_errors: true
   register: output
 
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
     that:
       - output is failed
       - output.msg is search("The name_encoding option must be one of the values \"ignore\", \"idna\", or \"unicode\", not \"foo\"$")

tests/integration/targets/filter_openssl_csr_info/tasks/main.yml

@@ -9,23 +9,23 @@
 ####################################################################
 
 - name: Make sure the Python idna library is installed
-  pip:
+  ansible.builtin.pip:
     name: idna
     state: present
 
 - name: Generate privatekey
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey.pem'
     size: '{{ default_rsa_key_size }}'
 
 - name: Generate privatekey with password
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
     size: '{{ default_rsa_key_size }}'
 
 - name: Generate CSR 1
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_1.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -94,7 +94,7 @@
       - "IP:1.2.3.4"
 
 - name: Generate CSR 2
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_2.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     privatekey_passphrase: hunter2
@@ -103,7 +103,7 @@
       - "CA:TRUE"
 
 - name: Generate CSR 3
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_3.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     useCommonNameForSAN: false
@@ -121,12 +121,12 @@
       - "IP:1.2.3.4"
 
 - name: Generate CSR 4
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_4.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     useCommonNameForSAN: false
     authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
 
 - name: Running tests
-  include_tasks: impl.yml
+  ansible.builtin.include_tasks: impl.yml
   when: cryptography_version.stdout is version('1.3', '>=')

tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml

@@ -4,12 +4,12 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Get key 1 info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/privatekey_1.pem') | community.crypto.openssl_privatekey_info }}
 
 - name: Check that RSA key info is ok
-  assert:
+  ansible.builtin.assert:
     that:
       - "'public_key' in result"
       - "'public_key_fingerprints' in result"
@@ -21,12 +21,12 @@
       - "'private_data' not in result"
 
 - name: Get key 2 info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/privatekey_2.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }}
 
 - name: Check that RSA key info is ok
-  assert:
+  ansible.builtin.assert:
     that:
       - "'public_key' in result"
       - "'public_key_fingerprints' in result"
@@ -41,26 +41,26 @@
       - "result.private_data.exponent > 5"
 
 - name: Get key 3 info (without passphrase)
-  set_fact:
+  ansible.builtin.set_fact:
     result_: >-
       {{ lookup('file', remote_tmp_dir ~ '/privatekey_3.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }}
   ignore_errors: true
   register: result
 
 - name: Check that loading passphrase protected key without passphrase failed
-  assert:
+  ansible.builtin.assert:
     that:
       - result is failed
       - >-
         'Wrong or empty passphrase provided for private key' in result.msg
 
 - name: Get key 3 info (with passphrase)
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/privatekey_3.pem') | community.crypto.openssl_privatekey_info(passphrase='hunter2', return_private_key_data=true) }}
 
 - name: Check that RSA key info is ok
-  assert:
+  ansible.builtin.assert:
     that:
       - "'public_key' in result"
       - "'public_key_fingerprints' in result"
@@ -74,12 +74,12 @@
       - "result.private_data.exponent > 5"
 
 - name: Get key 4 info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/privatekey_4.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }}
 
 - name: Check that ECC key info is ok
-  assert:
+  ansible.builtin.assert:
     that:
       - "'public_key' in result"
       - "'public_key_fingerprints' in result"
@@ -94,12 +94,12 @@
       - "result.private_data.multiplier > 1024"
 
 - name: Get key 5 info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/privatekey_5.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }}
 
 - name: Check that DSA key info is ok
-  assert:
+  ansible.builtin.assert:
     that:
       - "'public_key' in result"
       - "'public_key_fingerprints' in result"

tests/integration/targets/filter_openssl_privatekey_info/tasks/main.yml

@@ -9,34 +9,34 @@
 ####################################################################
 
 - name: Generate privatekey 1
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey_1.pem'
 
 - name: Generate privatekey 2 (less bits)
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey_2.pem'
     type: RSA
     size: '{{ default_rsa_key_size }}'
 
 - name: Generate privatekey 3 (with password)
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey_3.pem'
     passphrase: hunter2
     size: '{{ default_rsa_key_size }}'
 
 - name: Generate privatekey 4 (ECC)
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey_4.pem'
     type: ECC
     curve: "{{ (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') | ternary('secp521r1', 'secp256k1') }}"
     # ^ cryptography on CentOS6 doesn't support secp256k1, so we use secp521r1 instead
 
 - name: Generate privatekey 5 (DSA)
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey_5.pem'
     type: DSA
     size: 1024
 
 - name: Running tests
-  include_tasks: impl.yml
+  ansible.builtin.include_tasks: impl.yml
   when: cryptography_version.stdout is version('1.2.3', '>=')

tests/integration/targets/filter_openssl_publickey_info/tasks/impl.yml

@@ -4,12 +4,12 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Get key 1 info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/publickey_1.pem') | community.crypto.openssl_publickey_info }}
 
 - name: Check that RSA key info is ok
-  assert:
+  ansible.builtin.assert:
     that:
       - "'fingerprints' in result"
       - "'type' in result"
@@ -19,12 +19,12 @@
       - "result.public_data.exponent > 5"
 
 - name: Get key 2 info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/publickey_2.pem') | community.crypto.openssl_publickey_info }}
 
 - name: Check that RSA key info is ok
-  assert:
+  ansible.builtin.assert:
     that:
       - "'fingerprints' in result"
       - "'type' in result"
@@ -35,12 +35,12 @@
       - "result.public_data.exponent > 5"
 
 - name: Get key 3 info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/publickey_3.pem') | community.crypto.openssl_publickey_info }}
 
 - name: Check that ECC key info is ok
-  assert:
+  ansible.builtin.assert:
     that:
       - "'fingerprints' in result"
       - "'type' in result"
@@ -52,12 +52,12 @@
       - "result.public_data.exponent_size == (521 if (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') else 256)"
 
 - name: Get key 4 info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/publickey_4.pem') | community.crypto.openssl_publickey_info }}
 
 - name: Check that DSA key info is ok
-  assert:
+  ansible.builtin.assert:
     that:
       - "'fingerprints' in result"
       - "'type' in result"
@@ -69,27 +69,27 @@
       - "result.public_data.y > 2"
 
 - name: Get invalid key info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ [] | community.crypto.openssl_publickey_info }}
   ignore_errors: true
   register: output
 
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
     that:
       - output is failed
       - output.msg is search("The community.crypto.openssl_publickey_info input must be a text type, not ")
 
 - name: Get invalid key info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ 'foo' | community.crypto.openssl_publickey_info }}
   ignore_errors: true
   register: output
 
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
     that:
       - output is failed
       - 'output.msg is search("Error while deserializing key: ")'

tests/integration/targets/filter_openssl_publickey_info/tasks/main.yml

@@ -9,17 +9,17 @@
 ####################################################################
 
 - name: Generate privatekey 1
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey_1.pem'
 
 - name: Generate privatekey 2 (less bits)
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey_2.pem'
     type: RSA
     size: '{{ default_rsa_key_size }}'
 
 - name: Generate privatekey 3 (ECC)
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey_3.pem'
     type: ECC
     curve: "{{ (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') | ternary('secp521r1', 'secp256k1') }}"
@@ -27,13 +27,13 @@
     select_crypto_backend: cryptography
 
 - name: Generate privatekey 4 (DSA)
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey_4.pem'
     type: DSA
     size: 1024
 
 - name: Generate public keys
-  openssl_publickey:
+  community.crypto.openssl_publickey:
     privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem'
     path: '{{ remote_tmp_dir }}/publickey_{{ item }}.pem'
   loop:
@@ -43,5 +43,5 @@
     - 4
 
 - name: Running tests
-  include_tasks: impl.yml
+  ansible.builtin.include_tasks: impl.yml
   when: cryptography_version.stdout is version('1.2.3', '>=')

tests/integration/targets/filter_parse_serial/tasks/main.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Test parse_serial filter
-  assert:
+  ansible.builtin.assert:
     that:
       - >-
         '0' | community.crypto.parse_serial == 0
@@ -22,35 +22,35 @@
         '1:2:3' | community.crypto.parse_serial == 66051
 
 - name: "Test error 1: empty string"
-  debug:
+  ansible.builtin.debug:
     msg: >-
       {{ '' | community.crypto.parse_serial }}
   ignore_errors: true
   register: error_1
 
 - name: "Test error 2: invalid type"
-  debug:
+  ansible.builtin.debug:
     msg: >-
       {{ [] | community.crypto.parse_serial }}
   ignore_errors: true
   register: error_2
 
 - name: "Test error 3: invalid values (range)"
-  debug:
+  ansible.builtin.debug:
     msg: >-
       {{ '100' | community.crypto.parse_serial }}
   ignore_errors: true
   register: error_3
 
 - name: "Test error 4: invalid values (digits)"
-  debug:
+  ansible.builtin.debug:
     msg: >-
       {{ 'abcdefg' | community.crypto.parse_serial }}
   ignore_errors: true
   register: error_4
 
 - name: Validate errors
-  assert:
+  ansible.builtin.assert:
     that:
       - >-
         error_1 is failed and "The 1st part '' is not a hexadecimal number in range [0, 255]: invalid literal" in error_1.msg

tests/integration/targets/filter_split_pem/tasks/main.yml

@@ -9,7 +9,7 @@
 ####################################################################
 
 - name: Run tests that raise no errors
-  assert:
+  ansible.builtin.assert:
     that:
       - >-
         '' | community.crypto.split_pem == []
@@ -49,13 +49,13 @@
       AAb=
 
 - name: Invalid input
-  debug:
+  ansible.builtin.debug:
     msg: "{{ [] | community.crypto.split_pem }}"
   ignore_errors: true
   register: output
 
 - name: Validate error
-  assert:
+  ansible.builtin.assert:
     that:
       - output is failed
       - output.msg is search("The community.crypto.split_pem input must be a text type, not ")

tests/integration/targets/filter_to_serial/tasks/main.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Test to_serial filter
-  assert:
+  ansible.builtin.assert:
     that:
       - 0 | community.crypto.to_serial == '00'
       - 1 | community.crypto.to_serial == '01'
@@ -13,21 +13,21 @@
       - 65536 | community.crypto.to_serial == '01:00:00'
 
 - name: "Test error 1: negative number"
-  debug:
+  ansible.builtin.debug:
     msg: >-
       {{ (-1) | community.crypto.to_serial }}
   ignore_errors: true
   register: error_1
 
 - name: "Test error 2: invalid type"
-  debug:
+  ansible.builtin.debug:
     msg: >-
       {{ [] | community.crypto.to_serial }}
   ignore_errors: true
   register: error_2
 
 - name: Validate error
-  assert:
+  ansible.builtin.assert:
     that:
       - >-
         error_1 is failed and "The input for the community.crypto.to_serial filter must not be negative" in error_1.msg

tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Get certificate info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/cert_1.pem') | community.crypto.x509_certificate_info }}
     result_idna: >-
@@ -13,7 +13,7 @@
       {{ lookup('file', remote_tmp_dir ~ '/cert_1.pem') | community.crypto.x509_certificate_info(name_encoding='unicode') }}
 
 - name: Check whether issuer and subject and extensions behave as expected
-  assert:
+  ansible.builtin.assert:
     that:
       - result.issuer.organizationalUnitName == 'ACME Department'
       - "['organizationalUnitName', 'Crypto Department'] in result.issuer_ordered"
@@ -72,7 +72,7 @@
       - result.extensions_by_oid['2.5.29.37'].value == 'MHQGCCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJBgRVHSUABggrBgEFBQcBAwYIKwYBBQUHAwoGCCsGAQUFBwMHBggrBgEFBQcBAg=='
 
 - name: Check SubjectKeyIdentifier and AuthorityKeyIdentifier
-  assert:
+  ansible.builtin.assert:
     that:
       - result.subject_key_identifier == "00:11:22:33"
       - result.authority_key_identifier == "44:55:66:77"
@@ -89,17 +89,17 @@
   when: cryptography_version.stdout is version('1.3', '>=')
 
 - name: Get certificate info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/cert_2.pem') | community.crypto.x509_certificate_info }}
 
 - name: Get certificate info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/cert_3.pem') | community.crypto.x509_certificate_info }}
 
 - name: Check AuthorityKeyIdentifier
-  assert:
+  ansible.builtin.assert:
     that:
       - result.authority_key_identifier is none
       - result.authority_cert_issuer == expected_authority_cert_issuer
@@ -111,12 +111,12 @@
   when: cryptography_version.stdout is version('1.3', '>=')
 
 - name: Get certificate info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', remote_tmp_dir ~ '/cert_4.pem') | community.crypto.x509_certificate_info }}
 
 - name: Check AuthorityKeyIdentifier
-  assert:
+  ansible.builtin.assert:
     that:
       - result.authority_key_identifier == "44:55:66:77"
       - result.authority_cert_issuer is none
@@ -124,11 +124,11 @@
   when: cryptography_version.stdout is version('1.3', '>=')
 
 - name: Get certificate info for packaged cert 1
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ lookup('file', role_path ~ '/../x509_certificate_info/files/cert1.pem') | community.crypto.x509_certificate_info }}
 - name: Check extensions
-  assert:
+  ansible.builtin.assert:
     that:
       - "'ocsp_uri' in result"
       - "result.ocsp_uri == 'http://ocsp.foobarbaz.example.com'"
@@ -165,59 +165,59 @@
       - result.extensions_by_oid['2.5.29.37'].critical == false
       - result.extensions_by_oid['2.5.29.37'].value == 'MBQGCCsGAQUFBwMBBggrBgEFBQcDAg=='
 - name: Check fingerprints
-  assert:
+  ansible.builtin.assert:
     that:
       - (result.fingerprints.sha256 == '08:26:60:3d:29:11:f2:88:09:3f:40:71:bb:67:cb:59:9c:6e:cf:e0:49:22:ab:e8:60:bd:f6:9a:01:e3:0e:2c' if result.fingerprints.sha256 is defined else true)
       - (result.fingerprints.sha1 == '5a:32:7f:22:61:f3:2e:ad:a7:d8:77:07:1c:7f:08:cd:ab:7f:bc:11' if result.fingerprints.sha1 is defined else true)
 
 - name: Get invalid certificate info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ [] | community.crypto.x509_certificate_info }}
   ignore_errors: true
   register: output
 
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
     that:
       - output is failed
       - output.msg is search("The community.crypto.x509_certificate_info input must be a text type, not ")
 
 - name: Get invalid certificate info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ 'foo' | community.crypto.x509_certificate_info }}
   ignore_errors: true
   register: output
 
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
     that:
       - output is failed
       - output.msg is search("Unable to load (?:certificate|PEM file)(?:\.|$)")
 
 - name: Get invalid certificate info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ 'foo' | community.crypto.x509_certificate_info(name_encoding=[]) }}
   ignore_errors: true
   register: output
 
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
     that:
       - output is failed
       - output.msg is search("The name_encoding option must be of a text type, not ")
 
 - name: Get invalid name_encoding parameter
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ 'bar' | community.crypto.x509_certificate_info(name_encoding='foo') }}
   ignore_errors: true
   register: output
 
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
     that:
       - output is failed
       - output.msg is search("The name_encoding option must be one of the values \"ignore\", \"idna\", or \"unicode\", not \"foo\"$")

tests/integration/targets/filter_x509_certificate_info/tasks/main.yml

@@ -9,24 +9,24 @@
 ####################################################################
 
 - name: Make sure the Python idna library is installed
-  pip:
+  ansible.builtin.pip:
     name: idna
     state: present
 
 - name: Generate privatekey
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey.pem'
     size: '{{ default_rsa_key_size_certificates }}'
 
 - name: Generate privatekey with password
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
     select_crypto_backend: cryptography
     size: '{{ default_rsa_key_size_certificates }}'
 
 - name: Generate CSR 1
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_1.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -97,7 +97,7 @@
       - "IP:1.2.3.4"
 
 - name: Generate CSR 2
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_2.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     privatekey_passphrase: hunter2
@@ -106,7 +106,7 @@
       - "CA:TRUE"
 
 - name: Generate CSR 3
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_3.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     useCommonNameForSAN: false
@@ -124,14 +124,14 @@
       - "IP:1.2.3.4"
 
 - name: Generate CSR 4
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_4.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     useCommonNameForSAN: false
     authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
 
 - name: Generate selfsigned certificates
-  x509_certificate:
+  community.crypto.x509_certificate:
     path: '{{ remote_tmp_dir }}/cert_{{ item }}.pem'
     csr_path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
@@ -146,5 +146,5 @@
     - 4
 
 - name: Running tests
-  include_tasks: impl.yml
+  ansible.builtin.include_tasks: impl.yml
   when: cryptography_version.stdout is version('1.6', '>=')

tests/integration/targets/filter_x509_crl_info/tasks/impl.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Create CRL 1
-  x509_crl:
+  community.crypto.x509_crl:
     path: '{{ remote_tmp_dir }}/ca-crl1.crl'
     privatekey_path: '{{ remote_tmp_dir }}/ca.key'
     issuer:
@@ -23,17 +23,17 @@
         revocation_date: 20191001000000Z
 
 - name: Retrieve CRL 1 infos
-  set_fact:
+  ansible.builtin.set_fact:
     crl_1_info_1: >-
       {{ lookup('file', remote_tmp_dir ~ '/ca-crl1.crl') | community.crypto.x509_crl_info }}
 
