diff --git a/lib/ansible/module_utils/acme.py b/lib/ansible/module_utils/acme.py index 3a1a5bb4007..5165a4eff2b 100644 --- a/lib/ansible/module_utils/acme.py +++ b/lib/ansible/module_utils/acme.py @@ -231,13 +231,13 @@ def _parse_key_openssl(openssl_binary, module, key_file=None, key_content=None): if asn1_oid_curve == 'prime256v1' or nist_curve == 'p-256': bits = 256 alg = 'ES256' - hash = 'sha256' + hashalg = 'sha256' point_size = 32 curve = 'P-256' elif asn1_oid_curve == 'secp384r1' or nist_curve == 'p-384': bits = 384 alg = 'ES384' - hash = 'sha384' + hashalg = 'sha384' point_size = 48 curve = 'P-384' elif asn1_oid_curve == 'secp521r1' or nist_curve == 'p-521': @@ -245,13 +245,13 @@ def _parse_key_openssl(openssl_binary, module, key_file=None, key_content=None): # https://github.com/letsencrypt/boulder/issues/2217 bits = 521 alg = 'ES512' - hash = 'sha512' + hashalg = 'sha512' point_size = 66 curve = 'P-521' else: return 'unknown elliptic curve: %s / %s' % (asn1_oid_curve, nist_curve), {} - bytes = (bits + 7) // 8 - if len(pub_hex) != 2 * bytes: + num_bytes = (bits + 7) // 8 + if len(pub_hex) != 2 * num_bytes: return 'bad elliptic curve point (%s / %s)' % (asn1_oid_curve, nist_curve), {} return None, { 'key_file': key_file, @@ -260,10 +260,10 @@ def _parse_key_openssl(openssl_binary, module, key_file=None, key_content=None): 'jwk': { "kty": "EC", "crv": curve, - "x": nopad_b64(pub_hex[:bytes]), - "y": nopad_b64(pub_hex[bytes:]), + "x": nopad_b64(pub_hex[:num_bytes]), + "y": nopad_b64(pub_hex[num_bytes:]), }, - 'hash': hash, + 'hash': hashalg, 'point_size': point_size, } @@ -363,13 +363,13 @@ def _parse_key_cryptography(module, key_file=None, key_content=None): if pk.curve.name == 'secp256r1': bits = 256 alg = 'ES256' - hash = 'sha256' + hashalg = 'sha256' point_size = 32 curve = 'P-256' elif pk.curve.name == 'secp384r1': bits = 384 alg = 'ES384' - hash = 'sha384' + hashalg = 'sha384' point_size = 48 curve = 'P-384' elif pk.curve.name == 'secp521r1': @@ -377,12 +377,12 @@ def _parse_key_cryptography(module, key_file=None, key_content=None): # https://github.com/letsencrypt/boulder/issues/2217 bits = 521 alg = 'ES512' - hash = 'sha512' + hashalg = 'sha512' point_size = 66 curve = 'P-521' else: return 'unknown elliptic curve: {0}'.format(pk.curve.name), {} - bytes = (bits + 7) // 8 + num_bytes = (bits + 7) // 8 return None, { 'key_obj': key, 'type': 'ec', @@ -390,10 +390,10 @@ def _parse_key_cryptography(module, key_file=None, key_content=None): 'jwk': { "kty": "EC", "crv": curve, - "x": nopad_b64(_convert_int_to_bytes(bytes, pk.x)), - "y": nopad_b64(_convert_int_to_bytes(bytes, pk.y)), + "x": nopad_b64(_convert_int_to_bytes(num_bytes, pk.x)), + "y": nopad_b64(_convert_int_to_bytes(num_bytes, pk.y)), }, - 'hash': hash, + 'hash': hashalg, 'point_size': point_size, } else: @@ -404,16 +404,16 @@ def _sign_request_cryptography(module, payload64, protected64, key_data): sign_payload = "{0}.{1}".format(protected64, payload64).encode('utf8') if isinstance(key_data['key_obj'], cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey): padding = cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15() - hash = cryptography.hazmat.primitives.hashes.SHA256() - signature = key_data['key_obj'].sign(sign_payload, padding, hash) + hashalg = cryptography.hazmat.primitives.hashes.SHA256 + signature = key_data['key_obj'].sign(sign_payload, padding, hashalg()) elif isinstance(key_data['key_obj'], cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey): if