Prepare release

README.md

@@ -4,17 +4,14 @@
 
 Provides modules for [Ansible](https://www.ansible.com/community) for various cryptographic operations.
 
-<!-- Describe the collection and why a user would want to use it. What does the collection do? -->
-
 ## Tested with Ansible
 
-Tested with both the current Ansible 2.9 release and the current development version of Ansible.
-
-<!-- List the versions of Ansible the collection has been tested with. Must match what is in galaxy.yml. -->
+Tested with both the current Ansible 2.9 and 2.10 releases and the current development version of Ansible. Ansible versions before 2.9.10 are not supported.
 
 ## External requirements
 
 The exact requirements for every module are listed in the module documentation. 
+
 Most modules require a recent enough version of [the Python cryptography library](https://pypi.org/project/cryptography/). See the module documentations for the minimal version supported for each module.
 
 ## Included content
@@ -51,7 +48,16 @@ Most modules require a recent enough version of [the Python cryptography library
 
 ## Using this collection
 
-<!--Include some quick examples that cover the most common use cases for your collection content. -->
+Before using the crypto community collection, you need to install the collection with the `ansible-galaxy` CLI:
+
+    ansible-galaxy collection install community.crypto
+
+You can also include it in a `requirements.yml` file and install it via `ansible-galaxy collection install -r requirements.yml` using the format:
+
+```yaml
+collections:
+- name: community.crypto
+```
 
 See [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html) for more details.
 
@@ -64,19 +70,27 @@ We're following the general Ansible contributor guidelines; see [Ansible Communi
 If you want to clone this repositority (or a fork of it) to improve it, you can proceed as follows:
 1. Create a directory `ansible_collections/community`;
 2. In there, checkout this repository (or a fork) as `crypto`;
-3. Add the directory containing `ansible_collections` to your [ANSIBLE_COLLECTIONS_PATHS](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#collections-paths).
+3. Add the directory containing `ansible_collections` to your [ANSIBLE_COLLECTIONS_PATH](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#collections-paths).
+
+See [Ansible's dev guide](https://docs.ansible.com/ansible/devel/dev_guide/developing_collections.html#contributing-to-collections) for more information.
 
 ## Release notes
 
-<!--Add a link to a changelog.md file or an external docsite to cover this information. -->
+See the [changelog](https://github.com/ansible-collections/collection_template/blob/master/CHANGELOG.rst).
 
 ## Roadmap
 
-<!-- Optional. Include the roadmap for this collection, and the proposed release/versioning strategy so users can anticipate the upgrade/update cycle. -->
+We plan to regularly release minor and patch versions, whenever new features are added or bugs fixed. Our collection follows [semantic versioning](https://semver.org/), so breaking changes will only happen in major releases.
 
-## More information
+Most modules will drop PyOpenSSL support in version 2.0.0 of the collection, i.e. in the next major version. We currently plan to release 2.0.0 somewhen during 2021. Around then, the supported versions of the most common distributions will contain a new enough version of ``cryptography``.
+
+Once 2.0.0 has been released, bugfixes will still be backported to 1.0.0 for some time, and some features might also be backported. If we do not want to backport something ourselves because we think it is not worth the effort, backport PRs by non-maintainers are usually accepted.
 
-<!-- List out where the user can find additional information, such as working group meeting times, slack/IRC channels, or documentation for the product this collection automates. At a minimum, link to: -->
+In 2.0.0, the following notable features will be removed:
+* PyOpenSSL backends of all modules, except ``openssl_pkcs12`` which does not have a ``cryptography`` backend due to lack of support of PKCS#12 functionality in ``cryptography``.
+* The ``assertonly`` provider of ``x509_certificate`` will be removed.
+
+## More information
 
 - [Ansible Collection overview](https://github.com/ansible-collections/overview)
 - [Ansible User guide](https://docs.ansible.com/ansible/latest/user_guide/index.html)

changelogs/config.yaml

@@ -1,5 +1,10 @@
+changelog_filename_template: ../CHANGELOG.rst
+changelog_filename_version_depth: 0
 changes_file: changelog.yaml
 changes_format: combined
+keep_fragments: false
+mention_ancestor: true
+new_plugins_after_name: removed_features
 notesdir: fragments
 prelude_section_name: release_summary
 prelude_section_title: Release Summary
@@ -20,3 +25,4 @@ sections:
   - Bugfixes
 - - known_issues
   - Known Issues
+title: Community Crypto

