ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity
community.general/lib/ansible/module_utils/crypto.py

214 lines
6.6 KiB
Python
Raw Normal View History

openssl_privatekey: Add publickey fingerprint (#22202) This commit adds the fingerprint of the public key in openssl_privatekey and openssl_publickey returned values. ``` { "changed": false, "filename": "/tmp/cert.pem", "fingerprint": { "md5": "31:22:14:58:c6:b1:7b:2a:48:89:b5:02:43:0a:d7:88", "sha1": "ed:e5:59:ba:9b:98:5b:e1:01:ef:4b:eb:f0:d1:1d:ee:84:88:c7:78", "sha224": "e1:c0:a6:bd:20:30:40:5b:c0:32:14:4a:01:3c:4b:c3:8a:49:a5:1f:ed:39:75:a4:57:e6:93:87", "sha256": "8a:18:86:88:79:e5:57:ca:c3:3c:89:92:ae:54:7f:ac:94:12:e2:c7:aa:c2:7c:97:77:cb:e7:8b:5e:1f:af:28", "sha384": "7a:5d:c2:49:cc:84:f4:74:ed:76:c7:03:e5:8d:aa:3b:31:b0:ba:0e:29:d2:76:3c:0e:3c:e5:d2:fd:b4:36:b1:70:b5:a6:bb:17:f4:db:ac:d6:75:81:36:42:dd:61:0c", "sha512": "da:0a:14:52:c6:c0:ab:fa:52:55:2a:85:65:35:7a:f6:5d:95:1d:d3:95:ae:bd:b9:d8:e0:75:dd:4f:0c:c9:3c:59:82:64:fa:d8:50:26:4f:b7:3a:5d:e8:6f:5d:de:9a:fe:ef:c2:c8:57:9d:e3:c0:c9:dd:4a:a9:bd:7a:77:f3" }, "size": 4096, "type": "RSA" } ```
2017-07-03 21:46:45 +02:00
# -*- coding: utf-8 -*-
#
# (c) 2016, Yanis Guenane <yanis+ansible@guenane.org>
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
try:
from OpenSSL import crypto
except ImportError:
# An error will be raised in the calling class to let the end
# user know that OpenSSL couldn't be found.
pass
crypto: Build a base object for openssl modules (#26945) More openssl modules are about to be made, each of them rewriting some pieces of code that can be refactored and used via a common library. This commit aims to create this "base" object and the common functions one might want to reuse in order to avoid duplication.
2017-07-21 17:54:04 +02:00
import abc
Relative time support for crypto modules (openssl_certificate) (#50570) * Move relative time handling to module_utils and rewrite it * Fix cases with no seconds defined * fix a small typo along the way * add relative time handling to the ownca provider in openssl_certificate * add initial integration test for relative time ownca * quote the documentation to produce valid yaml * move timespec conversion and validation to the init function * fix small edge case in conversion function * add relative timestamp handling to the selfsigned provider * add get_relative_time_option * add relative timestamp handling to valid_in * pep8 fix indentation * add quotes in error message * add changelog fragment * Update changelogs/fragments/50570-relative_time_crypto.yaml Co-Authored-By: MarkusTeufelberger <mteufelberger@mgit.at>
2019-01-22 21:41:02 +01:00
import datetime
crypto: Build a base object for openssl modules (#26945) More openssl modules are about to be made, each of them rewriting some pieces of code that can be refactored and used via a common library. This commit aims to create this "base" object and the common functions one might want to reuse in order to avoid duplication.