key_data['hash'] == 'sha256': - hash = cryptography.hazmat.primitives.hashes.SHA256 + hashalg = cryptography.hazmat.primitives.hashes.SHA256 elif key_data['hash'] == 'sha384': - hash = cryptography.hazmat.primitives.hashes.SHA384 + hashalg = cryptography.hazmat.primitives.hashes.SHA384 elif key_data['hash'] == 'sha512': - hash = cryptography.hazmat.primitives.hashes.SHA512 - ecdsa = cryptography.hazmat.primitives.asymmetric.ec.ECDSA(hash()) + hashalg = cryptography.hazmat.primitives.hashes.SHA512 + ecdsa = cryptography.hazmat.primitives.asymmetric.ec.ECDSA(hashalg()) r, s = cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature(key_data['key_obj'].sign(sign_payload, ecdsa)) rr = _pad_hex(r, 2 * key_data['point_size']) ss = _pad_hex(s, 2 * key_data['point_size']) diff --git a/lib/ansible/module_utils/crypto.py b/lib/ansible/module_utils/crypto.py index 2d49ab9034b..0735c53f372 100644 --- a/lib/ansible/module_utils/crypto.py +++ b/lib/ansible/module_utils/crypto.py @@ -26,6 +26,9 @@ # Copyright (c) the OpenSSL contributors # For more details, search for the function _OID_MAP. +from __future__ import absolute_import, division, print_function +__metaclass__ = type + from distutils.version import LooseVersion @@ -1732,10 +1735,10 @@ def cryptography_get_name(name): raise OpenSSLObjectError('Cannot parse Subject Alternative Name "{0}" (potentially unsupported by cryptography backend)'.format(name)) -def _get_hex(bytes): - if bytes is None: - return bytes - data = binascii.hexlify(bytes) +def _get_hex(bytesstr): + if bytesstr is None: + return bytesstr + data = binascii.hexlify(bytesstr) data = to_text(b':'.join(data[i:i + 2] for i in range(0, len(data), 2))) return data diff --git a/lib/ansible/modules/crypto/acme/acme_certificate.py b/lib/ansible/modules/crypto/acme/acme_certificate.py index 67a3c7d24d5..9b04be5b7b5 100644 --- a/lib/ansible/modules/crypto/acme/acme_certificate.py +++ b/lib/ansible/modules/crypto/acme/acme_certificate.py @@ -970,7 +970,7 @@ class ACMEClient(object): result, info = self.account.send_signed_request(auth['uri'], authz_deactivate) if 200 <= info['status'] < 300 and result.get('status') == 'deactivated': auth['status'] = 'deactivated' - except Exception as e: + except Exception as dummy: # Ignore errors on deactivating authzs pass if auth.get('status') != 'deactivated': diff --git a/lib/ansible/modules/crypto/acme/acme_challenge_cert_helper.py b/lib/ansible/modules/crypto/acme/acme_challenge_cert_helper.py index 0b2c8570b4e..0faaf09af1b 100644 --- a/lib/ansible/modules/crypto/acme/acme_challenge_cert_helper.py +++ b/lib/ansible/modules/crypto/acme/acme_challenge_cert_helper.py @@ -168,7 +168,7 @@ try: from distutils.version import LooseVersion HAS_CRYPTOGRAPHY = (LooseVersion(cryptography.__version__) >= LooseVersion('1.3')) _cryptography_backend = cryptography.hazmat.backends.default_backend() -except ImportError as e: +except ImportError as dummy: CRYPTOGRAPHY_IMP_ERR = traceback.format_exc() HAS_CRYPTOGRAPHY = False diff --git a/lib/ansible/modules/crypto/certificate_complete_chain.py b/lib/ansible/modules/crypto/certificate_complete_chain.py index 00472e858e1..16b08b2e53e 100644 --- a/lib/ansible/modules/crypto/certificate_complete_chain.py +++ b/lib/ansible/modules/crypto/certificate_complete_chain.py @@ -141,7 +141,7 @@ try: from distutils.version import LooseVersion HAS_CRYPTOGRAPHY = (LooseVersion(cryptography.