a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Normalize bools in tests. (#577)

pull/580/head
Felix Fontein 2023-02-15 22:23:36 +01:00 committed by GitHub
parent b08f6eefe8
commit 2fb543b144
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
40 changed files with 590 additions and 590 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
tests/integration/targets/acme_account/tasks/impl.yml
View File

@ -36,10 +36,10 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: present state: present
allow_creation: no allow_creation: false
ignore_errors: yes ignore_errors: true
register: account_not_created register: account_not_created
- name: Create it now (check mode, diff) - name: Create it now (check mode, diff)
@ -48,14 +48,14 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: present state: present
allow_creation: yes allow_creation: true
terms_agreed: yes terms_agreed: true
contact: contact:
- mailto:example@example.org - mailto:example@example.org
check_mode: yes check_mode: true
diff: yes diff: true
register: account_created_check register: account_created_check
- name: Create it now - name: Create it now
@ -64,10 +64,10 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: present state: present
allow_creation: yes allow_creation: true
terms_agreed: yes terms_agreed: true
contact: contact:
- mailto:example@example.org - mailto:example@example.org
register: account_created register: account_created
@ -78,10 +78,10 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: present state: present
allow_creation: yes allow_creation: true
terms_agreed: yes terms_agreed: true
contact: contact:
- mailto:example@example.org - mailto:example@example.org
register: account_created_idempotent register: account_created_idempotent
@ -97,13 +97,13 @@
account_key_content: "{{ slurp.content | b64decode }}" account_key_content: "{{ slurp.content | b64decode }}"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: present state: present
# allow_creation: no # allow_creation: false
contact: contact:
- mailto:example@example.com - mailto:example@example.com
check_mode: yes check_mode: true
diff: yes diff: true
register: account_modified_check register: account_modified_check
- name: Change email address - name: Change email address
@ -112,9 +112,9 @@
account_key_content: "{{ slurp.content | b64decode }}" account_key_content: "{{ slurp.content | b64decode }}"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: present state: present
# allow_creation: no # allow_creation: false
contact: contact:
- mailto:example@example.com - mailto:example@example.com
register: account_modified register: account_modified
@ -126,9 +126,9 @@
account_uri: "{{ account_created.account_uri }}" account_uri: "{{ account_created.account_uri }}"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: present state: present
# allow_creation: no # allow_creation: false
contact: contact:
- mailto:example@example.com - mailto:example@example.com
register: account_modified_idempotent register: account_modified_idempotent
@ -140,10 +140,10 @@
account_uri: "{{ account_created.account_uri ~ '12345thisdoesnotexist' }}" account_uri: "{{ account_created.account_uri ~ '12345thisdoesnotexist' }}"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: present state: present
contact: [] contact: []
ignore_errors: yes ignore_errors: true
register: account_modified_wrong_uri register: account_modified_wrong_uri
- name: Clear contact email addresses (check mode, diff) - name: Clear contact email addresses (check mode, diff)
@ -152,12 +152,12 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: present state: present
# allow_creation: no # allow_creation: false
contact: [] contact: []
check_mode: yes check_mode: true
diff: yes diff: true
register: account_modified_2_check register: account_modified_2_check
- name: Clear contact email addresses - name: Clear contact email addresses
@ -166,9 +166,9 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: present state: present
# allow_creation: no # allow_creation: false
contact: [] contact: []
register: account_modified_2 register: account_modified_2
@ -178,9 +178,9 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: present state: present
# allow_creation: no # allow_creation: false
contact: [] contact: []
register: account_modified_2_idempotent register: account_modified_2_idempotent
@ -190,14 +190,14 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
new_account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" new_account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