2017-07-21 17:54:04 +02:00
import errno
openssl_privatekey: Add publickey fingerprint (#22202) This commit adds the fingerprint of the public key in openssl_privatekey and openssl_publickey returned values. ``` { "changed": false, "filename": "/tmp/cert.pem", "fingerprint": { "md5": "31:22:14:58:c6:b1:7b:2a:48:89:b5:02:43:0a:d7:88", "sha1": "ed:e5:59:ba:9b:98:5b:e1:01:ef:4b:eb:f0:d1:1d:ee:84:88:c7:78", "sha224": "e1:c0:a6:bd:20:30:40:5b:c0:32:14:4a:01:3c:4b:c3:8a:49:a5:1f:ed:39:75:a4:57:e6:93:87", "sha256": "8a:18:86:88:79:e5:57:ca:c3:3c:89:92:ae:54:7f:ac:94:12:e2:c7:aa:c2:7c:97:77:cb:e7:8b:5e:1f:af:28", "sha384": "7a:5d:c2:49:cc:84:f4:74:ed:76:c7:03:e5:8d:aa:3b:31:b0:ba:0e:29:d2:76:3c:0e:3c:e5:d2:fd:b4:36:b1:70:b5:a6:bb:17:f4:db:ac:d6:75:81:36:42:dd:61:0c", "sha512": "da:0a:14:52:c6:c0:ab:fa:52:55:2a:85:65:35:7a:f6:5d:95:1d:d3:95:ae:bd:b9:d8:e0:75:dd:4f:0c:c9:3c:59:82:64:fa:d8:50:26:4f:b7:3a:5d:e8:6f:5d:de:9a:fe:ef:c2:c8:57:9d:e3:c0:c9:dd:4a:a9:bd:7a:77:f3" }, "size": 4096, "type": "RSA" } ```
2017-07-03 21:46:45 +02:00
import hashlib
crypto: Build a base object for openssl modules (#26945) More openssl modules are about to be made, each of them rewriting some pieces of code that can be refactored and used via a common library. This commit aims to create this "base" object and the common functions one might want to reuse in order to avoid duplication.
2017-07-21 17:54:04 +02:00
import os
Relative time support for crypto modules (openssl_certificate) (#50570) * Move relative time handling to module_utils and rewrite it * Fix cases with no seconds defined * fix a small typo along the way * add relative time handling to the ownca provider in openssl_certificate * add initial integration test for relative time ownca * quote the documentation to produce valid yaml * move timespec conversion and validation to the init function * fix small edge case in conversion function * add relative timestamp handling to the selfsigned provider * add get_relative_time_option * add relative timestamp handling to valid_in * pep8 fix indentation * add quotes in error message * add changelog fragment * Update changelogs/fragments/50570-relative_time_crypto.yaml Co-Authored-By: MarkusTeufelberger <mteufelberger@mgit.at>
2019-01-22 21:41:02 +01:00
import re
crypto: Build a base object for openssl modules (#26945) More openssl modules are about to be made, each of them rewriting some pieces of code that can be refactored and used via a common library. This commit aims to create this "base" object and the common functions one might want to reuse in order to avoid duplication.
2017-07-21 17:54:04 +02:00
from ansible.module_utils import six
Extend test coverage for openssl modules (#27548) * openssl_privatekey: Extend test coverage Extend the coverage of the integration test for the module openssl_privatekey. New tests have been added: * passphrase * idempotence * removal Co-Authored-By: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr> * openssl_publickey: Extend test coverage Extend the coverage on the integration test for the module openssl_publickey. New tests have been added: * OpenSSH format * passphrase * idempotence * removal
2017-08-21 13:19:41 +02:00
from ansible.module_utils._text import to_bytes
crypto: Build a base object for openssl modules (#26945) More openssl modules are about to be made, each of them rewriting some pieces of code that can be refactored and used via a common library. This commit aims to create this "base" object and the common functions one might want to reuse in order to avoid duplication.
