diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 4f8a979..6bf4ccd 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -1,3 +1,4 @@ +--- # Default state for all rules default: true diff --git a/.ostree/packages-runtime-CentOS-9.txt b/.ostree/packages-runtime-CentOS-9.txt index 449febc..35de0c3 100644 --- a/.ostree/packages-runtime-CentOS-9.txt +++ b/.ostree/packages-runtime-CentOS-9.txt @@ -1,3 +1,4 @@ python3-cryptography python3-dbus +python3-packaging python3-pyasn1 diff --git a/.ostree/packages-runtime-Fedora.txt b/.ostree/packages-runtime-Fedora.txt index 449febc..35de0c3 100644 --- a/.ostree/packages-runtime-Fedora.txt +++ b/.ostree/packages-runtime-Fedora.txt @@ -1,3 +1,4 @@ python3-cryptography python3-dbus +python3-packaging python3-pyasn1 diff --git a/.ostree/packages-runtime-RedHat-9.txt b/.ostree/packages-runtime-RedHat-9.txt index 449febc..35de0c3 100644 --- a/.ostree/packages-runtime-RedHat-9.txt +++ b/.ostree/packages-runtime-RedHat-9.txt @@ -1,3 +1,4 @@ python3-cryptography python3-dbus +python3-packaging python3-pyasn1 diff --git a/.sanity-ansible-ignore-2.10.txt b/.sanity-ansible-ignore-2.10.txt index b9e0e33..b3c573d 100644 --- a/.sanity-ansible-ignore-2.10.txt +++ b/.sanity-ansible-ignore-2.10.txt @@ -1,26 +1 @@ -plugins/module_utils/certificate_lsr/providers/base.py import-2.6!skip -plugins/module_utils/certificate_lsr/providers/base.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-2.6!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-2.6!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.8!skip -plugins/modules/certificate_request.py import-2.6!skip -plugins/modules/certificate_request.py import-2.7!skip -plugins/modules/certificate_request.py import-3.5!skip -plugins/modules/certificate_request.py import-3.6!skip -plugins/modules/certificate_request.py import-3.7!skip -plugins/modules/certificate_request.py import-3.8!skip plugins/modules/certificate_request.py validate-modules:missing-gplv3-license -plugins/modules/certificate_request.py validate-modules:import-error diff --git a/.sanity-ansible-ignore-2.11.txt b/.sanity-ansible-ignore-2.11.txt index 9641d3d..b3c573d 100644 --- a/.sanity-ansible-ignore-2.11.txt +++ b/.sanity-ansible-ignore-2.11.txt @@ -1,31 +1 @@ -plugins/module_utils/certificate_lsr/providers/base.py compile-2.6!skip -plugins/module_utils/certificate_lsr/providers/base.py import-2.6!skip -plugins/module_utils/certificate_lsr/providers/base.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.9!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-2.6!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.9!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-2.6!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.9!skip -plugins/modules/certificate_request.py import-2.6!skip -plugins/modules/certificate_request.py import-2.7!skip -plugins/modules/certificate_request.py import-3.5!skip -plugins/modules/certificate_request.py import-3.6!skip -plugins/modules/certificate_request.py import-3.7!skip -plugins/modules/certificate_request.py import-3.8!skip -plugins/modules/certificate_request.py import-3.9!skip plugins/modules/certificate_request.py validate-modules:missing-gplv3-license -plugins/modules/certificate_request.py validate-modules:import-error diff --git a/.sanity-ansible-ignore-2.12.txt b/.sanity-ansible-ignore-2.12.txt index 043aeb8..b3c573d 100644 --- a/.sanity-ansible-ignore-2.12.txt +++ b/.sanity-ansible-ignore-2.12.txt @@ -1,35 +1 @@ -plugins/module_utils/certificate_lsr/providers/base.py compile-2.6!skip -plugins/module_utils/certificate_lsr/providers/base.py import-2.6!skip -plugins/module_utils/certificate_lsr/providers/base.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.9!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.10!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-2.6!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.9!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.10!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-2.6!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.9!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.10!skip -plugins/modules/certificate_request.py import-2.6!skip -plugins/modules/certificate_request.py import-2.7!skip -plugins/modules/certificate_request.py import-3.5!skip -plugins/modules/certificate_request.py import-3.6!skip -plugins/modules/certificate_request.py import-3.7!skip -plugins/modules/certificate_request.py import-3.8!skip -plugins/modules/certificate_request.py import-3.9!skip -plugins/modules/certificate_request.py import-3.10!skip plugins/modules/certificate_request.py validate-modules:missing-gplv3-license -plugins/modules/certificate_request.py validate-modules:import-error diff --git a/.sanity-ansible-ignore-2.13.txt b/.sanity-ansible-ignore-2.13.txt index 043aeb8..b3c573d 100644 --- a/.sanity-ansible-ignore-2.13.txt +++ b/.sanity-ansible-ignore-2.13.txt @@ -1,35 +1 @@ -plugins/module_utils/certificate_lsr/providers/base.py compile-2.6!skip -plugins/module_utils/certificate_lsr/providers/base.py import-2.6!skip -plugins/module_utils/certificate_lsr/providers/base.