state: changed_key state: changed_key
contact: contact:
- mailto:example@example.com - mailto:example@example.com
check_mode: yes check_mode: true
diff: yes diff: true
register: account_change_key_check register: account_change_key_check
- name: Change account key - name: Change account key
@ -206,7 +206,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
new_account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" new_account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
state: changed_key state: changed_key
@ -221,10 +221,10 @@
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: absent state: absent
check_mode: yes check_mode: true
diff: yes diff: true
register: account_deactivate_check register: account_deactivate_check
- name: Deactivate account - name: Deactivate account
@ -234,7 +234,7 @@
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: absent state: absent
register: account_deactivate register: account_deactivate
@ -245,7 +245,7 @@
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: absent state: absent
register: account_deactivate_idempotent register: account_deactivate_idempotent
@ -256,10 +256,10 @@
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: present state: present
allow_creation: no allow_creation: false
ignore_errors: yes ignore_errors: true
register: account_not_created_2 register: account_not_created_2
- name: Do not try to create account III - name: Do not try to create account III
@ -268,10 +268,10 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: present state: present
allow_creation: no allow_creation: false
ignore_errors: yes ignore_errors: true
register: account_not_created_3 register: account_not_created_3
- name: Create account with External Account Binding - name: Create account with External Account Binding
@ -280,10 +280,10 @@
account_key_src: "{{ remote_tmp_dir }}/{{ item.account }}.pem" account_key_src: "{{ remote_tmp_dir }}/{{ item.account }}.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: present state: present
allow_creation: yes allow_creation: true
terms_agreed: yes terms_agreed: true
contact: contact:
- mailto:example@example.org - mailto:example@example.org
external_account_binding: external_account_binding:
@ -291,7 +291,7 @@
alg: "{{ item.alg }}" alg: "{{ item.alg }}"
key: "{{ item.key }}" key: "{{ item.key }}"
register: account_created_eab register: account_created_eab
ignore_errors: yes ignore_errors: true
loop: loop:
- account: accountkey3 - account: accountkey3
kid: kid-1 kid: kid-1

22
tests/integration/targets/acme_account_info/tasks/impl.yml
View File

@ -29,7 +29,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
register: account_not_created register: account_not_created
- name: Create it now - name: Create it now
@ -38,10 +38,10 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: present state: present
allow_creation: yes allow_creation: true
terms_agreed: yes terms_agreed: true
contact: contact:
- mailto:example@example.org - mailto:example@example.org
@ -51,7 +51,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
register: account_created register: account_created
- name: Read account key - name: Read account key
@ -65,9 +65,9 @@
account_key_content: "{{ slurp.content | b64decode }}" account_key_content: "{{ slurp.content | b64decode }}"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
state: present state: present
allow_creation: no allow_creation: false
contact: [] contact: []
- name: Check that account was modified - name: Check that account was modified
@ -76,7 +76,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
account_uri: "{{ account_created.account_uri }}" account_uri: "{{ account_created.account_uri }}"
register: account_modified register: account_modified
@ -86,7 +86,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
account_uri: "{{ account_created.account_uri }}test1234doesnotexists" account_uri: "{{ account_created.account_uri }}test1234doesnotexists"
register: account_not_exist register: account_not_exist
@ -96,7 +96,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
account_uri: "{{ account_created.account_uri }}" account_uri: "{{ account_created.account_uri }}"
ignore_errors: yes ignore_errors: true
register: account_wrong_key register: account_wrong_key

156
tests/integration/targets/acme_certificate/tasks/impl.yml
View File

@ -31,7 +31,7 @@
select_crypto_backend: "{{ select_crypto_backend }}" select_crypto_backend: "{{ select_crypto_backend }}"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
state: absent state: absent