 - name: Retrieve CRL 1 infos
-  set_fact:
+  ansible.builtin.set_fact:
     crl_1_info_2: >-
       {{ lookup('file', remote_tmp_dir ~ '/ca-crl1.crl') | b64encode | community.crypto.x509_crl_info }}
 
 - name: Validate CRL 1 info
-  assert:
+  ansible.builtin.assert:
     that:
       - crl_1_info_1.format == 'pem'
       - crl_1_info_1.digest == 'ecdsa-with-SHA256'
@@ -70,7 +70,7 @@
       - crl_1_info_1 == crl_1_info_2
 
 - name: Recreate CRL 1 as DER file
-  x509_crl:
+  community.crypto.x509_crl:
     path: '{{ remote_tmp_dir }}/ca-crl1.crl'
     privatekey_path: '{{ remote_tmp_dir }}/ca.key'
     format: der
@@ -90,7 +90,7 @@
         revocation_date: 20191001000000Z
 
 - name: Read ca-crl1.crl
-  slurp:
+  ansible.builtin.slurp:
     src: "{{ remote_tmp_dir }}/ca-crl1.crl"
   register: content
 
@@ -102,19 +102,19 @@
   when: ansible_version.string is version('2.11', '>=') or ansible_python.version.major > 2
 
 - name: Retrieve CRL 1 infos from DER (Base64 encoded)
-  set_fact:
+  ansible.builtin.set_fact:
     crl_1_info_5: >-
       {{ content.content | community.crypto.x509_crl_info }}
 
 - name: Validate CRL 1
-  assert:
+  ansible.builtin.assert:
     that:
       - crl_1_info_4 is not defined or crl_1_info_4.format == 'der'
       - crl_1_info_5.format == 'der'
       - crl_1_info_4 is not defined or crl_1_info_4 == crl_1_info_5
 
 - name: Create CRL 2
-  x509_crl:
+  community.crypto.x509_crl:
     path: '{{ remote_tmp_dir }}/ca-crl2.crl'
     privatekey_path: '{{ remote_tmp_dir }}/ca.key'
     issuer_ordered:
@@ -135,12 +135,12 @@
   register: crl_2_change
 
 - name: Retrieve CRL 2 infos
-  set_fact:
+  ansible.builtin.set_fact:
     crl_2_info_1: >-
       {{ lookup('file', remote_tmp_dir ~ '/ca-crl2.crl') | community.crypto.x509_crl_info(list_revoked_certificates=false) }}
 
 - name: Create CRL 2 (changed order)
-  x509_crl:
+  community.crypto.x509_crl:
     path: '{{ remote_tmp_dir }}/ca-crl2.crl'
     privatekey_path: '{{ remote_tmp_dir }}/ca.key'
     issuer_ordered:
@@ -161,12 +161,12 @@
   register: crl_2_change_order
 
 - name: Retrieve CRL 2 infos again
-  set_fact:
+  ansible.builtin.set_fact:
     crl_2_info_2: >-
       {{ lookup('file', remote_tmp_dir ~ '/ca-crl2.crl') | community.crypto.x509_crl_info(list_revoked_certificates=false) }}
 
 - name: Validate CRL 2 info
-  assert:
+  ansible.builtin.assert:
     that:
       - "'revoked_certificates' not in crl_2_info_1"
       - >
@@ -185,7 +185,7 @@
         ]
 
 - name: Create CRL 3
-  x509_crl:
+  community.crypto.x509_crl:
     path: '{{ remote_tmp_dir }}/ca-crl3.crl'
     privatekey_path: '{{ remote_tmp_dir }}/ca.key'
     issuer:
@@ -215,7 +215,7 @@
   register: crl_3
 
 - name: Create CRL 3 (IDNA encoding)
-  x509_crl:
+  community.crypto.x509_crl:
     path: '{{ remote_tmp_dir }}/ca-crl3.crl'
     privatekey_path: '{{ remote_tmp_dir }}/ca.key'
     issuer:
@@ -240,7 +240,7 @@
   register: crl_3_idna
 
 - name: Create CRL 3 (Unicode encoding)
-  x509_crl:
+  community.crypto.x509_crl:
     path: '{{ remote_tmp_dir }}/ca-crl3.crl'
     privatekey_path: '{{ remote_tmp_dir }}/ca.key'
     issuer:
@@ -265,7 +265,7 @@
   register: crl_3_unicode
 
 - name: Retrieve CRL 3 infos
-  set_fact:
+  ansible.builtin.set_fact:
     crl_3_info: >-
       {{ lookup('file', remote_tmp_dir ~ '/ca-crl3.crl') | community.crypto.x509_crl_info(list_revoked_certificates=true) }}
     crl_3_info_idna: >-
@@ -274,73 +274,73 @@
       {{ lookup('file', remote_tmp_dir ~ '/ca-crl3.crl') | community.crypto.x509_crl_info(list_revoked_certificates=true, name_encoding='unicode') }}
 
 - name: Validate CRL 3 info
-  assert:
+  ansible.builtin.assert:
     that:
       - crl_3.revoked_certificates == crl_3_info.revoked_certificates
       - crl_3_idna.revoked_certificates == crl_3_info_idna.revoked_certificates
       - crl_3_unicode.revoked_certificates == crl_3_info_unicode.revoked_certificates
 
 - name: Get invalid CRL info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ [] | community.crypto.x509_crl_info }}
   ignore_errors: true
   register: output
 
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
     that:
       - output is failed
       - output.msg is search("The community.crypto.x509_crl_info input must be a text type, not ")
 
 - name: Get invalid CRL info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ 'foo' | community.crypto.x509_crl_info }}
   ignore_errors: true
   register: output
 
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
     that:
       - output is failed
       - output.msg is search("Error while decoding CRL")
 
 - name: Get invalid CRL info
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ 'foo' | community.crypto.x509_crl_info(name_encoding=[]) }}
   ignore_errors: true
   register: output
 
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
     that:
       - output is failed
       - output.msg is search("The name_encoding option must be of a text type, not ")
 
 - name: Get invalid name_encoding parameter
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ 'bar' | community.crypto.x509_crl_info(name_encoding='foo') }}
   ignore_errors: true
   register: output
 
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
     that:
       - output is failed
       - output.msg is search("The name_encoding option must be one of the values \"ignore\", \"idna\", or \"unicode\", not \"foo\"$")
 
 - name: Get invalid list_revoked_certificates parameter
-  set_fact:
+  ansible.builtin.set_fact:
     result: >-
       {{ 'bar' | community.crypto.x509_crl_info(list_revoked_certificates=[]) }}
   ignore_errors: true
   register: output
 
 - name: Check that task failed and error message is OK
-  assert:
+  ansible.builtin.assert:
     that:
       - output is failed
       - output.msg is search("The list_revoked_certificates option must be a boolean, not ")

tests/integration/targets/filter_x509_crl_info/tasks/main.yml

@@ -9,11 +9,11 @@
 ####################################################################
 
 - name: Make sure the Python idna library is installed
-  pip:
+  ansible.builtin.pip:
     name: idna
     state: present
 
-- set_fact:
+- ansible.builtin.set_fact:
     certificates:
       - name: ca
         subject:
@@ -39,14 +39,14 @@
           - DNS:b64.ansible.com
 
 - name: Generate private keys
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/{{ item.name }}.key'
     type: ECC
     curve: secp256r1
   loop: "{{ certificates }}"
 
 - name: Generate CSRs
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/{{ item.name }}.csr'
     privatekey_path: '{{ remote_tmp_dir }}/{{ item.name }}.key'
     subject: "{{ item.subject | default(omit) }}"
@@ -56,7 +56,7 @@
   loop: "{{ certificates }}"
 
 - name: Generate CA certificates
-  x509_certificate:
+  community.crypto.x509_certificate:
     path: '{{ remote_tmp_dir }}/{{ item.name }}.pem'
     csr_path: '{{ remote_tmp_dir }}/{{ item.name }}.csr'
     privatekey_path: '{{ remote_tmp_dir }}/{{ item.name }}.key'
@@ -65,7 +65,7 @@
   when: item.is_ca | default(false)
 
 - name: Generate other certificates
-  x509_certificate:
+  community.crypto.x509_certificate:
     path: '{{ remote_tmp_dir }}/{{ item.name }}.pem'
     csr_path: '{{ remote_tmp_dir }}/{{ item.name }}.csr'
     provider: ownca
@@ -75,7 +75,7 @@
   when: not (item.is_ca | default(false))
 
 - name: Get certificate infos
-  x509_certificate_info:
+  community.crypto.x509_certificate_info:
     path: '{{ remote_tmp_dir }}/{{ item }}.pem'
   loop:
     - cert-1
@@ -86,6 +86,6 @@
 
 - block:
     - name: Running tests
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
 
   when: cryptography_version.stdout is version('1.2', '>=')

tests/integration/targets/get_certificate/tasks/main.yml

@@ -8,7 +8,7 @@
 # and should not be used as examples of how to write Ansible roles #
 ####################################################################
 
-- set_fact:
+- ansible.builtin.set_fact:
     skip_tests: false
     has_get_certificate_chain: >-
       {{ ansible_facts.python_version is version('3.10.0', '>=') }}
@@ -16,14 +16,14 @@
 - block:
 
     - name: Get servers certificate with backend auto-detection
-      get_certificate:
+      community.crypto.get_certificate:
         host: "{{ httpbin_host }}"
         port: 443
         asn1_base64: "{{ true if ansible_version.full is version('2.18', '>=') else omit }}"
       ignore_errors: true
       register: result
 
-    - set_fact:
+    - ansible.builtin.set_fact:
         skip_tests: |
           {{
             result is failed and (
@@ -33,7 +33,7 @@
             )
           }}
 
-    - assert:
+    - ansible.builtin.assert:
         that:
           - result is success or skip_tests
 
@@ -41,7 +41,7 @@
 
 - block:
 
-    - include_tasks: ../tests/validate.yml
+    - ansible.builtin.include_tasks: ../tests/validate.yml
       vars:
         select_crypto_backend: cryptography
 

tests/integration/targets/get_certificate/tests/validate.yml

@@ -4,16 +4,16 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Get servers certificate for SNI test part 1
-  get_certificate:
+  community.crypto.get_certificate:
     host: "{{ httpbin_host }}"
     port: 443
     server_name: "{{ sni_host }}"
     asn1_base64: true
   register: result
 
-- debug: var=result
+- ansible.builtin.debug: var=result
 
-- assert:
+- ansible.builtin.assert:
     that:
       # This module should never change anything
       - result is not changed
@@ -22,16 +22,16 @@
       - "'{{ sni_host }}' == result.subject.CN"
 
 - name: Get servers certificate for SNI test part 2
-  get_certificate:
+  community.crypto.get_certificate:
     host: "{{ sni_host }}"
     port: 443
     server_name: "{{ httpbin_host }}"
     asn1_base64: true
   register: result
 
-- debug: var=result
+- ansible.builtin.debug: var=result
 
-- assert:
+- ansible.builtin.assert:
     that:
       # This module should never change anything
       - result is not changed
@@ -40,16 +40,16 @@
       - "'{{ httpbin_host }}' == result.subject.CN"
 
 - name: Get servers certificate
-  get_certificate:
+  community.crypto.get_certificate:
     host: "{{ httpbin_host }}"
     port: 443
     select_crypto_backend: "{{ select_crypto_backend }}"
     asn1_base64: true
   register: result
 
-- debug: var=result
+- ansible.builtin.debug: var=result
 
-- assert:
+- ansible.builtin.assert:
     that:
       # This module should never change anything
       - result is not changed
@@ -58,7 +58,7 @@
       - "'North Carolina' == result.subject.ST"
 
 - name: Connect to http port (will fail because there is no SSL cert to get)
-  get_certificate:
+  community.crypto.get_certificate:
     host: "{{ httpbin_host }}"
     port: 80
     select_crypto_backend: "{{ select_crypto_backend }}"
@@ -66,7 +66,7 @@
   register: result
   ignore_errors: true
 
-- assert:
+- ansible.builtin.assert:
     that:
       - result is not changed
       - result is failed
@@ -78,7 +78,7 @@
         or 'record layer failure' in result.msg
 
 - name: Test timeout option
-  get_certificate:
+  community.crypto.get_certificate:
     host: "{{ httpbin_host }}"
     port: 1234
     timeout: 1
@@ -87,7 +87,7 @@
   register: result
   ignore_errors: true
 
-- assert:
+- ansible.builtin.assert:
     that:
       - result is not changed
       - result is failed
@@ -95,7 +95,7 @@
       - "'Failed to get cert from port with error: timed out' == result.msg or 'Connection refused' in result.msg"
 
 - name: Test failure if ca_cert is not a valid file
-  get_certificate:
+  community.crypto.get_certificate:
     host: "{{ httpbin_host }}"
     port: 443
     ca_cert: dn.e
@@ -104,7 +104,7 @@
   register: result
   ignore_errors: true
 
-- assert:
+- ansible.builtin.assert:
     that:
       - result is not changed
       - result is failed
@@ -112,12 +112,12 @@
       - "'ca_cert file does not exist' == result.msg"
 
 - name: Download CA Cert as pem from server
-  get_url:
+  ansible.builtin.get_url:
     url: "http://ansible.http.tests/cacert.pem"
     dest: "{{ remote_tmp_dir }}/temp.pem"
 
 - name: Get servers certificate comparing it to its own ca_cert file
-  get_certificate:
+  community.crypto.get_certificate:
     ca_cert: '{{ remote_tmp_dir }}/temp.pem'
     host: "{{ httpbin_host }}"
     port: 443
@@ -126,19 +126,19 @@
     get_certificate_chain: "{{ has_get_certificate_chain }}"
   register: result
 
-- assert:
+- ansible.builtin.assert:
     that:
       - result is not changed
       - result is not failed
 
 - name: Read CA cert
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/temp.pem'
   register: cacert
   when: has_get_certificate_chain
 
 - name: Validate get_certificate_chain=true results
-  assert:
+  ansible.builtin.assert:
     that:
       - result.verified_chain is sequence
       - result.unverified_chain is sequence
@@ -149,20 +149,20 @@
   when: has_get_certificate_chain
 
 - name: Validate get_certificate_chain=false results
-  assert:
+  ansible.builtin.assert:
     that:
       - result.verified_chain is undefined
       - result.unverified_chain is undefined
   when: not has_get_certificate_chain
 
 - name: Generate bogus CA privatekey
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/bogus_ca.key'
     type: ECC
     curve: secp256r1
 
 - name: Generate bogus CA CSR
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/bogus_ca.csr'
     privatekey_path: '{{ remote_tmp_dir }}/bogus_ca.key'
     subject:
@@ -173,7 +173,7 @@
     basic_constraints_critical: true
 
 - name: Generate selfsigned bogus CA certificate
-  x509_certificate:
+  community.crypto.x509_certificate:
     path: '{{ remote_tmp_dir }}/bogus_ca.pem'
     csr_path: '{{ remote_tmp_dir }}/bogus_ca.csr'
     privatekey_path: '{{ remote_tmp_dir }}/bogus_ca.key'
@@ -181,7 +181,7 @@
     selfsigned_digest: sha256
 
 - name: Get servers certificate comparing it to an invalid ca_cert file
-  get_certificate:
+  community.crypto.get_certificate:
     ca_cert: '{{ remote_tmp_dir }}/bogus_ca.pem'
     host: "{{ httpbin_host }}"
     port: 443
@@ -190,7 +190,7 @@
   register: result
   ignore_errors: true
 
-- assert:
+- ansible.builtin.assert:
     that:
       - result is not changed
       - result is failed

tests/integration/targets/luks_device/tasks/main.yml

@@ -9,7 +9,7 @@
 ####################################################################
 
 - name: Copy keyfiles
-  copy:
+  ansible.builtin.copy:
     src: '{{ item }}'
     dest: '{{ remote_tmp_dir }}/{{ item }}'
   loop:
@@ -17,7 +17,7 @@
     - keyfile2
 
 - name: Include OS-specific variables
-  include_vars: '{{ lookup("first_found", search) }}'
+  ansible.builtin.include_vars: '{{ lookup("first_found", search) }}'
   vars:
     search:
       files:
@@ -30,62 +30,62 @@
         - vars
 
 - name: Make sure cryptsetup is installed
-  package:
+  ansible.builtin.package:
     name: '{{ cryptsetup_package }}'
     state: present
   become: true
 
 - name: Install additionally required packages
-  package:
+  ansible.builtin.package:
     name: '{{ luks_extra_packages }}'
     state: present
   become: true
   when: luks_extra_packages | length > 0
 
 - name: Determine cryptsetup version
-  command: cryptsetup --version
+  ansible.builtin.command: cryptsetup --version
   register: cryptsetup_version
 
 - name: Extract cryptsetup version
-  set_fact:
+  ansible.builtin.set_fact:
     cryptsetup_version: >-
       {{ cryptsetup_version.stdout_lines[0] | regex_search('cryptsetup ([0-9]+\.[0-9]+\.[0-9]+)') | split | last }}
 
 - name: Create cryptfile
-  command: dd if=/dev/zero of={{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile bs=1M count=32
+  ansible.builtin.command: dd if=/dev/zero of={{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile bs=1M count=32
 
 - name: Figure out next loopback device
-  command: losetup -f
+  ansible.builtin.command: losetup -f
   become: true
   register: cryptfile_device_output
 
 - name: Create lookback device
-  command: losetup -f {{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile
+  ansible.builtin.command: losetup -f {{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile
   become: true
 
