diff --git a/tests/integration/targets/acme_account/tasks/impl.yml b/tests/integration/targets/acme_account/tasks/impl.yml index c9cbf8cf..79fd43eb 100644 --- a/tests/integration/targets/acme_account/tasks/impl.yml +++ b/tests/integration/targets/acme_account/tasks/impl.yml @@ -36,10 +36,10 @@ account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: present - allow_creation: no - ignore_errors: yes + allow_creation: false + ignore_errors: true register: account_not_created - name: Create it now (check mode, diff) @@ -48,14 +48,14 @@ account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: present - allow_creation: yes - terms_agreed: yes + allow_creation: true + terms_agreed: true contact: - mailto:example@example.org - check_mode: yes - diff: yes + check_mode: true + diff: true register: account_created_check - name: Create it now @@ -64,10 +64,10 @@ account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: present - allow_creation: yes - terms_agreed: yes + allow_creation: true + terms_agreed: true contact: - mailto:example@example.org register: account_created @@ -78,10 +78,10 @@ account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: present - allow_creation: yes - terms_agreed: yes + allow_creation: true + terms_agreed: true contact: - mailto:example@example.org register: account_created_idempotent @@ -97,13 +97,13 @@ account_key_content: "{{ slurp.content | b64decode }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: present - # allow_creation: no + # allow_creation: false contact: - mailto:example@example.com - check_mode: yes - diff: yes + check_mode: true + diff: true register: account_modified_check - name: Change email address @@ -112,9 +112,9 @@ account_key_content: "{{ slurp.content | b64decode }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: present - # allow_creation: no + # allow_creation: false contact: - mailto:example@example.com register: account_modified @@ -126,9 +126,9 @@ account_uri: "{{ account_created.account_uri }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: present - # allow_creation: no + # allow_creation: false contact: - mailto:example@example.com register: account_modified_idempotent @@ -140,10 +140,10 @@ account_uri: "{{ account_created.account_uri ~ '12345thisdoesnotexist' }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: present contact: [] - ignore_errors: yes + ignore_errors: true register: account_modified_wrong_uri - name: Clear contact email addresses (check mode, diff) @@ -152,12 +152,12 @@ account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: present - # allow_creation: no + # allow_creation: false contact: [] - check_mode: yes - diff: yes + check_mode: true + diff: true register: account_modified_2_check - name: Clear contact email addresses @@ -166,9 +166,9 @@ account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: present - # allow_creation: no + # allow_creation: false contact: [] register: account_modified_2 @@ -178,9 +178,9 @@ account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: present - # allow_creation: no + # allow_creation: false contact: [] register: account_modified_2_idempotent @@ -190,14 +190,14 @@ account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false new_account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" state: changed_key contact: - mailto:example@example.com - check_mode: yes - diff: yes + check_mode: true + diff: true register: account_change_key_check - name: Change account key @@ -206,7 +206,7 @@ account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false new_account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" state: changed_key @@ -221,10 +221,10 @@ account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: absent - check_mode: yes - diff: yes + check_mode: true + diff: true register: account_deactivate_check - name: Deactivate account @@ -234,7 +234,7 @@ account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: absent register: account_deactivate @@ -245,7 +245,7 @@ account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: absent register: account_deactivate_idempotent @@ -256,10 +256,10 @@ account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: present - allow_creation: no - ignore_errors: yes + allow_creation: false + ignore_errors: true register: account_not_created_2 - name: Do not try to create account III @@ -268,10 +268,10 @@ account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: present - allow_creation: no - ignore_errors: yes + allow_creation: false + ignore_errors: true register: account_not_created_3 - name: Create account with External Account Binding @@ -280,10 +280,10 @@ account_key_src: "{{ remote_tmp_dir }}/{{ item.account }}.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: present - allow_creation: yes - terms_agreed: yes + allow_creation: true + terms_agreed: true contact: - mailto:example@example.org external_account_binding: @@ -291,7 +291,7 @@ alg: "{{ item.alg }}" key: "{{ item.key }}" register: account_created_eab - ignore_errors: yes + ignore_errors: true loop: - account: accountkey3 kid: kid-1 diff --git a/tests/integration/targets/acme_account_info/tasks/impl.yml b/tests/integration/targets/acme_account_info/tasks/impl.yml index 1905d668..f1d53abe 100644 --- a/tests/integration/targets/acme_account_info/tasks/impl.yml +++ b/tests/integration/targets/acme_account_info/tasks/impl.yml @@ -29,7 +29,7 @@ account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false register: account_not_created - name: Create it now @@ -38,10 +38,10 @@ account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: present - allow_creation: yes - terms_agreed: yes + allow_creation: true + terms_agreed: true contact: - mailto:example@example.org @@ -51,7 +51,7 @@ account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false register: account_created - name: Read account key @@ -65,9 +65,9 @@ account_key_content: "{{ slurp.content | b64decode }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false state: present - allow_creation: no + allow_creation: false contact: [] - name: Check that account was modified @@ -76,7 +76,7 @@ account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false account_uri: "{{ account_created.account_uri }}" register: account_modified @@ -86,7 +86,7 @@ account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false account_uri: "{{ account_created.account_uri }}test1234doesnotexists" register: account_not_exist @@ -96,7 +96,7 @@ account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false account_uri: "{{ account_created.account_uri }}" - ignore_errors: yes + ignore_errors: true register: account_wrong_key diff --git a/tests/integration/targets/acme_certificate/tasks/impl.yml b/tests/integration/targets/acme_certificate/tasks/impl.yml index 4d919b76..5d2ab5b9 100644 --- a/tests/integration/targets/acme_certificate/tasks/impl.yml +++ b/tests/integration/targets/acme_certificate/tasks/impl.yml @@ -31,7 +31,7 @@ select_crypto_backend: "{{ select_crypto_backend }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" state: absent - name: Read account key (EC384) @@ -43,11 +43,11 @@ select_crypto_backend: "{{ select_crypto_backend }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false account_key_content: "{{ slurp.content | b64decode }}" state: present - allow_creation: yes - terms_agreed: yes + allow_creation: true + terms_agreed: true contact: - mailto:example@example.org - mailto:example@example.com @@ -56,11 +56,11 @@ select_crypto_backend: "{{ select_crypto_backend }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false account_key_src: "{{ remote_tmp_dir }}/account-rsa.pem" state: present - allow_creation: yes - terms_agreed: yes + allow_creation: true + terms_agreed: true contact: [] ## OBTAIN CERTIFICATES ######################################################################## - name: Obtain cert 1 @@ -71,16 +71,16 @@ key_type: rsa rsa_bits: "{{ default_rsa_key_size }}" subject_alt_name: "DNS:example.com" - subject_alt_name_critical: no + subject_alt_name_critical: false account_key: account-ec256 challenge: http-01 - modify_account: yes - deactivate_authzs: no - force: no + modify_account: true + deactivate_authzs: false + force: false remaining_days: 10 - terms_agreed: yes + terms_agreed: true account_email: "example@example.org" - retrieve_all_alternates: yes + retrieve_all_alternates: true acme_expected_root_number: 1 select_chain: - test_certificates: last @@ -98,17 +98,17 @@ certificate_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else '' }}" key_type: ec256 subject_alt_name: "DNS:*.example.com,DNS:example.com" - subject_alt_name_critical: yes + subject_alt_name_critical: true account_key: account-ec384 challenge: dns-01 - modify_account: no - deactivate_authzs: yes - force: no + modify_account: false + deactivate_authzs: true + force: false remaining_days: 10 - terms_agreed: no + terms_agreed: false account_email: "" acme_expected_root_number: 0 - retrieve_all_alternates: yes + retrieve_all_alternates: true select_chain: # All intermediates have the same subject, so always the first # chain will be found, and we need a second condition to make sure @@ -134,17 +134,17 @@ certificate_name: cert-3 key_type: ec384 subject_alt_name: "DNS:*.example.com,DNS:example.org,DNS:t1.example.com" - subject_alt_name_critical: no + subject_alt_name_critical: false account_key_content: "{{ slurp_account_key.content | b64decode }}" challenge: dns-01 - modify_account: no - deactivate_authzs: no - force: no + modify_account: false + deactivate_authzs: false + force: false remaining_days: 10 - terms_agreed: no + terms_agreed: false account_email: "" acme_expected_root_number: 0 - retrieve_all_alternates: yes + retrieve_all_alternates: true select_chain: - test_certificates: last subject: "{{ acme_roots[1].subject }}" @@ -161,14 +161,14 @@ key_type: rsa rsa_bits: "{{ default_rsa_key_size }}" subject_alt_name: "DNS:example.com,DNS:t1.example.com,DNS:test.t2.example.com,DNS:example.org,DNS:test.example.org" - subject_alt_name_critical: no + subject_alt_name_critical: false account_key: account-rsa challenge: http-01 - modify_account: no - deactivate_authzs: yes - force: yes + modify_account: false + deactivate_authzs: true + force: true remaining_days: 10 - terms_agreed: no + terms_agreed: false account_email: "" acme_expected_root_number: 2 select_chain: @@ -188,14 +188,14 @@ certificate_name: cert-5 key_type: ec521 subject_alt_name: "DNS:t2.example.com" - subject_alt_name_critical: no + subject_alt_name_critical: false account_key: account-ec384 challenge: http-01 - modify_account: no - deactivate_authzs: yes - force: yes + modify_account: false + deactivate_authzs: true + force: true remaining_days: 10 - terms_agreed: no + terms_agreed: false account_email: "" use_csr_content: true - name: Store obtain results for cert 5a @@ -209,14 +209,14 @@ certificate_name: cert-5 key_type: ec521 subject_alt_name: "DNS:t2.example.com" - subject_alt_name_critical: no + subject_alt_name_critical: false account_key: account-ec384 challenge: http-01 - modify_account: no - deactivate_authzs: yes - force: no + modify_account: false + deactivate_authzs: true + force: false remaining_days: 10 - terms_agreed: no + terms_agreed: false account_email: "" use_csr_content: false - name: Store obtain results for cert 5b @@ -229,14 +229,14 @@ certificate_name: cert-5 key_type: ec521 subject_alt_name: "DNS:t2.example.com" - subject_alt_name_critical: no + subject_alt_name_critical: false account_key: account-ec384 challenge: http-01 - modify_account: no - deactivate_authzs: yes - force: yes + modify_account: false + deactivate_authzs: true + force: true remaining_days: 1000 - terms_agreed: no + terms_agreed: false account_email: "" use_csr_content: true - name: Store obtain results for cert 5c @@ -254,14 +254,14 @@ certificate_name: cert-5 key_type: ec521 subject_alt_name: "DNS:t2.example.com" - subject_alt_name_critical: no + subject_alt_name_critical: false account_key_content: "{{ slurp_account_key.content | b64decode }}" challenge: http-01 - modify_account: no - deactivate_authzs: yes - force: yes + modify_account: false + deactivate_authzs: true + force: true remaining_days: 10 - terms_agreed: no + terms_agreed: false account_email: "" use_csr_content: false - name: Store obtain results for cert 5d @@ -277,14 +277,14 @@ key_type: rsa rsa_bits: "{{ default_rsa_key_size }}" subject_alt_name: "DNS:example.org" - subject_alt_name_critical: no + subject_alt_name_critical: false account_key: account-ec256 challenge: tls-alpn-01 - modify_account: yes - deactivate_authzs: no - force: no + modify_account: true + deactivate_authzs: false + force: false remaining_days: 10 - terms_agreed: yes + terms_agreed: true account_email: "example@example.org" acme_expected_root_number: 0 select_chain: @@ -313,14 +313,14 @@ subject_alt_name: - "IP:127.0.0.1" # - "IP:::1" - subject_alt_name_critical: no + subject_alt_name_critical: false account_key: account-ec256 challenge: http-01 - modify_account: yes - deactivate_authzs: no - force: no + modify_account: true + deactivate_authzs: false + force: false remaining_days: 10 - terms_agreed: yes + terms_agreed: true account_email: "example@example.org" acme_expected_root_number: 2 select_chain: @@ -344,15 +344,15 @@ - "IP:127.0.0.1" # IPv4 only since our test validation server doesn't work # with IPv6 (thanks to Python's socketserver). - subject_alt_name_critical: no + subject_alt_name_critical: false account_key: account-ec256 challenge: tls-alpn-01 challenge_alpn_tls: acme_challenge_cert_helper - modify_account: yes - deactivate_authzs: no - force: no + modify_account: true + deactivate_authzs: false + force: false remaining_days: 10 - terms_agreed: yes + terms_agreed: true account_email: "example@example.org" use_csr_content: true - name: Store obtain results for cert 8 @@ -364,37 +364,37 @@ # Make sure certificates are valid. Root certificate for Pebble equals the chain certificate. - name: Verifying cert 1 command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-1-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-1-chain.pem" "{{ remote_tmp_dir }}/cert-1.pem"' - ignore_errors: yes + ignore_errors: true register: cert_1_valid - name: Verifying cert 2 command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-2-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-2-chain.pem" "{{ remote_tmp_dir }}/cert-2.pem"' - ignore_errors: yes + ignore_errors: true register: cert_2_valid - name: Verifying cert 3 command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-3-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-3-chain.pem" "{{ remote_tmp_dir }}/cert-3.pem"' - ignore_errors: yes + ignore_errors: true register: cert_3_valid - name: Verifying cert 4 command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-4-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-4-chain.pem" "{{ remote_tmp_dir }}/cert-4.pem"' - ignore_errors: yes + ignore_errors: true register: cert_4_valid - name: Verifying cert 5 command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-5-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-5-chain.pem" "{{ remote_tmp_dir }}/cert-5.pem"' - ignore_errors: yes + ignore_errors: true register: cert_5_valid - name: Verifying cert 6 command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-6-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-6-chain.pem" "{{ remote_tmp_dir }}/cert-6.pem"' - ignore_errors: yes + ignore_errors: true register: cert_6_valid when: acme_intermediates[0].subject_key_identifier is defined - name: Verifying cert 7 command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-7-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-7-chain.pem" "{{ remote_tmp_dir }}/cert-7.pem"' - ignore_errors: yes + ignore_errors: true register: cert_7_valid when: acme_roots[2].subject_key_identifier is defined - name: Verifying cert 8 command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-8-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-8-chain.pem" "{{ remote_tmp_dir }}/cert-8.pem"' - ignore_errors: yes + ignore_errors: true register: cert_8_valid when: cryptography_version.stdout is version('1.3', '>=') # Dump certificate info @@ -468,7 +468,7 @@ account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false retrieve_orders: ignore register: account_orders_not - name: Retrieve orders as URL list (1/2) @@ -477,7 +477,7 @@ account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false retrieve_orders: url_list register: account_orders_urls - name: Retrieve orders as URL list (2/2) @@ -486,7 +486,7 @@ account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false retrieve_orders: url_list register: account_orders_urls2 - name: Retrieve orders as object list (1/2) @@ -495,7 +495,7 @@ account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false retrieve_orders: object_list register: account_orders_full - name: Retrieve orders as object list (2/2) @@ -504,6 +504,6 @@ account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false retrieve_orders: object_list register: account_orders_full2 diff --git a/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml b/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml index 698619f8..c04d7d01 100644 --- a/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml +++ b/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml @@ -38,14 +38,14 @@ key_type: rsa rsa_bits: "{{ default_rsa_key_size }}" subject_alt_name: "DNS:example.com" - subject_alt_name_critical: no + subject_alt_name_critical: false account_key_content: "{{ slurp_account_key.content | b64decode }}" challenge: http-01 - modify_account: yes - deactivate_authzs: no - force: no + modify_account: true + deactivate_authzs: false + force: false remaining_days: 10 - terms_agreed: yes + terms_agreed: true account_email: "example@example.org" - name: Obtain cert 2 include_tasks: obtain-cert.yml @@ -55,14 +55,14 @@ certificate_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else '' }}" key_type: ec256 subject_alt_name: "DNS:*.example.com" - subject_alt_name_critical: yes + subject_alt_name_critical: true account_key: account-ec384 challenge: dns-01 - modify_account: yes - deactivate_authzs: yes - force: no + modify_account: true + deactivate_authzs: true + force: false remaining_days: 10 - terms_agreed: yes + terms_agreed: true account_email: "example@example.org" - name: Obtain cert 3 include_tasks: obtain-cert.yml @@ -71,14 +71,14 @@ certificate_name: cert-3 key_type: ec384 subject_alt_name: "DNS:t1.example.com" - subject_alt_name_critical: no + subject_alt_name_critical: false account_key: account-rsa challenge: dns-01 - modify_account: yes - deactivate_authzs: no - force: no + modify_account: true + deactivate_authzs: false + force: false remaining_days: 10 - terms_agreed: yes + terms_agreed: true account_email: "example@example.org" ## REVOKE CERTIFICATES ######################################################################## - name: Revoke certificate 1 via account key @@ -88,8 +88,8 @@ certificate: "{{ remote_tmp_dir }}/cert-1.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no - ignore_errors: yes + validate_certs: false + ignore_errors: true register: cert_1_revoke - name: Revoke certificate 2 via certificate private key acme_certificate_revoke: @@ -99,8 +99,8 @@ certificate: "{{ remote_tmp_dir }}/cert-2.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no - ignore_errors: yes + validate_certs: false + ignore_errors: true register: cert_2_revoke - name: Read account key (RSA) slurp: @@ -113,6 +113,6 @@ certificate: "{{ remote_tmp_dir }}/cert-3-fullchain.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no - ignore_errors: yes + validate_certs: false + ignore_errors: true register: cert_3_revoke diff --git a/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml b/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml index 6a8b0188..ef40ec60 100644 --- a/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml +++ b/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml @@ -24,15 +24,15 @@ key_type: rsa rsa_bits: "{{ default_rsa_key_size }}" subject_alt_name: "DNS:example.com" - subject_alt_name_critical: no + subject_alt_name_critical: false account_key: account-ec256 challenge: tls-alpn-01 challenge_alpn_tls: acme_challenge_cert_helper - modify_account: yes - deactivate_authzs: no - force: no + modify_account: true + deactivate_authzs: false + force: false remaining_days: 10 - terms_agreed: yes + terms_agreed: true account_email: "example@example.org" when: cryptography_version.stdout is version('1.5', '>=') diff --git a/tests/integration/targets/acme_inspect/tasks/impl.yml b/tests/integration/targets/acme_inspect/tasks/impl.yml index b2dd9e0b..4eed1031 100644 --- a/tests/integration/targets/acme_inspect/tasks/impl.yml +++ b/tests/integration/targets/acme_inspect/tasks/impl.yml @@ -26,7 +26,7 @@ acme_inspect: acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 - validate_certs: no + validate_certs: false method: directory-only register: directory - debug: var=directory @@ -35,7 +35,7 @@ acme_inspect: acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 - validate_certs: no + validate_certs: false account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" url: "{{ directory.directory.newAccount}}" method: post @@ -49,7 +49,7 @@ acme_inspect: acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 - validate_certs: no + validate_certs: false account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_creation.headers.location }}" url: "{{ account_creation.headers.location }}" @@ -61,7 +61,7 @@ acme_inspect: acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 - validate_certs: no + validate_certs: false account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_creation.headers.location }}" url: "{{ account_creation.headers.location }}" @@ -80,7 +80,7 @@ acme_inspect: acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 - validate_certs: no + validate_certs: false account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_creation.headers.location }}" url: "{{ directory.directory.newOrder }}" @@ -103,7 +103,7 @@ acme_inspect: acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 - validate_certs: no + validate_certs: false account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_creation.headers.location }}" url: "{{ new_order.headers.location }}" @@ -115,7 +115,7 @@ acme_inspect: acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 - validate_certs: no + validate_certs: false account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_creation.headers.location }}" url: "{{ item }}" @@ -128,7 +128,7 @@ acme_inspect: acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 - validate_certs: no + validate_certs: false account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_creation.headers.location }}" url: "{{ (item.challenges | selectattr('type', 'equalto', 'http-01') | list)[0].url }}" @@ -141,7 +141,7 @@ acme_inspect: acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 - validate_certs: no + validate_certs: false account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_creation.headers.location }}" url: "{{ item.url }}" @@ -155,7 +155,7 @@ acme_inspect: acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 - validate_certs: no + validate_certs: false account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_creation.headers.location }}" url: "{{ item.url }}" diff --git a/tests/integration/targets/certificate_complete_chain/tasks/created.yml b/tests/integration/targets/certificate_complete_chain/tasks/created.yml index 5a41972d..bbd86c6a 100644 --- a/tests/integration/targets/certificate_complete_chain/tasks/created.yml +++ b/tests/integration/targets/certificate_complete_chain/tasks/created.yml @@ -17,7 +17,7 @@ - '{{ remote_tmp_dir }}/a-root.pem' - name: Case B => doesn't work, but this is expected - failed_when: no + failed_when: false register: caseb certificate_complete_chain: input_chain: "{{ read_certificates['d-leaf'] }}" diff --git a/tests/integration/targets/filter_openssl_csr_info/tasks/main.yml b/tests/integration/targets/filter_openssl_csr_info/tasks/main.yml index e68c0410..09446941 100644 --- a/tests/integration/targets/filter_openssl_csr_info/tasks/main.yml +++ b/tests/integration/targets/filter_openssl_csr_info/tasks/main.yml @@ -48,7 +48,7 @@ emailAddress: test@example.com postalAddress: 1234 Somewhere postalCode: "1234" - useCommonNameForSAN: no + useCommonNameForSAN: false key_usage: - digitalSignature - keyAgreement @@ -59,7 +59,7 @@ - cRLSign - Encipher Only - decipherOnly - key_usage_critical: yes + key_usage_critical: true extended_key_usage: - serverAuth # the same as "TLS Web Server Authentication" - TLS Web Server Authentication @@ -83,8 +83,8 @@ basic_constraints: - "CA:TRUE" - "pathlen:23" - basic_constraints_critical: yes - ocsp_must_staple: yes + basic_constraints_critical: true + ocsp_must_staple: true subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}' @@ -99,7 +99,7 @@ path: '{{ remote_tmp_dir }}/csr_2.