Update ACME tests (#836)

* Restrict remaining days to also work with short-lived profiles. * Adjust boolean cases. * Fix spelling error. * Use larger key size for TLS-ALPN test certificate.
2025-01-12 13:59:08 +01:00 · 2025-01-12 13:59:08 +01:00 · 072318466e
parent 248250514f
commit 072318466e
17 changed files with 37 additions and 37 deletions
--- a/tests/integration/targets/acme_certificate/tasks/impl.yml
+++ b/tests/integration/targets/acme_certificate/tasks/impl.yml
@ -77,7 +77,7 @@
    modify_account: true
    deactivate_authzs: false
    force: false
-    remaining_days: 10
+    remaining_days: 1
    terms_agreed: true
    account_email: "example@example.org"
    retrieve_all_alternates: true
@ -104,7 +104,7 @@
    modify_account: false
    deactivate_authzs: true
    force: false
-    remaining_days: 10
+    remaining_days: 1
    terms_agreed: false
    account_email: ""
    acme_expected_root_number: 0
@ -140,7 +140,7 @@
    modify_account: false
    deactivate_authzs: false
    force: false
-    remaining_days: 10
+    remaining_days: 1
    terms_agreed: false
    account_email: ""
    acme_expected_root_number: 0
@ -167,7 +167,7 @@
    modify_account: false
    deactivate_authzs: true
    force: true
-    remaining_days: 10
+    remaining_days: 1
    terms_agreed: false
    account_email: ""
    acme_expected_root_number: 2
@ -194,7 +194,7 @@
    modify_account: false
    deactivate_authzs: true
    force: true
-    remaining_days: 10
+    remaining_days: 1
    terms_agreed: false
    account_email: ""
    use_csr_content: true
@ -202,7 +202,7 @@
  set_fact:
    cert_5a_obtain_results: "{{ certificate_obtain_result }}"
    cert_5_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}"
- name: Obtain cert 5 (should not, since already there and valid for more than 10 days)
+- name: Obtain cert 5 (should not, since already there and valid for more than 1 days)
  include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 5, Iteration 2/4
@ -215,7 +215,7 @@
    modify_account: false
    deactivate_authzs: true
    force: false
-    remaining_days: 10
+    remaining_days: 1
    terms_agreed: false
    account_email: ""
    use_csr_content: false
@ -260,7 +260,7 @@
    modify_account: false
    deactivate_authzs: true
    force: true
-    remaining_days: 10
+    remaining_days: 1
    terms_agreed: false
    account_email: ""
    use_csr_content: false
@ -283,7 +283,7 @@
      modify_account: true
      deactivate_authzs: false
      force: false
-      remaining_days: 10
+      remaining_days: 1
      terms_agreed: true
      account_email: "example@example.org"
      acme_expected_root_number: 0
@ -319,7 +319,7 @@
      modify_account: true
      deactivate_authzs: false
      force: false
-      remaining_days: 10
+      remaining_days: 1
      terms_agreed: true
      account_email: "example@example.org"
      acme_expected_root_number: 2
@ -339,7 +339,7 @@
      certgen_title: Certificate 8
      certificate_name: cert-8
      key_type: rsa
-      rsa_bits: "{{ default_rsa_key_size }}"
+      rsa_bits: "{{ default_rsa_key_size_certificates }}"
      subject_alt_name:
      - "IP:127.0.0.1"
      # IPv4 only since our test validation server doesn't work
@ -351,7 +351,7 @@
      modify_account: true
      deactivate_authzs: false
      force: false
-      remaining_days: 10
+      remaining_days: 1
      terms_agreed: true
      account_email: "example@example.org"
      use_csr_content: true
--- a/tests/integration/targets/acme_certificate/tests/validate.yml
+++ b/tests/integration/targets/acme_certificate/tests/validate.yml
@ -118,15 +118,15 @@
 - name: Check that certificate 5 was not recreated on the first try
  assert:
    that:
-      - cert_5_recreate_1 == False
+      - cert_5_recreate_1 == false
 - name: Check that certificate 5 was recreated on the second try
  assert:
    that:
-      - cert_5_recreate_2 == True
+      - cert_5_recreate_2 == true
 - name: Check that certificate 5 was recreated on the third try
  assert:
    that:
-      - cert_5_recreate_3 == True
+      - cert_5_recreate_3 == true
 - block:
  - name: Check that certificate 6 is valid
--- a/tests/integration/targets/certificate_complete_chain/tasks/create.yml
+++ b/tests/integration/targets/certificate_complete_chain/tasks/create.yml
@ -12,7 +12,7 @@
  - name: Create private keys
    openssl_privatekey:
      path: '{{ remote_tmp_dir }}/{{ item.name }}.key'
-      size: '{{ default_rsa_key_size_certifiates }}'
+      size: '{{ default_rsa_key_size_certificates }}'
    loop: '{{ certificates }}'
  - name: Generate certificates
--- a/tests/integration/targets/certificate_complete_chain/tasks/existing.yml
+++ b/tests/integration/targets/certificate_complete_chain/tasks/existing.yml
@ -120,7 +120,7 @@
 - name: Check failure when no intermediate certificate can be found
  certificate_complete_chain:
-    input_chain: '{{ lookup("file", "cert2.pem", rstrip=True) }}'
+    input_chain: '{{ lookup("file", "cert2.pem", rstrip=true) }}'
    intermediate_certificates:
    - '{{ remote_tmp_dir }}/files/cert1-chain.pem'
    root_certificates:
@ -135,7 +135,7 @@
 - name: Check failure when infinite loop is found
  certificate_complete_chain:
-    input_chain: '{{ lookup("file", "cert1-fullchain.pem", rstrip=True) }}'
+    input_chain: '{{ lookup("file", "cert1-fullchain.pem", rstrip=true) }}'
    intermediate_certificates:
    - '{{ remote_tmp_dir }}/files/roots.pem'
    root_certificates:
--- a/tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml
+++ b/tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml
@ -22,7 +22,7 @@
      - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
      - "['organizationalUnitName', 'ACME Department'] in result.subject_ordered"
      - result.public_key_type == 'RSA'
-      - result.public_key_data.size == (default_rsa_key_size_certifiates | int)
+      - result.public_key_data.size == (default_rsa_key_size_certificates | int)
      - "result.subject_alt_name == [
          'DNS:www.ansible.com',
          'DNS:' ~ ('öç' if cryptography_version.stdout is version('2.1', '<') else 'xn--7ca3a') ~ '.com',
--- a/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml
+++ b/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml
@ -16,14 +16,14 @@
 - name: Generate privatekey
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 - name: Generate privatekey with password
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    passphrase: hunter2
    select_crypto_backend: cryptography
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 - name: Generate CSR 1
  openssl_csr:
--- a/tests/integration/targets/openssl_pkcs12/tasks/main.yml
+++ b/tests/integration/targets/openssl_pkcs12/tasks/main.yml
@ -12,7 +12,7 @@
  - name: Generate private keys
    openssl_privatekey:
      path: '{{ remote_tmp_dir }}/ansible_pkey{{ item }}.pem'
-      size: '{{ default_rsa_key_size_certifiates }}'
+      size: '{{ default_rsa_key_size_certificates }}'
    loop: "{{ range(1, 4) | list }}"
  - name: Generate privatekey with password
--- a/tests/integration/targets/setup_openssl/tasks/main.yml
+++ b/tests/integration/targets/setup_openssl/tasks/main.yml
@ -121,4 +121,4 @@
 - name: Print default key sizes
  debug:
-    msg: "Default RSA key size: {{ default_rsa_key_size }} (for certificates: {{ default_rsa_key_size_certifiates }})"
+    msg: "Default RSA key size: {{ default_rsa_key_size }} (for certificates: {{ default_rsa_key_size_certificates }})"
--- a/tests/integration/targets/setup_openssl/vars/main.yml
+++ b/tests/integration/targets/setup_openssl/vars/main.yml
@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 default_rsa_key_size: 1024
-default_rsa_key_size_certifiates: >-
+default_rsa_key_size_certificates: >-
  {{
      2048 if
        (ansible_os_family == "RedHat" and ansible_facts.distribution_major_version | int >= 8) or
--- a/tests/integration/targets/x509_certificate/tasks/ownca.yml
+++ b/tests/integration/targets/x509_certificate/tasks/ownca.yml
@ -6,14 +6,14 @@