 - name: Store some common data for tests
-  set_fact:
+  ansible.builtin.set_fact:
     cryptfile_device: "{{ cryptfile_device_output.stdout_lines[0] }}"
     cryptfile_passphrase1: "uNiJ9vKG2mUOEWDiQVuBHJlfMHE"
     cryptfile_passphrase2: "HW4Ak2HtE2vvne0qjJMPTtmbV4M"
     cryptfile_passphrase3: "qQJqsjabO9pItV792k90VvX84MM"
 
 - block:
-    - include_tasks: run-test.yml
+    - ansible.builtin.include_tasks: run-test.yml
       with_fileglob:
         - "tests/*.yml"
 
   always:
     - name: Make sure LUKS device is gone
-      luks_device:
+      community.crypto.luks_device:
         device: "{{ cryptfile_device }}"
         state: absent
       become: true
       ignore_errors: true
 
-    - command: losetup -d "{{ cryptfile_device }}"
+    - ansible.builtin.command: losetup -d "{{ cryptfile_device }}"
       become: true
 
-    - file:
+    - ansible.builtin.file:
         dest: "{{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile"
         state: absent

tests/integration/targets/luks_device/tasks/run-test.yml

@@ -4,9 +4,9 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Make sure LUKS device is gone
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: absent
   become: true
 - name: "Loading tasks from {{ item }}"
-  include_tasks: "{{ item }}"
+  ansible.builtin.include_tasks: "{{ item }}"

tests/integration/targets/luks_device/tasks/tests/create-destroy.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Create (check)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -14,7 +14,7 @@
   become: true
   register: create_check
 - name: Create
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -23,7 +23,7 @@
   become: true
   register: create
 - name: Create (idempotent)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -32,7 +32,7 @@
   become: true
   register: create_idem
 - name: Create (idempotent, check)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -41,7 +41,7 @@
   check_mode: true
   become: true
   register: create_idem_check
-- assert:
+- ansible.builtin.assert:
     that:
       - create_check is changed
       - create is changed
@@ -49,7 +49,7 @@
       - create_idem_check is not changed
 
 - name: Open (check)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -57,28 +57,28 @@
   become: true
   register: open_check
 - name: Open
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
   become: true
   register: open
 - name: Open (idempotent)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
   become: true
   register: open_idem
 - name: Open (idempotent, check)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
   check_mode: true
   become: true
   register: open_idem_check
-- assert:
+- ansible.builtin.assert:
     that:
       - open_check is changed
       - open is changed
@@ -86,32 +86,32 @@
       - open_idem_check is not changed
 
 - name: Closed (via name, check)
-  luks_device:
+  community.crypto.luks_device:
     name: "{{ open.name }}"
     state: closed
   check_mode: true
   become: true
   register: close_check
 - name: Closed (via name)
-  luks_device:
+  community.crypto.luks_device:
     name: "{{ open.name }}"
     state: closed
   become: true
   register: close
 - name: Closed (via name, idempotent)
-  luks_device:
+  community.crypto.luks_device:
     name: "{{ open.name }}"
     state: closed
   become: true
   register: close_idem
 - name: Closed (via name, idempotent, check)
-  luks_device:
+  community.crypto.luks_device:
     name: "{{ open.name }}"
     state: closed
   check_mode: true
   become: true
   register: close_idem_check
-- assert:
+- ansible.builtin.assert:
     that:
       - close_check is changed
       - close is changed
@@ -119,39 +119,39 @@
       - close_idem_check is not changed
 
 - name: Re-open
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
   become: true
 
 - name: Closed (via device, check)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
   check_mode: true
   become: true
   register: close_check
 - name: Closed (via device)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
   become: true
   register: close
 - name: Closed (via device, idempotent)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
   become: true
   register: close_idem
 - name: Closed (via device, idempotent, check)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
   check_mode: true
   become: true
   register: close_idem_check
-- assert:
+- ansible.builtin.assert:
     that:
       - close_check is changed
       - close is changed
@@ -159,39 +159,39 @@
       - close_idem_check is not changed
 
 - name: Re-opened
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
   become: true
 
 - name: Absent (check)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: absent
   check_mode: true
   become: true
   register: absent_check
 - name: Absent
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: absent
   become: true
   register: absent
 - name: Absent (idempotence)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: absent
   become: true
   register: absent_idem
 - name: Absent (idempotence, check)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: absent
   check_mode: true
   become: true
   register: absent_idem_check
-- assert:
+- ansible.builtin.assert:
     that:
       - absent_check is changed
       - absent is changed

tests/integration/targets/luks_device/tasks/tests/cryptname.yml

@@ -4,11 +4,11 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Fix name
-  set_fact:
+  ansible.builtin.set_fact:
     cryptname: "crypt{{ '%0x' % ((2**32) | random) }}"
 
 - name: Create
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     name: "{{ cryptname }}"
     state: present
@@ -18,7 +18,7 @@
   become: true
   register: create
 - name: Open
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     name: "{{ cryptname }}"
     state: opened
@@ -26,7 +26,7 @@
   become: true
   register: open
 - name: Open (idempotent)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     name: "{{ cryptname }}"
     state: opened
@@ -34,25 +34,25 @@
   become: true
   register: open_idem
 - name: Closed (via name)
-  luks_device:
+  community.crypto.luks_device:
     name: "{{ cryptname }}"
     state: closed
   become: true
   register: close
 - name: Closed (via name, idempotent)
-  luks_device:
+  community.crypto.luks_device:
     name: "{{ cryptname }}"
     state: closed
   become: true
   register: close_idem
 - name: Absent
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     name: "{{ cryptname }}"
     state: absent
   become: true
   register: absent
-- assert:
+- ansible.builtin.assert:
     that:
       - create is changed
       - open is changed

tests/integration/targets/luks_device/tasks/tests/device-check.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Create with invalid device name (check)
-  luks_device:
+  community.crypto.luks_device:
     device: /dev/asdfasdfasdf
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -15,7 +15,7 @@
   become: true
   register: create_check
 - name: Create with invalid device name
-  luks_device:
+  community.crypto.luks_device:
     device: /dev/asdfasdfasdf
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -24,7 +24,7 @@
   ignore_errors: true
   become: true
   register: create
-- assert:
+- ansible.builtin.assert:
     that:
       - create_check is failed
       - create is failed
@@ -32,7 +32,7 @@
       - "'o such file or directory' in create.msg"
 
 - name: Create with something which is not a device (check)
-  luks_device:
+  community.crypto.luks_device:
     device: /tmp/
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -43,7 +43,7 @@
   become: true
   register: create_check
 - name: Create with something which is not a device
-  luks_device:
+  community.crypto.luks_device:
     device: /tmp/
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -52,7 +52,7 @@
   ignore_errors: true
   become: true
   register: create
-- assert:
+- ansible.builtin.assert:
     that:
       - create_check is failed
       - create is failed

tests/integration/targets/luks_device/tasks/tests/key-management.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Create with keyfile1
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -15,36 +15,36 @@
 # Access: keyfile1
 
 - name: Try to open with keyfile1
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
   become: true
 
 - name: Try to open with keyfile2
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     keyfile: "{{ remote_tmp_dir }}/keyfile2"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is failed
 
 - name: Give access to keyfile2
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -55,7 +55,7 @@
   register: result_1
 
 - name: Give access to keyfile2 (idempotent)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -63,7 +63,7 @@
   become: true
   register: result_2
 
-- assert:
+- ansible.builtin.assert:
     that:
       - result_1 is changed
       - result_2 is not changed
@@ -71,28 +71,28 @@
 # Access: keyfile1 and keyfile2
 
 - name: Try to open with keyfile2
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     keyfile: "{{ remote_tmp_dir }}/keyfile2"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
   become: true
 
 - name: Dump LUKS header
-  command: "cryptsetup luksDump {{ cryptfile_device }}"
+  ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}"
   become: true
 
 - name: Remove access from keyfile1
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -101,7 +101,7 @@
   register: result_1
 
 - name: Remove access from keyfile1 (idempotent)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -109,7 +109,7 @@
   become: true
   register: result_2
 
-- assert:
+- ansible.builtin.assert:
     that:
       - result_1 is changed
       - result_2 is not changed
@@ -117,40 +117,40 @@
 # Access: keyfile2
 
 - name: Try to open with keyfile1
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is failed
 
 - name: Try to open with keyfile2
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     keyfile: "{{ remote_tmp_dir }}/keyfile2"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
   become: true
 
 - name: Dump LUKS header
-  command: "cryptsetup luksDump {{ cryptfile_device }}"
+  ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}"
   become: true
 
 - name: Remove access from keyfile2
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     keyfile: "{{ remote_tmp_dir }}/keyfile2"
@@ -158,7 +158,7 @@
   become: true
   ignore_errors: true
   register: remove_last_key
-- assert:
+- ansible.builtin.assert:
     that:
       - remove_last_key is failed
       - "'force_remove_last_key' in remove_last_key.msg"
@@ -166,24 +166,24 @@
 # Access: keyfile2
 
 - name: Try to open with keyfile2
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     keyfile: "{{ remote_tmp_dir }}/keyfile2"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
   become: true
 
 - name: Remove access from keyfile2
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     keyfile: "{{ remote_tmp_dir }}/keyfile2"
@@ -194,13 +194,13 @@
 # Access: none
 
 - name: Try to open with keyfile2
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     keyfile: "{{ remote_tmp_dir }}/keyfile2"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is failed

tests/integration/targets/luks_device/tasks/tests/keyfile_binary_nocopy.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Create with keyfile3
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     passphrase: "{{ keyfile3 }}"
@@ -21,7 +21,7 @@
   register: create_passphrase_1
 
 - name: Create with keyfile3 (without argon2i)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     passphrase: "{{ keyfile3 }}"
@@ -32,7 +32,7 @@
   when: create_passphrase_1 is failed
 
 - name: Open with keyfile3
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     passphrase: "{{ keyfile3 }}"
@@ -40,29 +40,29 @@
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
   become: true
 
 - name: Try to open with passphrase1
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     passphrase: "{{ cryptfile_passphrase1 }}"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is failed
 
 - name: Give access to passphrase1
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     passphrase: "{{ keyfile3 }}"
@@ -73,7 +73,7 @@
   become: true
 
 - name: Remove access for keyfile3
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     remove_passphrase: "{{ keyfile3 }}"
@@ -81,25 +81,25 @@
   become: true
 
 - name: Try to open with keyfile3
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     passphrase: "{{ keyfile3 }}"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is failed
 
 - name: Open with passphrase1
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     passphrase: "{{ cryptfile_passphrase1 }}"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is not failed

tests/integration/targets/luks_device/tasks/tests/keyslot-create-destroy.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Create luks with keyslot 4 (check)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -15,7 +15,7 @@
   become: true
   register: create_luks_slot4_check
 - name: Create luks with keyslot 4
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -25,7 +25,7 @@
   become: true
   register: create_luks_slot4
 - name: Create luks with keyslot 4 (idempotent)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -35,7 +35,7 @@
   become: true
   register: create_luks_slot4_idem
 - name: Create luks with keyslot 4 (idempotent, check)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -46,10 +46,10 @@
   become: true
   register: create_luks_slot4_idem_check
 - name: Dump luks header
-  command: "cryptsetup luksDump {{ cryptfile_device }}"
+  ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}"
   become: true
   register: luks_header_slot4
-- assert:
+- ansible.builtin.assert:
     that:
       - create_luks_slot4_check is changed
       - create_luks_slot4 is changed
@@ -58,7 +58,7 @@
       - "'Key Slot 4: ENABLED' in luks_header_slot4.stdout or '4: luks2' in luks_header_slot4.stdout"
 
 - name: Add key in slot 2 (check)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -70,7 +70,7 @@
   become: true
   register: add_luks_slot2_check
 - name: Add key in slot 2
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -81,7 +81,7 @@
   become: true
   register: add_luks_slot2
 - name: Add key in slot 2 (idempotent)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -92,7 +92,7 @@
   become: true
   register: add_luks_slot2_idem
 - name: Add key in slot 2 (idempotent, check)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -104,10 +104,10 @@
   become: true
   register: add_luks_slot2_idem_check
 - name: Dump luks header
-  command: "cryptsetup luksDump {{ cryptfile_device }}"
+  ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}"
   become: true
   register: luks_header_slot2
-- assert:
+- ansible.builtin.assert:
     that:
       - add_luks_slot2_check is changed
       - add_luks_slot2 is changed
@@ -116,27 +116,27 @@
       - "'Key Slot 2: ENABLED' in luks_header_slot2.stdout or '2: luks2' in luks_header_slot2.stdout"
 
 - name: Check remove slot 4 without key
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     remove_keyslot: 4
   ignore_errors: true
   become: true
   register: kill_slot4_nokey
 - name: Check remove slot 4 with slot 4 key
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     remove_keyslot: 4
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
   ignore_errors: true
   become: true
   register: kill_slot4_key_slot4
-- assert:
+- ansible.builtin.assert:
     that:
       - kill_slot4_nokey is failed
       - kill_slot4_key_slot4 is failed
 
 - name: Remove key in slot 4 (check)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     keyfile: "{{ remote_tmp_dir }}/keyfile2"
     remove_keyslot: 4
@@ -144,21 +144,21 @@
   become: true
   register: kill_luks_slot4_check
 - name: Remove key in slot 4
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     keyfile: "{{ remote_tmp_dir }}/keyfile2"
     remove_keyslot: 4
   become: true
   register: kill_luks_slot4
 - name: Remove key in slot 4 (idempotent)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     keyfile: "{{ remote_tmp_dir }}/keyfile2"
     remove_keyslot: 4
   become: true
   register: kill_luks_slot4_idem
 - name: Remove key in slot 4 (idempotent)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     keyfile: "{{ remote_tmp_dir }}/keyfile2"
     remove_keyslot: 4
@@ -166,10 +166,10 @@
   become: true
   register: kill_luks_slot4_idem_check
 - name: Dump luks header
-  command: "cryptsetup luksDump {{ cryptfile_device }}"
+  ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}"
   become: true
   register: luks_header_slot4_removed
-- assert:
+- ansible.builtin.assert:
     that:
       - kill_luks_slot4_check is changed
       - kill_luks_slot4 is changed
@@ -178,7 +178,7 @@
       - "'Key Slot 4: DISABLED' in luks_header_slot4_removed.stdout or not '4: luks' in luks_header_slot4_removed.stdout"
 
 - name: Add key in slot 0
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile2"
@@ -189,17 +189,17 @@
   become: true
   register: add_luks_slot0
 - name: Remove key in slot 0
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     keyfile: "{{ remote_tmp_dir }}/keyfile2"
     remove_keyslot: 0
   become: true
   register: kill_luks_slot0
 - name: Dump luks header
-  command: "cryptsetup luksDump {{ cryptfile_device }}"
+  ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}"
   become: true
   register: luks_header_slot0_removed
-- assert:
+- ansible.builtin.assert:
     that:
       - add_luks_slot0 is changed
       - kill_luks_slot0 is changed

tests/integration/targets/luks_device/tasks/tests/keyslot-duplicate.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Create new luks
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -12,7 +12,7 @@
       iteration_time: 0.1
   become: true
 - name: Add new keyslot with same keyfile (check)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     new_keyslot: 1
@@ -23,7 +23,7 @@
   check_mode: true
   register: keyslot_duplicate_check
 - name: Add new keyslot with same keyfile
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     new_keyslot: 1
@@ -32,7 +32,7 @@
   become: true
   ignore_errors: true
   register: keyslot_duplicate
-- assert:
+- ansible.builtin.assert:
     that:
       - keyslot_duplicate_check is failed
       - "'Trying to add key that is already present in another slot' in keyslot_duplicate_check.msg"

tests/integration/targets/luks_device/tasks/tests/keyslot-options.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Check invalid slot (luks1, 8)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     type: luks1
@@ -16,7 +16,7 @@
   become: true
   register: create_luks1_slot8
 - name: Check invalid slot (luks2, 32)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     type: luks2
@@ -28,7 +28,7 @@
   become: true
   register: create_luks2_slot32
 - name: Check invalid slot (no luks type, 8)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -38,14 +38,14 @@
   ignore_errors: true
   become: true
   register: create_luks_slot8
-- assert:
+- ansible.builtin.assert:
     that:
       - create_luks1_slot8 is failed
       - create_luks2_slot32 is failed
       - create_luks_slot8 is failed
 
 - name: Check valid slot (luks2, 8)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     type: luks2
@@ -57,12 +57,12 @@
   ignore_errors: true
   register: create_luks2_slot8
 - name: Make sure that the previous task only fails if LUKS2 is not supported
-  assert:
+  ansible.builtin.assert:
     that:
       - "'Unknown option --type' in create_luks2_slot8.msg"
   when: create_luks2_slot8 is failed
 - name: Check add valid slot (no luks type, 10)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -73,7 +73,7 @@
   become: true
   register: create_luks_slot10
   when: create_luks2_slot8 is changed
-- assert:
+- ansible.builtin.assert:
     that:
       - create_luks_slot10 is changed
   when: create_luks2_slot8 is changed

tests/integration/targets/luks_device/tasks/tests/options.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Create with keysize
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -15,7 +15,7 @@
   become: true
   register: create_with_keysize
 - name: Create with keysize (idempotent)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -26,7 +26,7 @@
   become: true
   register: create_idem_with_keysize
 - name: Create with different keysize (idempotent since we do not update keysize)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -37,7 +37,7 @@
   become: true
   register: create_idem_with_diff_keysize
 - name: Create with ambiguous arguments
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: present
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -49,7 +49,7 @@
   become: true
   register: create_with_ambiguous
 