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.9!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.10!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-2.6!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.9!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.10!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-2.6!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.9!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.10!skip -plugins/modules/certificate_request.py import-2.6!skip -plugins/modules/certificate_request.py import-2.7!skip -plugins/modules/certificate_request.py import-3.5!skip -plugins/modules/certificate_request.py import-3.6!skip -plugins/modules/certificate_request.py import-3.7!skip -plugins/modules/certificate_request.py import-3.8!skip -plugins/modules/certificate_request.py import-3.9!skip -plugins/modules/certificate_request.py import-3.10!skip plugins/modules/certificate_request.py validate-modules:missing-gplv3-license -plugins/modules/certificate_request.py validate-modules:import-error diff --git a/.sanity-ansible-ignore-2.14.txt b/.sanity-ansible-ignore-2.14.txt index d3e70d0..b3c573d 100644 --- a/.sanity-ansible-ignore-2.14.txt +++ b/.sanity-ansible-ignore-2.14.txt @@ -1,34 +1 @@ -plugins/module_utils/certificate_lsr/providers/base.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.9!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.10!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.11!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.9!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.10!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.11!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.9!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.10!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.11!skip -plugins/modules/certificate_request.py import-2.7!skip -plugins/modules/certificate_request.py import-3.5!skip -plugins/modules/certificate_request.py import-3.6!skip -plugins/modules/certificate_request.py import-3.7!skip -plugins/modules/certificate_request.py import-3.8!skip -plugins/modules/certificate_request.py import-3.9!skip -plugins/modules/certificate_request.py import-3.10!skip -plugins/modules/certificate_request.py import-3.11!skip plugins/modules/certificate_request.py validate-modules:missing-gplv3-license -plugins/modules/certificate_request.py validate-modules:import-error diff --git a/.sanity-ansible-ignore-2.15.txt b/.sanity-ansible-ignore-2.15.txt index d3e70d0..b3c573d 100644 --- a/.sanity-ansible-ignore-2.15.txt +++ b/.sanity-ansible-ignore-2.15.txt @@ -1,34 +1 @@ -plugins/module_utils/certificate_lsr/providers/base.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.9!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.10!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.11!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.9!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.10!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.11!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.9!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.10!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.11!skip -plugins/modules/certificate_request.py import-2.7!skip -plugins/modules/certificate_request.py import-3.5!skip -plugins/modules/certificate_request.py import-3.6!skip -plugins/modules/certificate_request.py import-3.7!skip -plugins/modules/certificate_request.py import-3.8!skip -plugins/modules/certificate_request.py import-3.9!skip -plugins/modules/certificate_request.py import-3.10!skip -plugins/modules/certificate_request.py import-3.11!skip plugins/modules/certificate_request.py validate-modules:missing-gplv3-license -plugins/modules/certificate_request.py validate-modules:import-error diff --git a/.sanity-ansible-ignore-2.16.txt b/.sanity-ansible-ignore-2.16.txt new file mode 100644 index 0000000..b3c573d --- /dev/null +++ b/.sanity-ansible-ignore-2.16.txt @@ -0,0 +1 @@ +plugins/modules/certificate_request.py validate-modules:missing-gplv3-license diff --git a/.sanity-ansible-ignore-2.9.txt b/.sanity-ansible-ignore-2.9.txt index 9e2becd..b3c573d 100644 --- a/.sanity-ansible-ignore-2.9.txt +++ b/.sanity-ansible-ignore-2.9.txt @@ -1,27 +1 @@ -plugins/module_utils/certificate_lsr/providers/base.py compile-2.6!skip -plugins/module_utils/certificate_lsr/providers/base.py import-2.6!skip -plugins/module_utils/certificate_lsr/providers/base.