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: hunter2 - useCommonNameForSAN: no + useCommonNameForSAN: false basic_constraints: - "CA:TRUE" @@ -107,7 +107,7 @@ openssl_csr: path: '{{ remote_tmp_dir }}/csr_3.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' - useCommonNameForSAN: no + useCommonNameForSAN: false subject_alt_name: - "DNS:*.ansible.com" - "DNS:*.example.org" @@ -125,7 +125,7 @@ openssl_csr: path: '{{ remote_tmp_dir }}/csr_4.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' - useCommonNameForSAN: no + useCommonNameForSAN: false authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' - name: Running tests diff --git a/tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml b/tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml index 9985d7f1..d4f5df0a 100644 --- a/tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml +++ b/tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml @@ -44,7 +44,7 @@ set_fact: result_: >- {{ lookup('file', remote_tmp_dir ~ '/privatekey_3.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }} - ignore_errors: yes + ignore_errors: true register: result - name: Check that loading passphrase protected key without passphrase failed diff --git a/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml b/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml index 7a28644c..37b1fccd 100644 --- a/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml +++ b/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml @@ -49,7 +49,7 @@ emailAddress: test@example.com postalAddress: 1234 Somewhere postalCode: "1234" - useCommonNameForSAN: no + useCommonNameForSAN: false key_usage: - digitalSignature - keyAgreement @@ -60,7 +60,7 @@ - cRLSign - Encipher Only - decipherOnly - key_usage_critical: yes + key_usage_critical: true extended_key_usage: - serverAuth # the same as "TLS Web Server Authentication" - TLS Web Server Authentication @@ -86,8 +86,8 @@ basic_constraints: - "CA:TRUE" - "pathlen:23" - basic_constraints_critical: yes - ocsp_must_staple: yes + basic_constraints_critical: true + ocsp_must_staple: true subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}' @@ -102,7 +102,7 @@ path: '{{ remote_tmp_dir }}/csr_2.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: hunter2 - useCommonNameForSAN: no + useCommonNameForSAN: false basic_constraints: - "CA:TRUE" @@ -110,7 +110,7 @@ openssl_csr: path: '{{ remote_tmp_dir }}/csr_3.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' - useCommonNameForSAN: no + useCommonNameForSAN: false subject_alt_name: - "DNS:*.ansible.com" - "DNS:*.example.org" @@ -128,7 +128,7 @@ openssl_csr: path: '{{ remote_tmp_dir }}/csr_4.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' - useCommonNameForSAN: no + useCommonNameForSAN: false authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' - name: Generate selfsigned certificates diff --git a/tests/integration/targets/filter_x509_crl_info/tasks/impl.yml b/tests/integration/targets/filter_x509_crl_info/tasks/impl.yml index 7456da3e..29bc0c52 100644 --- a/tests/integration/targets/filter_x509_crl_info/tasks/impl.yml +++ b/tests/integration/targets/filter_x509_crl_info/tasks/impl.yml @@ -17,7 +17,7 @@ - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z @@ -84,7 +84,7 @@ - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z @@ -127,11 +127,11 @@ revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - ignore_timestamps: no + ignore_timestamps: false mode: update - return_content: yes + return_content: true register: crl_2_change - name: Retrieve CRL 2 infos @@ -153,11 +153,11 @@ revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z ignore_timestamps: true mode: update - return_content: yes + return_content: true register: crl_2_change_order - name: Retrieve CRL 2 infos again diff --git a/tests/integration/targets/filter_x509_crl_info/tasks/main.yml b/tests/integration/targets/filter_x509_crl_info/tasks/main.yml index f043956f..0270b07d 100644 --- a/tests/integration/targets/filter_x509_crl_info/tasks/main.yml +++ b/tests/integration/targets/filter_x509_crl_info/tasks/main.yml @@ -18,11 +18,11 @@ - name: ca subject: commonName: Ansible - is_ca: yes + is_ca: true - name: ca-2 subject: commonName: Ansible Other CA - is_ca: yes + is_ca: true - name: cert-1 subject_alt_name: - DNS:ansible.com @@ -52,7 +52,7 @@ subject: "{{ item.subject | default(omit) }}" subject_alt_name: "{{ item.subject_alt_name | default(omit) }}" basic_constraints: "{{ 'CA:TRUE' if item.is_ca | default(false) else omit }}" - use_common_name_for_san: no + use_common_name_for_san: false loop: "{{ certificates }}" - name: Generate CA certificates diff --git a/tests/integration/targets/get_certificate/tests/validate.yml b/tests/integration/targets/get_certificate/tests/validate.yml index dd38b879..74e53feb 100644 --- a/tests/integration/targets/get_certificate/tests/validate.yml +++ b/tests/integration/targets/get_certificate/tests/validate.yml @@ -131,10 +131,10 @@ privatekey_path: '{{ remote_tmp_dir }}/bogus_ca.key' subject: commonName: Bogus CA - useCommonNameForSAN: no + useCommonNameForSAN: false basic_constraints: - 'CA:TRUE' - basic_constraints_critical: yes + basic_constraints_critical: true - name: Generate selfsigned bogus CA certificate x509_certificate: diff --git a/tests/integration/targets/luks_device/tasks/main.yml b/tests/integration/targets/luks_device/tasks/main.yml index 4ba75412..2570fa31 100644 --- a/tests/integration/targets/luks_device/tasks/main.yml +++ b/tests/integration/targets/luks_device/tasks/main.yml @@ -80,11 +80,11 @@ luks_device: device: "{{ cryptfile_device }}" state: absent - become: yes - ignore_errors: yes + become: true + ignore_errors: true - command: losetup -d "{{ cryptfile_device }}" - become: yes + become: true - file: dest: "{{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile" diff --git a/tests/integration/targets/luks_device/tasks/run-test.yml b/tests/integration/targets/luks_device/tasks/run-test.yml index 8d0f65bb..eff7ac73 100644 --- a/tests/integration/targets/luks_device/tasks/run-test.yml +++ b/tests/integration/targets/luks_device/tasks/run-test.yml @@ -7,6 +7,6 @@ luks_device: device: "{{ cryptfile_device }}" state: absent - become: yes + become: true - name: "Loading tasks from {{ item }}" include_tasks: "{{ item }}" diff --git a/tests/integration/targets/luks_device/tasks/tests/create-destroy.yml b/tests/integration/targets/luks_device/tasks/tests/create-destroy.yml index 93f83f0d..7210b9e3 100644 --- a/tests/integration/targets/luks_device/tasks/tests/create-destroy.yml +++ b/tests/integration/targets/luks_device/tasks/tests/create-destroy.yml @@ -10,8 +10,8 @@ keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 - check_mode: yes - become: yes + check_mode: true + become: true register: create_check - name: Create luks_device: @@ -20,7 +20,7 @@ keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 - become: yes + become: true register: create - name: Create (idempotent) luks_device: @@ -29,7 +29,7 @@ keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 - become: yes + become: true register: create_idem - name: Create (idempotent, check) luks_device: @@ -38,8 +38,8 @@ keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 - check_mode: yes - become: yes + check_mode: true + become: true register: create_idem_check - assert: that: @@ -53,30 +53,30 @@ device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" - check_mode: yes - become: yes + check_mode: true + become: true register: open_check - name: Open luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" - become: yes + become: true register: open - name: Open (idempotent) luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" - become: yes + become: true register: open_idem - name: Open (idempotent, check) luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" - check_mode: yes - become: yes + check_mode: true + become: true register: open_idem_check - assert: that: @@ -89,27 +89,27 @@ luks_device: name: "{{ open.name }}" state: closed - check_mode: yes - become: yes + check_mode: true + become: true register: close_check - name: Closed (via name) luks_device: name: "{{ open.name }}" state: closed - become: yes + become: true register: close - name: Closed (via name, idempotent) luks_device: name: "{{ open.name }}" state: closed - become: yes + become: true register: close_idem - name: Closed (via name, idempotent, check) luks_device: name: "{{ open.name }}" state: closed - check_mode: yes - become: yes + check_mode: true + become: true register: close_idem_check - assert: that: @@ -123,33 +123,33 @@ device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" - become: yes + become: true - name: Closed (via device, check) luks_device: device: "{{ cryptfile_device }}" state: closed - check_mode: yes - become: yes + check_mode: true + become: true register: close_check - name: Closed (via device) luks_device: device: "{{ cryptfile_device }}" state: closed - become: yes + become: true register: close - name: Closed (via device, idempotent) luks_device: device: "{{ cryptfile_device }}" state: closed - become: yes + become: true register: close_idem - name: Closed (via device, idempotent, check) luks_device: device: "{{ cryptfile_device }}" state: closed - check_mode: yes - become: yes + check_mode: true + become: true register: close_idem_check - assert: that: @@ -163,33 +163,33 @@ device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" - become: yes + become: true - name: Absent (check) luks_device: device: "{{ cryptfile_device }}" state: absent - check_mode: yes - become: yes + check_mode: true + become: true register: absent_check - name: Absent luks_device: device: "{{ cryptfile_device }}" state: absent - become: yes + become: true register: absent - name: Absent (idempotence) luks_device: device: "{{ cryptfile_device }}" state: absent - become: yes + become: true register: absent_idem - name: Absent (idempotence, check) luks_device: device: "{{ cryptfile_device }}" state: absent - check_mode: yes - become: yes + check_mode: true + become: true register: absent_idem_check - assert: that: diff --git a/tests/integration/targets/luks_device/tasks/tests/device-check.yml b/tests/integration/targets/luks_device/tasks/tests/device-check.yml index 448b8bc1..e6f8a6a1 100644 --- a/tests/integration/targets/luks_device/tasks/tests/device-check.yml +++ b/tests/integration/targets/luks_device/tasks/tests/device-check.yml @@ -10,9 +10,9 @@ keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 - check_mode: yes - ignore_errors: yes - become: yes + check_mode: true + ignore_errors: true + become: true register: create_check - name: Create with invalid device name luks_device: @@ -21,8 +21,8 @@ keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 - ignore_errors: yes - become: yes + ignore_errors: true + become: true register: create - assert: that: @@ -38,9 +38,9 @@ keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 - check_mode: yes - ignore_errors: yes - become: yes + check_mode: true + ignore_errors: true + become: true register: create_check - name: Create with something which is not a device luks_device: @@ -49,8 +49,8 @@ keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 - ignore_errors: yes - become: yes + ignore_errors: true + become: true register: create - assert: that: diff --git a/tests/integration/targets/luks_device/tasks/tests/key-management.yml b/tests/integration/targets/luks_device/tasks/tests/key-management.yml index 11fa4e55..302509de 100644 --- a/tests/integration/targets/luks_device/tasks/tests/key-management.yml +++ b/tests/integration/targets/luks_device/tasks/tests/key-management.yml @@ -10,7 +10,7 @@ keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 - become: yes + become: true # Access: keyfile1 @@ -19,8 +19,8 @@ device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: open_try - assert: that: @@ -29,15 +29,15 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - become: yes + become: true - name: Try to open with keyfile2 luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile2" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: open_try - assert: that: @@ -51,7 +51,7 @@ new_keyfile: "{{ remote_tmp_dir }}/keyfile2" pbkdf: iteration_time: 0.1 - become: yes + become: true register: result_1 - name: Give access to keyfile2 (idempotent) @@ -60,7 +60,7 @@ state: closed keyfile: "{{ remote_tmp_dir }}/keyfile1" new_keyfile: "{{ remote_tmp_dir }}/keyfile2" - become: yes + become: true register: result_2 - assert: @@ -75,8 +75,8 @@ device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile2" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: open_try - assert: that: @@ -85,11 +85,11 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - become: yes + become: true - name: Dump LUKS header command: "cryptsetup luksDump {{ cryptfile_device }}" - become: yes + become: true - name: Remove access from keyfile1 luks_device: @@ -97,7 +97,7 @@ state: closed keyfile: "{{ remote_tmp_dir }}/keyfile1" remove_keyfile: "{{ remote_tmp_dir }}/keyfile1" - become: yes + become: true register: result_1 - name: Remove access from keyfile1 (idempotent) @@ -106,7 +106,7 @@ state: closed keyfile: "{{ remote_tmp_dir }}/keyfile1" remove_keyfile: "{{ remote_tmp_dir }}/keyfile1" - become: yes + become: true register: result_2 - assert: @@ -121,8 +121,8 @@ device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: open_try - assert: that: @@ -133,8 +133,8 @@ device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile2" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: open_try - assert: that: @@ -143,11 +143,11 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - become: yes + become: true - name: Dump LUKS header command: "cryptsetup luksDump {{ cryptfile_device }}" - become: yes + become: true - name: Remove access from keyfile2 luks_device: @@ -155,8 +155,8 @@ state: closed keyfile: "{{ remote_tmp_dir }}/keyfile2" remove_keyfile: "{{ remote_tmp_dir }}/keyfile2" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: remove_last_key - assert: that: @@ -170,8 +170,8 @@ device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile2" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: open_try - assert: that: @@ -180,7 +180,7 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - become: yes + become: true - name: Remove access from keyfile2 luks_device: @@ -188,8 +188,8 @@ state: closed keyfile: "{{ remote_tmp_dir }}/keyfile2" remove_keyfile: "{{ remote_tmp_dir }}/keyfile2" - force_remove_last_key: yes - become: yes + force_remove_last_key: true + become: true # Access: none @@ -198,8 +198,8 @@ device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile2" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: open_try - assert: that: diff --git a/tests/integration/targets/luks_device/tasks/tests/options.yml b/tests/integration/targets/luks_device/tasks/tests/options.yml index 633d32b6..64df0951 100644 --- a/tests/integration/targets/luks_device/tasks/tests/options.yml +++ b/tests/integration/targets/luks_device/tasks/tests/options.yml @@ -12,7 +12,7 @@ pbkdf: algorithm: pbkdf2 iteration_count: 1000 - become: yes + become: true register: create_with_keysize - name: Create with keysize (idempotent) luks_device: @@ -23,7 +23,7 @@ pbkdf: algorithm: pbkdf2 iteration_count: 1000 - become: yes + become: true register: create_idem_with_keysize - name: Create with different keysize (idempotent since we do not update keysize) luks_device: @@ -34,7 +34,7 @@ pbkdf: algorithm: pbkdf2 iteration_count: 1000 - become: yes + become: true register: create_idem_with_diff_keysize - name: Create with ambiguous arguments luks_device: @@ -45,8 +45,8 @@ pbkdf: algorithm: pbkdf2 iteration_count: 1000 - ignore_errors: yes - become: yes + ignore_errors: true + become: true register: create_with_ambiguous - assert: diff --git a/tests/integration/targets/luks_device/tasks/tests/passphrase.yml b/tests/integration/targets/luks_device/tasks/tests/passphrase.yml index af94aaf0..19551ecc 100644 --- a/tests/integration/targets/luks_device/tasks/tests/passphrase.yml +++ b/tests/integration/targets/luks_device/tasks/tests/passphrase.yml @@ -15,8 +15,8 @@ memory: 1000 parallel: 1 sector_size: 1024 - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: create_passphrase_1 - name: Make sure that the previous task only fails if LUKS2 is not supported @@ -32,7 +32,7 @@ passphrase: "{{ cryptfile_passphrase1 }}" pbkdf: iteration_time: 0.1 - become: yes + become: true when: create_passphrase_1 is failed - name: Open with passphrase1 @@ -40,8 +40,8 @@ device: "{{ cryptfile_device }}" state: opened passphrase: "{{ cryptfile_passphrase1 }}" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: open_try - assert: that: @@ -50,7 +50,7 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - become: yes + become: true - name: Give access with ambiguous new_ arguments luks_device: @@ -61,8 +61,8 @@ new_keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: new_try - assert: that: @@ -73,8 +73,8 @@ device: "{{ cryptfile_device }}" state: opened passphrase: "{{ cryptfile_passphrase2 }}" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: open_try - assert: that: @@ -88,7 +88,7 @@ new_passphrase: "{{ cryptfile_passphrase2 }}" pbkdf: iteration_time: 0.1 - become: yes + become: true register: result_1 - name: Give access to passphrase2 (idempotent) @@ -97,7 +97,7 @@ state: closed passphrase: "{{ cryptfile_passphrase1 }}" new_passphrase: "{{ cryptfile_passphrase2 }}" - become: yes + become: true register: result_2 - assert: @@ -110,8 +110,8 @@ device: "{{ cryptfile_device }}" state: opened passphrase: "{{ cryptfile_passphrase2 }}" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: open_try - assert: that: @@ -120,15 +120,15 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - become: yes + become: true - name: Try to open with keyfile1 luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: open_try - assert: that: @@ -142,7 +142,7 @@ new_keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 - become: yes + become: true - name: Remove access with ambiguous remove_ arguments luks_device: @@ -150,8 +150,8 @@ state: closed remove_keyfile: "{{ remote_tmp_dir }}/keyfile1" remove_passphrase: "{{ cryptfile_passphrase1 }}" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: remove_try - assert: that: @@ -162,8 +162,8 @@ device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: open_try - assert: that: @@ -172,14 +172,14 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - become: yes + become: true - name: Remove access for passphrase1 luks_device: device: "{{ cryptfile_device }}" state: closed remove_passphrase: "{{ cryptfile_passphrase1 }}" - become: yes + become: true register: result_1 - name: Remove access for passphrase1 (idempotent) @@ -187,7 +187,7 @@ device: "{{ cryptfile_device }}" state: closed remove_passphrase: "{{ cryptfile_passphrase1 }}" - become: yes + become: true register: result_2 - assert: @@ -200,8 +200,8 @@ device: "{{ cryptfile_device }}" state: opened passphrase: "{{ cryptfile_passphrase1 }}" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: open_try - assert: that: @@ -212,8 +212,8 @@ device: "{{ cryptfile_device }}" state: opened passphrase: "{{ cryptfile_passphrase3 }}" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: open_try - assert: that: @@ -227,15 +227,15 @@ new_passphrase: "{{ cryptfile_passphrase3 }}" pbkdf: iteration_time: 0.1 - become: yes + become: true - name: Open with passphrase3 luks_device: device: "{{ cryptfile_device }}" state: opened passphrase: "{{ cryptfile_passphrase3 }}" - become: yes - ignore_errors: yes + become: true + ignore_errors: true register: open_try - assert: that: @@ -244,4 +244,4 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - become: yes + become: true diff --git a/tests/integration/targets/luks_device/tasks/tests/performance.yml b/tests/integration/targets/luks_device/tasks/tests/performance.yml index fe65273d..57262551 100644 --- a/tests/integration/targets/luks_device/tasks/tests/performance.yml +++ b/tests/integration/targets/luks_device/tasks/tests/performance.yml @@ -17,8 +17,8 @@ persistent: true pbkdf: iteration_time: 0.1 - check_mode: yes - become: yes + check_mode: true + become: true register: create_open_check - name: Create and open luks_device: @@ -32,7 +32,7 @@ perf_no_read_workqueue: true perf_no_write_workqueue: true persistent: true - become: yes + become: true register: create_open - name: Create and open (idempotent) luks_device: @@ -46,7 +46,7 @@ perf_no_read_workqueue: true perf_no_write_workqueue: true persistent: true - become: yes + become: true register: create_open_idem - name: Create and open (idempotent, check) luks_device: @@ -60,8 +60,8 @@ perf_no_read_workqueue: true perf_no_write_workqueue: true persistent: true - check_mode: yes - become: yes + check_mode: true + become: true register: create_open_idem_check - assert: that: @@ -72,7 +72,7 @@ - name: Dump LUKS Header command: "cryptsetup luksDump {{ cryptfile_device }}" - become: yes + become: true register: luks_header - assert: that: @@ -83,7 +83,7 @@ - name: Dump device mapper table command: "dmsetup table {{ create_open.name }}" - become: yes + become: true register: dm_table - assert: that: @@ -96,7 +96,7 @@ luks_device: name: "{{ cryptfile_device }}" state: absent - become: yes + become: true when: - ansible_facts.kernel is version('5.9.0', '>=') diff --git a/tests/integration/targets/openssl_csr/tasks/impl.yml b/tests/integration/targets/openssl_csr/tasks/impl.yml index bed152f5..7ac220e5 100644 --- a/tests/integration/targets/openssl_csr/tasks/impl.yml +++ b/tests/integration/targets/openssl_csr/tasks/impl.yml @@ -20,8 +20,8 @@ subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes - check_mode: yes + return_content: true + check_mode: true register: generate_csr_check - name: "({{ select_crypto_backend }}) Generate CSR" @@ -31,7 +31,7 @@ subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: generate_csr - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" @@ -41,7 +41,7 @@ subject_ordered: - commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: generate_csr_idempotent - name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)" @@ -51,8 +51,8 @@ subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes - check_mode: yes + return_content: true + check_mode: true register: generate_csr_idempotent_check - name: "({{ select_crypto_backend }}) Generate CSR without SAN (check mode)" @@ -61,9 +61,9 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com - useCommonNameForSAN: no + useCommonNameForSAN: false select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true register: generate_csr_nosan_check - name: "({{ select_crypto_backend }}) Generate CSR without SAN" @@ -72,7 +72,7 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com - useCommonNameForSAN: no + useCommonNameForSAN: false select_crypto_backend: '{{ select_crypto_backend }}' register: generate_csr_nosan @@ -82,7 +82,7 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com - useCommonNameForSAN: no + useCommonNameForSAN: false select_crypto_backend: '{{ select_crypto_backend }}' register: generate_csr_nosan_check_idempotent @@ -92,9 +92,9 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com - useCommonNameForSAN: no + useCommonNameForSAN: false select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true register: generate_csr_nosan_check_idempotent_check # keyUsage longname and shortname should be able to be used @@ -179,7 +179,7 @@ subject_alt_name: invalid-san.example.com select_crypto_backend: '{{ select_crypto_backend }}' register: generate_csr_invalid_san - ignore_errors: yes + ignore_errors: true - name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (2/2)" openssl_csr: @@ -188,7 +188,7 @@ subject_alt_name: "DNS:system:kube-controller-manager" select_crypto_backend: '{{ select_crypto_backend }}' register: generate_csr_invalid_san_2 - ignore_errors: yes + ignore_errors: true - name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple" openssl_csr: @@ -227,7 +227,7 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' subject: commonName: This is for Ansible - useCommonNameForSAN: no + useCommonNameForSAN: false select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate CSR with country name" @@ -263,7 +263,7 @@ C: dex select_crypto_backend: '{{ select_crypto_backend }}' register: country_fail_4 - ignore_errors: yes + ignore_errors: true - name: "({{ select_crypto_backend }}) Generate privatekey with password" openssl_privatekey: @@ -300,7 +300,7 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_passphrase: hunter2 select_crypto_backend: '{{ select_crypto_backend }}' - ignore_errors: yes + ignore_errors: true register: passphrase_error_1 - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 2)" @@ -309,7 +309,7 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: wrong_password select_crypto_backend: '{{ select_crypto_backend }}' - ignore_errors: yes + ignore_errors: true register: passphrase_error_2 - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 3)" @@ -317,7 +317,7 @@ path: '{{ remote_tmp_dir }}/csr_pw3.