-- assert:
+- ansible.builtin.assert:
     that:
       - create_with_keysize is changed
       - create_idem_with_keysize is not changed

tests/integration/targets/luks_device/tasks/tests/passphrase.yml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Create with passphrase1
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     passphrase: "{{ cryptfile_passphrase1 }}"
@@ -20,13 +20,13 @@
   register: create_passphrase_1
 
 - name: Make sure that the previous task only fails if LUKS2 is not supported
-  assert:
+  ansible.builtin.assert:
     that:
       - "'Unknown option --type' in create_passphrase_1.msg"
   when: create_passphrase_1 is failed
 
 - name: Create with passphrase1 (without argon2i)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     passphrase: "{{ cryptfile_passphrase1 }}"
@@ -36,7 +36,7 @@
   when: create_passphrase_1 is failed
 
 - name: Open with passphrase1
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     # Encode passphrase with Base64 to test passphrase_encoding
@@ -45,17 +45,17 @@
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
   become: true
 
 - name: Give access with ambiguous new_ arguments
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     passphrase: "{{ cryptfile_passphrase1 }}"
@@ -66,24 +66,24 @@
   become: true
   ignore_errors: true
   register: new_try
-- assert:
+- ansible.builtin.assert:
     that:
       - new_try is failed
 
 - name: Try to open with passphrase2
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     passphrase: "{{ cryptfile_passphrase2 }}"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is failed
 
 - name: Give access to passphrase2
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     passphrase: "{{ cryptfile_passphrase1 }}"
@@ -94,7 +94,7 @@
   register: result_1
 
 - name: Give access to passphrase2 (idempotent)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     passphrase: "{{ cryptfile_passphrase1 }}"
@@ -102,42 +102,42 @@
   become: true
   register: result_2
 
-- assert:
+- ansible.builtin.assert:
     that:
       - result_1 is changed
       - result_2 is not changed
 
 - name: Open with passphrase2
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     passphrase: "{{ cryptfile_passphrase2 }}"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
   become: true
 
 - name: Try to open with keyfile1
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is failed
 
 - name: Give access to keyfile1 from passphrase1
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     passphrase: "{{ cryptfile_passphrase1 }}"
@@ -147,7 +147,7 @@
   become: true
 
 - name: Remove access with ambiguous remove_ arguments
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     remove_keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -155,29 +155,29 @@
   become: true
   ignore_errors: true
   register: remove_try
-- assert:
+- ansible.builtin.assert:
     that:
       - remove_try is failed
 
 - name: Open with keyfile1
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
   become: true
 
 - name: Remove access for passphrase1
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     remove_passphrase: "{{ cryptfile_passphrase1 }}"
@@ -185,44 +185,44 @@
   register: result_1
 
 - name: Remove access for passphrase1 (idempotent)
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     remove_passphrase: "{{ cryptfile_passphrase1 }}"
   become: true
   register: result_2
 
-- assert:
+- ansible.builtin.assert:
     that:
       - result_1 is changed
       - result_2 is not changed
 
 - name: Try to open with passphrase1
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     passphrase: "{{ cryptfile_passphrase1 }}"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is failed
 
 - name: Try to open with passphrase3
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     passphrase: "{{ cryptfile_passphrase3 }}"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is failed
 
 - name: Give access to passphrase3 from keyfile1
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
     keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -232,18 +232,18 @@
   become: true
 
 - name: Open with passphrase3
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: opened
     passphrase: "{{ cryptfile_passphrase3 }}"
   become: true
   ignore_errors: true
   register: open_try
-- assert:
+- ansible.builtin.assert:
     that:
       - open_try is not failed
 - name: Close
-  luks_device:
+  community.crypto.luks_device:
     device: "{{ cryptfile_device }}"
     state: closed
   become: true

tests/integration/targets/luks_device/tasks/tests/performance.yml

@@ -6,7 +6,7 @@
 - name: On kernel >= 5.9 use performance flags
   block:
     - name: Create and open (check)
-      luks_device:
+      community.crypto.luks_device:
         device: "{{ cryptfile_device }}"
         state: opened
         keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -22,7 +22,7 @@
       become: true
       register: create_open_check
     - name: Create and open
-      luks_device:
+      community.crypto.luks_device:
         device: "{{ cryptfile_device }}"
         state: opened
         keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -37,7 +37,7 @@
       become: true
       register: create_open
     - name: Create and open (idempotent)
-      luks_device:
+      community.crypto.luks_device:
         device: "{{ cryptfile_device }}"
         state: opened
         keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -52,7 +52,7 @@
       become: true
       register: create_open_idem
     - name: Create and open (idempotent, check)
-      luks_device:
+      community.crypto.luks_device:
         device: "{{ cryptfile_device }}"
         state: present
         keyfile: "{{ remote_tmp_dir }}/keyfile1"
@@ -67,7 +67,7 @@
       check_mode: true
       become: true
       register: create_open_idem_check
-    - assert:
+    - ansible.builtin.assert:
         that:
           - create_open_check is changed
           - create_open is changed
@@ -75,10 +75,10 @@
           - create_open_idem_check is not changed
 
     - name: Dump LUKS Header
-      command: "cryptsetup luksDump {{ cryptfile_device }}"
+      ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}"
       become: true
       register: luks_header
-    - assert:
+    - ansible.builtin.assert:
         that:
           - "'no-read-workqueue' in luks_header.stdout"
           - "'no-write-workqueue' in luks_header.stdout"
@@ -87,10 +87,10 @@
           - "'allow-discards' in luks_header.stdout"
 
     - name: Dump device mapper table
-      command: "dmsetup table {{ create_open.name }}"
+      ansible.builtin.command: "dmsetup table {{ create_open.name }}"
       become: true
       register: dm_table
-    - assert:
+    - ansible.builtin.assert:
         that:
           - "'no_read_workqueue' in dm_table.stdout"
           - "'no_write_workqueue' in dm_table.stdout"
@@ -99,7 +99,7 @@
           - "'allow_discards' in dm_table.stdout"
 
     - name: Closed and Removed
-      luks_device:
+      community.crypto.luks_device:
         name: "{{ cryptfile_device }}"
         state: absent
       become: true

tests/integration/targets/openssh_cert/tasks/main.yml

@@ -9,39 +9,39 @@
 ####################################################################
 
 - name: Declare global variables
-  set_fact:
+  ansible.builtin.set_fact:
     signing_key: '{{ remote_tmp_dir }}/id_key'
     public_key: '{{ remote_tmp_dir }}/id_key.pub'
     certificate_path: '{{ remote_tmp_dir }}/id_cert'
 
 - name: Generate keypair
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ signing_key }}"
     type: rsa
     size: 1024
 
 - block:
     - name: Import idempotency tests
-      import_tasks: ../tests/idempotency.yml
+      ansible.builtin.import_tasks: ../tests/idempotency.yml
 
     - name: Import key_idempotency tests
-      import_tasks: ../tests/key_idempotency.yml
+      ansible.builtin.import_tasks: ../tests/key_idempotency.yml
 
     - name: Import options tests
-      import_tasks: ../tests/options_idempotency.yml
+      ansible.builtin.import_tasks: ../tests/options_idempotency.yml
 
     - name: Import regenerate tests
-      import_tasks: ../tests/regenerate.yml
+      ansible.builtin.import_tasks: ../tests/regenerate.yml
 
     - name: Import remove tests
-      import_tasks: ../tests/remove.yml
+      ansible.builtin.import_tasks: ../tests/remove.yml
   when: not (ansible_facts['distribution'] == "CentOS" and ansible_facts['distribution_major_version'] == "6")
 
 - name: Import ssh-agent tests
-  import_tasks: ../tests/ssh-agent.yml
+  ansible.builtin.import_tasks: ../tests/ssh-agent.yml
   when: openssh_version is version("7.6",">=")
 
 - name: Remove keypair
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ signing_key }}"
     state: absent

tests/integration/targets/openssh_cert/tests/idempotency.yml

@@ -8,7 +8,7 @@
 # and should not be used as examples of how to write Ansible roles #
 ####################################################################
 
-- set_fact:
+- ansible.builtin.set_fact:
     test_cases:
       - test_name: Generate cert - force option (check_mode)
         force: true
@@ -253,7 +253,7 @@
         changed: true
 
 - name: Execute idempotency tests
-  openssh_cert:
+  community.crypto.openssh_cert:
     force: "{{ test_case.force | default(omit) }}"
     identifier: "{{ test_case.identifier | default(omit) }}"
     options: "{{ test_case.options | default(omit) }}"
@@ -275,7 +275,7 @@
     loop_var: test_case
 
 - name: Assert task statuses
-  assert:
+  ansible.builtin.assert:
     that:
       - result.changed == test_cases[index].changed
   loop: "{{ idempotency_test_output.results }}"
@@ -284,6 +284,6 @@
     loop_var: result
 
 - name: Remove certificate
-  openssh_cert:
+  community.crypto.openssh_cert:
     path: "{{ certificate_path }}"
     state: absent

tests/integration/targets/openssh_cert/tests/key_idempotency.yml

@@ -8,16 +8,16 @@
 # and should not be used as examples of how to write Ansible roles #
 ####################################################################
 
-- set_fact:
+- ansible.builtin.set_fact:
     new_signing_key: "{{ remote_tmp_dir }}/new_key"
     new_public_key: "{{ remote_tmp_dir }}/new_key.pub"
 
 - name: Generate new test key
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ new_signing_key }}"
 
 - name: Generate cert with original keys
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: user
     path: "{{ certificate_path }}"
     public_key: "{{ public_key }}"
@@ -27,7 +27,7 @@
 
 - block:
     - name: Generate cert with updated signature algorithm
-      openssh_cert:
+      community.crypto.openssh_cert:
         type: user
         path: "{{ certificate_path }}"
         public_key: "{{ public_key }}"
@@ -38,12 +38,12 @@
       register: updated_signature_algorithm
 
     - name: Assert signature algorithm update causes change
-      assert:
+      ansible.builtin.assert:
         that:
           - updated_signature_algorithm is changed
 
     - name: Generate cert with updated signature algorithm (idempotent)
-      openssh_cert:
+      community.crypto.openssh_cert:
         type: user
         path: "{{ certificate_path }}"
         public_key: "{{ public_key }}"
@@ -54,13 +54,13 @@
       register: updated_signature_algorithm_idempotent
 
     - name: Assert signature algorithm update is idempotent
-      assert:
+      ansible.builtin.assert:
         that:
           - updated_signature_algorithm_idempotent is not changed
 
     - block:
         - name: Generate cert with original signature algorithm
-          openssh_cert:
+          community.crypto.openssh_cert:
             type: user
             path: "{{ certificate_path }}"
             public_key: "{{ public_key }}"
@@ -71,7 +71,7 @@
           register: second_signature_algorithm
 
         - name: Assert second signature algorithm update causes change
-          assert:
+          ansible.builtin.assert:
             that:
               - second_signature_algorithm is changed
       # RHEL9, Fedora 41 and Rocky 9 disable the SHA-1 algorithms by default, making this test fail with a 'libcrypt' error.
@@ -81,7 +81,7 @@
         - not (ansible_facts['distribution'] == "Fedora" and (ansible_facts['distribution_major_version'] | int) >= 41)
 
     - name: Omit signature algorithm
-      openssh_cert:
+      community.crypto.openssh_cert:
         type: user
         path: "{{ certificate_path }}"
         public_key: "{{ public_key }}"
@@ -91,12 +91,12 @@
       register: omitted_signature_algorithm
 
     - name: Assert omitted_signature_algorithm does not cause change
-      assert:
+      ansible.builtin.assert:
         that:
           - omitted_signature_algorithm is not changed
 
     - name: Revert to original certificate
-      openssh_cert:
+      community.crypto.openssh_cert:
         type: user
         path: "{{ certificate_path }}"
         public_key: "{{ public_key }}"
@@ -107,7 +107,7 @@
   when: openssh_version is version("7.3", ">=")
 
 - name: Generate cert with new signing key
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: user
     path: "{{ certificate_path }}"
     public_key: "{{ public_key }}"
@@ -117,7 +117,7 @@
   register: new_signing_key_output
 
 - name: Generate cert with new public key
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: user
     path: "{{ certificate_path }}"
     public_key: "{{ new_public_key }}"
@@ -127,7 +127,7 @@
   register: new_public_key_output
 
 - name: Generate cert with new signing key - full idempotency
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: user
     path: "{{ certificate_path }}"
     public_key: "{{ public_key }}"
@@ -138,7 +138,7 @@
   register: new_signing_key_full_idempotency_output
 
 - name: Generate cert with new pubic key - full idempotency
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: user
     path: "{{ certificate_path }}"
     public_key: "{{ new_public_key }}"
@@ -149,7 +149,7 @@
   register: new_public_key_full_idempotency_output
 
 - name: Assert changes to public key or signing key results in no change unless idempotency=full
-  assert:
+  ansible.builtin.assert:
     that:
       - new_signing_key_output is not changed
       - new_public_key_output is not changed
@@ -157,11 +157,11 @@
       - new_public_key_full_idempotency_output is changed
 
 - name: Remove certificate
-  openssh_cert:
+  community.crypto.openssh_cert:
     path: "{{ certificate_path }}"
     state: absent
 
 - name: Remove new keypair
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ new_signing_key }}"
     state: absent

tests/integration/targets/openssh_cert/tests/options_idempotency.yml

@@ -9,7 +9,7 @@
 ####################################################################
 
 - name: Generate cert with no options
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: user
     path: "{{ certificate_path }}"
     public_key: "{{ public_key }}"
@@ -22,7 +22,7 @@
   register: no_options
 
 - name: Generate cert with no options with explicit directives
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: user
     path: "{{ certificate_path }}"
     public_key: "{{ public_key }}"
@@ -39,7 +39,7 @@
   register: no_options_explicit_directives
 
 - name: Generate cert with explicit extension
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: user
     path: "{{ certificate_path }}"
     public_key: "{{ public_key }}"
@@ -53,7 +53,7 @@
   register: explicit_extension_before
 
 - name: Generate cert with explicit extension (idempotency)
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: user
     path: "{{ certificate_path }}"
     public_key: "{{ public_key }}"
@@ -67,7 +67,7 @@
   register: explicit_extension_after
 
 - name: Generate cert with explicit extension and corresponding directive
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: user
     path: "{{ certificate_path }}"
     public_key: "{{ public_key }}"
@@ -81,7 +81,7 @@
   register: explicit_extension_and_directive
 
 - name: Generate cert with default options
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: user
     path: "{{ certificate_path }}"
     public_key: "{{ public_key }}"
@@ -92,7 +92,7 @@
   register: default_options
 
 - name: Generate cert with relative timestamp
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: user
     path: "{{ certificate_path }}"
     public_key: "{{ public_key }}"
@@ -104,7 +104,7 @@
   register: relative_timestamp
 
 - name: Generate cert with ignore_timestamp true
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: user
     path: "{{ certificate_path }}"
     public_key: "{{ public_key }}"
@@ -117,7 +117,7 @@
   register: relative_timestamp_true
 
 - name: Generate cert with ignore_timestamp false
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: user
     path: "{{ certificate_path }}"
     public_key: "{{ public_key }}"
@@ -130,7 +130,7 @@
   register: relative_timestamp_false
 
 - name: Generate cert with ignore_timestamp true
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: user
     path: "{{ certificate_path }}"
     public_key: "{{ public_key }}"
@@ -143,7 +143,7 @@
   register: relative_timestamp_invalid_at
 
 - name: Generate host cert full_idempotence
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: host
     path: "{{ certificate_path }}"
     public_key: "{{ public_key }}"
@@ -153,7 +153,7 @@
     regenerate: full_idempotence
 
 - name: Generate host cert full_idempotence again
-  openssh_cert:
+  community.crypto.openssh_cert:
     type: host
     path: "{{ certificate_path }}"
     public_key: "{{ public_key }}"
@@ -164,7 +164,7 @@
   register: host_cert_full_idempotence
 
 - name: Assert options results
-  assert:
+  ansible.builtin.assert:
     that:
       - no_options is changed
       - no_options_explicit_directives is not changed
@@ -179,6 +179,6 @@
       - host_cert_full_idempotence is not changed
 
 - name: Remove certificate
-  openssh_cert:
+  community.crypto.openssh_cert:
     path: "{{ certificate_path }}"
     state: absent

tests/integration/targets/openssh_cert/tests/regenerate.yml

@@ -8,7 +8,7 @@
 # and should not be used as examples of how to write Ansible roles #
 ####################################################################
 
-- set_fact:
+- ansible.builtin.set_fact:
     test_cases:
       - test_name: Generate certificate
         type: user
@@ -104,7 +104,7 @@
         changed: true
 
 - name: Execute regenerate tests
-  openssh_cert:
+  community.crypto.openssh_cert:
     force: "{{ test_case.force | default(omit) }}"
     options: "{{ test_case.options | default(omit) }}"
     path: "{{ test_case.path | default(omit) }}"
@@ -126,7 +126,7 @@
     loop_var: test_case
 
 - name: Assert task statuses
-  assert:
+  ansible.builtin.assert:
     that:
       - result.changed == test_cases[index].changed
   loop: "{{ regenerate_tests_output.results }}"
@@ -135,6 +135,6 @@
     loop_var: result
 
 - name: Remove certificate
-  openssh_cert:
+  community.crypto.openssh_cert:
     path: "{{ certificate_path }}"
     state: absent

tests/integration/targets/openssh_cert/tests/remove.yml

@@ -8,7 +8,7 @@
 # and should not be used as examples of how to write Ansible roles #
 ####################################################################
 