__version__) >= LooseVersion('1.5')) _cryptography_backend = cryptography.hazmat.backends.default_backend() -except ImportError as e: +except ImportError as dummy: CRYPTOGRAPHY_IMP_ERR = traceback.format_exc() HAS_CRYPTOGRAPHY = False @@ -185,7 +185,7 @@ def is_parent(module, cert, potential_parent): module.warn('Unknown public key type "{0}"'.format(public_key)) return False return True - except cryptography.exceptions.InvalidSignature as e: + except cryptography.exceptions.InvalidSignature as dummy: return False except Exception as e: module.fail_json(msg='Unknown error on signature validation: {0}'.format(e)) @@ -258,9 +258,9 @@ class CertificateSet(object): ''' b_path = to_bytes(path, errors='surrogate_or_strict') if os.path.isdir(b_path): - for dir, dummy, files in os.walk(b_path, followlinks=True): + for directory, dummy, files in os.walk(b_path, followlinks=True): for file in files: - self._load_file(os.path.join(dir, file)) + self._load_file(os.path.join(directory, file)) else: self._load_file(b_path) diff --git a/lib/ansible/modules/crypto/luks_device.py b/lib/ansible/modules/crypto/luks_device.py index a123d620252..85a47d8129a 100644 --- a/lib/ansible/modules/crypto/luks_device.py +++ b/lib/ansible/modules/crypto/luks_device.py @@ -362,11 +362,11 @@ class ConditionsHandler(Handler): # container is not open return None - if (self._module.params['name'] is None): + if self._module.params['name'] is None: # container is already opened return name - if (name != self._module.params['name']): + if name != self._module.params['name']: # the container is already open but with different name: # suspicious. back off self._module.fail_json(msg="LUKS container is already opened " diff --git a/lib/ansible/modules/crypto/openssh_cert.py b/lib/ansible/modules/crypto/openssh_cert.py index 8f247fa30e2..2b41bd8a240 100644 --- a/lib/ansible/modules/crypto/openssh_cert.py +++ b/lib/ansible/modules/crypto/openssh_cert.py @@ -196,13 +196,11 @@ info: import os import errno -import random import re import tempfile from datetime import datetime from datetime import MINYEAR, MAXYEAR -from datetime import timedelta from shutil import copy2 from shutil import rmtree from ansible.module_utils.basic import AnsibleModule @@ -366,8 +364,8 @@ class Certificate(object): def is_same_datetime(self, datetime_one, datetime_two): # This function is for backwards compatability only because .total_seconds() is new in python2.7 - def timedelta_total_seconds(timedelta): - return ((timedelta.microseconds + 0.0 + (timedelta.seconds + timedelta.days * 24 * 3600) * 10 ** 6) / 10 ** 6) + def timedelta_total_seconds(time_delta): + return (time_delta.microseconds + 0.0 + (time_delta.seconds + time_delta.days * 24 * 3600) * 10 ** 6) / 10 ** 6 # try to use .total_ seconds() from python2.7 try: return (datetime_one - datetime_two).total_seconds() == 0.0 @@ -519,7 +517,6 @@ class Certificate(object): raise CertificateError(exc) else: pass - return def main(): diff --git a/lib/ansible/modules/crypto/openssl_csr.py b/lib/ansible/modules/crypto/openssl_csr.py index c54416576d1..dc2fa9ca64a 100644 --- a/lib/ansible/modules/crypto/openssl_csr.py +++ b/lib/ansible/modules/crypto/openssl_csr.py @@ -726,9 +726,9 @@ class CertificateSigningRequestCryptography(CertificateSigningRequestBase): current_subject = [(sub.oid, sub.value) for sub in csr.subject] return set(subject) == set(current_subject) - def _find_extension(extensions, type): + def _find_extension(extensions, exttype): return next( - (ext for ext in extensions if isinstance(ext.value, type)), + (ext