2017-07-21 17:54:04 +02:00
class OpenSSLObjectError(Exception):
pass
openssl_privatekey: Add publickey fingerprint (#22202) This commit adds the fingerprint of the public key in openssl_privatekey and openssl_publickey returned values. ``` { "changed": false, "filename": "/tmp/cert.pem", "fingerprint": { "md5": "31:22:14:58:c6:b1:7b:2a:48:89:b5:02:43:0a:d7:88", "sha1": "ed:e5:59:ba:9b:98:5b:e1:01:ef:4b:eb:f0:d1:1d:ee:84:88:c7:78", "sha224": "e1:c0:a6:bd:20:30:40:5b:c0:32:14:4a:01:3c:4b:c3:8a:49:a5:1f:ed:39:75:a4:57:e6:93:87", "sha256": "8a:18:86:88:79:e5:57:ca:c3:3c:89:92:ae:54:7f:ac:94:12:e2:c7:aa:c2:7c:97:77:cb:e7:8b:5e:1f:af:28", "sha384": "7a:5d:c2:49:cc:84:f4:74:ed:76:c7:03:e5:8d:aa:3b:31:b0:ba:0e:29:d2:76:3c:0e:3c:e5:d2:fd:b4:36:b1:70:b5:a6:bb:17:f4:db:ac:d6:75:81:36:42:dd:61:0c", "sha512": "da:0a:14:52:c6:c0:ab:fa:52:55:2a:85:65:35:7a:f6:5d:95:1d:d3:95:ae:bd:b9:d8:e0:75:dd:4f:0c:c9:3c:59:82:64:fa:d8:50:26:4f:b7:3a:5d:e8:6f:5d:de:9a:fe:ef:c2:c8:57:9d:e3:c0:c9:dd:4a:a9:bd:7a:77:f3" }, "size": 4096, "type": "RSA" } ```
2017-07-03 21:46:45 +02:00
openssl_privatekey: add ECC support (#49416) * Add cryptography backend for openssl_privatekey. * Adding ECC support. No support for X25519 and X449, since they don't support serialization. * Improve finterprint calculation to work with Python 3. * Add fingerprint check. * Fix typo. * Use separate curve option for elliptic curves, and use type 'ECC'. * Using curve names as defined in IANA registry. * Bump minimal supported cryptography version. Older versions might work as well, but I couldn't test them. * Improve documentation.
2018-12-18 10:07:36 +01:00
def get_fingerprint_of_bytes(source):
"""Generate the fingerprint of the given bytes."""
openssl_privatekey: Add publickey fingerprint (#22202) This commit adds the fingerprint of the public key in openssl_privatekey and openssl_publickey returned values. ``` { "changed": false, "filename": "/tmp/cert.pem", "fingerprint": { "md5": "31:22:14:58:c6:b1:7b:2a:48:89:b5:02:43:0a:d7:88", "sha1": "ed:e5:59:ba:9b:98:5b:e1:01:ef:4b:eb:f0:d1:1d:ee:84:88:c7:78", "sha224": "e1:c0:a6:bd:20:30:40:5b:c0:32:14:4a:01:3c:4b:c3:8a:49:a5:1f:ed:39:75:a4:57:e6:93:87", "sha256": "8a:18:86:88:79:e5:57:ca:c3:3c:89:92:ae:54:7f:ac:94:12:e2:c7:aa:c2:7c:97:77:cb:e7:8b:5e:1f:af:28", "sha384": "7a:5d:c2:49:cc:84:f4:74:ed:76:c7:03:e5:8d:aa:3b:31:b0:ba:0e:29:d2:76:3c:0e:3c:e5:d2:fd:b4:36:b1:70:b5:a6:bb:17:f4:db:ac:d6:75:81:36:42:dd:61:0c", "sha512": "da:0a:14:52:c6:c0:ab:fa:52:55:2a:85:65:35:7a:f6:5d:95:1d:d3:95:ae:bd:b9:d8:e0:75:dd:4f:0c:c9:3c:59:82:64:fa:d8:50:26:4f:b7:3a:5d:e8:6f:5d:de:9a:fe:ef:c2:c8:57:9d:e3:c0:c9:dd:4a:a9:bd:7a:77:f3" }, "size": 4096, "type": "RSA" } ```
2017-07-03 21:46:45 +02:00
fingerprint = {}
openssl_privatekey: add ECC support (#49416) * Add cryptography backend for openssl_privatekey. * Adding ECC support. No support for X25519 and X449, since they don't support serialization. * Improve finterprint calculation to work with Python 3. * Add fingerprint check. * Fix typo. * Use separate curve option for elliptic curves, and use type 'ECC'. * Using curve names as defined in IANA registry. * Bump minimal supported cryptography version. Older versions might work as well, but I couldn't test them. * Improve documentation.