-- set_fact:
+- ansible.builtin.set_fact:
     test_cases:
       - test_name: Generate certificate
         type: user
@@ -38,7 +38,7 @@
         changed: false
 
 - name: Execute remove tests
-  openssh_cert:
+  community.crypto.openssh_cert:
     options: "{{ test_case.options | default(omit) }}"
     path: "{{ test_case.path | default(omit) }}"
     public_key: "{{ test_case.public_key | default(omit) }}"
@@ -57,7 +57,7 @@
     loop_var: test_case
 
 - name: Assert task statuses
-  assert:
+  ansible.builtin.assert:
     that:
       - result.changed == test_cases[index].changed
   loop: "{{ remove_test_output.results }}"

tests/integration/targets/openssh_cert/tests/ssh-agent.yml

@@ -14,7 +14,7 @@
 
   block:
     - name: Generate always valid cert using agent without key in agent (should fail)
-      openssh_cert:
+      community.crypto.openssh_cert:
         type: user
         signing_key: "{{ signing_key }}"
         public_key: "{{ public_key }}"
@@ -26,16 +26,16 @@
       ignore_errors: true
 
     - name: Make sure cert creation with agent fails if key not in agent
-      assert:
+      ansible.builtin.assert:
         that:
           - rc_no_key_in_agent is failed
           - "'agent contains no identities' in rc_no_key_in_agent.msg or 'not found in agent' in rc_no_key_in_agent.msg"
 
     - name: Add key to agent
-      command: 'ssh-add {{ signing_key }}'
+      ansible.builtin.command: 'ssh-add {{ signing_key }}'
 
     - name: Generate always valid cert with agent (check mode)
-      openssh_cert:
+      community.crypto.openssh_cert:
         type: user
         signing_key: "{{ signing_key }}"
         public_key: "{{ public_key }}"
@@ -46,7 +46,7 @@
       check_mode: true
 
     - name: Generate always valid cert with agent
-      openssh_cert:
+      community.crypto.openssh_cert:
         type: user
         signing_key: "{{ signing_key }}"
         public_key: "{{ public_key }}"
@@ -56,7 +56,7 @@
         valid_to: forever
 
     - name: Generate always valid cert with agent (idempotent)
-      openssh_cert:
+      community.crypto.openssh_cert:
         type: user
         signing_key: "{{ signing_key }}"
         public_key: "{{ public_key }}"
@@ -67,13 +67,13 @@
       register: rc_cert_with_agent_idempotent
 
     - name: Check agent idempotency
-      assert:
+      ansible.builtin.assert:
         that:
           - rc_cert_with_agent_idempotent is not changed
         msg: OpenSSH certificate generation without serial number is idempotent.
 
     - name: Generate always valid cert with agent (idempotent, check mode)
-      openssh_cert:
+      community.crypto.openssh_cert:
         type: user
         signing_key: "{{ signing_key }}"
         public_key: "{{ public_key }}"
@@ -84,6 +84,6 @@
       check_mode: true
 
     - name: Remove certificate
-      openssh_cert:
+      community.crypto.openssh_cert:
         state: absent
         path: '{{ remote_tmp_dir }}/id_cert_with_agent'

tests/integration/targets/openssh_keypair/tasks/main.yml

@@ -9,42 +9,42 @@
 ####################################################################
 
 - name: Backend auto-detection test
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/auto_backend_key'
     state: "{{ item }}"
   loop: ['present', 'absent']
 
-- set_fact:
+- ansible.builtin.set_fact:
     backends: ['opensshbin']
 
-- set_fact:
+- ansible.builtin.set_fact:
     backends: "{{ backends + ['cryptography'] }}"
   when: cryptography_version.stdout is version('3.0', '>=') and bcrypt_version.stdout is version('3.1.5', '>=')
 
-- include_tasks: ../tests/core.yml
+- ansible.builtin.include_tasks: ../tests/core.yml
   loop: "{{ backends }}"
   loop_control:
     loop_var: backend
 
-- include_tasks: ../tests/invalid.yml
+- ansible.builtin.include_tasks: ../tests/invalid.yml
   loop: "{{ backends }}"
   loop_control:
     loop_var: backend
 
-- include_tasks: ../tests/options.yml
+- ansible.builtin.include_tasks: ../tests/options.yml
   loop: "{{ backends }}"
   loop_control:
     loop_var: backend
 
-- include_tasks: ../tests/regenerate.yml
+- ansible.builtin.include_tasks: ../tests/regenerate.yml
   loop: "{{ backends }}"
   loop_control:
     loop_var: backend
 
-- include_tasks: ../tests/state.yml
+- ansible.builtin.include_tasks: ../tests/state.yml
   loop: "{{ backends }}"
   loop_control:
     loop_var: backend
 
-- include_tasks: ../tests/cryptography_backend.yml
+- ansible.builtin.include_tasks: ../tests/cryptography_backend.yml
   when: cryptography_version.stdout is version('3.0', '>=') and bcrypt_version.stdout is version('3.1.5', '>=')

tests/integration/targets/openssh_keypair/tests/core.yml

@@ -9,7 +9,7 @@
 ####################################################################
 
 - name: "({{ backend }}) Generate key (check mode)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/core"
     size: 1280
     backend: "{{ backend }}"
@@ -17,14 +17,14 @@
   check_mode: true
 
 - name: "({{ backend }}) Generate key"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/core"
     size: 1280
     backend: "{{ backend }}"
   register: core_output
 
 - name: "({{ backend }}) Generate key (check mode idempotent)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/core"
     size: 1280
     backend: "{{ backend }}"
@@ -32,18 +32,18 @@
   check_mode: true
 
 - name: "({{ backend }}) Generate key (idempotent)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/core'
     size: 1280
     backend: "{{ backend }}"
   register: idempotency_core_output
 
 - name: "({{ backend }}) Log key return values"
-  debug:
+  ansible.builtin.debug:
     msg: "{{ core_output }}"
 
 - name: "({{ backend }}) Assert core behavior"
-  assert:
+  ansible.builtin.assert:
     that:
       - check_core_output is changed
       - core_output is changed
@@ -52,7 +52,7 @@
       - idempotency_core_output is not changed
 
 - name: "({{ backend }}) Assert key returns fingerprint"
-  assert:
+  ansible.builtin.assert:
     that:
       - core_output['fingerprint'] is string
       - core_output['fingerprint'].startswith('SHA256:')
@@ -60,44 +60,44 @@
   when: not (backend == 'opensshbin' and openssh_version is version('6.8', '<'))
 
 - name: "({{ backend }}) Assert key returns public_key"
-  assert:
+  ansible.builtin.assert:
     that:
       - core_output['public_key'] is string
       - core_output['public_key'].startswith('ssh-rsa ')
 
 - name: "({{ backend }}) Assert key returns size value"
-  assert:
+  ansible.builtin.assert:
     that:
       - core_output['size']|type_debug == 'int'
       - core_output['size'] == 1280
 
 - name: "({{ backend }}) Assert key returns key type"
-  assert:
+  ansible.builtin.assert:
     that:
       - core_output['type'] is string
       - core_output['type'] == 'rsa'
 
 - name: "({{ backend }}) Retrieve key size from 'ssh-keygen'"
-  shell: "ssh-keygen -lf {{ remote_tmp_dir }}/core | grep -o -E '^[0-9]+'"
+  ansible.builtin.shell: "ssh-keygen -lf {{ remote_tmp_dir }}/core | grep -o -E '^[0-9]+'"
   register: core_size_ssh_keygen
 
 - name: "({{ backend }}) Assert key size matches 'ssh-keygen' output"
-  assert:
+  ansible.builtin.assert:
     that:
       - core_size_ssh_keygen.stdout == '1280'
 
 - name: "({{ backend }}) Read core.pub"
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/core.pub'
   register: slurp
 
 - name: "({{ backend }}) Assert public key module return equal to the public key content"
-  assert:
+  ansible.builtin.assert:
     that:
       - "core_output.public_key == (slurp.content | b64decode).strip('\n ')"
 
 - name: "({{ backend }}) Remove key"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/core'
     backend: "{{ backend }}"
     state: absent

tests/integration/targets/openssh_keypair/tests/cryptography_backend.yml

@@ -4,10 +4,10 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: Generate a password protected key
-  command: 'ssh-keygen -f {{ remote_tmp_dir }}/password_protected -N {{ passphrase }}'
+  ansible.builtin.command: 'ssh-keygen -f {{ remote_tmp_dir }}/password_protected -N {{ passphrase }}'
 
 - name: Modify the password protected key with passphrase
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/password_protected'
     size: 1024
     passphrase: "{{ passphrase }}"
@@ -15,7 +15,7 @@
   register: password_protected_output
 
 - name: Check password protected key idempotency
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/password_protected'
     size: 1024
     passphrase: "{{ passphrase }}"
@@ -23,29 +23,29 @@
   register: password_protected_idempotency_output
 
 - name: Ensure that ssh-keygen can read keys generated with passphrase
-  command: 'ssh-keygen -yf {{ remote_tmp_dir }}/password_protected -P {{ passphrase }}'
+  ansible.builtin.command: 'ssh-keygen -yf {{ remote_tmp_dir }}/password_protected -P {{ passphrase }}'
   register: password_protected_ssh_keygen_output
 
 - name: Check that password protected key with passphrase was regenerated
-  assert:
+  ansible.builtin.assert:
     that:
       - password_protected_output is changed
       - password_protected_idempotency_output is not changed
       - password_protected_ssh_keygen_output is success
 
 - name: Remove password protected key
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/password_protected'
     backend: cryptography
     state: absent
 
 - name: Generate an unprotected key
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/unprotected'
     backend: cryptography
 
 - name: Modify unprotected key with passphrase
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/unprotected'
     size: 1280
     passphrase: "{{ passphrase }}"
@@ -54,7 +54,7 @@
   register: unprotected_modification_output
 
 - name: Modify unprotected key with passphrase (force)
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/unprotected'
     size: 1280
     passphrase: "{{ passphrase }}"
@@ -63,22 +63,22 @@
   register: force_unprotected_modification_output
 
 - name: Check that unprotected key was modified
-  assert:
+  ansible.builtin.assert:
     that:
       - unprotected_modification_output is failed
       - force_unprotected_modification_output is changed
 
 - name: Remove unprotected key
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/unprotected'
     backend: cryptography
     state: absent
 
 - name: Generate PEM encoded key with passphrase
-  command: 'ssh-keygen -t rsa -b 1280 -f {{ remote_tmp_dir }}/pem_encoded -N {{ passphrase }} -m PEM'
+  ansible.builtin.command: 'ssh-keygen -t rsa -b 1280 -f {{ remote_tmp_dir }}/pem_encoded -N {{ passphrase }} -m PEM'
 
 - name: Try to verify a PEM encoded key
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/pem_encoded'
     passphrase: "{{ passphrase }}"
     backend: cryptography
@@ -86,84 +86,84 @@
   register: pem_encoded_output
 
 - name: Check that PEM encoded file is read without errors
-  assert:
+  ansible.builtin.assert:
     that:
       - pem_encoded_output is not changed
 
 - name: Remove PEM encoded key
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/pem_encoded'
     backend: cryptography
     state: absent
 
 - name: Generate a private key with specified format
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/private_key_format'
     private_key_format: pkcs1
     backend: cryptography
 
 - name: Generate a private key with specified format (Idempotent)
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/private_key_format'
     private_key_format: pkcs1
     backend: cryptography
   register: private_key_format_idempotent
 
 - name: Check that private key with specified format is idempotent
-  assert:
+  ansible.builtin.assert:
     that:
       - private_key_format_idempotent is not changed
 
 - name: Change to PKCS8 format
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/private_key_format'
     private_key_format: pkcs8
     backend: cryptography
   register: private_key_format_pkcs8
 
 - name: Check that format change causes regeneration
-  assert:
+  ansible.builtin.assert:
     that:
       - private_key_format_pkcs8 is changed
 
 - name: Change to PKCS8 format (Idempotent)
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/private_key_format'
     private_key_format: pkcs8
     backend: cryptography
   register: private_key_format_pkcs8_idempotent
 
 - name: Check that private key with PKCS8 format is idempotent
-  assert:
+  ansible.builtin.assert:
     that:
       - private_key_format_pkcs8_idempotent is not changed
 
 - name: Change to SSH format
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/private_key_format'
     private_key_format: ssh
     backend: cryptography
   register: private_key_format_ssh
 
 - name: Check that format change causes regeneration
-  assert:
+  ansible.builtin.assert:
     that:
       - private_key_format_ssh is changed
 
 - name: Change to SSH format (Idempotent)
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/private_key_format'
     private_key_format: ssh
     backend: cryptography
   register: private_key_format_ssh_idempotent
 
 - name: Check that private key with SSH format is idempotent
-  assert:
+  ansible.builtin.assert:
     that:
       - private_key_format_ssh_idempotent is not changed
 
 - name: Remove private key with specified format
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/private_key_format'
     backend: cryptography
     state: absent

tests/integration/targets/openssh_keypair/tests/invalid.yml

@@ -9,7 +9,7 @@
 ####################################################################
 
 - name: "({{ backend }}) Generate key - broken"
-  copy:
+  ansible.builtin.copy:
     dest: '{{ item }}'
     content: ''
     mode: '0700'
@@ -18,91 +18,91 @@
     - "{{ remote_tmp_dir }}/broken.pub"
 
 - name: "({{ backend }}) Regenerate key - broken"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/broken"
     backend: "{{ backend }}"
   register: broken_output
   ignore_errors: true
 
 - name: "({{ backend }}) Assert broken key causes failure - broken"
-  assert:
+  ansible.builtin.assert:
     that:
       - broken_output is failed
       - "'Unable to read the key. The key is protected with a passphrase or broken.' in broken_output.msg"
 
 - name: "({{ backend }}) Regenerate key with force - broken"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/broken"
     backend: "{{ backend }}"
     force: true
   register: force_broken_output
 
 - name: "({{ backend }}) Assert broken key regenerated when 'force=true' - broken"
-  assert:
+  ansible.builtin.assert:
     that:
       - force_broken_output is changed
 
 - name: "({{ backend }}) Remove key - broken"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/broken"
     backend: "{{ backend }}"
     state: absent
 
 - name: "({{ backend }}) Generate key - write-only"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/write-only"
     mode: "0200"
     backend: "{{ backend }}"
 
 - name: "({{ backend }}) Check private key status - write-only"
-  stat:
+  ansible.builtin.stat:
     path: '{{ remote_tmp_dir }}/write-only'
   register: write_only_private_key
 
 - name: "({{ backend }}) Check public key status - write-only"
-  stat:
+  ansible.builtin.stat:
     path: '{{ remote_tmp_dir }}/write-only.pub'
   register: write_only_public_key
 
 - name: "({{ backend }}) Assert that private and public keys match permissions - write-only"
-  assert:
+  ansible.builtin.assert:
     that:
       - write_only_private_key.stat.mode == '0200'
       - write_only_public_key.stat.mode == '0200'
 
 - name: "({{ backend }}) Regenerate key with force - write-only"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/write-only"
     backend: "{{ backend }}"
     force: true
   register: write_only_output
 
 - name: "({{ backend }}) Check private key status after regeneration - write-only"
-  stat:
+  ansible.builtin.stat:
     path: '{{ remote_tmp_dir }}/write-only'
   register: write_only_private_key_after
 
 - name: "({{ backend }}) Assert key is regenerated - write-only"
-  assert:
+  ansible.builtin.assert:
     that:
       - write_only_output is changed
 
 - name: "({{ backend }}) Assert key permissions are preserved with 'opensshbin'"
-  assert:
+  ansible.builtin.assert:
     that:
       - write_only_private_key_after.stat.mode == '0200'
 
 - name: "({{ backend }}) Remove key - write-only"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/write-only"
     backend: "{{ backend }}"
     state: absent
 
 - name: "({{ backend }}) Generate key with ssh-keygen - password_protected"
-  command: "ssh-keygen -f {{ remote_tmp_dir }}/password_protected -N {{ passphrase }}"
+  ansible.builtin.command: "ssh-keygen -f {{ remote_tmp_dir }}/password_protected -N {{ passphrase }}"
 
 - name: "({{ backend }}) Modify key - password_protected"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/password_protected"
     size: 1280
     backend: "{{ backend }}"
@@ -110,13 +110,13 @@
   ignore_errors: true
 
 - name: "({{ backend }}) Assert key cannot be read - password_protected"
-  assert:
+  ansible.builtin.assert:
     that:
       - password_protected_output is failed
       - "'Unable to read the key. The key is protected with a passphrase or broken.' in password_protected_output.msg"
 
 - name: "({{ backend }}) Modify key with 'force=true' - password_protected"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/password_protected"
     size: 1280
     backend: "{{ backend }}"
@@ -124,12 +124,12 @@
   register: force_password_protected_output
 
 - name: "({{ backend }}) Assert key regenerated with 'force=true' - password_protected"
-  assert:
+  ansible.builtin.assert:
     that:
       - force_password_protected_output is changed
 
 - name: "({{ backend }}) Remove key - password_protected"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/password_protected"
     backend: "{{ backend }}"
     state: absent

tests/integration/targets/openssh_keypair/tests/options.yml

@@ -8,7 +8,7 @@
 # and should not be used as examples of how to write Ansible roles #
 ####################################################################
 
