The community.crypto collection for Ansible.

Go to file

Felix Fontein 0c62837296 crypto.math module utils: add some tests, fix quick_is_not_prime() for small primes (#733 ) * Fix quick_is_not_prime() for small primes. Add some tests. * Fix return value of convert_int_to_bytes(0, 0) on Python 2. * Add some more test cases. * Simplify the changelog and point out that these errors only happen for cases not happening in regular use.		2024-04-29 08:50:28 +02:00
.azure-pipelines	Arch Linux switched to Python 3.12. (#731 )	2024-04-28 15:20:03 +00:00
.github	CI: Add stable-2.17; copy ignore.txt files from 2.17 to 2.18; move stable-2.14 from AZP to GHA (#721 )	2024-04-03 08:32:16 +02:00
.reuse	Make mostly reuse conformant (#502 )	2022-09-13 19:13:04 +00:00
LICENSES	Move licenses to LICENSES/, use SPDX-License-Identifier, mention all licenses in galaxy.yml (#491 )	2022-07-21 07:27:26 +02:00
changelogs	crypto.math module utils: add some tests, fix quick_is_not_prime() for small primes (#733 )	2024-04-29 08:50:28 +02:00
docs/docsite	Include changelog in docsite. (#729 )	2024-04-18 12:22:34 +02:00
meta	Rewrite EE test workflows to use ansible-builder 3.0.0; fix EE dependencies (#606 )	2023-05-21 12:43:14 +02:00
plugins	crypto.math module utils: add some tests, fix quick_is_not_prime() for small primes (#733 )	2024-04-29 08:50:28 +02:00
tests	crypto.math module utils: add some tests, fix quick_is_not_prime() for small primes (#733 )	2024-04-29 08:50:28 +02:00
.gitignore	Move licenses to LICENSES/, use SPDX-License-Identifier, mention all licenses in galaxy.yml (#491 )	2022-07-21 07:27:26 +02:00
CHANGELOG.md	Release 2.19.0.	2024-04-20 11:48:34 +02:00
CHANGELOG.md.license	Add MarkDown changelog and use it by default. (#708 )	2024-02-09 13:08:12 +01:00
CHANGELOG.rst	Release 2.19.0.	2024-04-20 11:48:34 +02:00
CHANGELOG.rst.license	Make mostly reuse conformant (#502 )	2022-09-13 19:13:04 +00:00
COPYING	Add proper README and update COPYING (#10 )	2020-04-01 15:17:37 +02:00
README.md	Add x509_certificate_convert module. (#728 )	2024-04-18 05:50:36 +00:00
galaxy.yml	Next expected release will be 2.20.0.	2024-04-20 12:06:08 +02:00

README.md

Ansible Community Crypto Collection

Provides modules for Ansible for various cryptographic operations.

You can find documentation for this collection on the Ansible docs site.

Please note that this collection does not support Windows targets.

Tested with Ansible

Tested with the current Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, ansible-core 2.14, ansible-core 2.15, ansible-core 2.16, and ansible-core-2.17 releases and the current development version of ansible-core. Ansible versions before 2.9.10 are not supported.

External requirements

The exact requirements for every module are listed in the module documentation.

Most modules require a recent enough version of the Python cryptography library. See the module documentations for the minimal version supported for each module.

Collection Documentation

Browsing the latest collection documentation will show docs for the latest version released in the Ansible package, not the latest version of the collection released on Galaxy.

Browsing the devel collection documentation shows docs for the latest version released on Galaxy.

We also separately publish latest commit collection documentation which shows docs for the latest commit in the main branch.

If you use the Ansible package and do not update collections independently, use latest. If you install or update this collection directly from Galaxy, use devel. If you are looking to contribute, use latest commit.