2018-12-18 10:07:36 +01:00
try:
algorithms = hashlib.algorithms
except AttributeError:
try:
algorithms = hashlib.algorithms_guaranteed
except AttributeError:
return None
for algo in algorithms:
f = getattr(hashlib, algo)
h = f(source)
try:
# Certain hash functions have a hexdigest() which expects a length parameter
pubkey_digest = h.hexdigest()
except TypeError:
pubkey_digest = h.hexdigest(32)
fingerprint[algo] = ':'.join(pubkey_digest[i:i + 2] for i in range(0, len(pubkey_digest), 2))
return fingerprint
def get_fingerprint(path, passphrase=None):
"""Generate the fingerprint of the public key. """
Enable integration tests for the crypto/ namespace (#26684) Crypto namespace contains the openssl modules. It has no integration testing as of now. This commits aims to add integration tests for the crypto namespace. This will make it easier to spot breaking changes in the future. This tests currently apply to: * openssl_privatekey * openssl_publickey * openssl_csr
2017-07-25 13:18:18 +02:00
privatekey = load_privatekey(path, passphrase)
openssl_privatekey: Add publickey fingerprint (#22202) This commit adds the fingerprint of the public key in openssl_privatekey and openssl_publickey returned values. ``` { "changed": false, "filename": "/tmp/cert.pem", "fingerprint": { "md5": "31:22:14:58:c6:b1:7b:2a:48:89:b5:02:43:0a:d7:88", "sha1": "ed:e5:59:ba:9b:98:5b:e1:01:ef:4b:eb:f0:d1:1d:ee:84:88:c7:78", "sha224": "e1:c0:a6:bd:20:30:40:5b:c0:32:14:4a:01:3c:4b:c3:8a:49:a5:1f:ed:39:75:a4:57:e6:93:87", "sha256": "8a:18:86:88:79:e5:57:ca:c3:3c:89:92:ae:54:7f:ac:94:12:e2:c7:aa:c2:7c:97:77:cb:e7:8b:5e:1f:af:28", "sha384": "7a:5d:c2:49:cc:84:f4:74:ed:76:c7:03:e5:8d:aa:3b:31:b0:ba:0e:29:d2:76:3c:0e:3c:e5:d2:fd:b4:36:b1:70:b5:a6:bb:17:f4:db:ac:d6:75:81:36:42:dd:61:0c", "sha512": "da:0a:14:52:c6:c0:ab:fa:52:55:2a:85:65:35:7a:f6:5d:95:1d:d3:95:ae:bd:b9:d8:e0:75:dd:4f:0c:c9:3c:59:82:64:fa:d8:50:26:4f:b7:3a:5d:e8:6f:5d:de:9a:fe:ef:c2:c8:57:9d:e3:c0:c9:dd:4a:a9:bd:7a:77:f3" }, "size": 4096, "type": "RSA" } ```
2017-07-03 21:46:45 +02:00
try:
publickey = crypto.dump_publickey(crypto.FILETYPE_ASN1, privatekey)
openssl_privatekey: add ECC support (#49416) * Add cryptography backend for openssl_privatekey. * Adding ECC support. No support for X25519 and X449, since they don't support serialization. * Improve finterprint calculation to work with Python 3. * Add fingerprint check. * Fix typo. * Use separate curve option for elliptic curves, and use type 'ECC'. * Using curve names as defined in IANA registry. * Bump minimal supported cryptography version. Older versions might work as well, but I couldn't test them. * Improve documentation.