- name: Read account key (EC384) - name: Read account key (EC384)
@ -43,11 +43,11 @@
select_crypto_backend: "{{ select_crypto_backend }}" select_crypto_backend: "{{ select_crypto_backend }}"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
account_key_content: "{{ slurp.content | b64decode }}" account_key_content: "{{ slurp.content | b64decode }}"
state: present state: present
allow_creation: yes allow_creation: true
terms_agreed: yes terms_agreed: true
contact: contact:
- mailto:example@example.org - mailto:example@example.org
- mailto:example@example.com - mailto:example@example.com
@ -56,11 +56,11 @@
select_crypto_backend: "{{ select_crypto_backend }}" select_crypto_backend: "{{ select_crypto_backend }}"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/account-rsa.pem" account_key_src: "{{ remote_tmp_dir }}/account-rsa.pem"
state: present state: present
allow_creation: yes allow_creation: true
terms_agreed: yes terms_agreed: true
contact: [] contact: []
## OBTAIN CERTIFICATES ######################################################################## ## OBTAIN CERTIFICATES ########################################################################
- name: Obtain cert 1 - name: Obtain cert 1
@ -71,16 +71,16 @@
key_type: rsa key_type: rsa
rsa_bits: "{{ default_rsa_key_size }}" rsa_bits: "{{ default_rsa_key_size }}"
subject_alt_name: "DNS:example.com" subject_alt_name: "DNS:example.com"
subject_alt_name_critical: no subject_alt_name_critical: false
account_key: account-ec256 account_key: account-ec256
challenge: http-01 challenge: http-01
modify_account: yes modify_account: true
deactivate_authzs: no deactivate_authzs: false
force: no force: false
remaining_days: 10 remaining_days: 10
terms_agreed: yes terms_agreed: true
account_email: "example@example.org" account_email: "example@example.org"
retrieve_all_alternates: yes retrieve_all_alternates: true
acme_expected_root_number: 1 acme_expected_root_number: 1
select_chain: select_chain:
- test_certificates: last - test_certificates: last
@ -98,17 +98,17 @@
certificate_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else '' }}" certificate_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else '' }}"
key_type: ec256 key_type: ec256
subject_alt_name: "DNS:*.example.com,DNS:example.com" subject_alt_name: "DNS:*.example.com,DNS:example.com"
subject_alt_name_critical: yes subject_alt_name_critical: true
account_key: account-ec384 account_key: account-ec384
challenge: dns-01 challenge: dns-01
modify_account: no modify_account: false
deactivate_authzs: yes deactivate_authzs: true
force: no force: false
remaining_days: 10 remaining_days: 10
terms_agreed: no terms_agreed: false
account_email: "" account_email: ""
acme_expected_root_number: 0 acme_expected_root_number: 0
retrieve_all_alternates: yes retrieve_all_alternates: true
select_chain: select_chain:
# All intermediates have the same subject, so always the first # All intermediates have the same subject, so always the first
# chain will be found, and we need a second condition to make sure # chain will be found, and we need a second condition to make sure
@ -134,17 +134,17 @@
certificate_name: cert-3 certificate_name: cert-3
key_type: ec384 key_type: ec384
subject_alt_name: "DNS:*.example.com,DNS:example.org,DNS:t1.example.com" subject_alt_name: "DNS:*.example.com,DNS:example.org,DNS:t1.example.com"
subject_alt_name_critical: no subject_alt_name_critical: false
account_key_content: "{{ slurp_account_key.content | b64decode }}" account_key_content: "{{ slurp_account_key.content | b64decode }}"
challenge: dns-01 challenge: dns-01
modify_account: no modify_account: false
deactivate_authzs: no deactivate_authzs: false
force: no force: false
remaining_days: 10 remaining_days: 10
terms_agreed: no terms_agreed: false
account_email: "" account_email: ""
acme_expected_root_number: 0 acme_expected_root_number: 0
retrieve_all_alternates: yes retrieve_all_alternates: true
select_chain: select_chain:
- test_certificates: last - test_certificates: last
subject: "{{ acme_roots[1].subject }}" subject: "{{ acme_roots[1].subject }}"
@ -161,14 +161,14 @@
key_type: rsa key_type: rsa
rsa_bits: "{{ default_rsa_key_size }}" rsa_bits: "{{ default_rsa_key_size }}"
subject_alt_name: "DNS:example.com,DNS:t1.example.com,DNS:test.t2.example.com,DNS:example.org,DNS:test.example.org" subject_alt_name: "DNS:example.com,DNS:t1.example.com,DNS:test.t2.example.com,DNS:example.org,DNS:test.example.org"
subject_alt_name_critical: no subject_alt_name_critical: false
account_key: account-rsa account_key: account-rsa