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' select_crypto_backend: '{{ select_crypto_backend }}' - ignore_errors: yes + ignore_errors: true register: passphrase_error_3 - name: "({{ select_crypto_backend }}) Create broken CSR" @@ -330,7 +330,7 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' subject: commonName: This is for Ansible - useCommonNameForSAN: no + useCommonNameForSAN: false select_crypto_backend: '{{ select_crypto_backend }}' register: output_broken @@ -340,7 +340,7 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: csr_backup_1 - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" @@ -349,7 +349,7 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: csr_backup_2 - name: "({{ select_crypto_backend }}) Generate CSR (change)" @@ -358,22 +358,22 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: ansible.com - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: csr_backup_3 - name: "({{ select_crypto_backend }}) Generate CSR (remove)" openssl_csr: path: '{{ remote_tmp_dir }}/csr_backup.csr' state: absent - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: csr_backup_4 - name: "({{ select_crypto_backend }}) Generate CSR (remove, idempotent)" openssl_csr: path: '{{ remote_tmp_dir }}/csr_backup.csr' state: absent - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: csr_backup_5 @@ -413,7 +413,7 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com - create_subject_key_identifier: yes + create_subject_key_identifier: true select_crypto_backend: '{{ select_crypto_backend }}' register: subject_key_identifier_4 @@ -423,7 +423,7 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com - create_subject_key_identifier: yes + create_subject_key_identifier: true select_crypto_backend: '{{ select_crypto_backend }}' register: subject_key_identifier_5 @@ -556,7 +556,7 @@ - emailAddress: test@example.com - postalAddress: 1234 Somewhere - postalCode: "1234" - useCommonNameForSAN: no + useCommonNameForSAN: false key_usage: - digitalSignature - keyAgreement @@ -567,19 +567,19 @@ - cRLSign - Encipher Only - decipherOnly - key_usage_critical: yes + key_usage_critical: true extended_key_usage: '{{ value_for_extended_key_usage }}' subject_alt_name: '{{ value_for_san }}' basic_constraints: - "CA:TRUE" - "pathlen:23" - basic_constraints_critical: yes + basic_constraints_critical: true name_constraints_permitted: '{{ value_for_name_constraints_permitted }}' name_constraints_excluded: - "DNS:.example.com" - "DNS:.org" - name_constraints_critical: yes - ocsp_must_staple: yes + name_constraints_critical: true + ocsp_must_staple: true subject_key_identifier: 00:11:22:33 authority_key_identifier: 44:55:66:77 authority_cert_issuer: '{{ value_for_authority_cert_issuer }}' @@ -641,7 +641,7 @@ - emailAddress: test@example.com - postalAddress: 1234 Somewhere - postalCode: "1234" - useCommonNameForSAN: no + useCommonNameForSAN: false key_usage: - digitalSignature - keyAgreement @@ -652,19 +652,19 @@ - cRLSign - Encipher Only - decipherOnly - key_usage_critical: yes + key_usage_critical: true extended_key_usage: '{{ value_for_extended_key_usage }}' subject_alt_name: '{{ value_for_san }}' basic_constraints: - "CA:TRUE" - "pathlen:23" - basic_constraints_critical: yes + basic_constraints_critical: true name_constraints_permitted: '{{ value_for_name_constraints_permitted }}' name_constraints_excluded: - "DNS:.org" - "DNS:.example.com" - name_constraints_critical: yes - ocsp_must_staple: yes + name_constraints_critical: true + ocsp_must_staple: true subject_key_identifier: 00:11:22:33 authority_key_identifier: 44:55:66:77 authority_cert_issuer: '{{ value_for_authority_cert_issuer }}' @@ -703,7 +703,7 @@ - "DNS:www.example.com" - "IP:1.2.3.0/255.255.255.0" - "IP:0::0:1:0:0/112" - check_mode: yes + check_mode: true register: everything_2 - name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent)" @@ -728,7 +728,7 @@ emailAddress: test@example.com postalAddress: 1234 Somewhere postalCode: "1234" - useCommonNameForSAN: no + useCommonNameForSAN: false key_usage: - digitalSignature - keyAgreement @@ -739,19 +739,19 @@ - cRLSign - Encipher Only - decipherOnly - key_usage_critical: yes + key_usage_critical: true extended_key_usage: '{{ value_for_extended_key_usage }}' subject_alt_name: '{{ value_for_san }}' basic_constraints: - "CA:TRUE" - "pathlen:23" - basic_constraints_critical: yes + basic_constraints_critical: true name_constraints_permitted: '{{ value_for_name_constraints_permitted }}' name_constraints_excluded: - "DNS:.org" - "DNS:.example.com" - name_constraints_critical: yes - ocsp_must_staple: yes + name_constraints_critical: true + ocsp_must_staple: true subject_key_identifier: 00:11:22:33 authority_key_identifier: 44:55:66:77 authority_cert_issuer: '{{ value_for_authority_cert_issuer }}' @@ -814,7 +814,7 @@ - emailAddress: test@example.com - postalAddress: 1234 Somewhere - postalCode: "1234" - useCommonNameForSAN: no + useCommonNameForSAN: false key_usage: - digitalSignature - keyAgreement @@ -825,19 +825,19 @@ - cRLSign - Encipher Only - decipherOnly - key_usage_critical: yes + key_usage_critical: true extended_key_usage: '{{ value_for_extended_key_usage }}' subject_alt_name: '{{ value_for_san }}' basic_constraints: - "CA:TRUE" - "pathlen:23" - basic_constraints_critical: yes + basic_constraints_critical: true name_constraints_permitted: '{{ value_for_name_constraints_permitted }}' name_constraints_excluded: - "DNS:.org" - "DNS:.example.com" - name_constraints_critical: yes - ocsp_must_staple: yes + name_constraints_critical: true + ocsp_must_staple: true subject_key_identifier: 00:11:22:33 authority_key_identifier: 44:55:66:77 authority_cert_issuer: '{{ value_for_authority_cert_issuer }}' @@ -895,7 +895,7 @@ - Ed25519 - Ed448 register: generate_csr_ed25519_ed448_privatekey - ignore_errors: yes + ignore_errors: true - name: "({{ select_crypto_backend }}) Generate CSR if private key generation succeeded" when: generate_csr_ed25519_ed448_privatekey is not failed @@ -912,7 +912,7 @@ - Ed25519 - Ed448 register: generate_csr_ed25519_ed448 - ignore_errors: yes + ignore_errors: true - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" openssl_csr: @@ -925,7 +925,7 @@ - Ed25519 - Ed448 register: generate_csr_ed25519_ed448_idempotent - ignore_errors: yes + ignore_errors: true when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') diff --git a/tests/integration/targets/openssl_csr_info/tasks/main.yml b/tests/integration/targets/openssl_csr_info/tasks/main.yml index 8e17f6c6..05ffbc51 100644 --- a/tests/integration/targets/openssl_csr_info/tasks/main.yml +++ b/tests/integration/targets/openssl_csr_info/tasks/main.yml @@ -49,7 +49,7 @@ emailAddress: test@example.com postalAddress: 1234 Somewhere postalCode: "1234" - useCommonNameForSAN: no + useCommonNameForSAN: false key_usage: - digitalSignature - keyAgreement @@ -60,7 +60,7 @@ - cRLSign - Encipher Only - decipherOnly - key_usage_critical: yes + key_usage_critical: true extended_key_usage: - serverAuth # the same as "TLS Web Server Authentication" - TLS Web Server Authentication @@ -84,8 +84,8 @@ basic_constraints: - "CA:TRUE" - "pathlen:23" - basic_constraints_critical: yes - ocsp_must_staple: yes + basic_constraints_critical: true + ocsp_must_staple: true subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}' @@ -100,7 +100,7 @@ path: '{{ remote_tmp_dir }}/csr_2.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: hunter2 - useCommonNameForSAN: no + useCommonNameForSAN: false basic_constraints: - "CA:TRUE" @@ -108,7 +108,7 @@ openssl_csr: path: '{{ remote_tmp_dir }}/csr_3.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' - useCommonNameForSAN: no + useCommonNameForSAN: false subject_alt_name: - "DNS:*.ansible.com" - "DNS:*.example.org" @@ -126,7 +126,7 @@ openssl_csr: path: '{{ remote_tmp_dir }}/csr_4.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' - useCommonNameForSAN: no + useCommonNameForSAN: false authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' - name: Running tests with cryptography backend diff --git a/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml b/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml index 41d52372..adf1836b 100644 --- a/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml +++ b/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml @@ -14,7 +14,7 @@ subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true register: generate_csr_check - name: "({{ select_crypto_backend }}) Generate CSR" @@ -41,7 +41,7 @@ subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true register: generate_csr_idempotent_check - name: "({{ select_crypto_backend }}) Generate CSR (changed)" @@ -60,7 +60,7 @@ subject: commonName: ansible.com select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true register: generate_csr_changed_check - name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)" diff --git a/tests/integration/targets/openssl_dhparam/tasks/impl.yml b/tests/integration/targets/openssl_dhparam/tasks/impl.yml index 3c5d684d..85886e83 100644 --- a/tests/integration/targets/openssl_dhparam/tasks/impl.yml +++ b/tests/integration/targets/openssl_dhparam/tasks/impl.yml @@ -10,7 +10,7 @@ size: 768 path: '{{ remote_tmp_dir }}/dh768.pem' select_crypto_backend: "{{ select_crypto_backend }}" - return_content: yes + return_content: true check_mode: true register: dhparam_check @@ -19,7 +19,7 @@ size: 768 path: '{{ remote_tmp_dir }}/dh768.pem' select_crypto_backend: "{{ select_crypto_backend }}" - return_content: yes + return_content: true register: dhparam - name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change (check mode)" @@ -27,7 +27,7 @@ size: 768 path: '{{ remote_tmp_dir }}/dh768.pem' select_crypto_backend: "{{ select_crypto_backend }}" - return_content: yes + return_content: true check_mode: true register: dhparam_changed_check @@ -36,7 +36,7 @@ size: 768 path: '{{ remote_tmp_dir }}/dh768.pem' select_crypto_backend: "{{ select_crypto_backend }}" - return_content: yes + return_content: true register: dhparam_changed - name: "[{{ select_crypto_backend }}] Generate parameters with size option" @@ -54,7 +54,7 @@ - copy: src: '{{ remote_tmp_dir }}/dh768.pem' - remote_src: yes + remote_src: true dest: '{{ remote_tmp_dir }}/dh512.pem' - name: "[{{ select_crypto_backend }}] Re-generate if size is different" @@ -68,7 +68,7 @@ openssl_dhparam: path: '{{ remote_tmp_dir }}/dh512.pem' size: 512 - force: yes + force: true select_crypto_backend: "{{ select_crypto_backend }}" register: dhparam_changed_force @@ -80,7 +80,7 @@ openssl_dhparam: path: '{{ remote_tmp_dir }}/dhbroken.pem' size: 512 - force: yes + force: true select_crypto_backend: "{{ select_crypto_backend }}" register: output_broken @@ -88,36 +88,36 @@ openssl_dhparam: path: '{{ remote_tmp_dir }}/dh_backup.pem' size: 512 - backup: yes + backup: true select_crypto_backend: "{{ select_crypto_backend }}" register: dhparam_backup_1 - name: "[{{ select_crypto_backend }}] Generate params (idempotent)" openssl_dhparam: path: '{{ remote_tmp_dir }}/dh_backup.pem' size: 512 - backup: yes + backup: true select_crypto_backend: "{{ select_crypto_backend }}" register: dhparam_backup_2 - name: "[{{ select_crypto_backend }}] Generate params (change)" openssl_dhparam: path: '{{ remote_tmp_dir }}/dh_backup.pem' size: 512 - force: yes - backup: yes + force: true + backup: true select_crypto_backend: "{{ select_crypto_backend }}" register: dhparam_backup_3 - name: "[{{ select_crypto_backend }}] Generate params (remove)" openssl_dhparam: path: '{{ remote_tmp_dir }}/dh_backup.pem' state: absent - backup: yes + backup: true select_crypto_backend: "{{ select_crypto_backend }}" - return_content: yes + return_content: true register: dhparam_backup_4 - name: "[{{ select_crypto_backend }}] Generate params (remove, idempotent)" openssl_dhparam: path: '{{ remote_tmp_dir }}/dh_backup.pem' state: absent - backup: yes + backup: true select_crypto_backend: "{{ select_crypto_backend }}" register: dhparam_backup_5 diff --git a/tests/integration/targets/openssl_privatekey/tasks/impl.yml