2018-12-18 10:07:36 +01:00
return get_fingerprint_of_bytes(publickey)
openssl_privatekey: Add publickey fingerprint (#22202) This commit adds the fingerprint of the public key in openssl_privatekey and openssl_publickey returned values. ``` { "changed": false, "filename": "/tmp/cert.pem", "fingerprint": { "md5": "31:22:14:58:c6:b1:7b:2a:48:89:b5:02:43:0a:d7:88", "sha1": "ed:e5:59:ba:9b:98:5b:e1:01:ef:4b:eb:f0:d1:1d:ee:84:88:c7:78", "sha224": "e1:c0:a6:bd:20:30:40:5b:c0:32:14:4a:01:3c:4b:c3:8a:49:a5:1f:ed:39:75:a4:57:e6:93:87", "sha256": "8a:18:86:88:79:e5:57:ca:c3:3c:89:92:ae:54:7f:ac:94:12:e2:c7:aa:c2:7c:97:77:cb:e7:8b:5e:1f:af:28", "sha384": "7a:5d:c2:49:cc:84:f4:74:ed:76:c7:03:e5:8d:aa:3b:31:b0:ba:0e:29:d2:76:3c:0e:3c:e5:d2:fd:b4:36:b1:70:b5:a6:bb:17:f4:db:ac:d6:75:81:36:42:dd:61:0c", "sha512": "da:0a:14:52:c6:c0:ab:fa:52:55:2a:85:65:35:7a:f6:5d:95:1d:d3:95:ae:bd:b9:d8:e0:75:dd:4f:0c:c9:3c:59:82:64:fa:d8:50:26:4f:b7:3a:5d:e8:6f:5d:de:9a:fe:ef:c2:c8:57:9d:e3:c0:c9:dd:4a:a9:bd:7a:77:f3" }, "size": 4096, "type": "RSA" } ```
2017-07-03 21:46:45 +02:00
except AttributeError:
# If PyOpenSSL < 16.0 crypto.dump_publickey() will fail.
# By doing this we prevent the code from raising an error
# yet we return no value in the fingerprint hash.
openssl_privatekey: add ECC support (#49416) * Add cryptography backend for openssl_privatekey. * Adding ECC support. No support for X25519 and X449, since they don't support serialization. * Improve finterprint calculation to work with Python 3. * Add fingerprint check. * Fix typo. * Use separate curve option for elliptic curves, and use type 'ECC'. * Using curve names as defined in IANA registry. * Bump minimal supported cryptography version. Older versions might work as well, but I couldn't test them. * Improve documentation.
2018-12-18 10:07:36 +01:00
return None
crypto: Build a base object for openssl modules (#26945) More openssl modules are about to be made, each of them rewriting some pieces of code that can be refactored and used via a common library. This commit aims to create this "base" object and the common functions one might want to reuse in order to avoid duplication.
2017-07-21 17:54:04 +02:00
def load_privatekey(path, passphrase=None):
"""Load the specified OpenSSL private key."""
try:
Close all open filehandle (#50544) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-01-11 16:14:08 +01:00
with open(path, 'rb') as b_priv_key_fh:
priv_key_detail = b_priv_key_fh.read()
Enable integration tests for the crypto/ namespace (#26684) Crypto namespace contains the openssl modules. It has no integration testing as of now. This commits aims to add integration tests for the crypto namespace. This will make it easier to spot breaking changes in the future. This tests currently apply to: * openssl_privatekey * openssl_publickey * openssl_csr
2017-07-25 13:18:18 +02:00
if passphrase:
Close all open filehandle (#50544) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-01-11 16:14:08 +01:00
return crypto.load_privatekey(crypto.FILETYPE_PEM,
priv_key_detail,
to_bytes(passphrase))
Enable integration tests for the crypto/ namespace (#26684) Crypto namespace contains the openssl modules. It has no integration testing as of now. This commits aims to add integration tests for the crypto namespace. This will make it easier to spot breaking changes in the future. This tests currently apply to: * openssl_privatekey * openssl_publickey * openssl_csr
2017-07-25 13:18:18 +02:00
else:
Close all open filehandle (#50544) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-01-11 16:14:08 +01:00
return crypto.load_privatekey(crypto.FILETYPE_PEM,
priv_key_detail)
crypto: Build a base object for openssl modules (#26945) More openssl modules are about to be made, each of them rewriting some pieces of code that can be refactored and used via a common library. This commit aims to create this "base" object and the common functions one might want to reuse in order to avoid duplication.