-- set_fact:
+- ansible.builtin.set_fact:
     key_types: "{{ key_types_src | reject('equalto', '') | list }}"
   vars:
     key_types_src:
@@ -17,61 +17,61 @@
       - ecdsa
 
 - name: "({{ backend }}) Generate keys with default size - size"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/default_size_{{ item }}"
     type: "{{ item }}"
     backend: "{{ backend }}"
   loop: "{{ key_types }}"
 
 - name: "({{ backend }}) Retrieve key size from 'ssh-keygen' - size"
-  shell: "ssh-keygen -lf {{ remote_tmp_dir }}/default_size_{{ item }} | grep -o -E '^[0-9]+'"
+  ansible.builtin.shell: "ssh-keygen -lf {{ remote_tmp_dir }}/default_size_{{ item }} | grep -o -E '^[0-9]+'"
   loop: "{{ key_types }}"
   register: key_size_output
 
 - name: "({{ backend }}) Assert key sizes match default size - size"
-  assert:
+  ansible.builtin.assert:
     that:
       - (key_size_output.results | selectattr('item', 'equalto', 'rsa') | first).stdout == '4096'
       - not openssh_supports_dsa or (key_size_output.results | selectattr('item', 'equalto', 'dsa') | first).stdout == '1024'
       - (key_size_output.results | selectattr('item', 'equalto', 'ecdsa') | first).stdout == '256'
 
 - name: "({{ backend }}) Remove keys - size"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/default_size_{{ item }}"
     state: absent
   loop: "{{ key_types }}"
 
 - block:
     - name: "({{ backend }}) Generate ed25519 key with default size - size"
-      openssh_keypair:
+      community.crypto.openssh_keypair:
         path: "{{ remote_tmp_dir }}/default_size_ed25519"
         type: ed25519
         backend: "{{ backend }}"
 
     - name: "({{ backend }}) Retrieve ed25519 key size from 'ssh-keygen' - size"
-      shell: "ssh-keygen -lf {{ remote_tmp_dir }}/default_size_ed25519 | grep -o -E '^[0-9]+'"
+      ansible.builtin.shell: "ssh-keygen -lf {{ remote_tmp_dir }}/default_size_ed25519 | grep -o -E '^[0-9]+'"
       register: ed25519_key_size_output
 
     - name: "({{ backend }}) Assert ed25519 key size matches default size - size"
-      assert:
+      ansible.builtin.assert:
         that:
           - ed25519_key_size_output.stdout == '256'
 
     - name: "({{ backend }}) Remove ed25519 key - size"
-      openssh_keypair:
+      community.crypto.openssh_keypair:
         path: "{{ remote_tmp_dir }}/default_size_ed25519"
         state: absent
   # Support for ed25519 keys was added in OpenSSH 6.5
   when: not (backend == 'opensshbin' and openssh_version is version('6.5', '<'))
 
 - name: "({{ backend }}) Generate key - force"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/force"
     type: rsa
     backend: "{{ backend }}"
 
 - name: "({{ backend }}) Regenerate key - force"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/force"
     type: rsa
     force: true
@@ -79,25 +79,25 @@
   register: force_output
 
 - name: "({{ backend }}) Assert key regenerated - force"
-  assert:
+  ansible.builtin.assert:
     that:
       - force_output is changed
 
 - name: "({{ backend }}) Remove key - force"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/force"
     state: absent
     backend: "{{ backend }}"
 
 - name: "({{ backend }}) Generate key - comment"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/comment"
     comment: "test@comment"
     backend: "{{ backend }}"
   register: comment_output
 
 - name: "({{ backend }}) Modify comment - comment"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/comment"
     comment: "test_modified@comment"
     backend: "{{ backend }}"
@@ -106,13 +106,13 @@
 
 - name: "({{ backend }}) Assert comment preserved public key - comment"
   when: modified_comment_output is succeeded
-  assert:
+  ansible.builtin.assert:
     that:
       - comment_output.public_key == modified_comment_output.public_key
       - comment_output.comment == 'test@comment'
 
 - name: "({{ backend }}) Assert comment changed - comment"
-  assert:
+  ansible.builtin.assert:
     that:
       - modified_comment_output.comment == 'test_modified@comment'
       - modified_comment_output is succeeded
@@ -120,14 +120,14 @@
   when: not (backend == 'opensshbin' and openssh_version is version('7.2', '<'))
 
 - name: "({{ backend }}) Assert comment not changed - comment"
-  assert:
+  ansible.builtin.assert:
     that:
       - modified_comment_output is failed
   # Support for updating comments for key types other than rsa1 was added in OpenSSH 7.2
   when: backend == 'opensshbin' and openssh_version is version('7.2', '<')
 
 - name: "({{ backend }}) Remove key - comment"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: "{{ remote_tmp_dir }}/comment"
     state: absent
     backend: "{{ backend }}"

tests/integration/targets/openssh_keypair/tests/regenerate.yml

@@ -23,7 +23,7 @@
   loop: "{{ old_test_artifacts.files }}"
 
 - name: "({{ backend }}) Regenerate - setup simple keys"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
     type: rsa
     size: 1024
@@ -31,11 +31,11 @@
     regenerate: "{{ item }}"
   loop: "{{ regenerate_values }}"
 - name: "({{ backend }}) Regenerate - setup password protected keys"
-  command: 'ssh-keygen -f {{ remote_tmp_dir }}/regenerate-b-{{ item }} -N {{ passphrase }}'
+  ansible.builtin.command: 'ssh-keygen -f {{ remote_tmp_dir }}/regenerate-b-{{ item }} -N {{ passphrase }}'
   loop: "{{ regenerate_values }}"
 
 - name: "({{ backend }}) Regenerate - setup broken keys"
-  copy:
+  ansible.builtin.copy:
     dest: '{{ remote_tmp_dir }}/regenerate-c-{{ item.0 }}{{ item.1 }}'
     content: 'broken key'
     mode: '0700'
@@ -44,11 +44,11 @@
     - ['', '.pub']
 
 - name: "({{ backend }}) Regenerate - setup password protected keys for passphrse test"
-  command: 'ssh-keygen -f {{ remote_tmp_dir }}/regenerate-d-{{ item }} -N {{ passphrase }}'
+  ansible.builtin.command: 'ssh-keygen -f {{ remote_tmp_dir }}/regenerate-d-{{ item }} -N {{ passphrase }}'
   loop: "{{ regenerate_values }}"
 
 - name: "({{ backend }}) Regenerate - modify broken keys (check mode)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/regenerate-c-{{ item }}'
     type: rsa
     size: 1024
@@ -58,7 +58,7 @@
   loop: "{{ regenerate_values }}"
   ignore_errors: true
   register: result
-- assert:
+- ansible.builtin.assert:
     that:
       - result.results[0] is failed
       - "'Unable to read the key. The key is protected with a passphrase or broken. Will not proceed.' in result.results[0].msg"
@@ -70,7 +70,7 @@
       - result.results[4] is changed
 
 - name: "({{ backend }}) Regenerate - modify broken keys"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/regenerate-c-{{ item }}'
     type: rsa
     size: 1024
@@ -79,7 +79,7 @@
   loop: "{{ regenerate_values }}"
   ignore_errors: true
   register: result
-- assert:
+- ansible.builtin.assert:
     that:
       - result.results[0] is failed
       - "'Unable to read the key. The key is protected with a passphrase or broken. Will not proceed.' in result.results[0].msg"
@@ -91,7 +91,7 @@
       - result.results[4] is changed
 
 - name: "({{ backend }}) Regenerate - modify password protected keys (check mode)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}'
     type: rsa
     size: 1024
@@ -101,7 +101,7 @@
   loop: "{{ regenerate_values }}"
   ignore_errors: true
   register: result
-- assert:
+- ansible.builtin.assert:
     that:
       - result.results[0] is failed
       - "'Unable to read the key. The key is protected with a passphrase or broken. Will not proceed.' in result.results[0].msg"
@@ -113,7 +113,7 @@
       - result.results[4] is changed
 
 - name: "({{ backend }}) Regenerate - modify password protected keys with passphrase (check mode)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}'
     type: rsa
     size: 1024
@@ -126,7 +126,7 @@
   register: result
   when: backend == 'cryptography'
 
-- assert:
+- ansible.builtin.assert:
     that:
       - result.results[0] is success
       - result.results[1] is failed
@@ -137,7 +137,7 @@
   when: backend == 'cryptography'
 
 - name: "({{ backend }}) Regenerate - modify password protected keys"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}'
     type: rsa
     size: 1024
@@ -146,7 +146,7 @@
   loop: "{{ regenerate_values }}"
   ignore_errors: true
   register: result
-- assert:
+- ansible.builtin.assert:
     that:
       - result.results[0] is failed
       - "'Unable to read the key. The key is protected with a passphrase or broken. Will not proceed.' in result.results[0].msg"
@@ -158,7 +158,7 @@
       - result.results[4] is changed
 
 - name: "({{ backend }}) Regenerate - modify password protected keys with passphrase"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/regenerate-d-{{ item }}'
     type: rsa
     size: 1024
@@ -170,7 +170,7 @@
   register: result
   when: backend == 'cryptography'
 
-- assert:
+- ansible.builtin.assert:
     that:
       - result.results[0] is success
       - result.results[1] is failed
@@ -181,7 +181,7 @@
   when: backend == 'cryptography'
 
 - name: "({{ backend }}) Regenerate - not modify regular keys (check mode)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
     type: rsa
     size: 1024
@@ -190,7 +190,7 @@
   check_mode: true
   loop: "{{ regenerate_values }}"
   register: result
-- assert:
+- ansible.builtin.assert:
     that:
       - result.results[0] is not changed
       - result.results[1] is not changed
@@ -199,7 +199,7 @@
       - result.results[4] is changed
 
 - name: "({{ backend }}) Regenerate - not modify regular keys"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
     type: rsa
     size: 1024
@@ -207,7 +207,7 @@
     backend: "{{ backend }}"
   loop: "{{ regenerate_values }}"
   register: result
-- assert:
+- ansible.builtin.assert:
     that:
       - result.results[0] is not changed
       - result.results[1] is not changed
@@ -216,7 +216,7 @@
       - result.results[4] is changed
 
 - name: "({{ backend }}) Regenerate - adjust key size (check mode)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
     type: rsa
     size: 1048
@@ -226,7 +226,7 @@
   loop: "{{ regenerate_values }}"
   ignore_errors: true
   register: result
-- assert:
+- ansible.builtin.assert:
     that:
       - result.results[0] is success and result.results[0] is not changed
       - result.results[1] is failed
@@ -236,7 +236,7 @@
       - result.results[4] is changed
 
 - name: "({{ backend }}) Regenerate - adjust key size"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
     type: rsa
     size: 1048
@@ -245,7 +245,7 @@
   loop: "{{ regenerate_values }}"
   ignore_errors: true
   register: result
-- assert:
+- ansible.builtin.assert:
     that:
       - result.results[0] is success and result.results[0] is not changed
       - result.results[1] is failed
@@ -255,7 +255,7 @@
       - result.results[4] is changed
 
 - name: "({{ backend }}) Regenerate - redistribute keys"
-  copy:
+  ansible.builtin.copy:
     src: '{{ remote_tmp_dir }}/regenerate-a-always{{ item.1 }}'
     dest: '{{ remote_tmp_dir }}/regenerate-a-{{ item.0 }}{{ item.1 }}'
     remote_src: true
@@ -270,7 +270,7 @@
 
   block:
     - name: "({{ backend }}) Regenerate - adjust key type (check mode)"
-      openssh_keypair:
+      community.crypto.openssh_keypair:
         path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
         type: '{{ ssh_type }}'
         size: '{{ ssh_size }}'
@@ -280,7 +280,7 @@
       loop: "{{ regenerate_values }}"
       ignore_errors: true
       register: result
-    - assert:
+    - ansible.builtin.assert:
         that:
           - result.results[0] is success and result.results[0] is not changed
           - result.results[1] is failed
@@ -290,7 +290,7 @@
           - result.results[4] is changed
 
     - name: "({{ backend }}) Regenerate - adjust key type"
-      openssh_keypair:
+      community.crypto.openssh_keypair:
         path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
         type: '{{ ssh_type }}'
         size: '{{ ssh_size }}'
@@ -299,7 +299,7 @@
       loop: "{{ regenerate_values }}"
       ignore_errors: true
       register: result
-    - assert:
+    - ansible.builtin.assert:
         that:
           - result.results[0] is success and result.results[0] is not changed
           - result.results[1] is failed
@@ -309,7 +309,7 @@
           - result.results[4] is changed
 
     - name: "({{ backend }}) Regenerate - redistribute keys"
-      copy:
+      ansible.builtin.copy:
         src: '{{ remote_tmp_dir }}/regenerate-a-always{{ item.1 }}'
         dest: '{{ remote_tmp_dir }}/regenerate-a-{{ item.0 }}{{ item.1 }}'
         remote_src: true
@@ -319,7 +319,7 @@
       when: "item.0 != 'always'"
 
     - name: "({{ backend }}) Regenerate - adjust comment (check mode)"
-      openssh_keypair:
+      community.crypto.openssh_keypair:
         path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
         type: '{{ ssh_type }}'
         size: '{{ ssh_size }}'
@@ -330,7 +330,7 @@
       loop: "{{ regenerate_values }}"
       ignore_errors: true
       register: result
-    - assert:
+    - ansible.builtin.assert:
         that:
           - result is changed
 
@@ -338,7 +338,7 @@
     - when: not (backend == 'opensshbin' and openssh_version is version('7.2', '<'))
       block:
         - name: "({{ backend }}) Regenerate - adjust comment"
-          openssh_keypair:
+          community.crypto.openssh_keypair:
             path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}'
             type: '{{ ssh_type }}'
             size: '{{ ssh_size }}'
@@ -347,7 +347,7 @@
             backend: "{{ backend }}"
           loop: "{{ regenerate_values }}"
           register: result
-        - assert:
+        - ansible.builtin.assert:
             that:
               - result is changed
               # for all values but 'always', the key should not be regenerated.

tests/integration/targets/openssh_keypair/tests/state.yml

@@ -9,41 +9,41 @@
 ####################################################################
 
 - name: "({{ backend }}) Generate key"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/removed'
     backend: "{{ backend }}"
     state: present
 
 - name: "({{ backend }}) Generate key (idempotency)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     path: '{{ remote_tmp_dir }}/removed'
     backend: "{{ backend }}"
     state: present
 
 - name: "({{ backend }}) Remove key"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     state: absent
     path: '{{ remote_tmp_dir }}/removed'
     backend: "{{ backend }}"
 
 - name: "({{ backend }}) Remove key (idempotency)"
-  openssh_keypair:
+  community.crypto.openssh_keypair:
     state: absent
     path: '{{ remote_tmp_dir }}/removed'
     backend: "{{ backend }}"
 
 - name: "({{ backend }}) Check private key status"
-  stat:
+  ansible.builtin.stat:
     path: '{{ remote_tmp_dir }}/removed'
   register: removed_private_key
 
 - name: "({{ backend }}) Check public key status"
-  stat:
+  ansible.builtin.stat:
     path: '{{ remote_tmp_dir }}/removed.pub'
   register: removed_public_key
 
 - name: "({{ backend }}) Assert key pair files are removed"
-  assert:
+  ansible.builtin.assert:
     that:
       - not removed_private_key.stat.exists
       - not removed_public_key.stat.exists

tests/integration/targets/openssl_csr/tasks/impl.yml

@@ -4,17 +4,17 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: "({{ select_crypto_backend }}) Generate privatekey"
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey.pem'
     size: '{{ default_rsa_key_size }}'
 
 - name: "({{ select_crypto_backend }}) Read privatekey"
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/privatekey.pem'
   register: privatekey
 
 - name: "({{ select_crypto_backend }}) Generate CSR (check mode)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -25,7 +25,7 @@
   register: generate_csr_check
 
 - name: "({{ select_crypto_backend }}) Generate CSR"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -35,7 +35,7 @@
   register: generate_csr
 
 - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr.csr'
     privatekey_content: '{{ privatekey.content | b64decode }}'
     subject_ordered:
@@ -45,7 +45,7 @@
   register: generate_csr_idempotent
 
 - name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -56,7 +56,7 @@
   register: generate_csr_idempotent_check
 
 - name: "({{ select_crypto_backend }}) Generate CSR without SAN (check mode)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr-nosan.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -67,7 +67,7 @@
   register: generate_csr_nosan_check
 
 - name: "({{ select_crypto_backend }}) Generate CSR without SAN"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr-nosan.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -77,7 +77,7 @@
   register: generate_csr_nosan
 
 - name: "({{ select_crypto_backend }}) Generate CSR without SAN (idempotent)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr-nosan.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -87,7 +87,7 @@
   register: generate_csr_nosan_check_idempotent
 
 - name: "({{ select_crypto_backend }}) Generate CSR without SAN (idempotent, check mode)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr-nosan.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -102,7 +102,7 @@
 # but the short name is used to test idempotency for ipsecuser
 # and vice-versa for biometricInfo
 - name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_ku_xku.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -118,7 +118,7 @@
     select_crypto_backend: '{{ select_crypto_backend }}'
 
 - name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test idempotency)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_ku_xku.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -135,7 +135,7 @@
   register: csr_ku_xku
 
 - name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test XKU change)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_ku_xku.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -151,7 +151,7 @@
   register: csr_ku_xku_change
 
 - name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test KU change)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_ku_xku.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -166,14 +166,14 @@
   register: csr_ku_xku_change_2
 
