openssl_privatekey*: add default value for cipher option (#794)

* Add default value for 'cipher' option. * Adjust tests. * Add changelog fragment. * Clarify that cipher is used only when passphrase is provided.
ansible-collections · Aug 30, 2024 · a49711d · a49711d
1 parent f0b8073
commit a49711d
Show file tree

Hide file tree

Showing 20 changed files with 8 additions and 28 deletions.
diff --git a/changelogs/fragments/794-openssl_privatekey-cipher.yml b/changelogs/fragments/794-openssl_privatekey-cipher.yml
@@ -0,0 +1,4 @@
+minor_changes:
+  - "openssl_privatekey, openssl_privatekey_pipe - add default value ``auto`` for ``cipher`` option, which happens to be the only supported value
+     for this option anyway. Therefore it is no longer necessary to specify ``cipher=auto`` when providing ``passphrase``
+     (https://github.com/ansible-collections/community.crypto/issues/793, https://github.com/ansible-collections/community.crypto/pull/794)."
diff --git a/plugins/doc_fragments/module_privatekey.py b/plugins/doc_fragments/module_privatekey.py
@@ -71,8 +71,10 @@ class ModuleDocFragment(object):
         type: str
     cipher:
         description:
-            - The cipher to encrypt the private key. Must be V(auto).
+            - The cipher to encrypt the private key. This is only used when O(passphrase) is provided.
+            - Must be V(auto).
         type: str
+        default: auto
     select_crypto_backend:
         description:
             - Determines which crypto backend to use.

diff --git a/plugins/module_utils/crypto/module_backends/privatekey.py b/plugins/module_utils/crypto/module_backends/privatekey.py
@@ -514,7 +514,7 @@ def get_privatekey_argument_spec():
                 'sect283r1', 'sect409k1', 'sect409r1', 'sect571k1', 'sect571r1',
             ]),
             passphrase=dict(type='str', no_log=True),
-            cipher=dict(type='str'),
+            cipher=dict(type='str', default='auto'),
             format=dict(type='str', default='auto_ignore', choices=['pkcs1', 'pkcs8', 'raw', 'auto', 'auto_ignore']),
             format_mismatch=dict(type='str', default='regenerate', choices=['regenerate', 'convert']),
             select_crypto_backend=dict(type='str', choices=['auto', 'cryptography'], default='auto'),
@@ -524,9 +524,6 @@ def get_privatekey_argument_spec():
                 choices=['never', 'fail', 'partial_idempotence', 'full_idempotence', 'always']
             ),
         ),
-        required_together=[
-            ['cipher', 'passphrase']
-        ],
         required_if=[
             ['type', 'ECC', ['curve']],
         ],

diff --git a/tests/integration/targets/acme_account/tasks/impl.yml b/tests/integration/targets/acme_account/tasks/impl.yml
@@ -8,7 +8,6 @@
     openssl_privatekey:
       path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
       passphrase: "{{ item.pass | default(omit) | default(omit, true) }}"
-      cipher: "{{ 'auto' if (item.pass | default(false)) else omit }}"
       type: ECC
       curve: secp256r1
       force: true

diff --git a/tests/integration/targets/ecs_certificate/tasks/main.yml b/tests/integration/targets/ecs_certificate/tasks/main.yml
@@ -68,7 +68,6 @@
   openssl_privatekey:
     path: '{{ privatekey_path }}'
     passphrase: '{{ privatekey_passphrase }}'
-    cipher: auto
     type: RSA
     size: 2048
 

diff --git a/tests/integration/targets/filter_openssl_csr_info/tasks/main.yml b/tests/integration/targets/filter_openssl_csr_info/tasks/main.yml
@@ -22,7 +22,6 @@
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
-    cipher: auto
     size: '{{ default_rsa_key_size }}'
 
 - name: Generate CSR 1

diff --git a/tests/integration/targets/filter_openssl_privatekey_info/tasks/main.yml b/tests/integration/targets/filter_openssl_privatekey_info/tasks/main.yml
@@ -22,7 +22,6 @@
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey_3.pem'
     passphrase: hunter2
-    cipher: auto
     size: '{{ default_rsa_key_size }}'
 
 - name: Generate privatekey 4 (ECC)

diff --git a/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml b/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml
@@ -22,7 +22,6 @@
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
-    cipher: auto
     select_crypto_backend: cryptography
     size: '{{ default_rsa_key_size_certifiates }}'
 

diff --git a/tests/integration/targets/openssl_csr/tasks/impl.yml b/tests/integration/targets/openssl_csr/tasks/impl.yml
@@ -269,7 +269,6 @@
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
-    cipher: auto
     select_crypto_backend: cryptography
     size: '{{ default_rsa_key_size }}'
 

diff --git a/tests/integration/targets/openssl_csr_info/tasks/main.yml b/tests/integration/targets/openssl_csr_info/tasks/main.yml
@@ -22,7 +22,6 @@
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
-    cipher: auto
     select_crypto_backend: cryptography
     size: '{{ default_rsa_key_size }}'
 

diff --git a/tests/integration/targets/openssl_pkcs12/tasks/main.yml b/tests/integration/targets/openssl_pkcs12/tasks/main.yml
@@ -19,7 +19,6 @@
     openssl_privatekey:
       path: '{{ remote_tmp_dir }}/privatekeypw.pem'
       passphrase: hunter2
-      cipher: auto
       size: '{{ default_rsa_key_size }}'
 
