Refactor x509_certificate module, add x509_certificate_pipe module (#135

) * Move documentation to doc fragment. * Prepare module backends. * Linting. * Fix comments. * First shot at actually moving code. * Forgot SKI check. * Remove unused imports. * Improve check mode. * Fix 'returned'. * Move csr_* checks. * Explicitly specify parameter. * Add x509_certificate_pipe module. * Update other seealsos. * Forgot to remove doc fragment. * Adjust to work with macOS 10.15. * Update plugins/module_utils/crypto/module_backends/certificate_entrust.py Co-authored-by: Chris Trufan <[email protected]> * Add changelog fragments for entrust bugfix and module refactorings. * Restore old behavior of Entrust backend when existing certificate cannot be parsed. * Update plugins/modules/x509_certificate_pipe.py Co-authored-by: Chris Trufan <[email protected]> * Remove Entrust provider from x509_certificate_pipe for now. * Add own CA tests. * One more fix for Entrust provider, when csr_content is used. * Update plugins/modules/x509_certificate_pipe.py Co-authored-by: Chris Trufan <[email protected]> * Fix another broken example. * Revert "Remove Entrust provider from x509_certificate_pipe for now." This reverts commit 6ee5d7d. * ci_complete * Apply suggestions from code review Co-authored-by: MarkusTeufelberger <[email protected]> * Improve example. * Improve readability of example, add another one. * Extend descriptions of csr_* for selfsigned. * Improve documentation. * Move deprecation message up. * Explain empty choices. Co-authored-by: Chris Trufan <[email protected]> Co-authored-by: MarkusTeufelberger <[email protected]>
ansible-collections · Nov 24, 2020 · 69335a8 · 69335a8
1 parent 86b3973
commit 69335a8
Show file tree

Hide file tree

Showing 22 changed files with 3,239 additions and 2,364 deletions.
diff --git a/changelogs/fragments/135-x509_certificate-entrust.yml b/changelogs/fragments/135-x509_certificate-entrust.yml
@@ -0,0 +1,2 @@
+bugfixes:
+- "x509_certificate - fix ``entrust`` provider, which was broken since community.crypto 0.1.0 due to a feature added before the collection move (https://github.com/ansible-collections/community.crypto/pull/135)."
diff --git a/changelogs/fragments/privatekey-csr-certificate-refactoring.yml b/changelogs/fragments/privatekey-csr-certificate-refactoring.yml
@@ -0,0 +1,4 @@
+minor_changes:
+- "openssl_privatekey - refactor module to allow code re-use by openssl_privatekey_pipe (https://github.com/ansible-collections/community.crypto/pull/119)."
+- "openssl_csr - refactor module to allow code re-use by openssl_csr_pipe (https://github.com/ansible-collections/community.crypto/pull/123)."
+- "x509_certificate - refactor module to allow code re-use by x509_certificate_pipe (https://github.com/ansible-collections/community.crypto/pull/135)."
diff --git a/plugins/doc_fragments/module_certificate.py b/plugins/doc_fragments/module_certificate.py
diff --git a/plugins/doc_fragments/module_csr.py b/plugins/doc_fragments/module_csr.py
@@ -266,9 +266,11 @@ class ModuleDocFragment(object):
       OCSP Must Staple is as requested, and if the request was signed by the given private key.
 seealso:
 - module: community.crypto.x509_certificate
+- module: community.crypto.x509_certificate_pipe
 - module: community.crypto.openssl_dhparam
 - module: community.crypto.openssl_pkcs12
 - module: community.crypto.openssl_privatekey
+- module: community.crypto.openssl_privatekey_pipe
 - module: community.crypto.openssl_publickey
 - module: community.crypto.openssl_csr_info
 '''
diff --git a/plugins/doc_fragments/module_privatekey.py b/plugins/doc_fragments/module_privatekey.py
@@ -154,7 +154,9 @@ class ModuleDocFragment(object):
         default: full_idempotence
 seealso:
 - module: community.crypto.x509_certificate
+- module: community.crypto.x509_certificate_pipe
 - module: community.crypto.openssl_csr
+- module: community.crypto.openssl_csr_pipe
 - module: community.crypto.openssl_dhparam
 - module: community.crypto.openssl_pkcs12
 - module: community.crypto.openssl_publickey