Skip to content

[ANSIENG-5269] | Replace community.crypto module with openssl #2075

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: 8.0.x
Choose a base branch
from
Open

[ANSIENG-5269] | Replace community.crypto module with openssl #2075

wants to merge 4 commits into from

Conversation

@rkunwar-28
Copy link
Member

@rkunwar-28 rkunwar-28 commented Jun 3, 2025
edited
Loading

Description

Tests:

  1. This screen-capture shows output comparison from the two methods (community.crypto and openssl). The "TASK [Compare chain files from both methods]" shows that diff_result.stdout = "" which means that the final certificate generated by both the commands is same.
image
  1. molecule run - https://semaphore.ci.confluent.io/workflows/7ba77903-dd2e-4073-880c-a9ed4f04eae3

Fixes # (issue)

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

Checklist:

  • Any variable/code changes have been validated to be backwards compatible (doesn't break upgrade)
  • I have added tests that prove my fix is effective or that my feature works
  • If required, I have ensured the changes can be discovered by cp-ansible discovery codebase
  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • Any dependent changes have been merged and published in downstream modules

Copilot AI review requested due to automatic review settings June 3, 2025 05:54
@rkunwar-28 rkunwar-28 requested a review from a team as a code owner June 3, 2025 05:54
Copilot AI reviewed Jun 3, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR replaces the Ansible community.crypto module usage with direct OpenSSL commands to build and verify the certificate chain.

  • Remove slurp and community.crypto.certificate_complete_chain tasks
  • Add shell-based concatenation of cert and CA, and verification via openssl verify

ishikaa-p
ishikaa-p reviewed Jun 3, 2025
View reviewed changes
Copy link
Contributor

@ishikaa-p ishikaa-p left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please link the semaphore job run.

@rrbadiani
Copy link
Member

rrbadiani commented Jun 3, 2025

we can raise this pr from some older .x branch and then pint merge to here. or if we just want to go with 8.0 first we can raise the pr against it and later cherry pick it to older .x branches

@rkunwar-28 rkunwar-28 changed the base branch from master to 8.0.x June 3, 2025 10:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ishikaa-p ishikaa-p ishikaa-p left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rkunwar-28 @rrbadiani @ishikaa-p