b/tests/integration/targets/openssl_privatekey/tasks/impl.yml index 84673794..f12d23ed 100644 --- a/tests/integration/targets/openssl_privatekey/tasks/impl.yml +++ b/tests/integration/targets/openssl_privatekey/tasks/impl.yml @@ -7,7 +7,7 @@ openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey1.pem' select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true check_mode: true register: privatekey1_check @@ -15,14 +15,14 @@ openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey1.pem' select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: privatekey1 - name: "({{ select_crypto_backend }}) Generate privatekey1 - standard (idempotence, check mode)" openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey1.pem' select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true check_mode: true register: privatekey1_idempotence_check @@ -30,7 +30,7 @@ openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey1.pem' select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: privatekey1_idempotence - name: "({{ select_crypto_backend }}) Generate privatekey2 - size 2048" @@ -57,7 +57,7 @@ state: absent path: '{{ remote_tmp_dir }}/privatekey4.pem' select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: privatekey4_delete - name: "({{ select_crypto_backend }}) Delete privatekey4 - standard (idempotence)" @@ -190,7 +190,7 @@ loop: "{{ types }}" loop_control: label: "{{ item.type }}" - ignore_errors: yes + ignore_errors: true register: privatekey_t1_generate - name: "({{ select_crypto_backend }}) Test other type generation (idempotency)" @@ -202,7 +202,7 @@ loop: "{{ types }}" loop_control: label: "{{ item.type }}" - ignore_errors: yes + ignore_errors: true register: privatekey_t1_idempotency when: select_crypto_backend == 'cryptography' @@ -224,7 +224,7 @@ cipher: auto size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' - backup: yes + backup: true register: passphrase_1 - name: "({{ select_crypto_backend }}) Generate privatekey with passphrase (idempotent)" @@ -234,7 +234,7 @@ cipher: auto size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' - backup: yes + backup: true register: passphrase_2 - name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase" @@ -242,7 +242,7 @@ path: '{{ remote_tmp_dir }}/privatekeypw.pem' size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' - backup: yes + backup: true register: passphrase_3 - name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase (idempotent)" @@ -250,7 +250,7 @@ path: '{{ remote_tmp_dir }}/privatekeypw.pem' size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' - backup: yes + backup: true register: passphrase_4 - name: "({{ select_crypto_backend }}) Regenerate privatekey with passphrase" @@ -260,7 +260,7 @@ cipher: auto size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' - backup: yes + backup: true register: passphrase_5 - name: "({{ select_crypto_backend }}) Create broken key" @@ -281,7 +281,7 @@ cipher: auto size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' - backup: yes + backup: true state: absent register: remove_1 @@ -292,7 +292,7 @@ cipher: auto size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' - backup: yes + backup: true state: absent register: remove_2 @@ -327,7 +327,7 @@ openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_mode.pem' mode: '0400' - force: yes + force: true size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_mode_3 @@ -405,7 +405,7 @@ format: raw size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' - ignore_errors: yes + ignore_errors: true register: privatekey_fmt_1_step_8 - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)" @@ -438,7 +438,7 @@ type: X448 format: pkcs8 select_crypto_backend: '{{ select_crypto_backend }}' - ignore_errors: yes + ignore_errors: true register: privatekey_fmt_2_step_1 - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - PKCS8 format (idempotent)" @@ -447,7 +447,7 @@ type: X448 format: pkcs8 select_crypto_backend: '{{ select_crypto_backend }}' - ignore_errors: yes + ignore_errors: true register: privatekey_fmt_2_step_2 - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - raw format" @@ -456,14 +456,14 @@ type: X448 format: raw select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes - ignore_errors: yes + return_content: true + ignore_errors: true register: privatekey_fmt_2_step_3 - name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem" slurp: src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem" - ignore_errors: yes + ignore_errors: true register: content - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded" @@ -478,14 +478,14 @@ type: X448 format: raw select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes - ignore_errors: yes + return_content: true + ignore_errors: true register: privatekey_fmt_2_step_4 - name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem" slurp: src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem" - ignore_errors: yes + ignore_errors: true register: content - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded" @@ -500,14 +500,14 @@ type: X448 format: auto_ignore select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes - ignore_errors: yes + return_content: true + ignore_errors: true register: privatekey_fmt_2_step_5 - name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem" slurp: src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem" - ignore_errors: yes + ignore_errors: true register: content - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded" @@ -522,8 +522,8 @@ type: X448 format: auto select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes - ignore_errors: yes + return_content: true + ignore_errors: true register: privatekey_fmt_2_step_6 - name: "({{ select_crypto_backend }}) Read private key" @@ -574,9 +574,9 @@ size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true loop: "{{ regenerate_values }}" - ignore_errors: yes + ignore_errors: true register: result - assert: that: @@ -597,7 +597,7 @@ regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" - ignore_errors: yes + ignore_errors: true register: result - assert: that: @@ -617,9 +617,9 @@ size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true loop: "{{ regenerate_values }}" - ignore_errors: yes + ignore_errors: true register: result - assert: that: @@ -640,7 +640,7 @@ regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" - ignore_errors: yes + ignore_errors: true register: result - assert: that: @@ -660,7 +660,7 @@ size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true loop: "{{ regenerate_values }}" register: result - assert: @@ -695,9 +695,9 @@ size: '{{ default_rsa_key_size + 20 }}' regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true loop: "{{ regenerate_values }}" - ignore_errors: yes + ignore_errors: true register: result - assert: that: @@ -716,7 +716,7 @@ regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" - ignore_errors: yes + ignore_errors: true register: result - assert: that: @@ -742,9 +742,9 @@ size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true loop: "{{ regenerate_values }}" - ignore_errors: yes + ignore_errors: true register: result - assert: that: @@ -763,7 +763,7 @@ regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" - ignore_errors: yes + ignore_errors: true register: result - assert: that: @@ -791,9 +791,9 @@ format: pkcs8 regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true loop: "{{ regenerate_values }}" - ignore_errors: yes + ignore_errors: true register: result - assert: that: @@ -813,7 +813,7 @@ regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" - ignore_errors: yes + ignore_errors: true register: result - assert: that: @@ -841,7 +841,7 @@ format_mismatch: convert regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true loop: "{{ regenerate_values }}" register: result - assert: diff --git a/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml b/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml index d8191dee..00c2320e 100644 --- a/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml +++ b/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml @@ -43,7 +43,7 @@ - name: ({{select_crypto_backend}}) Get key 2 info openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey_2.pem' - return_private_key_data: yes + return_private_key_data: true select_crypto_backend: '{{ select_crypto_backend }}' register: result @@ -65,9 +65,9 @@ - name: ({{select_crypto_backend}}) Get key 3 info (without passphrase) openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey_3.pem' - return_private_key_data: yes + return_private_key_data: true select_crypto_backend: '{{ select_crypto_backend }}' - ignore_errors: yes + ignore_errors: true register: result - name: Check that loading passphrase protected key without passphrase failed @@ -91,7 +91,7 @@ openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey_3.pem' passphrase: hunter2 - return_private_key_data: yes + return_private_key_data: true select_crypto_backend: '{{ select_crypto_backend }}' register: result @@ -112,7 +112,7 @@ - name: ({{select_crypto_backend}}) Get key 4 info openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey_4.pem' - return_private_key_data: yes + return_private_key_data: true select_crypto_backend: '{{ select_crypto_backend }}' register: result @@ -134,7 +134,7 @@ - name: ({{select_crypto_backend}}) Get key 5 info openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey_5.pem' - return_private_key_data: yes + return_private_key_data: true select_crypto_backend: '{{ select_crypto_backend }}' register: result diff --git a/tests/integration/targets/openssl_publickey/tasks/impl.yml b/tests/integration/targets/openssl_publickey/tasks/impl.yml index 2a29ff22..ad59cd8f 100644 --- a/tests/integration/targets/openssl_publickey/tasks/impl.yml +++ b/tests/integration/targets/openssl_publickey/tasks/impl.yml @@ -13,7 +13,7 @@ path: '{{ remote_tmp_dir }}/publickey.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true check_mode: true register: publickey_check @@ -22,7 +22,7 @@ path: '{{ remote_tmp_dir }}/publickey.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: publickey - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (check mode, idempotence)" @@ -30,7 +30,7 @@ path: '{{ remote_tmp_dir }}/publickey.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true check_mode: true register: publickey_check2 @@ -39,7 +39,7 @@ path: '{{ remote_tmp_dir }}/publickey.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: publickey_idempotence - name: "({{ select_crypto_backend }}) Verify check mode" @@ -79,7 +79,7 @@ path: '{{ remote_tmp_dir }}/publickey2.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: publickey2_absent - name: "({{ select_crypto_backend }}) Delete publickey2 - standard (idempotence)" @@ -134,21 +134,21 @@ openssl_publickey: path: '{{ remote_tmp_dir }}/publickey5.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey5_1 - name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (idempotent)" openssl_publickey: path: '{{ remote_tmp_dir }}/publickey5.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey5_2 - name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (different private key)" openssl_publickey: path: '{{ remote_tmp_dir }}/publickey5.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey5.pem' - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey5_3 @@ -166,7 +166,7 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_passphrase: hunter2 select_crypto_backend: '{{ select_crypto_backend }}' - ignore_errors: yes + ignore_errors: true register: passphrase_error_1 - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 2)" @@ -175,7 +175,7 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: wrong_password select_crypto_backend: '{{ select_crypto_backend }}' - ignore_errors: yes + ignore_errors: true register: passphrase_error_2 - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 3)" @@ -183,7 +183,7 @@ path: '{{ remote_tmp_dir }}/publickey_pw3.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' select_crypto_backend: '{{ select_crypto_backend }}' - ignore_errors: yes + ignore_errors: true register: passphrase_error_3 - name: "({{ select_crypto_backend }}) Create broken key" @@ -207,7 +207,7 @@ state: absent path: '{{ remote_tmp_dir }}/publickey_removal.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: remove_1 - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (removal, idempotent)" @@ -215,6 +215,6 @@ state: absent path: '{{ remote_tmp_dir }}/publickey_removal.