2017-07-21 17:54:04 +02:00
except (IOError, OSError) as exc:
raise OpenSSLObjectError(exc)
def load_certificate(path):
"""Load the specified certificate."""
try:
Close all open filehandle (#50544) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-01-11 16:14:08 +01:00
with open(path, 'rb') as cert_fh:
cert_content = cert_fh.read()
return crypto.load_certificate(crypto.FILETYPE_PEM, cert_content)
crypto: Build a base object for openssl modules (#26945) More openssl modules are about to be made, each of them rewriting some pieces of code that can be refactored and used via a common library. This commit aims to create this "base" object and the common functions one might want to reuse in order to avoid duplication.
2017-07-21 17:54:04 +02:00
except (IOError, OSError) as exc:
raise OpenSSLObjectError(exc)
crypto/openssl_*: Standardize implementaton and add support keyUsage, extenededKeyUsage (#27281) * openssl_csr: make subjectAltNames a list * csr module now uses the new standard way to build openssl crypto modules * add check functions for subject and subjectAltNames * added support for keyUsage and extendedKeyUsage * check if CSR signature is correct (aka the privatekey belongs to the CSR) * fixes for first PR review * fixes for second PR review * openssl_csr: there is no need to pass on privatekey as it can be accessed directly * openssl_csr: documentation fixes
2017-08-03 13:27:17 +02:00
def load_certificate_request(path):
"""Load the specified certificate signing request."""
try:
Close all open filehandle (#50544) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-01-11 16:14:08 +01:00
with open(path, 'rb') as csr_fh:
csr_content = csr_fh.read()
return crypto.load_certificate_request(crypto.FILETYPE_PEM, csr_content)
crypto/openssl_*: Standardize implementaton and add support keyUsage, extenededKeyUsage (#27281) * openssl_csr: make subjectAltNames a list * csr module now uses the new standard way to build openssl crypto modules * add check functions for subject and subjectAltNames * added support for keyUsage and extendedKeyUsage * check if CSR signature is correct (aka the privatekey belongs to the CSR) * fixes for first PR review * fixes for second PR review * openssl_csr: there is no need to pass on privatekey as it can be accessed directly * openssl_csr: documentation fixes
2017-08-03 13:27:17 +02:00
except (IOError, OSError) as exc:
raise OpenSSLObjectError(exc)
Allow multiple values per key in name fields in openssl_certificate/csr (#30338) * allow multiple values per key in name fields in openssl_certificate * check correct side of comparison * trigger only on lists * add subject parameter to openssl_csr * fix key: value mapping not skipping None elements * temporary fix for undefined "subject" field * fix iteration over subject entries * fix docs * quote sample string * allow csr with only subject defined * fix integration test * look up NIDs before comparing, add hidden _strict params * deal with empty issuer/subject fields * adapt integration tests * also normalize output from pyopenssl * fix issue with _sanitize_inputs * don't convert empty lists * workaround for pyopenssl limitations * properly encode the input to the txt2nid function * another to_bytes fix * make subject, commonname and subjecAltName completely optional * don't compare hashes of keys in openssl_csr integration tests * add integration test for old API in openssl_csr * compare keys directly in certificate and publickey integration tests * fix typo
2017-12-12 13:35:22 +01:00
def parse_name_field(input_dict):
"""Take a dict with key: value or key: list_of_values mappings and return a list of tuples"""
result = []
for key in input_dict:
if isinstance(input_dict[key], list):
for entry in input_dict[key]:
result.append((key, entry))
else:
result.append((key, input_dict[key]))
return result
Relative time support for crypto modules (openssl_certificate) (#50570) * Move relative time handling to module_utils and rewrite it * Fix cases with no seconds defined * fix a small typo along the way * add relative time handling to the ownca provider in openssl_certificate * add initial integration test for relative time ownca * quote the documentation to produce valid yaml * move timespec conversion and validation to the init function * fix small edge case in conversion function * add relative timestamp handling to the selfsigned provider * add get_relative_time_option * add relative timestamp handling to valid_in * pep8 fix indentation * add quotes in error message * add changelog fragment * Update changelogs/fragments/50570-relative_time_crypto.yaml Co-Authored-By: MarkusTeufelberger <mteufelberger@mgit.at>
