Commit graph

15 commits

Author SHA1 Message Date
Felix Fontein
29ca9d2d4d
openssl_* modules: improve test robustness (#67568)
* Run Ed25519 and Ed448 tests for openssl_csr and openssl_certificate only if key generation succeeded.
* Make openssl_privatekey tests more robust: allow special key generation tests to fail with 'algorithm not supported' on FreeBSD.
2020-02-19 12:24:46 -05:00
Felix Fontein
d6fb9da8ed
openssl_* modules: allow direct input and output for some files (#65400)
* Allow to return generated object.

* Use slurp module instead of file lookup + b64encode.

* Rename return_xxx_content -> return_content.
2020-02-02 12:42:52 +01:00
Felix Fontein
d00d0c81b3
openssl_privatekey: add support for format option (#60388)
* Add support for format option.

* Improve private key format detection.

* Fix raw format handling.

* Improve error handling.

* Improve raw key handling.

* Add failed raw test.

* Improve raw key loading.

* Simplify tests.

* Add raw format tests.

* Fail if format != 'auto_ignore' is specified for pyopenssl backend.

* Fix quoting.

* Bump version.

* Allow to convert private keys between different formats.

* Improve description.
2019-10-17 10:40:13 +02:00
Felix Fontein
221da3e8b1 Implement Ed25519, Ed448, X25519 and X448 support (cryptography backend). (#54947) 2019-04-08 10:30:05 +02:00
Felix Fontein
90c067e947 openssl_* modules: private key errors (#54088)
* Improve error handling, in particular with respect to private key loading problems.

* Add tests to validate that modules regenerate invalid input and don't crash.

* Don't crash when input is invalid.

* Create 'better' broken input.

* Fix paths.

* Simplifying pyOpenSSL error handling.
2019-03-30 14:28:10 +01:00
Felix Fontein
d7a273273a openssl_*: proper mode support (#54085)
* Add write helper.

* Adjust modules (except openssl_certificate).

* Adding tests for mode (with openssl_privatekey).

* Add openssl_certificate support.

* Never, ever remove the output file before actually trying to generate new content for it.

Removal is only allowed when state=absent, or when the object has been regenerated and the result needs to be written to that place.

* Add changelog.

* Extend test.
2019-03-25 14:20:52 +01:00
Felix Fontein
5d460ae865 Fix broken backup. (#54290) 2019-03-25 14:19:25 +01:00
Felix Fontein
e00f315358 openssl_privatekey: add backup option (#53593)
* Add backup option to openssl_privatekey.

* Add changelog fragment.

* Make module available in remove().

* Add tests for backup.

* Update lib/ansible/modules/crypto/openssl_privatekey.py

Co-Authored-By: felixfontein <felix@fontein.de>

* Update lib/ansible/modules/crypto/openssl_privatekey.py

Co-Authored-By: felixfontein <felix@fontein.de>

* Update lib/ansible/modules/crypto/openssl_privatekey.py

Co-Authored-By: felixfontein <felix@fontein.de>

* Update lib/ansible/modules/crypto/openssl_privatekey.py
2019-03-18 16:34:47 +00:00
Felix Fontein
caf7fd2245 openssl_*: improve passphrase handling for private keys in PyOpenSSL (#53489)
* Raise OpenSSLBadPassphraseError if passphrase is wrong.

* Improve handling of passphrase errors.

Current behavior for modules is: if passphrase is wrong (or wrongly specified), fail.
Current behavior for openssl_privatekey is: if passphrase is worng (or wrongly specified), regenerate.

* Add changelog.

* Add tests.

* Adjustments for some versions of PyOpenSSL.

* Update lib/ansible/modules/crypto/openssl_certificate.py

Improve text.

Co-Authored-By: felixfontein <felix@fontein.de>
2019-03-08 16:21:18 +00:00
Matt Clay
7016559b1a Fix openssl_privatekey test on FreeBSD 12.0. 2019-02-13 18:34:45 -08:00
Felix Fontein
92ef500185 openssl_privatekey: add ECC support (#49416)
* Add cryptography backend for openssl_privatekey.

* Adding ECC support.

No support for X25519 and X449, since they don't support serialization.

* Improve finterprint calculation to work with Python 3.

* Add fingerprint check.

* Fix typo.

* Use separate curve option for elliptic curves, and use type 'ECC'.

* Using curve names as defined in IANA registry.

* Bump minimal supported cryptography version. Older versions might work as well, but I couldn't test them.

* Improve documentation.
2018-12-18 09:07:36 +00:00
Jordan Borean
6666b070a9
openss: fix various test and Python 3 issues (#47188) 2018-10-18 05:29:18 +10:00
Matt Martz
4fe08441be Deprecate tests used as filters (#32361)
* Warn on tests used as filters

* Update docs, add aliases for tests that fit more gramatically with test syntax

* Fix rst formatting

* Add successful filter, alias of success

* Remove renamed_deprecation, it was overkill

* Make directory alias for is_dir

* Update tests to use proper jinja test syntax

* Update additional documentation, living outside of YAML files, to reflect proper jinja test syntax

* Add conversion script, porting guide updates, and changelog updates

* Update newly added uses of tests as filters

* No underscore variable

* Convert recent tests as filter changes to win_stat

* Fix some changes related to rebasing a few integration tests

* Make tests_as_filters_warning explicitly accept the name of the test, instead of inferring the name

* Add test for tests_as_filters_warning

* Update tests as filters in newly added/modified tests

* Address recent changes to several integration tests

* Address recent changes in cs_vpc
2017-11-27 17:58:08 -05:00
Yanis Guenane
d4e7b045b7 Extend test coverage for openssl modules (#27548)
* openssl_privatekey: Extend test coverage

Extend the coverage of the integration test for the module
openssl_privatekey.

New tests have been added:

  * passphrase
  * idempotence
  * removal

Co-Authored-By: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>

* openssl_publickey: Extend test coverage

Extend the coverage on the integration test for the module
openssl_publickey.

New tests have been added:

  * OpenSSH format
  * passphrase
  * idempotence
  * removal
2017-08-21 12:19:41 +01:00
Yanis Guenane
8b22c45a45 Enable integration tests for the crypto/ namespace (#26684)
Crypto namespace contains the openssl modules. It has no integration
testing as of now.

This commits aims to add integration tests for the crypto namespace.
This will make it easier to spot breaking changes in the future.

This tests currently apply to:

  * openssl_privatekey
  * openssl_publickey
  * openssl_csr
2017-07-25 12:18:18 +01:00