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: community
 name: crypto
-version: 0.1.0
+version: 1.0.0
 readme: README.md
 authors:
   - Ansible (github.com/ansible)
@@ -14,14 +14,14 @@ tags:
   - cryptography
   - csr
   - dhparam
-  - Entrust
-  - Let's Encrypt
+  - entrust
+  - letsencrypt
   - luks
   - openssl
   - openssh
   - pkcs12
 repository: https://github.com/ansible-collections/community.crypto
-documentation: https://github.com/ansible-collection-migration/community.crypto/tree/master/docs
+#documentation: https://github.com/ansible-collection-migration/community.crypto/tree/master/docs
 homepage: https://github.com/ansible-collections/community.crypto
 issues: https://github.com/ansible-collections/community.crypto/issues
 build_ignore:

meta/runtime.yml

@@ -1,3 +1,5 @@
+requires_ansible: '>=2.9.10'
+
 action_groups:
   acme:
   - acme_inspect

plugins/module_utils/acme.py

@@ -1013,11 +1013,13 @@ def handle_standard_module_arguments(module, needs_acme_v2=False):
 
     if module.params['acme_version'] is None:
         module.params['acme_version'] = 1
-        module.deprecate("The option 'acme_version' will be required from Ansible 2.14 on", version='2.14')
+        module.deprecate("The option 'acme_version' will be required from community.crypto 2.0.0 on",
+                         version='2.0.0', collection_name='community.crypto')
 
     if module.params['acme_directory'] is None:
         module.params['acme_directory'] = 'https://acme-staging.api.letsencrypt.org/directory'
-        module.deprecate("The option 'acme_directory' will be required from Ansible 2.14 on", version='2.14')
+        module.deprecate("The option 'acme_directory' will be required from community.crypto 2.0.0 on",
+                         version='2.0.0', collection_name='community.crypto')
 
     if needs_acme_v2 and module.params['acme_version'] < 2:
         module.fail_json(msg='The {0} module requires the ACME v2 protocol!'.format(module._name))

plugins/modules/acme_account_info.py

@@ -256,7 +256,8 @@ def main():
         supports_check_mode=True,
     )
     if module._name in ('acme_account_facts', 'community.crypto.acme_account_facts'):
-        module.deprecate("The 'acme_account_facts' module has been renamed to 'acme_account_info'", version='2.12')
+        module.deprecate("The 'acme_account_facts' module has been renamed to 'acme_account_info'",
+                         version='2.0.0', collection_name='community.crypto')
     handle_standard_module_arguments(module, needs_acme_v2=True)
 
     try:

plugins/modules/get_certificate.py

@@ -14,10 +14,10 @@
 short_description: Get a certificate from a host:port
 description:
     - Makes a secure connection and returns information about the presented certificate
-    - The module can use the cryptography Python library, or the pyOpenSSL Python
+    - "The module can use the cryptography Python library, or the pyOpenSSL Python
       library. By default, it tries to detect which one is available. This can be
       overridden with the I(select_crypto_backend) option. Please note that the PyOpenSSL
-      backend was deprecated in Ansible 2.9 and will be removed in Ansible 2.13."
+      backend was deprecated in Ansible 2.9 and will be removed in community.crypto 2.0.0."
 options:
     host:
       description:
@@ -245,7 +245,8 @@ def main():
         if not PYOPENSSL_FOUND:
             module.fail_json(msg=missing_required_lib('pyOpenSSL >= {0}'.format(MINIMAL_PYOPENSSL_VERSION)),
                              exception=PYOPENSSL_IMP_ERR)
-        module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', version='2.13')
+        module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated',
+                         version='2.0.0', collection_name='community.crypto')
     elif backend == 'cryptography':
         if not CRYPTOGRAPHY_FOUND:
             module.fail_json(msg=missing_required_lib('cryptography >= {0}'.format(MINIMAL_CRYPTOGRAPHY_VERSION)),