2019-01-22 21:41:02 +01:00
def convert_relative_to_datetime(relative_time_string):
"""Get a datetime.datetime or None from a string in the time format described in sshd_config(5)"""
parsed_result = re.match(
r"^(?P<prefix>[+-])((?P<weeks>\d+)[wW])?((?P<days>\d+)[dD])?((?P<hours>\d+)[hH])?((?P<minutes>\d+)[mM])?((?P<seconds>\d+)[sS]?)?$",
relative_time_string)
if parsed_result is None or len(relative_time_string) == 1:
# not matched or only a single "+" or "-"
return None
offset = datetime.timedelta(0)
if parsed_result.group("weeks") is not None:
offset += datetime.timedelta(weeks=int(parsed_result.group("weeks")))
if parsed_result.group("days") is not None:
offset += datetime.timedelta(days=int(parsed_result.group("days")))
if parsed_result.group("hours") is not None:
offset += datetime.timedelta(hours=int(parsed_result.group("hours")))
if parsed_result.group("minutes") is not None:
offset += datetime.timedelta(
minutes=int(parsed_result.group("minutes")))
if parsed_result.group("seconds") is not None:
offset += datetime.timedelta(
seconds=int(parsed_result.group("seconds")))
if parsed_result.group("prefix") == "+":
return datetime.datetime.utcnow() + offset
else:
return datetime.datetime.utcnow() - offset
crypto: Build a base object for openssl modules (#26945) More openssl modules are about to be made, each of them rewriting some pieces of code that can be refactored and used via a common library. This commit aims to create this "base" object and the common functions one might want to reuse in order to avoid duplication.
2017-07-21 17:54:04 +02:00
@six.add_metaclass(abc.ABCMeta)
class OpenSSLObject(object):
def __init__(self, path, state, force, check_mode):
self.path = path
self.state = state
self.force = force
self.name = os.path.basename(path)
self.changed = False
self.check_mode = check_mode
openssl_privatekey: Standardize implementaton of the module The OpenSSLObject class has been merged[1]. This commit makes the openssl_privatekey rely on this class and standardize the way openssl module should be written. Co-Authored-By: Christian Pointner <cpointner@mgit.at> [1] https://github.com/ansible/ansible/pull/26945
2017-07-24 10:49:22 +02:00
def check(self, module, perms_required=True):
crypto: Build a base object for openssl modules (#26945) More openssl modules are about to be made, each of them rewriting some pieces of code that can be refactored and used via a common library. This commit aims to create this "base" object and the common functions one might want to reuse in order to avoid duplication.
2017-07-21 17:54:04 +02:00
"""Ensure the resource is in its desired state."""
openssl_privatekey: Standardize implementaton of the module The OpenSSLObject class has been merged[1]. This commit makes the openssl_privatekey rely on this class and standardize the way openssl module should be written. Co-Authored-By: Christian Pointner <cpointner@mgit.at> [1] https://github.com/ansible/ansible/pull/26945
2017-07-24 10:49:22 +02:00
def _check_state():
return os.path.exists(self.path)
def _check_perms(module):
file_args = module.load_file_common_arguments(module.params)
return not module.set_fs_attributes_if_different(file_args, False)
if not perms_required:
return _check_state()
return _check_state() and _check_perms(module)
crypto: Build a base object for openssl modules (#26945) More openssl modules are about to be made, each of them rewriting some pieces of code that can be refactored and used via a common library. This commit aims to create this "base" object and the common functions one might want to reuse in order to avoid duplication.
2017-07-21 17:54:04 +02:00
@abc.abstractmethod
def dump(self):
"""Serialize the object into a dictionary."""
pass
@abc.abstractmethod
def generate(self):
"""Generate the resource."""
pass
def remove(self):
"""Remove the resource from the filesystem."""
try:
os.remove(self.path)
self.changed = True
except OSError as exc:
if exc.errno != errno.ENOENT:
raise OpenSSLObjectError(exc)
else:
pass
Copy permalink