for ext in extensions if isinstance(ext.value, exttype)), None ) diff --git a/lib/ansible/modules/crypto/openssl_csr_info.py b/lib/ansible/modules/crypto/openssl_csr_info.py index c4e5e0e81c4..47e44601a96 100644 --- a/lib/ansible/modules/crypto/openssl_csr_info.py +++ b/lib/ansible/modules/crypto/openssl_csr_info.py @@ -164,14 +164,12 @@ public_key_fingerprints: import abc -import datetime import os import traceback from distutils.version import LooseVersion from ansible.module_utils import crypto as crypto_utils from ansible.module_utils.basic import AnsibleModule, missing_required_lib -from ansible.module_utils.six import string_types from ansible.module_utils._text import to_native, to_text, to_bytes from ansible.module_utils.compat import ipaddress as compat_ipaddress diff --git a/lib/ansible/modules/crypto/openssl_privatekey.py b/lib/ansible/modules/crypto/openssl_privatekey.py index ec51164c7df..f710db54f9e 100644 --- a/lib/ansible/modules/crypto/openssl_privatekey.py +++ b/lib/ansible/modules/crypto/openssl_privatekey.py @@ -270,7 +270,6 @@ else: from ansible.module_utils import crypto as crypto_utils from ansible.module_utils._text import to_native, to_bytes from ansible.module_utils.basic import AnsibleModule, missing_required_lib -from ansible.module_utils.six import string_types class PrivateKeyError(crypto_utils.OpenSSLObjectError): @@ -488,7 +487,7 @@ class PrivateKeyCryptography(PrivateKeyBase): self.module.fail_json(msg='Your cryptography version does not support Ed448') def _generate_private_key_data(self): - format = cryptography.hazmat.primitives.serialization.PrivateFormat.TraditionalOpenSSL + export_format = cryptography.hazmat.primitives.serialization.PrivateFormat.TraditionalOpenSSL try: if self.type == 'RSA': self.privatekey = cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key( @@ -503,16 +502,16 @@ class PrivateKeyCryptography(PrivateKeyBase): ) if CRYPTOGRAPHY_HAS_X25519_FULL and self.type == 'X25519': self.privatekey = cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.generate() - format = cryptography.hazmat.primitives.serialization.PrivateFormat.PKCS8 + export_format = cryptography.hazmat.primitives.serialization.PrivateFormat.PKCS8 if CRYPTOGRAPHY_HAS_X448 and self.type == 'X448': self.privatekey = cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.generate() - format = cryptography.hazmat.primitives.serialization.PrivateFormat.PKCS8 + export_format = cryptography.hazmat.primitives.serialization.PrivateFormat.PKCS8 if CRYPTOGRAPHY_HAS_ED25519 and self.type == 'Ed25519': self.privatekey = cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey.generate() - format = cryptography.hazmat.primitives.serialization.PrivateFormat.PKCS8 + export_format = cryptography.hazmat.primitives.serialization.PrivateFormat.PKCS8 if CRYPTOGRAPHY_HAS_ED448 and self.type == 'Ed448': self.privatekey = cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey.generate() - format = cryptography.hazmat.primitives.serialization.PrivateFormat.PKCS8 + export_format = cryptography.hazmat.primitives.serialization.PrivateFormat.PKCS8 if self.type == 'ECC' and self.curve in self.curves: if self.curves[self.curve]['deprecated']: self.module.warn('Elliptic curves of type {0} should not be used for new keys!'