community.crypto/tests/integration/targets/x509_crl/tasks/impl.yml

---
- name: Create CRL 1 (check mode)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl1.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: 20191013000000Z
    next_update: 20191113000000Z
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-1.pem'
        revocation_date: 20191013000000Z
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        revocation_date: 20191013000000Z
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
        revocation_date: 20191001000000Z
  check_mode: true
  register: crl_1_check

- name: Create CRL 1
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl1.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: 20191013000000Z
    next_update: 20191113000000Z
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-1.pem'
        revocation_date: 20191013000000Z
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        revocation_date: 20191013000000Z
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
        revocation_date: 20191001000000Z
  register: crl_1

- assert:
    that:
      - crl_1_check is changed
      - crl_1 is changed

- name: Retrieve CRL 1 infos
  x509_crl_info:
    path: '{{ remote_tmp_dir }}/ca-crl1.crl'
  register: crl_1_info_1

- name: ({{select_crypto_backend}}) Read ca-crl1.crl
  slurp:
    src: '{{ remote_tmp_dir }}/ca-crl1.crl'
  register: slurp

- name: Retrieve CRL 1 infos via file content
  x509_crl_info:
    content: '{{ slurp.content | b64decode }}'
  register: crl_1_info_2

- name: Retrieve CRL 1 infos via file content (Base64)
  x509_crl_info:
    content: '{{ slurp.content }}'
  register: crl_1_info_3

- name: Create CRL 1 (idempotent, check mode)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl1.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: 20191013000000Z
    next_update: 20191113000000Z
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-1.pem'
        revocation_date: 20191013000000Z
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        revocation_date: 20191013000000Z
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
        revocation_date: 20191001000000Z
  check_mode: yes
  register: crl_1_idem_check

- name: Create CRL 1 (idempotent)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl1.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: 20191013000000Z
    next_update: 20191113000000Z
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-1.pem'
        revocation_date: 20191013000000Z
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        revocation_date: 20191013000000Z
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
        revocation_date: 20191001000000Z
  register: crl_1_idem

- name: ({{select_crypto_backend}}) Read file
  slurp:
    src: '{{ remote_tmp_dir }}/{{ item }}'
  loop:
    - ca.key
    - cert-1.pem
    - cert-2.pem
  register: slurp

- name: Create CRL 1 (idempotent with content, check mode)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl1.crl'
    privatekey_content: "{{ slurp.results[0].content | b64decode }}"
    issuer:
      CN: Ansible
    last_update: 20191013000000Z
    next_update: 20191113000000Z
    revoked_certificates:
      - content: "{{ slurp.results[1].content | b64decode }}"
        revocation_date: 20191013000000Z
      - content: "{{ slurp.results[2].content | b64decode }}"
        revocation_date: 20191013000000Z
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
        revocation_date: 20191001000000Z
  check_mode: yes
  register: crl_1_idem_content_check

- name: Create CRL 1 (idempotent with content)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl1.crl'
    privatekey_content: "{{ slurp.results[0].content | b64decode }}"
    issuer:
      CN: Ansible
    last_update: 20191013000000Z
    next_update: 20191113000000Z
    revoked_certificates:
      - content: "{{ slurp.results[1].content | b64decode }}"
        revocation_date: 20191013000000Z
      - content: "{{ slurp.results[2].content | b64decode }}"
        revocation_date: 20191013000000Z
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
        revocation_date: 20191001000000Z
  register: crl_1_idem_content

- name: Create CRL 1 (format, check mode)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl1.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    format: der
    issuer:
      CN: Ansible
    last_update: 20191013000000Z
    next_update: 20191113000000Z
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-1.pem'
        revocation_date: 20191013000000Z
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        revocation_date: 20191013000000Z
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
        revocation_date: 20191001000000Z
  check_mode: yes
  register: crl_1_format_check

- name: Create CRL 1 (format)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl1.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    format: der
    issuer:
      CN: Ansible
    last_update: 20191013000000Z
    next_update: 20191113000000Z
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-1.pem'
        revocation_date: 20191013000000Z
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        revocation_date: 20191013000000Z
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
        revocation_date: 20191001000000Z
  register: crl_1_format

- name: Create CRL 1 (format, idempotent, check mode)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl1.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    format: der
    issuer:
      CN: Ansible
    last_update: 20191013000000Z
    next_update: 20191113000000Z
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-1.pem'
        revocation_date: 20191013000000Z
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        revocation_date: 20191013000000Z
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
        revocation_date: 20191001000000Z
  check_mode: yes
  register: crl_1_format_idem_check

- name: Create CRL 1 (format, idempotent)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl1.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    format: der
    issuer:
      CN: Ansible
    last_update: 20191013000000Z
    next_update: 20191113000000Z
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-1.pem'
        revocation_date: 20191013000000Z
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        revocation_date: 20191013000000Z
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
        revocation_date: 20191001000000Z
    return_content: yes
  register: crl_1_format_idem

