Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto modules: use module_utils.compat.ipaddress when possible #55278

Merged
merged 7 commits into from Apr 18, 2019

Conversation

Projects
None yet
4 participants
@felixfontein
Copy link
Contributor

felixfontein commented Apr 15, 2019

SUMMARY

The current crypto modules use the ipaddress module (openssl_*), or some manual IP address modification code (ACME). When cryptography is used, this is OK, since ipaddress is a requirement for it. When pyOpenSSL is used, it's better to use module_utils.compat.ipaddress which comes with Ansible. Also, manual IP modification code can be simplified/removed by using module_utils.compat.ipaddress.

This is all new code for 2.8.

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

lib/ansible/module_utils/acme.py
lib/ansible/modules/crypto/acme/acme_certificate.py
lib/ansible/modules/crypto/openssl_certificate_info.py
lib/ansible/modules/crypto/openssl_csr.py
lib/ansible/modules/crypto/openssl_csr_info.py

@ansibot

This comment has been minimized.

@felixfontein felixfontein force-pushed the felixfontein:crypto-compat-ipaddress branch from e37225a to 7d10220 Apr 15, 2019

@ansibot

This comment has been minimized.

Copy link
Contributor

ansibot commented Apr 15, 2019

@ansibot ansibot added support:core test and removed owner_pr labels Apr 15, 2019

@ansibot ansibot added core_review and removed needs_revision labels Apr 15, 2019

@felixfontein

This comment has been minimized.

Copy link
Contributor Author

felixfontein commented Apr 15, 2019

ready_for_review

@felixfontein

This comment has been minimized.

Copy link
Contributor Author

felixfontein commented Apr 15, 2019

I've used this branch to renew my Let's Encrypt certs, and ran the IP certificate tests (https://github.com/felixfontein/ansible-acme-test/tree/orangepizza-ip-support), and it worked fine. So at least acme_certificate still works fine, as do openssl_privatekey and openssl_csr :)

@felixfontein

This comment has been minimized.

Copy link
Contributor Author

felixfontein commented Apr 16, 2019

Tests against the ACME v1 and v2 staging servers of Let's Encrypt also worked.

@felixfontein

This comment has been minimized.

Copy link
Contributor Author

felixfontein commented Apr 17, 2019

Ok, I've forgot a changelog fragment. That's added now. I'd be happy if someone could review this, so it has a chance to make it into 2.8.0rc1 :)

@MarkusTeufelberger

This comment has been minimized.

Copy link
Contributor

MarkusTeufelberger commented Apr 17, 2019

Looks good to me.

shipit

@gundalow gundalow merged commit c8a15b9 into ansible:devel Apr 18, 2019

1 check passed

Shippable Run 119707 status is SUCCESS.
Details
@gundalow

This comment has been minimized.

Copy link
Contributor

gundalow commented Apr 18, 2019

Great work everybody, merged into devel

@felixfontein felixfontein deleted the felixfontein:crypto-compat-ipaddress branch Apr 18, 2019

@felixfontein

This comment has been minimized.

Copy link
Contributor Author

felixfontein commented Apr 18, 2019

@MarkusTeufelberger thanks for reviewing!
@gundalow thanks for merging!

felixfontein added a commit to felixfontein/ansible that referenced this pull request Apr 18, 2019

crypto modules: use module_utils.compat.ipaddress when possible (ansi…
…ble#55278)

* Use module_utils.compat.ipaddress where possible.

* Simplify reverse pointer computation.

* Use dummy for unused variables.

* Remove from ignore list.

* Adjust fix.

* Fix text handling for Python 2.

* Add changelog.

(cherry picked from commit c8a15b9)

ruimoreira added a commit to ruimoreira/ansible that referenced this pull request Apr 22, 2019

crypto modules: use module_utils.compat.ipaddress when possible (ansi…
…ble#55278)

* Use module_utils.compat.ipaddress where possible.

* Simplify reverse pointer computation.

* Use dummy for unused variables.

* Remove from ignore list.

* Adjust fix.

* Fix text handling for Python 2.

* Add changelog.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.