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/base.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-2.6!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/certmonger.py import-3.8!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-2.6!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-2.7!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.5!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.6!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.7!skip -plugins/module_utils/certificate_lsr/providers/providers.py import-3.8!skip -plugins/modules/certificate_request.py import-2.6!skip -plugins/modules/certificate_request.py import-2.7!skip -plugins/modules/certificate_request.py import-3.5!skip -plugins/modules/certificate_request.py import-3.6!skip -plugins/modules/certificate_request.py import-3.7!skip -plugins/modules/certificate_request.py import-3.8!skip plugins/modules/certificate_request.py validate-modules:missing-gplv3-license -plugins/modules/certificate_request.py validate-modules:import-error diff --git a/library/certificate_request.py b/library/certificate_request.py index ffe2ed2..d77ce40 100644 --- a/library/certificate_request.py +++ b/library/certificate_request.py @@ -30,71 +30,76 @@ where files will be stored or a just a simple file name to be stored in I(directory). required: true + type: str dns: description: - Domain (or list of domains) to be included in the certificate. Also can provide the default value for I(common_name). - required: false + type: list + elements: str ip: description: - IP (or list of IPs) to be included in the certificate. IPs can be IPv4, IPv6 or both. Also can provide the default value for I(common_name). - required: false + type: list + elements: str email: description: - Email (or list of emails) to be included in the certificate. Also can provide the default value for I(common_name). - required: false + type: list + elements: str owner: description: - User name (or user id) for the certificate and key files. - required: false + type: str group: description: - Group name (or group id) for the certificate and key files. - required: false + type: str mode: description: - The file system permissions for the certificate and key files. type: raw - required: false common_name: description: - Common Name requested for the certificate subject. - required: false + type: str key_size: description: - Generate keys with a specific keysize in bits, by default 2048. - required: false + type: int ca: description: - CA that will issue the certificate. The available options will vary depending on each provider. + type: str required: true provider: description: - The underlying method used to request and manage the certificate. - required: false + type: str default: certmonger directory: description: - Directory where certificate and key will be stored. Only used if I(name) is not an absolute path. - required: false + type: str default: /etc/pki/tls provider_config_directory: description: - Directory where pre/post run scripts will be stored. - required: false + type: str default: /etc/certmonger principal: description: - Kerberos principal. - required: false + type: list + elements: str key_usage: description: - Allowed Key Usage for the certificate. @@ -108,7 +113,8 @@ - cRLSign - encipherOnly - decipherOnly - required: false + type: list + elements: str default: - digitalSignature - keyEncipherment @@ -116,54 +122,55 @@ description: - Extended Key Usage attributes to be present in the certificate request. - required: false default: - id-kp-serverAuth - id-kp-clientAuth + type: list + elements: str auto_renew: description: - Indicates if the certificate should be renewed automatically before it expires. - required: false + type: bool default: true wait: description: - If the role should block while waiting for the certificate to be issued. - required: false + type: bool default: true country: description: - Country requested for the certificate subject. - required: false + type: str state: description: - State requested for the certificate subject. - required: false + type: str locality: description: - Locality requested for the certificate subject (usually city). - required: false + type: str organization: description: - Organization requested for the certificate subject. - required: false + type: str organizational_unit: description: - Organizational unit requested for the certificate subject. - required: false + type: str contact_email: description: - Contact email requested for the certificate subject. - required: false + type: str run_before: description: - Command that should run before saving the certificate. - required: false + type: str run_after: description: - Command that should run after saving the certificate. - required: false + type: str __header: description: - Ansible ansible_managed string to put in header of file @@ -256,7 +263,7 @@ certificate_request: name: mycert dns: www.example.com - auto_renew: no + auto_renew: false ca: self-sign # Not wait for certificate to be issued @@ -264,7 +271,7 @@ certificate_request: name: single-example dns: www.example.com - wait: no + wait: false ca: self-sign # Certificate with more subject data @@ -344,9 +351,9 @@ def _get_argument_spec(): """Return a dict with the module arguments.""" return dict( name=dict(type="str", required=True), - dns=dict(type="list"), - ip=dict(type="list"), - email=dict(type="list"), + dns=dict(type="list", elements="str"), + ip=dict(type="list", elements="str"), + email=dict(type="list", elements="str"), common_name=dict(type="str"), country=dict(type="str"), state=dict(type="str"), @@ -362,16 +369,21 @@ def _get_argument_spec(): owner=dict(type="str"), group=dict(type="str"), mode=dict(type="raw"), - principal=dict(type="list"), + principal=dict(type="list", elements="str"), key_usage=dict( - type="list", choices=KEY_USAGE_CHOICES, default=KEY_USAGE_DEFAULTS + type="list", + choices=KEY_USAGE_CHOICES, + default=KEY_USAGE_DEFAULTS, + elements="str", + ), + extended_key_usage=dict( + type="list", default=EXTENDED_KEY_USAGE_DEFAULTS, elements="str" ), - extended_key_usage=dict(type="list", default=EXTENDED_KEY_USAGE_DEFAULTS), auto_renew=dict(type="bool", default=True), wait=dict(type="bool", default=True), run_before=dict(type="str"), run_after=dict(type="str"), - __header=dict(type="str"), + __header=dict(type="str", required=True), ) @property diff --git a/module_utils/certificate_lsr/providers/base.py b/module_utils/certificate_lsr/providers/base.py index faf1ba3..4a51467 100644 --- a/module_utils/certificate_lsr/providers/base.py +++ b/module_utils/certificate_lsr/providers/base.py @@ -8,18 +8,84 @@ import hashlib import os -import ipaddress +import traceback + +try: + import ipaddress +except ImportError: + HAS_IPADDRESS = False + IPADDRESS_IMPORT_ERROR = traceback.format_exc() +else: + HAS_IPADDRESS = True + IPADDRESS_IMPORT_ERROR = None from abc import ABCMeta, abstractmethod from pprint import pformat -from cryptography import x509 -from cryptography.hazmat.backends import default_backend -from cryptography.x509.oid import NameOID, ObjectIdentifier -from pyasn1.codec.der import decoder -from pyasn1.type import char, namedtype, tag, univ +# for ansible-test import/compile functionality +def fake_func(*args, **kwargs): + return None + + +class FakeSubClass(object): + def __init__(self, *args): + pass + + def __getattr__(self, value): + if value == "subtype": + return fake_func + else: + return object + + +class FakeBaseClass(object): + def __getattr__(self, value): + if value == "oid": + return FakeBaseClass() + elif value.endswith("OID"): + return FakeSubClass() + else: + return FakeSubClass + + +# for ansible-test import/compile functionality + + +try: + from cryptography import x509 + from cryptography.hazmat.backends import default_backend + from cryptography.x509.oid import NameOID, ObjectIdentifier +except ImportError: + HAS_CRYPTOGRAPHY = False + CRYPTOGRAPHY_IMPORT_ERROR = traceback.format_exc() + x509 = FakeBaseClass() + ANY_EXTENDED_KEY_USAGE = None + IPSEC_END_SYSTEM = None + IPSEC_TUNNEL = None + IPSEC_USER = None +else: + HAS_CRYPTOGRAPHY = True + CRYPTOGRAPHY_IMPORT_ERROR = None + ANY_EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37.0") + IPSEC_END_SYSTEM = ObjectIdentifier("1.3.6.1.5.5.7.3.5") + IPSEC_TUNNEL = ObjectIdentifier("1.3.6.1.5.5.7.3.6") + IPSEC_USER = ObjectIdentifier("1.3.6.1.5.5.7.3.7") + +try: + from pyasn1.codec.der import decoder + from pyasn1.type import char, namedtype, tag, univ +except ImportError: + HAS_PYASN1 = False + PYASN1_IMPORT_ERROR = traceback.format_exc() + univ = FakeBaseClass() + namedtype = FakeBaseClass() + tag = FakeBaseClass() + char = FakeBaseClass() +else: + HAS_PYASN1 = True + PYASN1_IMPORT_ERROR = None from ansible.module_utils.six import PY2 from