openssl_csr: deprecate version option (#63432)
* Deprecate openssl_csr's version. * Add changelog. * Change PR so that version will no longer accept values != 1 from 2.14 on. * Make sure it is a string.
This commit is contained in:
parent
d00d0c81b3
commit
ba686154b9
3 changed files with 16 additions and 1 deletions
4
changelogs/fragments/63432-openssl_csr-version.yml
Normal file
4
changelogs/fragments/63432-openssl_csr-version.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
deprecated_features:
|
||||||
|
- "openssl_csr - all values for the ``version`` option except ``1`` are deprecated."
|
||||||
|
bugfixes:
|
||||||
|
- "openssl_csr - a warning is issued if an unsupported value for ``version`` is used for the ``cryptography`` backend."
|
|
@ -51,7 +51,9 @@ The following modules no longer exist:
|
||||||
Deprecation notices
|
Deprecation notices
|
||||||
-------------------
|
-------------------
|
||||||
|
|
||||||
No notable changes
|
The following functionality will be removed in Ansible 2.14. Please update update your playbooks accordingly.
|
||||||
|
|
||||||
|
* The :ref:`openssl_csr <openssl_csr_module>` module's option ``version`` no longer supports values other than ``1`` (the current only standardized CSR version).
|
||||||
|
|
||||||
|
|
||||||
Noteworthy module changes
|
Noteworthy module changes
|
||||||
|
|
|
@ -58,6 +58,9 @@ options:
|
||||||
version:
|
version:
|
||||||
description:
|
description:
|
||||||
- The version of the certificate signing request.
|
- The version of the certificate signing request.
|
||||||
|
- "The only allowed value according to L(RFC 2986,https://tools.ietf.org/html/rfc2986#section-4.1)
|
||||||
|
is 1."
|
||||||
|
- This option will no longer accept unsupported values from Ansible 2.14 on.
|
||||||
type: int
|
type: int
|
||||||
default: 1
|
default: 1
|
||||||
force:
|
force:
|
||||||
|
@ -755,6 +758,8 @@ class CertificateSigningRequestCryptography(CertificateSigningRequestBase):
|
||||||
def __init__(self, module):
|
def __init__(self, module):
|
||||||
super(CertificateSigningRequestCryptography, self).__init__(module)
|
super(CertificateSigningRequestCryptography, self).__init__(module)
|
||||||
self.cryptography_backend = cryptography.hazmat.backends.default_backend()
|
self.cryptography_backend = cryptography.hazmat.backends.default_backend()
|
||||||
|
if self.version != 1:
|
||||||
|
module.warn('The cryptography backend only supports version 1. (The only valid value according to RFC 2986.)')
|
||||||
|
|
||||||
def _generate_csr(self):
|
def _generate_csr(self):
|
||||||
csr = cryptography.x509.CertificateSigningRequestBuilder()
|
csr = cryptography.x509.CertificateSigningRequestBuilder()
|
||||||
|
@ -1027,6 +1032,10 @@ def main():
|
||||||
supports_check_mode=True,
|
supports_check_mode=True,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if module.params['version'] != 1:
|
||||||
|
module.deprecate('The version option will only support allowed values from Ansible 2.14 on. '
|
||||||
|
'Currently, only the value 1 is allowed by RFC 2986', version='2.14')
|
||||||
|
|
||||||
base_dir = os.path.dirname(module.params['path']) or '.'
|
base_dir = os.path.dirname(module.params['path']) or '.'
|
||||||
if not os.path.isdir(base_dir):
|
if not os.path.isdir(base_dir):
|
||||||
module.fail_json(name=base_dir, msg='The directory %s does not exist or the file is not a directory' % base_dir)
|
module.fail_json(name=base_dir, msg='The directory %s does not exist or the file is not a directory' % base_dir)
|
||||||
|
|
Loading…
Reference in a new issue