plugins/modules/openssl_csr.py

@@ -20,10 +20,10 @@
     - "Please note that the module regenerates existing CSR if it doesn't match the module's
       options, or if it seems to be corrupt. If you are concerned that this could overwrite
       your existing CSR, consider using the I(backup) option."
-    - The module can use the cryptography Python library, or the pyOpenSSL Python
+    - "The module can use the cryptography Python library, or the pyOpenSSL Python
       library. By default, it tries to detect which one is available. This can be
       overridden with the I(select_crypto_backend) option. Please note that the
-      PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in Ansible 2.13."
+      PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in community.crypto 2.0.0."
 requirements:
     - Either cryptography >= 1.3
     - Or pyOpenSSL >= 0.15
@@ -195,7 +195,7 @@
             - The default choice is C(auto), which tries to use C(cryptography) if available, and falls back to C(pyopenssl).
             - If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library.
             - If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library.
-            - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in Ansible 2.13.
+            - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in community.crypto 2.0.0.
               From that point on, only the C(cryptography) backend will be available.
         type: str
         default: auto
@@ -1096,8 +1096,9 @@ def main():
     )
 
     if module.params['version'] != 1:
-        module.deprecate('The version option will only support allowed values from Ansible 2.14 on. '
-                         'Currently, only the value 1 is allowed by RFC 2986', version='2.14')
+        module.deprecate('The version option will only support allowed values from community.crypto 2.0.0 on. '
+                         'Currently, only the value 1 is allowed by RFC 2986',
+                         version='2.0.0', collection_name='community.crypto')
 
     base_dir = os.path.dirname(module.params['path']) or '.'
     if not os.path.isdir(base_dir):
@@ -1131,7 +1132,8 @@ def main():
             except AttributeError:
                 module.fail_json(msg='You need to have PyOpenSSL>=0.15 to generate CSRs')
 
-            module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', version='2.13')
+            module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated',
+                             version='2.0.0', collection_name='community.crypto')
             csr = CertificateSigningRequestPyOpenSSL(module)
         elif backend == 'cryptography':
             if not CRYPTOGRAPHY_FOUND:

plugins/modules/openssl_csr_info.py

@@ -21,7 +21,7 @@
       cryptography and PyOpenSSL libraries are available (and meet the minimum version requirements)
       cryptography will be preferred as a backend over PyOpenSSL (unless the backend is forced with
       C(select_crypto_backend)). Please note that the PyOpenSSL backend was deprecated in Ansible 2.9
-      and will be removed in Ansible 2.13.
+      and will be removed in community.crypto 2.0.0.
 requirements:
     - PyOpenSSL >= 0.15 or cryptography >= 1.3
 author:
@@ -44,7 +44,7 @@
             - The default choice is C(auto), which tries to use C(cryptography) if available, and falls back to C(pyopenssl).
             - If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library.
             - If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library.
-            - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in Ansible 2.13.
+            - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in community.crypto 2.0.0.
               From that point on, only the C(cryptography) backend will be available.
         type: str
         default: auto
@@ -661,7 +661,8 @@ def main():
             except AttributeError:
                 module.fail_json(msg='You need to have PyOpenSSL>=0.15')
 
-            module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', version='2.13')
+            module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated',
+                             version='2.0.0', collection_name='community.crypto')
             certificate = CertificateSigningRequestInfoPyOpenSSL(module)
         elif backend == 'cryptography':
             if not CRYPTOGRAPHY_FOUND:

plugins/modules/openssl_privatekey.py

@@ -24,7 +24,7 @@
       (or specify none), change the keysize, etc., the private key will be
       regenerated. If you are concerned that this could **overwrite your private key**,
       consider using the I(backup) option."
-    - The module can use the cryptography Python library, or the pyOpenSSL Python
+    - "The module can use the cryptography Python library, or the pyOpenSSL Python
       library. By default, it tries to detect which one is available. This can be
       overridden with the I(select_crypto_backend) option. Please note that the
       PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in Ansible 2.13."
@@ -110,7 +110,7 @@
             - The default choice is C(auto), which tries to use C(cryptography) if available, and falls back to C(pyopenssl).
             - If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library.
             - If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library.
-            - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in Ansible 2.13.
+            - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in community.crypto 2.0.0.
               From that point on, only the C(cryptography) backend will be available.
         type: str
         default: auto
@@ -912,7 +912,8 @@ def main():
             if not PYOPENSSL_FOUND:
                 module.fail_json(msg=missing_required_lib('pyOpenSSL >= {0}'.format(MINIMAL_PYOPENSSL_VERSION)),
                                  exception=PYOPENSSL_IMP_ERR)
-            module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', version='2.13')
+            module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated',
+                             version='2.0.0', collection_name='community.crypto')
             private_key = PrivateKeyPyOpenSSL(module)
         elif backend == 'cryptography':
             if not CRYPTOGRAPHY_FOUND:

plugins/modules/openssl_privatekey_info.py

@@ -23,7 +23,7 @@
       cryptography and PyOpenSSL libraries are available (and meet the minimum version requirements)
       cryptography will be preferred as a backend over PyOpenSSL (unless the backend is forced with
       C(select_crypto_backend)). Please note that the PyOpenSSL backend was deprecated in Ansible 2.9
-      and will be removed in Ansible 2.13.
+      and will be removed in community.crypto 2.0.0.
 requirements:
     - PyOpenSSL >= 0.15 or cryptography >= 1.2.3
 author:
@@ -58,7 +58,7 @@
             - The default choice is C(auto), which tries to use C(cryptography) if available, and falls back to C(pyopenssl).
             - If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library.
             - If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library.
-            - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in Ansible 2.13.
+            - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in community.crypto 2.0.0.
               From that point on, only the C(cryptography) backend will be available.
         type: str
         default: auto
@@ -628,7 +628,8 @@ def main():
             if not PYOPENSSL_FOUND:
                 module.fail_json(msg=missing_required_lib('pyOpenSSL >= {0}'.format(MINIMAL_PYOPENSSL_VERSION)),
                                  exception=PYOPENSSL_IMP_ERR)
-            module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', version='2.13')
+            module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated',
+                             version='2.0.0', collection_name='community.crypto')
             privatekey = PrivateKeyInfoPyOpenSSL(module)
         elif backend == 'cryptography':
             if not CRYPTOGRAPHY_FOUND:

plugins/modules/openssl_publickey.py

@@ -15,11 +15,11 @@
 description:
     - This module allows one to (re)generate OpenSSL public keys from their private keys.
     - Keys are generated in PEM or OpenSSH format.
-    - The module can use the cryptography Python library, or the pyOpenSSL Python
+    - "The module can use the cryptography Python library, or the pyOpenSSL Python
       library. By default, it tries to detect which one is available. This can be
       overridden with the I(select_crypto_backend) option. When I(format) is C(OpenSSH),
       the C(cryptography) backend has to be used. Please note that the PyOpenSSL backend
-      was deprecated in Ansible 2.9 and will be removed in Ansible 2.13."
+      was deprecated in Ansible 2.9 and will be removed in community.crypto 2.0.0."
 requirements:
     - Either cryptography >= 1.2.3 (older versions might work as well)
     - Or pyOpenSSL >= 16.0.0
@@ -442,7 +442,8 @@ def main():
         if not PYOPENSSL_FOUND:
             module.fail_json(msg=missing_required_lib('pyOpenSSL >= {0}'.format(MINIMAL_PYOPENSSL_VERSION)),
                              exception=PYOPENSSL_IMP_ERR)
-        module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated', version='2.13')
+        module.deprecate('The module is using the PyOpenSSL backend. This backend has been deprecated',
+                         version='2.0.0', collection_name='community.crypto')
     elif backend == 'cryptography':
         if not CRYPTOGRAPHY_FOUND:
             module.fail_json(msg=missing_required_lib('cryptography >= {0}'.format(minimal_cryptography_version)),