ansible.module_utils._text import to_bytes, to_text @@ -27,11 +93,6 @@ if PY2: FileNotFoundError = IOError # pylint: disable=redefined-builtin -ANY_EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37.0") -IPSEC_END_SYSTEM = ObjectIdentifier("1.3.6.1.5.5.7.3.5") -IPSEC_TUNNEL = ObjectIdentifier("1.3.6.1.5.5.7.3.6") -IPSEC_USER = ObjectIdentifier("1.3.6.1.5.5.7.3.7") - def _escape_dn_value(val): """Escape special characters in RFC4514 Distinguished Name value.""" diff --git a/module_utils/certificate_lsr/providers/certmonger.py b/module_utils/certificate_lsr/providers/certmonger.py index 7fe27c6..3023fed 100644 --- a/module_utils/certificate_lsr/providers/certmonger.py +++ b/module_utils/certificate_lsr/providers/certmonger.py @@ -6,9 +6,39 @@ __metaclass__ = type -from distutils.version import StrictVersion - -import dbus +import traceback + +# Yes, yes, yes - distutils is deprecated - but we still have to support +# older platforms which do not have packaging.version - so tell ansible-test +# with newer python to shut up +try: + from packaging.version import Version as CertificateVersion +except ImportError: + import warnings + + warnings.filterwarnings("ignore", category=DeprecationWarning) + try: + from distutils.version import StrictVersion as CertificateVersion + except ImportError: + HAS_PACKAGING = False + PACKAGING_IMPORT_ERROR = traceback.format_exc() + else: + HAS_PACKAGING = True + PACKAGING_IMPORT_ERROR = None + # re-enable deprecation warnings for other code + warnings.filterwarnings("default", category=DeprecationWarning) +else: + HAS_PACKAGING = True + PACKAGING_IMPORT_ERROR = None + +try: + import dbus +except ImportError: + HAS_DBUS = False + DBUS_IMPORT_ERROR = traceback.format_exc() +else: + HAS_DBUS = True + DBUS_IMPORT_ERROR = None from ansible.module_utils.certificate_lsr.providers import base @@ -73,7 +103,7 @@ def certmonger_version(self): ret, out, err = self._run_command(certmonger_version_cmd, check_rc=False) if ret == 0 and not err: version_str = out.split(" ")[1] - self._version = StrictVersion(version_str) + self._version = CertificateVersion(version_str) else: self.module.fail_json( msg="Could not get certmonger version using '{0}'".format( @@ -265,7 +295,7 @@ def request_certificate(self): # Set certificate key size key_size = self.module.params.get("key_size") - allow_key_size_update = self.certmonger_version >= StrictVersion("0.79.0") + allow_key_size_update = self.certmonger_version >= CertificateVersion("0.79.0") if key_size is not None and not allow_key_size_update: self.module.fail_json( msg="Your certmonger version does not support attribute 'key_size'" diff --git a/tests/tests_include_vars_from_parent.yml b/tests/tests_include_vars_from_parent.yml index bc841df..b486789 100644 --- a/tests/tests_include_vars_from_parent.yml +++ b/tests/tests_include_vars_from_parent.yml @@ -38,9 +38,18 @@ varfiles: "{{ [facts['distribution']] | product(separators) | map('join') | product(versions) | map('join') | list + [facts['distribution'], facts['os_family']] }}" + register: __varfiles_created - name: Import role import_role: name: caller vars: roletoinclude: linux-system-roles.certificate + + - name: Cleanup + file: + path: "{{ item.dest }}" + state: absent + loop: "{{ __varfiles_created.results }}" + delegate_to: localhost + when: inventory_hostname == ansible_play_hosts_all[0] diff --git a/vars/CentOS_9.yml b/vars/CentOS_9.yml new file mode 100644 index 0000000..52feefa --- /dev/null +++ b/vars/CentOS_9.yml @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: MIT +--- +__certificate_certmonger_packages: + - certmonger + - python3-packaging diff --git a/vars/Fedora.yml b/vars/Fedora.yml new file mode 100644 index 0000000..52feefa --- /dev/null +++ b/vars/Fedora.yml @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: MIT +--- +__certificate_certmonger_packages: + - certmonger + - python3-packaging diff --git a/vars/RedHat_9.yml b/vars/RedHat_9.yml new file mode 100644 index 0000000..52feefa --- /dev/null +++ b/vars/RedHat_9.yml @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: MIT +--- +__certificate_certmonger_packages: + - certmonger + - python3-packaging diff --git a/vars/main.yml b/vars/main.yml index 490a031..4977cb7 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -4,10 +4,12 @@ __certificate_provider_default: certmonger +__certificate_certmonger_packages: + - certmonger + __certificate_provider_vars: certmonger: - packages: - - certmonger + packages: "{{ __certificate_certmonger_packages }}" service: certmonger config_dir: /etc/certmonger/ hooks_dirs_owner: root