challenge: http-01 challenge: http-01
modify_account: no modify_account: false
deactivate_authzs: yes deactivate_authzs: true
force: yes force: true
remaining_days: 10 remaining_days: 10
terms_agreed: no terms_agreed: false
account_email: "" account_email: ""
acme_expected_root_number: 2 acme_expected_root_number: 2
select_chain: select_chain:
@ -188,14 +188,14 @@
certificate_name: cert-5 certificate_name: cert-5
key_type: ec521 key_type: ec521
subject_alt_name: "DNS:t2.example.com" subject_alt_name: "DNS:t2.example.com"
subject_alt_name_critical: no subject_alt_name_critical: false
account_key: account-ec384 account_key: account-ec384
challenge: http-01 challenge: http-01
modify_account: no modify_account: false
deactivate_authzs: yes deactivate_authzs: true
force: yes force: true
remaining_days: 10 remaining_days: 10
terms_agreed: no terms_agreed: false
account_email: "" account_email: ""
use_csr_content: true use_csr_content: true
- name: Store obtain results for cert 5a - name: Store obtain results for cert 5a
@ -209,14 +209,14 @@
certificate_name: cert-5 certificate_name: cert-5
key_type: ec521 key_type: ec521
subject_alt_name: "DNS:t2.example.com" subject_alt_name: "DNS:t2.example.com"
subject_alt_name_critical: no subject_alt_name_critical: false
account_key: account-ec384 account_key: account-ec384
challenge: http-01 challenge: http-01
modify_account: no modify_account: false
deactivate_authzs: yes deactivate_authzs: true
force: no force: false
remaining_days: 10 remaining_days: 10
terms_agreed: no terms_agreed: false
account_email: "" account_email: ""
use_csr_content: false use_csr_content: false
- name: Store obtain results for cert 5b - name: Store obtain results for cert 5b
@ -229,14 +229,14 @@
certificate_name: cert-5 certificate_name: cert-5
key_type: ec521 key_type: ec521
subject_alt_name: "DNS:t2.example.com" subject_alt_name: "DNS:t2.example.com"
subject_alt_name_critical: no subject_alt_name_critical: false
account_key: account-ec384 account_key: account-ec384
challenge: http-01 challenge: http-01
modify_account: no modify_account: false
deactivate_authzs: yes deactivate_authzs: true
force: yes force: true
remaining_days: 1000 remaining_days: 1000
terms_agreed: no terms_agreed: false
account_email: "" account_email: ""
use_csr_content: true use_csr_content: true
- name: Store obtain results for cert 5c - name: Store obtain results for cert 5c
@ -254,14 +254,14 @@
certificate_name: cert-5 certificate_name: cert-5
key_type: ec521 key_type: ec521
subject_alt_name: "DNS:t2.example.com" subject_alt_name: "DNS:t2.example.com"
subject_alt_name_critical: no subject_alt_name_critical: false
account_key_content: "{{ slurp_account_key.content | b64decode }}" account_key_content: "{{ slurp_account_key.content | b64decode }}"
challenge: http-01 challenge: http-01
modify_account: no modify_account: false
deactivate_authzs: yes deactivate_authzs: true
force: yes force: true
remaining_days: 10 remaining_days: 10
terms_agreed: no terms_agreed: false
account_email: "" account_email: ""
use_csr_content: false use_csr_content: false
- name: Store obtain results for cert 5d - name: Store obtain results for cert 5d
@ -277,14 +277,14 @@
key_type: rsa key_type: rsa
rsa_bits: "{{ default_rsa_key_size }}" rsa_bits: "{{ default_rsa_key_size }}"
subject_alt_name: "DNS:example.org" subject_alt_name: "DNS:example.org"
subject_alt_name_critical: no subject_alt_name_critical: false
account_key: account-ec256 account_key: account-ec256
challenge: tls-alpn-01 challenge: tls-alpn-01
modify_account: yes modify_account: true
deactivate_authzs: no deactivate_authzs: false
force: no force: false
remaining_days: 10 remaining_days: 10
terms_agreed: yes terms_agreed: true
account_email: "example@example.org" account_email: "example@example.org"
acme_expected_root_number: 0 acme_expected_root_number: 0
select_chain: select_chain:
@ -313,14 +313,14 @@
subject_alt_name: subject_alt_name:
- "IP:127.0.0.1" - "IP:127.0.0.1"
# - "IP:::1" # - "IP:::1"
subject_alt_name_critical: no subject_alt_name_critical: false
account_key: account-ec256 account_key: account-ec256
challenge: http-01 challenge: http-01
modify_account: yes modify_account: true
deactivate_authzs: no deactivate_authzs: false
force: no force: false
remaining_days: 10 remaining_days: 10
terms_agreed: yes terms_agreed: true
account_email: "example@example.org" account_email: "example@example.org"
acme_expected_root_number: 2 acme_expected_root_number: 2
select_chain: select_chain:
@ -344,15 +344,15 @@
- "IP:127.0.0.1" - "IP:127.0.0.1"