 - name: "({{ select_crypto_backend }}) Generate CSR with old API"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_oldapi.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     commonName: www.ansible.com
     select_crypto_backend: '{{ select_crypto_backend }}'
 
 - name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (1/2)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csrinvsan.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject_alt_name: invalid-san.example.com
@@ -182,7 +182,7 @@
   ignore_errors: true
 
 - name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (2/2)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csrinvsan2.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject_alt_name: "DNS:system:kube-controller-manager"
@@ -191,7 +191,7 @@
   ignore_errors: true
 
 - name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_ocsp.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject_alt_name: "DNS:www.ansible.com"
@@ -199,7 +199,7 @@
     select_crypto_backend: '{{ select_crypto_backend }}'
 
 - name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple (test idempotency)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_ocsp.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject_alt_name: "DNS:www.ansible.com"
@@ -208,13 +208,13 @@
   register: csr_ocsp_idempotency
 
 - name: "({{ select_crypto_backend }}) Generate ECC privatekey"
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey2.pem'
     type: ECC
     curve: secp384r1
 
 - name: "({{ select_crypto_backend }}) Generate CSR with ECC privatekey"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr2.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
     subject:
@@ -222,7 +222,7 @@
     select_crypto_backend: '{{ select_crypto_backend }}'
 
 - name: "({{ select_crypto_backend }}) Generate CSR with text common name"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr3.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
     subject:
@@ -231,7 +231,7 @@
     select_crypto_backend: '{{ select_crypto_backend }}'
 
 - name: "({{ select_crypto_backend }}) Generate CSR with country name"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr4.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
     country_name: de
@@ -239,7 +239,7 @@
   register: country_idempotent_1
 
 - name: "({{ select_crypto_backend }}) Generate CSR with country name (idempotent)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr4.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
     country_name: de
@@ -247,7 +247,7 @@
   register: country_idempotent_2
 
 - name: "({{ select_crypto_backend }}) Generate CSR with country name (idempotent 2)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr4.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
     subject:
@@ -256,7 +256,7 @@
   register: country_idempotent_3
 
 - name: "({{ select_crypto_backend }}) Generate CSR with country name (bad country name)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr4.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
     subject:
@@ -266,19 +266,19 @@
   ignore_errors: true
 
 - name: "({{ select_crypto_backend }}) Generate privatekey with password"
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
     select_crypto_backend: cryptography
     size: '{{ default_rsa_key_size }}'
 
 - name: "({{ select_crypto_backend }}) Read privatekey"
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/privatekeypw.pem'
   register: privatekeypw
 
 - name: "({{ select_crypto_backend }}) Generate CSR with privatekey passphrase"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_pw.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     privatekey_passphrase: hunter2
@@ -286,7 +286,7 @@
   register: passphrase_1
 
 - name: "({{ select_crypto_backend }}) Generate CSR with privatekey passphrase and private key content"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_pw.csr'
     privatekey_content: '{{ privatekeypw.content | b64decode }}'
     privatekey_passphrase: hunter2
@@ -294,7 +294,7 @@
   register: passphrase_1_content
 
 - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 1)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_pw1.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     privatekey_passphrase: hunter2
@@ -303,7 +303,7 @@
   register: passphrase_error_1
 
 - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 2)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_pw2.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     privatekey_passphrase: wrong_password
@@ -312,7 +312,7 @@
   register: passphrase_error_2
 
 - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 3)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_pw3.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     select_crypto_backend: '{{ select_crypto_backend }}'
@@ -320,11 +320,11 @@
   register: passphrase_error_3
 
 - name: "({{ select_crypto_backend }}) Create broken CSR"
-  copy:
+  ansible.builtin.copy:
     dest: "{{ remote_tmp_dir }}/csrbroken.csr"
     content: "broken"
 - name: "({{ select_crypto_backend }}) Regenerate broken CSR"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csrbroken.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
     subject:
@@ -334,7 +334,7 @@
   register: output_broken
 
 - name: "({{ select_crypto_backend }}) Generate CSR"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_backup.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -343,7 +343,7 @@
     select_crypto_backend: '{{ select_crypto_backend }}'
   register: csr_backup_1
 - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_backup.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -352,7 +352,7 @@
     select_crypto_backend: '{{ select_crypto_backend }}'
   register: csr_backup_2
 - name: "({{ select_crypto_backend }}) Generate CSR (change)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_backup.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -361,7 +361,7 @@
     select_crypto_backend: '{{ select_crypto_backend }}'
   register: csr_backup_3
 - name: "({{ select_crypto_backend }}) Generate CSR (remove)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_backup.csr'
     state: absent
     backup: true
@@ -369,7 +369,7 @@
     return_content: true
   register: csr_backup_4
 - name: "({{ select_crypto_backend }}) Generate CSR (remove, idempotent)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_backup.csr'
     state: absent
     backup: true
@@ -377,7 +377,7 @@
   register: csr_backup_5
 
 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_ski.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -387,7 +387,7 @@
   register: subject_key_identifier_1
 
 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (idempotency)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_ski.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -397,7 +397,7 @@
   register: subject_key_identifier_2
 
 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (change)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_ski.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -407,7 +407,7 @@
   register: subject_key_identifier_3
 
 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (auto-create)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_ski.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -417,7 +417,7 @@
   register: subject_key_identifier_4
 
 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (auto-create idempotency)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_ski.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -427,7 +427,7 @@
   register: subject_key_identifier_5
 
 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (remove)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_ski.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -436,7 +436,7 @@
   register: subject_key_identifier_6
 
 - name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_aki.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -446,7 +446,7 @@
   register: authority_key_identifier_1
 
 - name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (idempotency)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_aki.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -456,7 +456,7 @@
   register: authority_key_identifier_2
 
 - name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (change)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_aki.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -466,7 +466,7 @@
   register: authority_key_identifier_3
 
 - name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (remove)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_aki.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -475,7 +475,7 @@
   register: authority_key_identifier_4
 
 - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_acisn.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -488,7 +488,7 @@
   register: authority_cert_issuer_sn_1
 
 - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (idempotency)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_acisn.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -501,7 +501,7 @@
   register: authority_cert_issuer_sn_2
 
 - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (change issuer)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_acisn.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -514,7 +514,7 @@
   register: authority_cert_issuer_sn_3
 
 - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (change serial number)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_acisn.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -527,7 +527,7 @@
   register: authority_cert_issuer_sn_4
 
 - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (remove)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_acisn.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -535,7 +535,7 @@
   register: authority_cert_issuer_sn_5
 
 - name: "({{ select_crypto_backend }}) Generate CSR with everything"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_everything.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject_ordered:
@@ -620,7 +620,7 @@
   register: everything_1
 
 - name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent, check mode)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_everything.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject_ordered:
@@ -706,7 +706,7 @@
   register: everything_2
 
 - name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_everything.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -792,7 +792,7 @@
   register: everything_3
 
 - name: "({{ select_crypto_backend }}) Generate CSR with everything (not idempotent, check mode)"
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_everything.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject_ordered:
@@ -887,7 +887,7 @@
 - name: "({{ select_crypto_backend }}) Ed25519 and Ed448 tests (for cryptography >= 2.6)"
   block:
     - name: "({{ select_crypto_backend }}) Generate privatekeys"
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
         path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem'
         type: '{{ item }}'
       loop:
@@ -901,7 +901,7 @@
       block:
 
         - name: "({{ select_crypto_backend }}) Generate CSR"
-          openssl_csr:
+          community.crypto.openssl_csr:
             path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr'
             privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem'
             subject:
@@ -914,7 +914,7 @@
           ignore_errors: true
 
         - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
-          openssl_csr:
+          community.crypto.openssl_csr:
             path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr'
             privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem'
             subject:
@@ -931,7 +931,7 @@
 - name: "({{ select_crypto_backend }}) CRL distribution endpoints (for cryptography >= 1.6)"
   block:
     - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints"
-      openssl_csr:
+      community.crypto.openssl_csr:
         path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr'
         privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
         subject:
@@ -953,7 +953,7 @@
       register: crl_distribution_endpoints_1
 
     - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints (idempotence)"
-      openssl_csr:
+      community.crypto.openssl_csr:
         path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr'
         privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
         subject:
@@ -975,7 +975,7 @@
       register: crl_distribution_endpoints_2
 
     - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints (change)"
-      openssl_csr:
+      community.crypto.openssl_csr:
         path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr'
         privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
         subject:
@@ -995,7 +995,7 @@
       register: crl_distribution_endpoints_3
 
     - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints (no endpoints)"
-      openssl_csr:
+      community.crypto.openssl_csr:
         path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr'
         privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
         subject:
@@ -1004,7 +1004,7 @@
       register: crl_distribution_endpoints_4
 
     - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints"
-      openssl_csr:
+      community.crypto.openssl_csr:
         path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr'
         privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
         subject:

tests/integration/targets/openssl_csr/tasks/main.yml

@@ -10,22 +10,22 @@
 
 - block:
     - name: Prepare private key for backend autodetection test
-      openssl_privatekey:
+      community.crypto.openssl_privatekey:
         path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem'
         size: '{{ default_rsa_key_size }}'
     - name: Run module with backend autodetection
-      openssl_csr:
+      community.crypto.openssl_csr:
         path: '{{ remote_tmp_dir }}/csr_backend_selection.csr'
         privatekey_path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem'
         subject:
           commonName: www.ansible.com
 
     - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
       vars:
         select_crypto_backend: cryptography
 
-    - import_tasks: ../tests/validate.yml
+    - ansible.builtin.import_tasks: ../tests/validate.yml
       vars:
         select_crypto_backend: cryptography
 

tests/integration/targets/openssl_csr/tests/validate.yml

@@ -4,25 +4,25 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)"
-  shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem'
+  ansible.builtin.shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem'
   register: privatekey_modulus
 
 - name: "({{ select_crypto_backend }}) Validate CSR (test - Common Name)"
-  shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr.csr -nameopt oneline,-space_eq"
+  ansible.builtin.shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr.csr -nameopt oneline,-space_eq"
   register: csr_cn
 
 - name: "({{ select_crypto_backend }}) Validate CSR (test - csr modulus)"
-  shell: '{{ openssl_binary }} req -noout -modulus -in {{ remote_tmp_dir }}/csr.csr'
+  ansible.builtin.shell: '{{ openssl_binary }} req -noout -modulus -in {{ remote_tmp_dir }}/csr.csr'
   register: csr_modulus
 
 - name: "({{ select_crypto_backend }}) Validate CSR (assert)"
-  assert:
+  ansible.builtin.assert:
     that:
       - csr_cn.stdout.split('=')[-1] == 'www.ansible.com'
       - csr_modulus.stdout == privatekey_modulus.stdout
 
 - name: "({{ select_crypto_backend }}) Validate CSR (check mode, idempotency)"
-  assert:
+  ansible.builtin.assert:
     that:
       - generate_csr_check is changed
       - generate_csr is changed
@@ -30,12 +30,12 @@
       - generate_csr_idempotent_check is not changed
 
 - name: "({{ select_crypto_backend }}) Read CSR"
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/csr.csr'
   register: slurp
 
 - name: "({{ select_crypto_backend }}) Validate CSR (data retrieval)"
-  assert:
+  ansible.builtin.assert:
     that:
       - generate_csr_check.csr is none
       - generate_csr.csr == (slurp.content | b64decode)
@@ -43,7 +43,7 @@
       - generate_csr.csr == generate_csr_idempotent_check.csr
 
 - name: "({{ select_crypto_backend }}) Validate CSR without SAN (check mode, idempotency)"
-  assert:
+  ansible.builtin.assert:
     that:
       - generate_csr_nosan_check is changed
       - generate_csr_nosan is changed
@@ -51,28 +51,28 @@
       - generate_csr_nosan_check_idempotent_check is not changed
 
 - name: "({{ select_crypto_backend }}) Validate CSR_KU_XKU (assert idempotency, change)"
-  assert:
+  ansible.builtin.assert:
     that:
       - csr_ku_xku is not changed
       - csr_ku_xku_change is changed
       - csr_ku_xku_change_2 is changed
 
 - name: "({{ select_crypto_backend }}) Validate old_API CSR (test - Common Name)"
-  shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr_oldapi.csr -nameopt oneline,-space_eq"
+  ansible.builtin.shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr_oldapi.csr -nameopt oneline,-space_eq"
   register: csr_oldapi_cn
 
 - name: "({{ select_crypto_backend }}) Validate old_API CSR (test - csr modulus)"
-  shell: '{{ openssl_binary }} req -noout -modulus -in {{ remote_tmp_dir }}/csr_oldapi.csr'
+  ansible.builtin.shell: '{{ openssl_binary }} req -noout -modulus -in {{ remote_tmp_dir }}/csr_oldapi.csr'
   register: csr_oldapi_modulus
 
 - name: "({{ select_crypto_backend }}) Validate old_API CSR (assert)"
-  assert:
+  ansible.builtin.assert:
     that:
       - csr_oldapi_cn.stdout.split('=')[-1] == 'www.ansible.com'
       - csr_oldapi_modulus.stdout == privatekey_modulus.stdout
 
 - name: "({{ select_crypto_backend }}) Validate invalid SAN (1/2)"
-  assert:
+  ansible.builtin.assert:
     that:
       - generate_csr_invalid_san is failed
       - "'Subject Alternative Name' in generate_csr_invalid_san.msg"
@@ -87,49 +87,49 @@
   when: cryptography_version.stdout is version('2.0', '<')
 
 - name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (test - everything)"
-  shell: "{{ openssl_binary }} req -noout -in {{ remote_tmp_dir }}/csr_ocsp.csr -text"
+  ansible.builtin.shell: "{{ openssl_binary }} req -noout -in {{ remote_tmp_dir }}/csr_ocsp.csr -text"
   register: csr_ocsp
 
 - name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (assert)"
-  assert:
+  ansible.builtin.assert:
     that:
       - "(csr_ocsp.stdout is search('\\s+TLS Feature:\\s*\\n\\s+status_request\\s+')) or
          (csr_ocsp.stdout is search('\\s+1.3.6.1.5.5.7.1.24:\\s*\\n\\s+0\\.\\.\\.\\.\\s+'))"
 
 - name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (assert idempotency)"
-  assert:
+  ansible.builtin.assert:
     that:
       - csr_ocsp_idempotency is not changed
 
 - name: "({{ select_crypto_backend }}) Validate ECC CSR (test - privatekey's public key)"
-  shell: '{{ openssl_binary }} ec -pubout -in {{ remote_tmp_dir }}/privatekey2.pem'
+  ansible.builtin.shell: '{{ openssl_binary }} ec -pubout -in {{ remote_tmp_dir }}/privatekey2.pem'
   register: privatekey_ecc_key
 
 - name: "({{ select_crypto_backend }}) Validate ECC CSR (test - Common Name)"
-  shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr2.csr -nameopt oneline,-space_eq"
+  ansible.builtin.shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr2.csr -nameopt oneline,-space_eq"
   register: csr_ecc_cn
 
 - name: "({{ select_crypto_backend }}) Validate ECC CSR (test - CSR pubkey)"
-  shell: '{{ openssl_binary }} req -noout -pubkey -in {{ remote_tmp_dir }}/csr2.csr'
+  ansible.builtin.shell: '{{ openssl_binary }} req -noout -pubkey -in {{ remote_tmp_dir }}/csr2.csr'
   register: csr_ecc_pubkey
 
 - name: "({{ select_crypto_backend }}) Validate ECC CSR (assert)"
-  assert:
+  ansible.builtin.assert:
     that:
       - csr_ecc_cn.stdout.split('=')[-1] == 'www.ansible.com'
       - csr_ecc_pubkey.stdout == privatekey_ecc_key.stdout
 
 - name: "({{ select_crypto_backend }}) Validate CSR (text common name - Common Name)"
-  shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr3.csr -nameopt oneline,-space_eq"
+  ansible.builtin.shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr3.csr -nameopt oneline,-space_eq"
   register: csr3_cn
 
 - name: "({{ select_crypto_backend }}) Validate CSR (assert)"
-  assert:
+  ansible.builtin.assert:
     that:
       - csr3_cn.stdout.split('=')[-1] == 'This is for Ansible'
 
 - name: "({{ select_crypto_backend }}) Validate country name idempotency and validation"
-  assert:
+  ansible.builtin.assert:
     that:
       - country_idempotent_1 is changed
       - country_idempotent_2 is not changed
@@ -137,13 +137,13 @@
       - country_fail_4 is failed
 
 - name: "({{ select_crypto_backend }}) Validate idempotency of privatekey_passphrase"
-  assert:
+  ansible.builtin.assert:
     that:
       - passphrase_1 is changed
       - passphrase_1_content is not changed
 
 - name: "({{ select_crypto_backend }}) Validate private key passphrase errors"
-  assert:
+  ansible.builtin.assert:
     that:
       - passphrase_error_1 is failed
       - "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg"
@@ -153,12 +153,12 @@
       - "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg"
 
 - name: "({{ select_crypto_backend }}) Verify that broken CSR will be regenerated"
-  assert:
+  ansible.builtin.assert:
     that:
       - output_broken is changed
 
 - name: "({{ select_crypto_backend }}) Verify that subject key identifier handling works"
-  assert:
+  ansible.builtin.assert:
     that:
       - subject_key_identifier_1 is changed
       - subject_key_identifier_2 is not changed
@@ -168,7 +168,7 @@
       - subject_key_identifier_6 is changed
 