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: remove_2 diff --git a/tests/integration/targets/setup_acme/tasks/obtain-cert.yml b/tests/integration/targets/setup_acme/tasks/obtain-cert.yml index aa6c830d..6882e533 100644 --- a/tests/integration/targets/setup_acme/tasks/obtain-cert.yml +++ b/tests/integration/targets/setup_acme/tasks/obtain-cert.yml @@ -34,7 +34,7 @@ select_crypto_backend: "{{ select_crypto_backend }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}" account_key_content: "{{ account_key_content | default(omit) }}" account_key_passphrase: "{{ account_key_passphrase | default(omit) | default(omit, true) }}" @@ -112,7 +112,7 @@ select_crypto_backend: "{{ select_crypto_backend }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no + validate_certs: false account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}" account_key_content: "{{ account_key_content | default(omit) }}" account_key_passphrase: "{{ account_key_passphrase | default(omit) | default(omit, true) }}" diff --git a/tests/integration/targets/setup_openssl/tasks/main.yml b/tests/integration/targets/setup_openssl/tasks/main.yml index 7712b37a..aa478f45 100644 --- a/tests/integration/targets/setup_openssl/tasks/main.yml +++ b/tests/integration/targets/setup_openssl/tasks/main.yml @@ -59,7 +59,7 @@ homebrew: name: openssl state: present - become: yes + become: true become_user: "{{ brew_stat.stat.pw_name }}" - name: MACOS | Locale openssl binary diff --git a/tests/integration/targets/setup_pkg_mgr/tasks/main.yml b/tests/integration/targets/setup_pkg_mgr/tasks/main.yml index 39d1c11d..e4cb1b60 100644 --- a/tests/integration/targets/setup_pkg_mgr/tasks/main.yml +++ b/tests/integration/targets/setup_pkg_mgr/tasks/main.yml @@ -11,11 +11,11 @@ - set_fact: pkg_mgr: community.general.pkgng ansible_pkg_mgr: community.general.pkgng - cacheable: yes + cacheable: true when: ansible_os_family == 'FreeBSD' and ansible_version.string is version('2.10', '>=') - set_fact: pkg_mgr: community.general.zypper ansible_pkg_mgr: community.general.zypper - cacheable: yes + cacheable: true when: ansible_os_family == 'Suse' and ansible_version.string is version('2.10', '>=') diff --git a/tests/integration/targets/setup_pyopenssl/tasks/main.yml b/tests/integration/targets/setup_pyopenssl/tasks/main.yml index cf673961..cd5a5260 100644 --- a/tests/integration/targets/setup_pyopenssl/tasks/main.yml +++ b/tests/integration/targets/setup_pyopenssl/tasks/main.yml @@ -60,7 +60,7 @@ - name: Register pyOpenSSL debug details command: "{{ ansible_python.executable }} -m OpenSSL.debug" register: pyopenssl_debug_version - ignore_errors: yes + ignore_errors: true # Depending on which pyOpenSSL version has been installed, it could be that cryptography has # been upgraded to a newer version. Make sure to register cryptography_version another time here @@ -68,4 +68,4 @@ - name: Register cryptography version command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'" register: cryptography_version - ignore_errors: yes # in case cryptography was not installed, and setup_openssl hasn't been run before, ignore errors + ignore_errors: true # in case cryptography was not installed, and setup_openssl hasn't been run before, ignore errors diff --git a/tests/integration/targets/setup_remote_tmp_dir/tasks/default-cleanup.yml b/tests/integration/targets/setup_remote_tmp_dir/tasks/default-cleanup.yml index e19d903e..cc74b70a 100644 --- a/tests/integration/targets/setup_remote_tmp_dir/tasks/default-cleanup.yml +++ b/tests/integration/targets/setup_remote_tmp_dir/tasks/default-cleanup.yml @@ -7,4 +7,4 @@ file: path: "{{ remote_tmp_dir }}" state: absent - no_log: yes + no_log: true diff --git a/tests/integration/targets/x509_certificate/tasks/ownca.yml b/tests/integration/targets/x509_certificate/tasks/ownca.yml index ab801b05..99832a51 100644 --- a/tests/integration/targets/x509_certificate/tasks/ownca.yml +++ b/tests/integration/targets/x509_certificate/tasks/ownca.yml @@ -21,10 +21,10 @@ path: '{{ item.path }}' privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' subject: '{{ item.subject }}' - useCommonNameForSAN: no + useCommonNameForSAN: false basic_constraints: - 'CA:TRUE' - basic_constraints_critical: yes + basic_constraints_critical: true loop: - path: '{{ remote_tmp_dir }}/ca_csr.csr' subject: @@ -40,10 +40,10 @@ privatekey_passphrase: hunter2 subject: commonName: Example CA - useCommonNameForSAN: no + useCommonNameForSAN: false basic_constraints: - 'CA:TRUE' - basic_constraints_critical: yes + basic_constraints_critical: true - name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate (check mode) x509_certificate: @@ -101,7 +101,7 @@ provider: ownca ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: ownca_certificate - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent) @@ -114,7 +114,7 @@ provider: ownca ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: ownca_certificate_idempotence - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (check mode) @@ -127,7 +127,7 @@ provider: ownca ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true - name: (OwnCA, {{select_crypto_backend}}) Copy ownca certificate to new file to check regeneration copy: @@ -148,7 +148,7 @@ provider: ownca ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: ownca_certificate_ca_subject_changed - name: (OwnCA, {{select_crypto_backend}}) Regenerate ownca certificate with different CA key @@ -162,7 +162,7 @@ provider: ownca ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: ownca_certificate_ca_key_changed - name: (OwnCA, {{select_crypto_backend}}) Get certificate information @@ -300,7 +300,7 @@ provider: ownca ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - ignore_errors: yes + ignore_errors: true register: passphrase_error_1 - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 2) @@ -313,7 +313,7 @@ provider: ownca ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - ignore_errors: yes + ignore_errors: true register: passphrase_error_2 - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 3) @@ -325,7 +325,7 @@ provider: ownca ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - ignore_errors: yes + ignore_errors: true register: passphrase_error_3 - name: (OwnCA, {{select_crypto_backend}}) Create broken certificate @@ -351,7 +351,7 @@ ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_backup_1 - name: (OwnCA, {{select_crypto_backend}}) Backup test (idempotent) @@ -362,7 +362,7 @@ ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_backup_2 - name: (OwnCA, {{select_crypto_backend}}) Backup test (change) @@ -373,7 +373,7 @@ ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_backup_3 - name: (OwnCA, {{select_crypto_backend}}) Backup test (remove) @@ -381,7 +381,7 @@ path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem' state: absent provider: ownca - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_backup_4 - name: (OwnCA, {{select_crypto_backend}}) Backup test (remove, idempotent) @@ -389,7 +389,7 @@ path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem' state: absent provider: ownca - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_backup_5 @@ -461,7 +461,7 @@ ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 - ownca_create_authority_key_identifier: yes + ownca_create_authority_key_identifier: true select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_authority_key_identifier_1 @@ -473,7 +473,7 @@ ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 - ownca_create_authority_key_identifier: yes + ownca_create_authority_key_identifier: true select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_authority_key_identifier_2 @@ -485,7 +485,7 @@ ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 - ownca_create_authority_key_identifier: no + ownca_create_authority_key_identifier: false select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_authority_key_identifier_3 @@ -497,7 +497,7 @@ ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 - ownca_create_authority_key_identifier: no + ownca_create_authority_key_identifier: false select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_authority_key_identifier_4 @@ -509,7 +509,7 @@ ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 - ownca_create_authority_key_identifier: yes + ownca_create_authority_key_identifier: true select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_authority_key_identifier_5 @@ -523,7 +523,7 @@ - Ed25519 - Ed448 register: ownca_certificate_ed25519_ed448_privatekey - ignore_errors: yes + ignore_errors: true - name: (OwnCA, {{select_crypto_backend}}) Generate CSR etc. if private key generation succeeded when: ownca_certificate_ed25519_ed448_privatekey is not failed @@ -539,7 +539,7 @@ loop: - Ed25519 - Ed448 - ignore_errors: yes + ignore_errors: true - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate x509_certificate: @@ -554,7 +554,7 @@ - Ed25519 - Ed448 register: ownca_certificate_ed25519_ed448 - ignore_errors: yes + ignore_errors: true - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent) x509_certificate: @@ -569,7 +569,7 @@ - Ed25519 - Ed448 register: ownca_certificate_ed25519_ed448_idempotence - ignore_errors: yes + ignore_errors: true - name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey openssl_privatekey: @@ -577,7 +577,7 @@ type: '{{ item }}' cipher: auto passphrase: Test123 - ignore_errors: yes + ignore_errors: true loop: - Ed25519 - Ed448 @@ -589,17 +589,17 @@ privatekey_passphrase: Test123 subject: commonName: Example CA - useCommonNameForSAN: no + useCommonNameForSAN: false basic_constraints: - 'CA:TRUE' - basic_constraints_critical: yes + basic_constraints_critical: true key_usage: - cRLSign - keyCertSign loop: - Ed25519 - Ed448 - ignore_errors: yes + ignore_errors: true - name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate x509_certificate: @@ -612,7 +612,7 @@ loop: - Ed25519 - Ed448 - ignore_errors: yes + ignore_errors: true - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate x509_certificate: @@ -628,7 +628,7 @@ - Ed25519 - Ed448 register: ownca_certificate_ed25519_ed448_2 - ignore_errors: yes + ignore_errors: true - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent) x509_certificate: @@ -644,7 +644,7 @@ - Ed25519 - Ed448 register: ownca_certificate_ed25519_ed448_2_idempotence - ignore_errors: yes + ignore_errors: true when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') diff --git a/tests/integration/targets/x509_certificate/tasks/removal.yml b/tests/integration/targets/x509_certificate/tasks/removal.yml index 2d8bcd3c..c79c527a 100644 --- a/tests/integration/targets/x509_certificate/tasks/removal.yml +++ b/tests/integration/targets/x509_certificate/tasks/removal.yml @@ -32,7 +32,7 @@ path: "{{ remote_tmp_dir }}/removal_cert.pem" state: absent select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: removal_1 - name: "(Removal, {{select_crypto_backend}}) Check that file is gone" diff --git a/tests/integration/targets/x509_certificate/tasks/selfsigned.yml b/tests/integration/targets/x509_certificate/tasks/selfsigned.yml index d9fa1be5..a0f23643 100644 --- a/tests/integration/targets/x509_certificate/tasks/selfsigned.yml +++ b/tests/integration/targets/x509_certificate/tasks/selfsigned.yml @@ -23,7 +23,7 @@ provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: selfsigned_certificate_no_csr - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR - idempotency @@ -33,7 +33,7 @@ provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: selfsigned_certificate_no_csr_idempotence - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR (check mode) @@ -43,7 +43,7 @@ provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true register: selfsigned_certificate_no_csr_idempotence_check - name: (Selfsigned, {{select_crypto_backend}}) Generate CSR @@ -68,7 +68,7 @@ provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: selfsigned_certificate - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - idempotency @@ -79,7 +79,7 @@ provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - return_content: yes + return_content: true register: selfsigned_certificate_idempotence - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (check mode) @@ -90,7 +90,7 @@ provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (check mode, other CSR) x509_certificate: @@ -100,7 +100,7 @@ provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true