[WIP] OpenSSL modules: rename to x509_*

[felixfontein]

SUMMARY

Renames the openssl_* modules to x509_*. Fixes #33715.

ISSUE TYPE

• Feature Pull Request

COMPONENT NAME

openssl_certificate
openssl_certificate_info
openssl_csr
openssl_csr_info
openssl_dhparam
openssl_pkcs12
openssl_privatekey
openssl_privatekey_info
openssl_publickey

[ansibot]

@felixfontein This PR was evaluated as a potentially problematic PR for the following reasons:

• More than 50 changed files.

Such PR can only be merged by human. Contact a Core team member to review this PR on IRC: #ansible-devel on irc.freenode.net

click here for bot help

[felixfontein]

CC @MarkusTeufelberger @Xyon @ctrufan @gdelpierre @thomwiggers @tylert @Shaps @Spredzy @puiterwijk @resmo

[MarkusTeufelberger]

Afaik CSRs are not actually covered by X.509 (https://tools.ietf.org/html/rfc5280), probably public/private keys neither. I'm still not sure what would be a good compromise naming-wise though.

[felixfontein]

@MarkusTeufelberger that's a very good point. How about pki instead of x509? And maybe even pki_x509_ for actual X.509 objects. The latter would result in (I included not yet existing CRL modules):

• pki_csr
• pki_csr_info
• pki_dhparam
• pki_pkcs12
• pki_privatekey
• pki_privatekey_info
• pki_publickey
• pki_x509_certificate
• pki_x509_certificate_info
• pki_x509_crl
• pki_x509_crl_info

And without the extra x509_:

• pki_certificate
• pki_certificate_info
• pki_crl
• pki_crl_info
• pki_csr
• pki_csr_info
• pki_dhparam
• pki_pkcs12
• pki_privatekey
• pki_privatekey_info
• pki_publickey

[gundalow]

Not to feature creep this, thought could you please move the modules into a subdir ie modules/crypto/x509/
BOTMETA.yml will need updating to reflect this.
This will help when we move to Collections

[MarkusTeufelberger]

If this is to be removed from upstream and into its own crypto collection, the namespacing there might make most prefixes unneccessary or redundant.

[gundalow]

If this is to be removed from upstream and into its own crypto collection, the namespacing there might make most prefixes unneccessary or redundant.

That is a fair point. At the moment we don't know if the collection will be called
ansible.community_collection (everything) (Layout 1)
ansible.crypto_community (directory level) (Layout 3)
ansible.openssl_community (sub-directory level) (Layout 4)

For the potential layouts see gist.github.com/gundalow/81884926ff744755e2d2f46ef1ba1ebb

If you have an ideas on this, I'd welcome your input, via IRC or add comments on the gist.

[MarkusTeufelberger]

Most solutions involving collections I've seen so far look strictly worse in the user experience (more stuff to type, more things to take care of upon installation, more fractured test procedures leading to decreased quality in modules, still no plan for documentation), so I'll probably not donate my time towards maintaining a crypto, openssl/x509/pki or community collection since it is probably going to be spent on reworking my existing code. As such, my opinion on that topic doesn't really count I think.

I would call the collection(s) crypto.x509 etc. (similar to layout 4), no need to have ansible or commmunity in their name at all. Such a collection would no longer be "ansible" anyways and thus also the "community" in the name is a bit redundant.

[felixfontein]

I guess that before talking about collections and subdirectories, we should first figure out how to actually name these modules :) Any opinions on #63801 (comment), or other suggestions?

Also, I'm still hoping that the transition to collections will make it possible to upgrade to the next version(s) of Ansible with minimal (or even no) changes to existing roles and/or playbooks. (Maybe like adding something to playbooks a la "allow to use stuff from all community collections without having to explicitly add the namespaces somewhere".)

[felixfontein]

(I rebased to get rid of the conflicts. No content-wise changes, except that I squashed both commits into one.)

[felixfontein]

Any more ideas on how we can actually name the modules?

[felixfontein]

Minimal version continued in ansible-collections/community.crypto#7.