# IPv4 only since our test validation server doesn't work # IPv4 only since our test validation server doesn't work
# with IPv6 (thanks to Python's socketserver). # with IPv6 (thanks to Python's socketserver).
subject_alt_name_critical: no subject_alt_name_critical: false
account_key: account-ec256 account_key: account-ec256
challenge: tls-alpn-01 challenge: tls-alpn-01
challenge_alpn_tls: acme_challenge_cert_helper challenge_alpn_tls: acme_challenge_cert_helper
modify_account: yes modify_account: true
deactivate_authzs: no deactivate_authzs: false
force: no force: false
remaining_days: 10 remaining_days: 10
terms_agreed: yes terms_agreed: true
account_email: "example@example.org" account_email: "example@example.org"
use_csr_content: true use_csr_content: true
- name: Store obtain results for cert 8 - name: Store obtain results for cert 8
@ -364,37 +364,37 @@
# Make sure certificates are valid. Root certificate for Pebble equals the chain certificate. # Make sure certificates are valid. Root certificate for Pebble equals the chain certificate.
- name: Verifying cert 1 - name: Verifying cert 1
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-1-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-1-chain.pem" "{{ remote_tmp_dir }}/cert-1.pem"' command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-1-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-1-chain.pem" "{{ remote_tmp_dir }}/cert-1.pem"'
ignore_errors: yes ignore_errors: true
register: cert_1_valid register: cert_1_valid
- name: Verifying cert 2 - name: Verifying cert 2
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-2-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-2-chain.pem" "{{ remote_tmp_dir }}/cert-2.pem"' command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-2-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-2-chain.pem" "{{ remote_tmp_dir }}/cert-2.pem"'
ignore_errors: yes ignore_errors: true
register: cert_2_valid register: cert_2_valid
- name: Verifying cert 3 - name: Verifying cert 3
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-3-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-3-chain.pem" "{{ remote_tmp_dir }}/cert-3.pem"' command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-3-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-3-chain.pem" "{{ remote_tmp_dir }}/cert-3.pem"'
ignore_errors: yes ignore_errors: true
register: cert_3_valid register: cert_3_valid
- name: Verifying cert 4 - name: Verifying cert 4
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-4-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-4-chain.pem" "{{ remote_tmp_dir }}/cert-4.pem"' command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-4-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-4-chain.pem" "{{ remote_tmp_dir }}/cert-4.pem"'
ignore_errors: yes ignore_errors: true
register: cert_4_valid register: cert_4_valid
- name: Verifying cert 5 - name: Verifying cert 5
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-5-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-5-chain.pem" "{{ remote_tmp_dir }}/cert-5.pem"' command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-5-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-5-chain.pem" "{{ remote_tmp_dir }}/cert-5.pem"'
ignore_errors: yes ignore_errors: true
register: cert_5_valid register: cert_5_valid
- name: Verifying cert 6 - name: Verifying cert 6
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-6-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-6-chain.pem" "{{ remote_tmp_dir }}/cert-6.pem"' command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-6-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-6-chain.pem" "{{ remote_tmp_dir }}/cert-6.pem"'
ignore_errors: yes ignore_errors: true
register: cert_6_valid register: cert_6_valid
when: acme_intermediates[0].subject_key_identifier is defined when: acme_intermediates[0].subject_key_identifier is defined
- name: Verifying cert 7 - name: Verifying cert 7
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-7-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-7-chain.pem" "{{ remote_tmp_dir }}/cert-7.pem"' command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-7-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-7-chain.pem" "{{ remote_tmp_dir }}/cert-7.pem"'
ignore_errors: yes ignore_errors: true
register: cert_7_valid register: cert_7_valid
when: acme_roots[2].subject_key_identifier is defined when: acme_roots[2].subject_key_identifier is defined
- name: Verifying cert 8 - name: Verifying cert 8