register: selfsigned_certificate_csr_minimal_change - name: (Selfsigned, {{select_crypto_backend}}) Get certificate information @@ -272,7 +272,7 @@ provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - ignore_errors: yes + ignore_errors: true register: passphrase_error_1 - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 2) @@ -284,7 +284,7 @@ provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - ignore_errors: yes + ignore_errors: true register: passphrase_error_2 - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 3) @@ -295,7 +295,7 @@ provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - ignore_errors: yes + ignore_errors: true register: passphrase_error_3 - name: (Selfsigned, {{select_crypto_backend}}) Create broken certificate @@ -318,7 +318,7 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' provider: selfsigned selfsigned_digest: sha256 - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_backup_1 - name: (Selfsigned, {{select_crypto_backend}}) Backup test (idempotent) @@ -328,7 +328,7 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' provider: selfsigned selfsigned_digest: sha256 - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_backup_2 - name: (Selfsigned, {{select_crypto_backend}}) Backup test (change) @@ -338,7 +338,7 @@ privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: selfsigned selfsigned_digest: sha256 - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_backup_3 - name: (Selfsigned, {{select_crypto_backend}}) Backup test (remove) @@ -346,7 +346,7 @@ path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem' state: absent provider: selfsigned - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_backup_4 - name: (Selfsigned, {{select_crypto_backend}}) Backup test (remove, idempotent) @@ -354,7 +354,7 @@ path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem' state: absent provider: selfsigned - backup: yes + backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_backup_5 @@ -423,7 +423,7 @@ - Ed25519 - Ed448 register: selfsigned_certificate_ed25519_ed448_privatekey - ignore_errors: yes + ignore_errors: true - name: (Selfsigned, {{select_crypto_backend}}) Generate CSR etc. if private key generation succeeded when: selfsigned_certificate_ed25519_ed448_privatekey is not failed @@ -439,7 +439,7 @@ loop: - Ed25519 - Ed448 - ignore_errors: yes + ignore_errors: true - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate x509_certificate: @@ -453,7 +453,7 @@ - Ed25519 - Ed448 register: selfsigned_certificate_ed25519_ed448 - ignore_errors: yes + ignore_errors: true - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - idempotency x509_certificate: @@ -467,7 +467,7 @@ - Ed25519 - Ed448 register: selfsigned_certificate_ed25519_ed448_idempotence - ignore_errors: yes + ignore_errors: true when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') diff --git a/tests/integration/targets/x509_certificate_info/tasks/main.yml b/tests/integration/targets/x509_certificate_info/tasks/main.yml index 533e0b10..d9a322ac 100644 --- a/tests/integration/targets/x509_certificate_info/tasks/main.yml +++ b/tests/integration/targets/x509_certificate_info/tasks/main.yml @@ -49,7 +49,7 @@ emailAddress: test@example.com postalAddress: 1234 Somewhere postalCode: "1234" - useCommonNameForSAN: no + useCommonNameForSAN: false key_usage: - digitalSignature - keyAgreement @@ -60,7 +60,7 @@ - cRLSign - Encipher Only - decipherOnly - key_usage_critical: yes + key_usage_critical: true extended_key_usage: - serverAuth # the same as "TLS Web Server Authentication" - TLS Web Server Authentication @@ -86,8 +86,8 @@ basic_constraints: - "CA:TRUE" - "pathlen:23" - basic_constraints_critical: yes - ocsp_must_staple: yes + basic_constraints_critical: true + ocsp_must_staple: true subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}' @@ -102,7 +102,7 @@ path: '{{ remote_tmp_dir }}/csr_2.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: hunter2 - useCommonNameForSAN: no + useCommonNameForSAN: false basic_constraints: - "CA:TRUE" @@ -110,7 +110,7 @@ openssl_csr: path: '{{ remote_tmp_dir }}/csr_3.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' - useCommonNameForSAN: no + useCommonNameForSAN: false subject_alt_name: - "DNS:*.ansible.com" - "DNS:*.example.org" @@ -128,7 +128,7 @@ openssl_csr: path: '{{ remote_tmp_dir }}/csr_4.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' - useCommonNameForSAN: no + useCommonNameForSAN: false authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' - name: Generate selfsigned certificates diff --git a/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml b/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml index e9e8f07a..1bec4d21 100644 --- a/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml +++ b/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml @@ -42,7 +42,7 @@ selfsigned_not_after: 20191023133742Z csr_path: '{{ remote_tmp_dir }}/cert.csr' select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true register: generate_certificate_check - name: "({{ select_crypto_backend }}) Generate self-signed certificate" @@ -75,7 +75,7 @@ selfsigned_not_after: 20191023133742Z csr_path: '{{ remote_tmp_dir }}/cert.csr' select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true register: generate_certificate_idempotent_check - name: "({{ select_crypto_backend }}) Generate self-signed certificate (changed)" @@ -98,7 +98,7 @@ selfsigned_not_after: 20191023133742Z csr_path: '{{ remote_tmp_dir }}/cert-2.csr' select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true register: generate_certificate_changed_check - name: "({{ select_crypto_backend }}) Validate certificate (test - privatekey modulus)" @@ -144,7 +144,7 @@ ownca_not_after: 20191023133742Z csr_path: '{{ remote_tmp_dir }}/cert-3.csr' select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true register: ownca_generate_certificate_check - name: "({{ select_crypto_backend }}) Generate own CA certificate" @@ -180,7 +180,7 @@ ownca_not_after: 20191023133742Z csr_path: '{{ remote_tmp_dir }}/cert-3.csr' select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true register: ownca_generate_certificate_idempotent_check - name: "({{ select_crypto_backend }}) Generate own CA certificate (changed)" @@ -205,7 +205,7 @@ ownca_not_after: 20191023133742Z csr_path: '{{ remote_tmp_dir }}/cert-4.csr' select_crypto_backend: '{{ select_crypto_backend }}' - check_mode: yes + check_mode: true register: ownca_generate_certificate_changed_check - name: "({{ select_crypto_backend }}) Validate certificate (test - privatekey modulus)" diff --git a/tests/integration/targets/x509_crl/tasks/impl.yml b/tests/integration/targets/x509_crl/tasks/impl.yml index c7a33623..f037b204 100644 --- a/tests/integration/targets/x509_crl/tasks/impl.yml +++ b/tests/integration/targets/x509_crl/tasks/impl.yml @@ -17,7 +17,7 @@ - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z @@ -38,7 +38,7 @@ - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z @@ -83,11 +83,11 @@ - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z - check_mode: yes + check_mode: true register: crl_1_idem_check - name: Create CRL 1 (idempotent) @@ -104,7 +104,7 @@ - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z @@ -133,11 +133,11 @@ - content: "{{ slurp.results[2].content | b64decode }}" revocation_date: 20191013000000Z reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z - check_mode: yes + check_mode: true register: crl_1_idem_content_check - name: Create CRL 1 (idempotent with content) @@ -154,7 +154,7 @@ - content: "{{ slurp.results[2].content | b64decode }}" revocation_date: 20191013000000Z reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z @@ -175,11 +175,11 @@ - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z - check_mode: yes + check_mode: true register: crl_1_format_check - name: Create CRL 1 (format) @@ -197,7 +197,7 @@ - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z @@ -218,11 +218,11 @@ - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z - check_mode: yes + check_mode: true register: crl_1_format_idem_check - name: Create CRL 1 (format, idempotent) @@ -240,11 +240,11 @@ - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z - return_content: yes + return_content: true register: crl_1_format_idem - name: Retrieve CRL 1 infos via file @@ -277,10 +277,10 @@ - path: '{{ remote_tmp_dir }}/cert-1.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 - check_mode: yes + check_mode: true register: crl_2_check - name: Create CRL 2 @@ -298,7 +298,7 @@ - path: '{{ remote_tmp_dir }}/cert-1.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 register: crl_2 @@ -318,11 +318,11 @@ - path: '{{ remote_tmp_dir }}/cert-1.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 - ignore_timestamps: yes - check_mode: yes + ignore_timestamps: true + check_mode: true register: crl_2_idem_check - name: Create CRL 2 (idempotent) @@ -340,10 +340,10 @@ - path: '{{ remote_tmp_dir }}/cert-1.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 - ignore_timestamps: yes + ignore_timestamps: true register: crl_2_idem - name: Create CRL 2 (idempotent update, check mode) @@ -359,9 +359,9 @@ next_update: +0d revoked_certificates: - serial_number: 1235 - ignore_timestamps: yes + ignore_timestamps: true mode: update - check_mode: yes + check_mode: true register: crl_2_idem_update_change_check - name: Create CRL 2 (idempotent update) @@ -377,7 +377,7 @@ next_update: +0d revoked_certificates: - serial_number: 1235 - ignore_timestamps: yes + ignore_timestamps: true mode: update register: crl_2_idem_update_change @@ -395,11 +395,11 @@ revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - ignore_timestamps: yes + ignore_timestamps: true mode: update - check_mode: yes + check_mode: true register: crl_2_idem_update_check - name: Create CRL 2 (idempotent update) @@ -416,9 +416,9 @@ revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - ignore_timestamps: yes + ignore_timestamps: true mode: update register: crl_2_idem_update @@ -436,11 +436,11 @@ revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - ignore_timestamps: no + ignore_timestamps: false mode: update - check_mode: yes + check_mode: true register: crl_2_change_check - name: Create CRL 2 (changed timestamps) @@ -457,11 +457,11 @@ revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - ignore_timestamps: no + ignore_timestamps: false mode: update - return_content: yes + return_content: true register: crl_2_change - name: Read ca-crl2.crl @@ -490,11 +490,11 @@ revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z ignore_timestamps: true mode: update - return_content: yes + return_content: true register: crl_2_change_order_ignore - name: Create CRL 2 (changed order) @@ -511,11 +511,11 @@ revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z ignore_timestamps: true mode: update - return_content: yes + return_content: true register: crl_2_change_order - name: Read ca-crl2.crl @@ -639,7 +639,7 @@ - Ed25519 - Ed448 register: ed25519_ed448_privatekey - ignore_errors: yes + ignore_errors: true - when: ed25519_ed448_privatekey is not failed block: @@ -658,7 +658,7 @@ - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z @@ -666,7 +666,7 @@ loop: - Ed25519 - Ed448 - ignore_errors: yes + ignore_errors: true - name: Create CRL (idempotence) x509_crl: @@ -682,7 +682,7 @@ - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise - reason_critical: yes + reason_critical: true invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z @@ -690,6 +690,6 @@ loop: - Ed25519 - Ed448 - ignore_errors: yes + ignore_errors: true when: cryptography_version.stdout is version('2.6', '>=') diff --git a/tests/integration/targets/x509_crl/tasks/main.yml b/tests/integration/targets/x509_crl/tasks/main.yml index db785b08..6014722f 100644 --- a/tests/integration/targets/x509_crl/tasks/main.yml +++ b/tests/integration/targets/x509_crl/tasks/main.yml @@ -18,11 +18,11 @@ - name: ca subject: commonName: Ansible - is_ca: yes + is_ca: true - name: ca-2 subject: commonName: Ansible Other CA - is_ca: yes + is_ca: true - name: cert-1 subject_alt_name: - DNS:ansible.com @@ -52,7 +52,7 @@ subject: "{{ item.subject | default(omit) }}" subject_alt_name: "{{ item.subject_alt_name | default(omit) }}" basic_constraints: "{{ 'CA:TRUE' if item.is_ca | default(false) else omit }}" - use_common_name_for_san: no + use_common_name_for_san: false loop: "{{ certificates }}" - name: Generate CA certificates