community.crypto/tests/ee/roles/openssl_pkcs12/tasks/main.yml

---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later

- name: Create private key
  community.crypto.openssl_privatekey:
    path: "{{ output_path }}/pkcs12-cert.key"
    type: ECC
    curve: secp256r1

- name: Create CSR
  community.crypto.openssl_csr:
    path: "{{ output_path }}/pkcs12-cert.csr"
    privatekey_path: "{{ output_path }}/pkcs12-cert.key"

- name: Create certificate
  community.crypto.x509_certificate:
    path: "{{ output_path }}/pkcs12-cert.pem"
    csr_path: "{{ output_path }}/pkcs12-cert.csr"
    privatekey_path: "{{ output_path }}/pkcs12-cert.key"
    provider: selfsigned

- name: Create PKCS#12 with cryptography backend
  community.crypto.openssl_pkcs12:
    action: export
    path: "{{ output_path }}/pkcs12-1.p12"
    mode: '0644'
    friendly_name: foo
    privatekey_path: "{{ output_path }}/pkcs12-cert.key"
    certificate_path: "{{ output_path }}/pkcs12-cert.pem"
    state: present
    select_crypto_backend: cryptography
  when: cryptography_version.stdout is ansible.builtin.version('3.0', '>=')

- name: Create PKCS#12 with PyOpenSSL backend
  community.crypto.openssl_pkcs12:
    action: export
    path: "{{ output_path }}/pkcs12-2.p12"
    mode: '0644'
    friendly_name: foo
    privatekey_path: "{{ output_path }}/pkcs12-cert.key"
    certificate_path: "{{ output_path }}/pkcs12-cert.pem"
    state: present
    select_crypto_backend: pyopenssl
  when: not (has_no_pyopenssl | default(false))
Add EE support (#440) * Add EE files. * Install cryptography and PyOpenSSL from PyPi. * Revert "Install cryptography and PyOpenSSL from PyPi." This reverts commit 6b90a1efaefe8a12f6e75f98dd6f5d2ed06695d1. * Only run test when cryptography has a new enough version. * And another one. * Extend changelog. 2022-05-03 17:22:55 +00:00			`---`
Move licenses to LICENSES/, use SPDX-License-Identifier, mention all licenses in galaxy.yml (#491) * Add SPDX license identifiers, mention all licenses in galaxy.yml. * Add default copyright headers. * Add headers for documents. * Fix/add more copyright statements. * Add copyright / license info for vendored code. * Add extra sanity test. * Add changelog fragment. * Comment PSF-2.0 license out in galaxy.yml for now. * Remove colon after 'Copyright'. * Avoid colon after 'Copyright' in lint script. * Mention correct filename. * Add BSD-3-Clause. * Improve lint script. * Update README. * Symlinks... 2022-07-21 05:27:26 +00:00			`# Copyright (c) Ansible Project`
			`# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)`
			`# SPDX-License-Identifier: GPL-3.0-or-later`

Add EE support (#440) * Add EE files. * Install cryptography and PyOpenSSL from PyPi. * Revert "Install cryptography and PyOpenSSL from PyPi." This reverts commit 6b90a1efaefe8a12f6e75f98dd6f5d2ed06695d1. * Only run test when cryptography has a new enough version. * And another one. * Extend changelog. 2022-05-03 17:22:55 +00:00			`- name: Create private key`
			`community.crypto.openssl_privatekey:`
			`path: "{{ output_path }}/pkcs12-cert.key"`
			`type: ECC`
			`curve: secp256r1`

			`- name: Create CSR`
			`community.crypto.openssl_csr:`
			`path: "{{ output_path }}/pkcs12-cert.csr"`
			`privatekey_path: "{{ output_path }}/pkcs12-cert.key"`

			`- name: Create certificate`
			`community.crypto.x509_certificate:`
			`path: "{{ output_path }}/pkcs12-cert.pem"`
			`csr_path: "{{ output_path }}/pkcs12-cert.csr"`
			`privatekey_path: "{{ output_path }}/pkcs12-cert.key"`
			`provider: selfsigned`

			`- name: Create PKCS#12 with cryptography backend`
			`community.crypto.openssl_pkcs12:`
			`action: export`
			`path: "{{ output_path }}/pkcs12-1.p12"`
			`mode: '0644'`
			`friendly_name: foo`
			`privatekey_path: "{{ output_path }}/pkcs12-cert.key"`
			`certificate_path: "{{ output_path }}/pkcs12-cert.pem"`
			`state: present`
			`select_crypto_backend: cryptography`
			`when: cryptography_version.stdout is ansible.builtin.version('3.0', '>=')`

			`- name: Create PKCS#12 with PyOpenSSL backend`
			`community.crypto.openssl_pkcs12:`
			`action: export`
			`path: "{{ output_path }}/pkcs12-2.p12"`
			`mode: '0644'`
			`friendly_name: foo`
			`privatekey_path: "{{ output_path }}/pkcs12-cert.key"`
			`certificate_path: "{{ output_path }}/pkcs12-cert.pem"`
			`state: present`
			`select_crypto_backend: pyopenssl`
Rewrite EE test workflows to use ansible-builder 3.0.0; fix EE dependencies (#606) * Adjust EE tests to ansible-builder 3.0.0. * Remove other CI workflows. * Use docker instead of podman... * Support Rocky Linux 9+. * Add CentOS Stream 9 to EE tests. * Fix installation of PyOpenSSL on CentOS/RHEL/Rocky. * ansible-builder only attempts to install EPEL deps on CentOS. * Make EPEL also available on Rocky Linux 9, even though ansible-builder will ignore it. * Make sure cryptography is already installed. * Try ansible-runner < 2.0.0 for CentOS Stream 8 / RHEL 8. * Show more info. * Start restricting transitive dependencies... * Looks like PyOpenSSL is broken on CentOS Stream 9 + EPEL. * ansible-builder will NOT work with Python 3.6. use Python 3.9 on RHEL8 / CentOS Stream 8. Manually install cryptography and PyOpenSSL for Python 3.9 as well. * PyOpenSSL isn't available for Python 3.8 or 3.9. * Revert "Remove other CI workflows." This reverts commit 3a9d125f45900020940c9c207966bd85aef0721d. * Use podman instead of docker. * Re-order bindep entries. * python3-pyOpenSSL does not exist on RHEL/CentOS 6 and 7. 2023-05-21 10:43:14 +00:00			`when: not (has_no_pyopenssl \| default(false))`