 - name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 - name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey with passphrase
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/ca_privatekey_pw.pem'
    passphrase: hunter2
    select_crypto_backend: cryptography
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 - name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR
  openssl_csr:
--- a/tests/integration/targets/x509_certificate/tasks/removal.yml
+++ b/tests/integration/targets/x509_certificate/tasks/removal.yml
@ -6,7 +6,7 @@
 - name: (Removal, {{select_crypto_backend}}) Generate privatekey
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/removal_privatekey.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 - name: (Removal, {{select_crypto_backend}}) Generate CSR
  openssl_csr:
--- a/tests/integration/targets/x509_certificate/tasks/selfsigned.yml
+++ b/tests/integration/targets/x509_certificate/tasks/selfsigned.yml
@ -6,14 +6,14 @@
 - name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 - name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey with password
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    passphrase: hunter2
    select_crypto_backend: cryptography
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR
  x509_certificate:
@ -138,7 +138,7 @@
 - name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey2
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey2.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 - name: (Selfsigned, {{select_crypto_backend}}) Generate CSR2
  openssl_csr:
@ -200,7 +200,7 @@
 - name: (Selfsigned, {{select_crypto_backend}}) Create private key 3
  openssl_privatekey:
    path: "{{ remote_tmp_dir }}/privatekey3.pem"
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 - name: (Selfsigned, {{select_crypto_backend}}) Create CSR 3
  openssl_csr:
--- a/tests/integration/targets/x509_certificate_convert/tasks/main.yml
+++ b/tests/integration/targets/x509_certificate_convert/tasks/main.yml
@ -16,7 +16,7 @@
 - name: Generate privatekey
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 - name: Generate CSR 1
  openssl_csr:
--- a/tests/integration/targets/x509_certificate_info/tasks/impl.yml
+++ b/tests/integration/targets/x509_certificate_info/tasks/impl.yml
@ -36,7 +36,7 @@
      - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
      - "['organizationalUnitName', 'ACME Department'] in result.subject_ordered"
      - result.public_key_type == 'RSA'
-      - result.public_key_data.size == (default_rsa_key_size_certifiates | int)
+      - result.public_key_data.size == (default_rsa_key_size_certificates | int)
      - "result.subject_alt_name == [
          'DNS:www.ansible.com',
          'DNS:' ~ ('öç' if cryptography_version.stdout is version('2.1', '<') else 'xn--7ca3a') ~ '.com',
--- a/tests/integration/targets/x509_certificate_info/tasks/main.yml
+++ b/tests/integration/targets/x509_certificate_info/tasks/main.yml
@ -16,14 +16,14 @@
 - name: Generate privatekey
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 - name: Generate privatekey with password
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekeypw.pem'
    passphrase: hunter2
    select_crypto_backend: cryptography
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 - name: Generate CSR 1
  openssl_csr:
--- a/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml
+++ b/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml
@ -6,7 +6,7 @@
 - name: "({{ select_crypto_backend }}) Generate privatekey"
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/{{ item }}.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
  loop:
    - privatekey
    - privatekey2
--- a/tests/integration/targets/x509_certificate_pipe/tasks/main.yml
+++ b/tests/integration/targets/x509_certificate_pipe/tasks/main.yml
@ -11,7 +11,7 @@
 - name: Prepare private key for backend autodetection test
  openssl_privatekey:
    path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 - name: Run module with backend autodetection
  x509_certificate_pipe:
    provider: selfsigned