.format(self.curve)) @@ -520,7 +519,7 @@ class PrivateKeyCryptography(PrivateKeyBase): curve=self.curves[self.curve]['create'](self.size), backend=self.cryptography_backend ) - except cryptography.exceptions.UnsupportedAlgorithm as e: + except cryptography.exceptions.UnsupportedAlgorithm as dummy: self.module.fail_json(msg='Cryptography backend does not support the algorithm required for {0}'.format(self.type)) # Select key encryption @@ -534,7 +533,7 @@ class PrivateKeyCryptography(PrivateKeyBase): # Serialize key return self.privatekey.private_bytes( encoding=cryptography.hazmat.primitives.serialization.Encoding.PEM, - format=format, + format=export_format, encryption_algorithm=encryption_algorithm ) diff --git a/lib/ansible/modules/crypto/openssl_privatekey_info.py b/lib/ansible/modules/crypto/openssl_privatekey_info.py index fc959c02e15..5242b41643b 100644 --- a/lib/ansible/modules/crypto/openssl_privatekey_info.py +++ b/lib/ansible/modules/crypto/openssl_privatekey_info.py @@ -440,11 +440,11 @@ class PrivateKeyInfoPyOpenSSL(PrivateKeyInfo): '''Convert OpenSSL BIGINT to Python integer''' if bn == OpenSSL._util.ffi.NULL: return None + hexstr = OpenSSL._util.lib.BN_bn2hex(bn) try: - hex = OpenSSL._util.lib.BN_bn2hex(bn) - return int(OpenSSL._util.ffi.string(hex), 16) + return int(OpenSSL._util.ffi.string(hexstr), 16) finally: - OpenSSL._util.lib.OPENSSL_free(hex) + OpenSSL._util.lib.OPENSSL_free(hexstr) def _get_key_info(self): key_public_data = dict() diff --git a/lib/ansible/modules/crypto/openssl_publickey.py b/lib/ansible/modules/crypto/openssl_publickey.py index ee08e9e44c7..976306d6264 100644 --- a/lib/ansible/modules/crypto/openssl_publickey.py +++ b/lib/ansible/modules/crypto/openssl_publickey.py @@ -237,7 +237,7 @@ class PublicKey(crypto_utils.OpenSSLObject): else: try: return crypto.dump_publickey(crypto.FILETYPE_PEM, self.privatekey) - except AttributeError as exc: + except AttributeError as dummy: raise PublicKeyError('You need to have PyOpenSSL>=16.0.0 to generate public keys') def generate(self, module): diff --git a/lib/ansible/plugins/doc_fragments/acme.py b/lib/ansible/plugins/doc_fragments/acme.py index 13bc01f95fc..1c3bd4fddd9 100644 --- a/lib/ansible/plugins/doc_fragments/acme.py +++ b/lib/ansible/plugins/doc_fragments/acme.py @@ -3,6 +3,9 @@ # Copyright: (c) 2016 Michael Gruener # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import absolute_import, division, print_function +__metaclass__ = type + class ModuleDocFragment(object): diff --git a/test/integration/targets/get_certificate/files/process_certs.py b/test/integration/targets/get_certificate/files/process_certs.py index 6948b784775..8a21af71178 100644 --- a/test/integration/targets/get_certificate/files/process_certs.py +++ b/test/integration/targets/get_certificate/files/process_certs.py @@ -1,3 +1,6 @@ +from __future__ import absolute_import, division, print_function +__metaclass__ = type + from sys import argv from subprocess import Popen, PIPE, STDOUT diff --git a/test/sanity/ignore.txt b/test/sanity/ignore.txt index b59a1d61840..ac52ed16307 100644 --- a/test/sanity/ignore.txt +++ b/test/sanity/ignore.txt @@ -211,8 +211,6 @@ lib/ansible/module_utils/compat/ipaddress.py no-assert lib/ansible/module_utils/compat/ipaddress.py no-unicode-literals lib/ansible/module_utils/connection.py future-import-boilerplate lib/ansible/module_utils/connection.py metaclass-boilerplate -lib/ansible/module_utils/crypto.py future-import-boilerplate -lib/ansible/module_utils/crypto.py metaclass-boilerplate lib/ansible/module_utils/database.py future-import-boilerplate lib/ansible/module_utils/database.py metaclass-boilerplate lib/ansible/module_utils/digital_ocean.py future-import-boilerplate @@ -6084,8 +6082,6 @@ lib/ansible/plugins/doc_fragments/a10.py future-import-boilerplate lib/ansible/plugins/doc_fragments/a10.py metaclass-boilerplate lib/ansible/plugins/doc_fragments/aci.py future-import-boilerplate lib/ansible/plugins/doc_fragments/aci.py metaclass-boilerplate -lib/ansible/plugins/doc_fragments/acme.py future-import-boilerplate -lib/ansible/plugins/doc_fragments/acme.py metaclass-boilerplate lib/ansible/plugins/doc_fragments/aireos.py future-import-boilerplate lib/ansible/plugins/doc_fragments/aireos.py metaclass-boilerplate lib/ansible/plugins/doc_fragments/alicloud.py future-import-boilerplate @@ -6325,8 +6321,6 @@ test/integration/targets/aws_lambda/files/mini_lambda.py metaclass-boilerplate test/integration/targets/collections/collection_root_user/ansible_collections/testns/testcoll/plugins/module_utils/MyPSMU.psm1 pslint:PSUseApprovedVerbs test/integration/targets/expect/files/test_command.py future-import-boilerplate test/integration/targets/expect/files/test_command.py metaclass-boilerplate -test/integration/targets/get_certificate/files/process_certs.py future-import-boilerplate -test/integration/targets/get_certificate/files/process_certs.py metaclass-boilerplate test/integration/targets/get_url/files/testserver.py future-import-boilerplate test/integration/targets/get_url/files/testserver.py metaclass-boilerplate test/integration/targets/group/files/gidget.py future-import-boilerplate @@ -6484,8 +6478,6 @@ test/units/mock/path.py future-import-boilerplate test/units/mock/path.py metaclass-boilerplate test/units/mock/yaml_helper.py future-import-boilerplate test/units/mock/yaml_helper.py metaclass-boilerplate -test/units/module_utils/acme/test_acme.py future-import-boilerplate -test/units/module_utils/acme/test_acme.py metaclass-boilerplate test/units/module_utils/aws/test_aws_module.py metaclass-boilerplate test/units/module_utils/basic/test__symbolic_mode_to_octal.py future-import-boilerplate test/units/module_utils/basic/test_deprecate_warn.py future-import-boilerplate @@ -6640,8 +6632,6 @@ test/units/modules/cloud/xenserver/FakeXenAPI.py future-import-boilerplate test/units/modules/cloud/xenserver/FakeXenAPI.py metaclass-boilerplate test/units/modules/conftest.py future-import-boilerplate test/units/modules/conftest.py metaclass-boilerplate -test/units/modules/crypto/test_luks_device.py future-import-boilerplate -test/units/modules/crypto/test_luks_device.py metaclass-boilerplate test/units/modules/files/test_copy.py future-import-boilerplate test/units/modules/messaging/rabbitmq/test_rabbimq_user.py future-import-boilerplate test/units/modules/messaging/rabbitmq/test_rabbimq_user.py metaclass-boilerplate diff --git a/test/units/module_utils/acme/test_acme.py b/test/units/module_utils/acme/test_acme.py index f7589c596b7..6db2eb6e554 100644 --- a/test/units/module_utils/acme/test_acme.py +++ b/test/units/module_utils/acme/test_acme.py @@ -1,3 +1,6 @@ +from __future__ import absolute_import, division, print_function +__metaclass__ = type + import base64 import datetime import os.path diff --git a/test/units/modules/crypto/test_luks_device.py b/test/units/modules/crypto/test_luks_device.py index 7fef3d81279..f090a75c2d0 100644 --- a/test/units/modules/crypto/test_luks_device.py +++ b/test/units/modules/crypto/test_luks_device.py @@ -1,3 +1,6 @@ +from __future__ import absolute_import, division, print_function +__metaclass__ = type + import pytest from ansible.modules.crypto import luks_device