 - name: "({{ select_crypto_backend }}) Verify that authority key identifier handling works"
-  assert:
+  ansible.builtin.assert:
     that:
       - authority_key_identifier_1 is changed
       - authority_key_identifier_2 is not changed
@@ -176,7 +176,7 @@
       - authority_key_identifier_4 is changed
 
 - name: "({{ select_crypto_backend }}) Verify that authority cert issuer / serial number handling works"
-  assert:
+  ansible.builtin.assert:
     that:
       - authority_cert_issuer_sn_1 is changed
       - authority_cert_issuer_sn_2 is not changed
@@ -185,7 +185,7 @@
       - authority_cert_issuer_sn_5 is changed
 
 - name: "({{ select_crypto_backend }}) Check backup"
-  assert:
+  ansible.builtin.assert:
     that:
       - csr_backup_1 is changed
       - csr_backup_1.backup_file is undefined
@@ -200,7 +200,7 @@
       - csr_backup_4.csr is none
 
 - name: "({{ select_crypto_backend }}) Check CSR with everything"
-  assert:
+  ansible.builtin.assert:
     that:
       - everything_1 is changed
       - everything_2 is not changed
@@ -271,7 +271,7 @@
       - everything_info.name_constraints_critical == true
 
 - name: "({{ select_crypto_backend }}) Check CSR with everything"
-  assert:
+  ansible.builtin.assert:
     that:
       - everything_info.authority_cert_issuer == [
             "DNS:ca.example.org",
@@ -314,7 +314,7 @@
         ]
 
 - name: "({{ select_crypto_backend }}) Verify Ed25519 and Ed448 tests (for cryptography >= 2.6, < 2.8)"
-  assert:
+  ansible.builtin.assert:
     that:
       - generate_csr_ed25519_ed448.results[0] is failed
       - generate_csr_ed25519_ed448.results[1] is failed
@@ -325,7 +325,7 @@
   when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') and cryptography_version.stdout is version('2.8', '<') and generate_csr_ed25519_ed448_privatekey is not failed
 
 - name: "({{ select_crypto_backend }}) Verify Ed25519 and Ed448 tests (for cryptography >= 2.8)"
-  assert:
+  ansible.builtin.assert:
     that:
       - generate_csr_ed25519_ed448 is succeeded
       - generate_csr_ed25519_ed448.results[0] is changed
@@ -336,7 +336,7 @@
   when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.8', '>=') and generate_csr_ed25519_ed448_privatekey is not failed
 
 - name: "({{ select_crypto_backend }}) Verify CRL distribution endpoints (for cryptography >= 1.6)"
-  assert:
+  ansible.builtin.assert:
     that:
       - crl_distribution_endpoints_1 is changed
       - crl_distribution_endpoints_2 is not changed

tests/integration/targets/openssl_csr_info/tasks/impl.yml

@@ -3,31 +3,31 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-- debug:
+- ansible.builtin.debug:
     msg: "Executing tests with backend {{ select_crypto_backend }}"
 
 - name: "({{ select_crypto_backend }}) Get CSR info"
-  openssl_csr_info:
+  community.crypto.openssl_csr_info:
     path: '{{ remote_tmp_dir }}/csr_1.csr'
     select_crypto_backend: '{{ select_crypto_backend }}'
   register: result
 
 - name: "({{ select_crypto_backend }}) Get CSR info (IDNA encoding)"
-  openssl_csr_info:
+  community.crypto.openssl_csr_info:
     path: '{{ remote_tmp_dir }}/csr_1.csr'
     name_encoding: idna
     select_crypto_backend: '{{ select_crypto_backend }}'
   register: result_idna
 
 - name: "({{ select_crypto_backend }}) Get CSR info (Unicode encoding)"
-  openssl_csr_info:
+  community.crypto.openssl_csr_info:
     path: '{{ remote_tmp_dir }}/csr_1.csr'
     name_encoding: unicode
     select_crypto_backend: '{{ select_crypto_backend }}'
   register: result_unicode
 
 - name: "({{ select_crypto_backend }}) Check whether subject and extensions behaves as expected"
-  assert:
+  ansible.builtin.assert:
     that:
       - result.subject.organizationalUnitName == 'ACME Department'
       - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
@@ -54,7 +54,7 @@
       - result.extensions_by_oid['2.5.29.37'].value == 'MHQGCCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJBgRVHSUABggrBgEFBQcBAwYIKwYBBQUHAwoGCCsGAQUFBwMHBggrBgEFBQcBAg=='
 
 - name: "({{ select_crypto_backend }}) Check SubjectKeyIdentifier and AuthorityKeyIdentifier"
-  assert:
+  ansible.builtin.assert:
     that:
       - result.subject_key_identifier == "00:11:22:33"
       - result.authority_key_identifier == "44:55:66:77"
@@ -71,18 +71,18 @@
   when: cryptography_version.stdout is version('1.3', '>=')
 
 - name: "({{ select_crypto_backend }}) Read CSR"
-  slurp:
+  ansible.builtin.slurp:
     src: '{{ remote_tmp_dir }}/csr_1.csr'
   register: slurp
 
 - name: "({{ select_crypto_backend }}) Get CSR info directly"
-  openssl_csr_info:
+  community.crypto.openssl_csr_info:
     content: '{{ slurp.content | b64decode }}'
     select_crypto_backend: '{{ select_crypto_backend }}'
   register: result_direct
 
 - name: "({{ select_crypto_backend }}) Compare output of direct and loaded info"
-  assert:
+  ansible.builtin.assert:
     that:
       - >-
         (result | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict)
@@ -90,19 +90,19 @@
         (result_direct | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict)
 
 - name: "({{ select_crypto_backend }}) Get CSR info"
-  openssl_csr_info:
+  community.crypto.openssl_csr_info:
     path: '{{ remote_tmp_dir }}/csr_2.csr'
     select_crypto_backend: '{{ select_crypto_backend }}'
   register: result
 
 - name: "({{ select_crypto_backend }}) Get CSR info"
-  openssl_csr_info:
+  community.crypto.openssl_csr_info:
     path: '{{ remote_tmp_dir }}/csr_3.csr'
     select_crypto_backend: '{{ select_crypto_backend }}'
   register: result
 
 - name: "({{ select_crypto_backend }}) Check AuthorityKeyIdentifier"
-  assert:
+  ansible.builtin.assert:
     that:
       - result.authority_key_identifier is none
       - result.authority_cert_issuer == expected_authority_cert_issuer
@@ -114,13 +114,13 @@
   when: cryptography_version.stdout is version('1.3', '>=')
 
 - name: "({{ select_crypto_backend }}) Get CSR info"
-  openssl_csr_info:
+  community.crypto.openssl_csr_info:
     path: '{{ remote_tmp_dir }}/csr_4.csr'
     select_crypto_backend: '{{ select_crypto_backend }}'
   register: result
 
 - name: "({{ select_crypto_backend }}) Check AuthorityKeyIdentifier"
-  assert:
+  ansible.builtin.assert:
     that:
       - result.authority_key_identifier == "44:55:66:77"
       - result.authority_cert_issuer is none

tests/integration/targets/openssl_csr_info/tasks/main.yml

@@ -9,24 +9,24 @@
 ####################################################################
 
 - name: Make sure the Python idna library is installed
-  pip:
+  ansible.builtin.pip:
     name: idna
     state: present
 
 - name: Generate privatekey
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey.pem'
     size: '{{ default_rsa_key_size }}'
 
 - name: Generate privatekey with password
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
     select_crypto_backend: cryptography
     size: '{{ default_rsa_key_size }}'
 
 - name: Generate CSR 1
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_1.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -95,7 +95,7 @@
       - "IP:1.2.3.4"
 
 - name: Generate CSR 2
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_2.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     privatekey_passphrase: hunter2
@@ -104,7 +104,7 @@
       - "CA:TRUE"
 
 - name: Generate CSR 3
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_3.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     useCommonNameForSAN: false
@@ -122,14 +122,14 @@
       - "IP:1.2.3.4"
 
 - name: Generate CSR 4
-  openssl_csr:
+  community.crypto.openssl_csr:
     path: '{{ remote_tmp_dir }}/csr_4.csr'
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     useCommonNameForSAN: false
     authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
 
 - name: Running tests with cryptography backend
-  include_tasks: impl.yml
+  ansible.builtin.include_tasks: impl.yml
   vars:
     select_crypto_backend: cryptography
   when: cryptography_version.stdout is version('1.3', '>=')

tests/integration/targets/openssl_csr_pipe/tasks/impl.yml

@@ -4,12 +4,12 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 - name: "({{ select_crypto_backend }}) Generate privatekey"
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey.pem'
     size: '{{ default_rsa_key_size }}'
 
 - name: "({{ select_crypto_backend }}) Generate CSR (check mode)"
-  openssl_csr_pipe:
+  community.crypto.openssl_csr_pipe:
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
       commonName: www.ansible.com
@@ -18,7 +18,7 @@
   register: generate_csr_check
 
 - name: "({{ select_crypto_backend }}) Generate CSR"
-  openssl_csr_pipe:
+  community.crypto.openssl_csr_pipe:
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
       commonName: www.ansible.com
@@ -26,7 +26,7 @@
   register: generate_csr
 
 - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
-  openssl_csr_pipe:
+  community.crypto.openssl_csr_pipe:
     content: "{{ generate_csr.csr }}"
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -35,7 +35,7 @@
   register: generate_csr_idempotent
 
 - name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)"
-  openssl_csr_pipe:
+  community.crypto.openssl_csr_pipe:
     content: "{{ generate_csr.csr }}"
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -45,7 +45,7 @@
   register: generate_csr_idempotent_check
 
 - name: "({{ select_crypto_backend }}) Generate CSR (changed)"
-  openssl_csr_pipe:
+  community.crypto.openssl_csr_pipe:
     content: "{{ generate_csr.csr }}"
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -54,7 +54,7 @@
   register: generate_csr_changed
 
 - name: "({{ select_crypto_backend }}) Generate CSR (changed, check mode)"
-  openssl_csr_pipe:
+  community.crypto.openssl_csr_pipe:
     content: "{{ generate_csr.csr }}"
     privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
     subject:
@@ -64,29 +64,29 @@
   register: generate_csr_changed_check
 
 - name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)"
-  shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem'
+  ansible.builtin.shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem'
   register: privatekey_modulus
 
 - name: "({{ select_crypto_backend }}) Validate CSR (test - Common Name)"
-  shell: "{{ openssl_binary }} req -noout -subject -in /dev/stdin -nameopt oneline,-space_eq"
+  ansible.builtin.shell: "{{ openssl_binary }} req -noout -subject -in /dev/stdin -nameopt oneline,-space_eq"
   args:
     stdin: "{{ generate_csr.csr }}"
   register: csr_cn
 
 - name: "({{ select_crypto_backend }}) Validate CSR (test - csr modulus)"
-  shell: '{{ openssl_binary }} req -noout -modulus -in /dev/stdin'
+  ansible.builtin.shell: '{{ openssl_binary }} req -noout -modulus -in /dev/stdin'
   args:
     stdin: "{{ generate_csr.csr }}"
   register: csr_modulus
 
 - name: "({{ select_crypto_backend }}) Validate CSR (assert)"
-  assert:
+  ansible.builtin.assert:
     that:
       - csr_cn.stdout.split('=')[-1] == 'www.ansible.com'
       - csr_modulus.stdout == privatekey_modulus.stdout
 
 - name: "({{ select_crypto_backend }}) Validate CSR (check mode, idempotency)"
-  assert:
+  ansible.builtin.assert:
     that:
       - generate_csr_check is changed
       - generate_csr is changed

tests/integration/targets/openssl_csr_pipe/tasks/main.yml

@@ -9,18 +9,18 @@
 ####################################################################
 
 - name: Prepare private key for backend autodetection test
-  openssl_privatekey:
+  community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem'
     size: '{{ default_rsa_key_size }}'
 - name: Run module with backend autodetection
-  openssl_csr_pipe:
+  community.crypto.openssl_csr_pipe:
     privatekey_path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem'
     subject:
       commonName: www.ansible.com
 
 - block:
     - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
       vars:
         select_crypto_backend: cryptography
 

tests/integration/targets/openssl_dhparam/tasks/impl.yml

@@ -6,7 +6,7 @@
 # The tests for this module generate unsafe parameters for testing purposes;
 # otherwise tests would be too slow. Use sizes of at least 2048 in production!
 - name: "[{{ select_crypto_backend }}] Generate parameter (check mode)"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     size: 768
     path: '{{ remote_tmp_dir }}/dh768.pem'
     select_crypto_backend: "{{ select_crypto_backend }}"
@@ -15,7 +15,7 @@
   register: dhparam_check
 
 - name: "[{{ select_crypto_backend }}] Generate parameter"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     size: 768
     path: '{{ remote_tmp_dir }}/dh768.pem'
     select_crypto_backend: "{{ select_crypto_backend }}"
@@ -23,7 +23,7 @@
   register: dhparam
 
 - name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change (check mode)"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     size: 768
     path: '{{ remote_tmp_dir }}/dh768.pem'
     select_crypto_backend: "{{ select_crypto_backend }}"
@@ -32,7 +32,7 @@
   register: dhparam_changed_check
 
 - name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     size: 768
     path: '{{ remote_tmp_dir }}/dh768.pem'
     select_crypto_backend: "{{ select_crypto_backend }}"
@@ -40,32 +40,32 @@
   register: dhparam_changed
 
 - name: "[{{ select_crypto_backend }}] Generate parameters with size option"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     path: '{{ remote_tmp_dir }}/dh512.pem'
     size: 512
     select_crypto_backend: "{{ select_crypto_backend }}"
 
 - name: "[{{ select_crypto_backend }}] Don't regenerate parameters with size option and no change"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     path: '{{ remote_tmp_dir }}/dh512.pem'
     size: 512
     select_crypto_backend: "{{ select_crypto_backend }}"
   register: dhparam_changed_512
 
-- copy:
+- ansible.builtin.copy:
     src: '{{ remote_tmp_dir }}/dh768.pem'
     remote_src: true
     dest: '{{ remote_tmp_dir }}/dh512.pem'
 
 - name: "[{{ select_crypto_backend }}] Re-generate if size is different"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     path: '{{ remote_tmp_dir }}/dh512.pem'
     size: 512
     select_crypto_backend: "{{ select_crypto_backend }}"
   register: dhparam_changed_to_512
 
 - name: "[{{ select_crypto_backend }}] Force re-generate parameters with size option"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     path: '{{ remote_tmp_dir }}/dh512.pem'
     size: 512
     force: true
@@ -73,11 +73,11 @@
   register: dhparam_changed_force
 
 - name: "[{{ select_crypto_backend }}] Create broken params"
-  copy:
+  ansible.builtin.copy:
     dest: "{{ remote_tmp_dir }}/dhbroken.pem"
     content: "broken"
 - name: "[{{ select_crypto_backend }}] Regenerate broken params"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     path: '{{ remote_tmp_dir }}/dhbroken.pem'
     size: 512
     force: true
@@ -85,21 +85,21 @@
   register: output_broken
 
 - name: "[{{ select_crypto_backend }}] Generate params"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     path: '{{ remote_tmp_dir }}/dh_backup.pem'
     size: 512
     backup: true
     select_crypto_backend: "{{ select_crypto_backend }}"
   register: dhparam_backup_1
 - name: "[{{ select_crypto_backend }}] Generate params (idempotent)"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     path: '{{ remote_tmp_dir }}/dh_backup.pem'
     size: 512
     backup: true
     select_crypto_backend: "{{ select_crypto_backend }}"
   register: dhparam_backup_2
 - name: "[{{ select_crypto_backend }}] Generate params (change)"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     path: '{{ remote_tmp_dir }}/dh_backup.pem'
     size: 512
     force: true
@@ -107,7 +107,7 @@
     select_crypto_backend: "{{ select_crypto_backend }}"
   register: dhparam_backup_3
 - name: "[{{ select_crypto_backend }}] Generate params (remove)"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     path: '{{ remote_tmp_dir }}/dh_backup.pem'
     state: absent
     backup: true
@@ -115,7 +115,7 @@
     return_content: true
   register: dhparam_backup_4
 - name: "[{{ select_crypto_backend }}] Generate params (remove, idempotent)"
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     path: '{{ remote_tmp_dir }}/dh_backup.pem'
     state: absent
     backup: true

tests/integration/targets/openssl_dhparam/tasks/main.yml

@@ -12,35 +12,35 @@
 # otherwise tests would be too slow. Use sizes of at least 2048 in production!
 
 - name: Run module with backend autodetection
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     path: '{{ remote_tmp_dir }}/dh_backend_selection.pem'
     size: 512
 
 - block:
     - name: Running tests with OpenSSL backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
 
-    - include_tasks: ../tests/validate.yml
+    - ansible.builtin.include_tasks: ../tests/validate.yml
 
   vars:
     select_crypto_backend: openssl
   # when: openssl_version.stdout is version('1.0.0', '>=')
 
 - name: Remove output directory
-  file:
+  ansible.builtin.file:
     path: "{{ remote_tmp_dir }}"
     state: absent
 
 - name: Re-create output directory
-  file:
+  ansible.builtin.file:
     path: "{{ remote_tmp_dir }}"
     state: directory
 
 - block:
     - name: Running tests with cryptography backend
-      include_tasks: impl.yml
+      ansible.builtin.include_tasks: impl.yml
 
-    - include_tasks: ../tests/validate.yml
+    - ansible.builtin.include_tasks: ../tests/validate.yml
 
   vars:
     select_crypto_backend: cryptography