- name: Retrieve CRL 1 infos via file
  x509_crl_info:
    path: '{{ remote_tmp_dir }}/ca-crl1.crl'
  register: crl_1_info_4

- name: Read ca-crl1.crl
  slurp:
    src: "{{ remote_tmp_dir }}/ca-crl1.crl"
  register: content

- name: Retrieve CRL 1 infos via file content (Base64)
  x509_crl_info:
    content: '{{ content.content }}'
  register: crl_1_info_5

- name: Create CRL 2 (check mode)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl2.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer_ordered:
      - CN: Ansible
      - CN: CRL
      - countryName: US
      - CN: Test
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-1.pem'
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
  check_mode: yes
  register: crl_2_check

- name: Create CRL 2
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl2.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer_ordered:
      - CN: Ansible
      - CN: CRL
      - countryName: US
      - CN: Test
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-1.pem'
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
  register: crl_2

- name: Create CRL 2 (idempotent, check mode)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl2.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer_ordered:
      - CN: Ansible
      - CN: CRL
      - C: US
      - CN: Test
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-1.pem'
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
    ignore_timestamps: yes
  check_mode: yes
  register: crl_2_idem_check

- name: Create CRL 2 (idempotent)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl2.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer_ordered:
      - CN: Ansible
      - CN: CRL
      - countryName: US
      - CN: Test
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-1.pem'
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
    ignore_timestamps: yes
  register: crl_2_idem

- name: Create CRL 2 (idempotent update, check mode)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl2.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer_ordered:
      - CN: Ansible
      - CN: CRL
      - countryName: US
      - CN: Test
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - serial_number: 1235
    ignore_timestamps: yes
    mode: update
  check_mode: yes
  register: crl_2_idem_update_change_check

- name: Create CRL 2 (idempotent update)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl2.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer_ordered:
      - CN: Ansible
      - CN: CRL
      - countryName: US
      - CN: Test
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - serial_number: 1235
    ignore_timestamps: yes
    mode: update
  register: crl_2_idem_update_change

- name: Create CRL 2 (idempotent update, check mode)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl2.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer_ordered:
      - CN: Ansible
      - CN: CRL
      - countryName: US
      - CN: Test
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
    ignore_timestamps: yes
    mode: update
  check_mode: yes
  register: crl_2_idem_update_check

- name: Create CRL 2 (idempotent update)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl2.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer_ordered:
      - CN: Ansible
      - CN: CRL
      - countryName: US
      - CN: Test
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
    ignore_timestamps: yes
    mode: update
  register: crl_2_idem_update

- name: Create CRL 2 (changed timestamps, check mode)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl2.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer_ordered:
      - CN: Ansible
      - CN: CRL
      - countryName: US
      - CN: Test
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
    ignore_timestamps: no
    mode: update
  check_mode: yes
  register: crl_2_change_check

- name: Create CRL 2 (changed timestamps)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl2.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer_ordered:
      - CN: Ansible
      - CN: CRL
      - countryName: US
      - CN: Test
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
    ignore_timestamps: no
    mode: update
    return_content: yes
  register: crl_2_change

- name: Read ca-crl2.crl
  slurp:
    src: '{{ remote_tmp_dir }}/ca-crl2.crl'
  register: slurp_crl2_1

- name: Retrieve CRL 2 infos
  x509_crl_info:
    path: '{{ remote_tmp_dir }}/ca-crl2.crl'
    list_revoked_certificates: false
  register: crl_2_info_1

- name: Create CRL 2 (changed order, should be ignored)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl2.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer:
      countryName: US
      CN:
        - Ansible
        - CRL
        - Test
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
    ignore_timestamps: true
    mode: update
    return_content: yes
  register: crl_2_change_order_ignore

- name: Create CRL 2 (changed order)
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl2.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer_ordered:
      - CN: Ansible
      - countryName: US
      - CN: CRL
      - CN: Test
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ remote_tmp_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
    ignore_timestamps: true
    mode: update
    return_content: yes
  register: crl_2_change_order

- name: Read ca-crl2.crl
  slurp:
    src: '{{ remote_tmp_dir }}/ca-crl2.crl'
  register: slurp_crl2_2

- name: Retrieve CRL 2 infos again
  x509_crl_info:
    path: '{{ remote_tmp_dir }}/ca-crl2.crl'
    list_revoked_certificates: false
  register: crl_2_info_2

- name: Create CRL 3
  x509_crl:
    path: '{{ remote_tmp_dir }}/ca-crl3.crl'
    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - serial_number: 1234
        revocation_date: 20191001000000Z
        issuer:
          - "DNS:ca.example.org"
        issuer_critical: true
  register: crl_3

- name: Retrieve CRL 3 infos
  x509_crl_info:
    path: '{{ remote_tmp_dir }}/ca-crl3.crl'
    list_revoked_certificates: true
  register: crl_3_info