   - name: Generate CSRs

diff --git a/tests/integration/targets/openssl_privatekey/tasks/impl.yml b/tests/integration/targets/openssl_privatekey/tasks/impl.yml
@@ -88,7 +88,6 @@
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey6.pem'
     passphrase: ànsïblé
-    cipher: auto
     size: '{{ default_rsa_key_size }}'
     select_crypto_backend: '{{ select_crypto_backend }}'
 
@@ -221,7 +220,6 @@
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
-    cipher: auto
     size: '{{ default_rsa_key_size }}'
     select_crypto_backend: '{{ select_crypto_backend }}'
     backup: true
@@ -257,7 +255,6 @@
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
-    cipher: auto
     size: '{{ default_rsa_key_size }}'
     select_crypto_backend: '{{ select_crypto_backend }}'
     backup: true
@@ -278,7 +275,6 @@
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
-    cipher: auto
     size: '{{ default_rsa_key_size }}'
     select_crypto_backend: '{{ select_crypto_backend }}'
     backup: true

diff --git a/tests/integration/targets/openssl_privatekey_convert/tasks/main.yml b/tests/integration/targets/openssl_privatekey_convert/tasks/main.yml
@@ -28,7 +28,6 @@
     type: '{{ item.type | default(omit) }}'
     curve: '{{ item.curve | default(omit) }}'
     passphrase: '{{ item.passphrase | default(omit) }}'
-    cipher: '{{ "auto" if item.passphrase is defined else omit }}'
     format: '{{ item.format }}'
   when: item.condition | default(true)
   loop:

diff --git a/tests/integration/targets/openssl_privatekey_info/tasks/main.yml b/tests/integration/targets/openssl_privatekey_info/tasks/main.yml
@@ -22,7 +22,6 @@
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey_3.pem'
     passphrase: hunter2
-    cipher: auto
     size: '{{ default_rsa_key_size }}'
     select_crypto_backend: cryptography
 

diff --git a/tests/integration/targets/openssl_publickey/tasks/impl.yml b/tests/integration/targets/openssl_publickey/tasks/impl.yml
@@ -94,7 +94,6 @@
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey3.pem'
     passphrase: ansible
-    cipher: auto
     size: '{{ default_rsa_key_size }}'
 
 - name: "({{ select_crypto_backend }}) Generate publickey3 - with passphrase protected privatekey"
@@ -156,7 +155,6 @@
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
-    cipher: auto
     select_crypto_backend: cryptography
     size: '{{ default_rsa_key_size }}'
 

diff --git a/tests/integration/targets/openssl_signature/tasks/main.yml b/tests/integration/targets/openssl_signature/tasks/main.yml
@@ -22,7 +22,6 @@
       - passwd: nopasswd
       - passwd: passwd
         privatekey_passphrase: hunter2
-        privatekey_cipher: auto
 
 - name: Add cryptography backend
   set_fact:
@@ -72,7 +71,6 @@
     curve: '{{ item.curve | default(omit) }}'
     size: '{{ item.size | default(omit) }}'
     passphrase: '{{ item.privatekey_passphrase | default(omit) }}'
-    cipher: '{{ item.privatekey_cipher | default(omit) }}'
     select_crypto_backend: cryptography
   loop: '{{ all_tests }}'
 

diff --git a/tests/integration/targets/setup_acme/tasks/obtain-cert.yml b/tests/integration/targets/setup_acme/tasks/obtain-cert.yml
@@ -16,7 +16,6 @@
          'secp521r1' if key_type == 'ec521' else
          'invalid value for key_type!' }}
     passphrase: "{{ certificate_passphrase | default(omit) | default(omit, true) }}"
-    cipher: "{{ 'auto' if certificate_passphrase | default() else omit }}"
     force: true
 ## CSR ########################################################################################
 - name: ({{ certgen_title }}) Create cert CSR

diff --git a/tests/integration/targets/x509_certificate/tasks/ownca.yml b/tests/integration/targets/x509_certificate/tasks/ownca.yml
@@ -12,7 +12,6 @@
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/ca_privatekey_pw.pem'
     passphrase: hunter2
-    cipher: auto
     select_crypto_backend: cryptography
     size: '{{ default_rsa_key_size_certifiates }}'
 
@@ -589,7 +588,6 @@
           openssl_privatekey:
             path: '{{ remote_tmp_dir }}/ca_privatekey_{{ item }}.pem'
             type: '{{ item }}'
-            cipher: auto
             passphrase: Test123
           ignore_errors: true
           loop:

diff --git a/tests/integration/targets/x509_certificate/tasks/selfsigned.yml b/tests/integration/targets/x509_certificate/tasks/selfsigned.yml
@@ -12,7 +12,6 @@
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
-    cipher: auto
     select_crypto_backend: cryptography
     size: '{{ default_rsa_key_size_certifiates }}'
 

diff --git a/tests/integration/targets/x509_certificate_info/tasks/main.yml b/tests/integration/targets/x509_certificate_info/tasks/main.yml
@@ -22,7 +22,6 @@
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
-    cipher: auto
     select_crypto_backend: cryptography
     size: '{{ default_rsa_key_size_certifiates }}'