Update to Python 3.11 minimum and fix IPv6 constraint format

- Update Python requirement from 3.10 to 3.11 to align with Ansible 11 - Pin Ansible collections in requirements.yml for stability - Fix invalid IPv6 constraint format causing deployment failure - Update ruff target-version to py311 for consistency 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-03 10:33:13 +02:00 · 2025-08-04 22:39:26 -07:00 · 2025-08-04 22:39:26 -07:00 · 87424b20f6
commit 87424b20f6
parent a9bc3fe27b
6 changed files with 11 additions and 7 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -76,7 +76,7 @@ Currently unpinned in `requirements.yml`, but key ones include:
 ```toml
 # pyproject.toml configuration
 [tool.ruff]
-target-version = "py310"
+target-version = "py311"
 line-length = 120

 [tool.ruff.lint]
--- a/main.yml
+++ b/main.yml
@ -34,10 +34,10 @@

    - name: Verify Python meets Algo VPN requirements
      assert:
-        that: (ansible_python.version.major|string + '.' + ansible_python.version.minor|string) is version('3.8', '>=')
+        that: (ansible_python.version.major|string + '.' + ansible_python.version.minor|string) is version('3.11', '>=')
        msg: >
          Python version is not supported.
-          You must upgrade to at least Python 3.8 to use this version of Algo.
+          You must upgrade to at least Python 3.11 to use this version of Algo.
          See for more details - https://trailofbits.github.io/algo/troubleshooting.html#python-version-is-not-supported

    - name: Verify Ansible meets Algo VPN requirements
--- a/pyproject.toml
+++ b/pyproject.toml
@ -2,11 +2,11 @@
 name = "algo"
 description = "Set up a personal IPSEC VPN in the cloud"
 version = "0.1.0"
-requires-python = ">=3.10"
+requires-python = ">=3.11"

 [tool.ruff]
 # Ruff configuration
-target-version = "py310"
+target-version = "py311"
 line-length = 120

 [tool.ruff.lint]
--- a/requirements.yml
+++ b/requirements.yml
@ -1,6 +1,10 @@
 ---
 collections:
  - name: ansible.posix
+    version: ">=1.6.2"
  - name: community.general
+    version: ">=8.6.11"
  - name: community.crypto
+    version: ">=2.26.4"
  - name: openstack.cloud
+    version: ">=2.4.1"
--- a/roles/strongswan/tasks/openssl.yml
+++ b/roles/strongswan/tasks/openssl.yml
@ -80,7 +80,7 @@
          - "IP:10.0.0.0/255.0.0.0"
          - "IP:172.16.0.0/255.240.0.0"
          - "IP:192.168.0.0/255.255.0.0"
-          - "IP:0:0:0:0:0:0:0:0/0:0:0:0:0:0:0:0"  # IPv6 all zeros
+          - "IP:::/0"  # IPv6 all addresses
        name_constraints_critical: true
      register: ca_csr

--- a/tests/unit/test_openssl_compatibility.py
+++ b/tests/unit/test_openssl_compatibility.py
@ -151,7 +151,7 @@ def validate_ca_certificate_config():
        assert f'"email:{domain}"' in content, f"Email domain {domain} should be excluded"

    # Verify IPv6 constraints are present (Issue #153)
-    assert "IP:0:0:0:0:0:0:0:0/0:0:0:0:0:0:0:0" in content, "IPv6 all-zeros should be excluded"
+    assert "IP:::/0" in content, "IPv6 all addresses should be excluded"

    print("✓ CA certificate configuration has proper security constraints")