openssl: remove static dict for keyUsage (#30339)

keyUsage and extendedKeyUsage are currently statically limited via a static dict defined in modules_utils/crypto.py. If one specify a value that isn't in there, idempotency won't work. Instead of having static dict, we uses keyUsage and extendedKyeUsage values OpenSSL NID and compare those rather than comparing strings. Fixes: https://github.com/ansible/ansible/issues/30316
2025-07-27 07:01:22 -07:00 · 2017-09-14 18:03:00 +02:00 · 2017-09-14 18:03:00 +02:00 · 0648e339a7
commit 0648e339a7
parent 1950bcc14e
6 changed files with 63 additions and 40 deletions
--- a/lib/ansible/module_utils/crypto.py
+++ b/lib/ansible/module_utils/crypto.py
@ -96,34 +96,6 @@ def load_certificate_request(path):
        raise OpenSSLObjectError(exc)


-keyUsageLong = {
-    "digitalSignature": "Digital Signature",
-    "nonRepudiation": "Non Repudiation",
-    "keyEncipherment": "Key Encipherment",
-    "dataEncipherment": "Data Encipherment",
-    "keyAgreement": "Key Agreement",
-    "keyCertSign": "Certificate Sign",
-    "cRLSign": "CRL Sign",
-    "encipherOnly": "Encipher Only",
-    "decipherOnly": "Decipher Only",
-}
-
-extendedKeyUsageLong = {
-    "anyExtendedKeyUsage": "Any Extended Key Usage",
-    "ipsecEndSystem": "IPSec End System",
-    "ipsecTunnel": "IPSec Tunnel",
-    "ipsecUser": "IPSec User",
-    "msSGC": "Microsoft Server Gated Crypto",
-    "nsSGC": "Netscape Server Gated Crypto",
-    "serverAuth": "TLS Web Server Authentication",
-    "clientAuth": "TLS Web Client Authentication",
-    "codeSigning": "Code Signing",
-    "emailProtection": "E-mail Protection",
-    "timeStamping": "Time Stamping",
-    "OCSPSigning": "OCSP Signing",
-}
-
-
@six.add_metaclass(abc.ABCMeta)
 class OpenSSLObject(object):