Included content

OpenSSL / PKI modules and plugins:
- certificate_complete_chain module
- openssl_csr_info module and filter
- openssl_csr_pipe module
- openssl_csr module
- openssl_dhparam module
- openssl_pkcs12 module
- openssl_privatekey_convert module
- openssl_privatekey_info module and filter
- openssl_privatekey_pipe module
- openssl_privatekey module
- openssl_publickey_info module and filter
- openssl_publickey module
- openssl_signature_info module
- openssl_signature module
- split_pem filter
- x509_certificate_convert module
- x509_certificate_info module and filter
- x509_certificate_pipe module
- x509_certificate module
- x509_crl_info module and filter
- x509_crl module
OpenSSH modules and plugins:
- openssh_cert module
- openssh_keypair module
ACME modules and plugins:
- acme_account_info module
- acme_account module
- acme_certificate module
- acme_certificate_revoke module
- acme_challenge_cert_helper module
- acme_inspect module
ECS modules and plugins:
- ecs_certificate module
- ecs_domain module
GnuPG modules and plugins:
- gpg_fingerprint lookup and filter
Miscellaneous modules and plugins:
- crypto_info module
- get_certificate module
- luks_device module
- parse_serial and to_serial filters

You can also find a list of all modules and plugins with documentation on the Ansible docs site, or the latest commit collection documentation.

Using this collection

Before using the crypto community collection, you need to install the collection with the ansible-galaxy CLI:

ansible-galaxy collection install community.crypto

You can also include it in a requirements.yml file and install it via ansible-galaxy collection install -r requirements.yml using the format:

collections:
- name: community.crypto

See Ansible Using collections for more details.

Contributing to this collection

We're following the general Ansible contributor guidelines; see Ansible Community Guide.

If you want to clone this repositority (or a fork of it) to improve it, you can proceed as follows:

Create a directory ansible_collections/community;
In there, checkout this repository (or a fork) as crypto;
Add the directory containing ansible_collections to your ANSIBLE_COLLECTIONS_PATH.

See Ansible's dev guide for more information.

Release notes

See the changelog.

Roadmap

We plan to regularly release minor and patch versions, whenever new features are added or bugs fixed. Our collection follows semantic versioning, so breaking changes will only happen in major releases.

Most modules will drop PyOpenSSL support in version 2.0.0 of the collection, i.e. in the next major version. We currently plan to release 2.0.0 somewhen during 2021. Around then, the supported versions of the most common distributions will contain a new enough version of cryptography.

Once 2.0.0 has been released, bugfixes will still be backported to 1.0.0 for some time, and some features might also be backported. If we do not want to backport something ourselves because we think it is not worth the effort, backport PRs by non-maintainers are usually accepted.

In 2.0.0, the following notable features will be removed:

PyOpenSSL backends of all modules, except openssl_pkcs12 which does not have a cryptography backend due to lack of support of PKCS#12 functionality in cryptography.
The assertonly provider of x509_certificate will be removed.

More information

Licensing

This collection is primarily licensed and distributed as a whole under the GNU General Public License v3.0 or later.

See LICENSES/GPL-3.0-or-later.txt for the full text.

Parts of the collection are licensed under the Apache 2.0 license (plugins/module_utils/crypto/_obj2txt.py and plugins/module_utils/crypto/_objects_data.py), the BSD 2-Clause license (plugins/module_utils/ecs/api.py), the BSD 3-Clause license (plugins/module_utils/crypto/_obj2txt.py, tests/integration/targets/prepare_jinja2_compat/filter_plugins/jinja_compatibility.py), and the PSF 2.0 license (plugins/module_utils/_version.py). This only applies to vendored files in plugins/module_utils/ and to the ECS module utils.

Almost all files have a machine readable SDPX-License-Identifier: comment denoting its respective license(s) or an equivalent entry in an accompanying .license file. Only changelog fragments (which will not be part of a release) are covered by a blanket statement in .reuse/dep5. Right now a few vendored PEM files do not have licensing information as well. This conforms to the REUSE specification up to the aforementioned PEM files.