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-8-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-8-chain.pem" "{{ remote_tmp_dir }}/cert-8.pem"' command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-8-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-8-chain.pem" "{{ remote_tmp_dir }}/cert-8.pem"'
ignore_errors: yes ignore_errors: true
register: cert_8_valid register: cert_8_valid
when: cryptography_version.stdout is version('1.3', '>=') when: cryptography_version.stdout is version('1.3', '>=')
# Dump certificate info # Dump certificate info
@ -468,7 +468,7 @@
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
retrieve_orders: ignore retrieve_orders: ignore
register: account_orders_not register: account_orders_not
- name: Retrieve orders as URL list (1/2) - name: Retrieve orders as URL list (1/2)
@ -477,7 +477,7 @@
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
retrieve_orders: url_list retrieve_orders: url_list
register: account_orders_urls register: account_orders_urls
- name: Retrieve orders as URL list (2/2) - name: Retrieve orders as URL list (2/2)
@ -486,7 +486,7 @@
account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem" account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
retrieve_orders: url_list retrieve_orders: url_list
register: account_orders_urls2 register: account_orders_urls2
- name: Retrieve orders as object list (1/2) - name: Retrieve orders as object list (1/2)
@ -495,7 +495,7 @@
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
retrieve_orders: object_list retrieve_orders: object_list
register: account_orders_full register: account_orders_full
- name: Retrieve orders as object list (2/2) - name: Retrieve orders as object list (2/2)
@ -504,6 +504,6 @@
account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem" account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
retrieve_orders: object_list retrieve_orders: object_list
register: account_orders_full2 register: account_orders_full2

42
tests/integration/targets/acme_certificate_revoke/tasks/impl.yml
View File

@ -38,14 +38,14 @@
key_type: rsa key_type: rsa
rsa_bits: "{{ default_rsa_key_size }}" rsa_bits: "{{ default_rsa_key_size }}"
subject_alt_name: "DNS:example.com" subject_alt_name: "DNS:example.com"
subject_alt_name_critical: no subject_alt_name_critical: false
account_key_content: "{{ slurp_account_key.content | b64decode }}" account_key_content: "{{ slurp_account_key.content | b64decode }}"
challenge: http-01 challenge: http-01
modify_account: yes modify_account: true
deactivate_authzs: no deactivate_authzs: false
force: no force: false
remaining_days: 10 remaining_days: 10
terms_agreed: yes terms_agreed: true
account_email: "example@example.org" account_email: "example@example.org"
- name: Obtain cert 2 - name: Obtain cert 2
include_tasks: obtain-cert.yml include_tasks: obtain-cert.yml
@ -55,14 +55,14 @@
certificate_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else '' }}" certificate_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else '' }}"
key_type: ec256 key_type: ec256
subject_alt_name: "DNS:*.example.com" subject_alt_name: "DNS:*.example.com"
subject_alt_name_critical: yes subject_alt_name_critical: true
account_key: account-ec384 account_key: account-ec384
challenge: dns-01 challenge: dns-01
modify_account: yes modify_account: true
deactivate_authzs: yes deactivate_authzs: true
force: no force: false
remaining_days: 10 remaining_days: 10
terms_agreed: yes terms_agreed: true
account_email: "example@example.org" account_email: "example@example.org"
- name: Obtain cert 3 - name: Obtain cert 3
include_tasks: obtain-cert.yml include_tasks: obtain-cert.yml
@ -71,14 +71,14 @@
certificate_name: cert-3 certificate_name: cert-3
key_type: ec384 key_type: ec384
subject_alt_name: "DNS:t1.example.com" subject_alt_name: "DNS:t1.example.com"
subject_alt_name_critical: no subject_alt_name_critical: false
account_key: account-rsa account_key: account-rsa
challenge: dns-01 challenge: dns-01
modify_account: yes modify_account: true
deactivate_authzs: no deactivate_authzs: false
force: no force: false
remaining_days: 10 remaining_days: 10
terms_agreed: yes terms_agreed: true
account_email: "example@example.org" account_email: "example@example.org"
## REVOKE CERTIFICATES ######################################################################## ## REVOKE CERTIFICATES ########################################################################
- name: Revoke certificate 1 via account key - name: Revoke certificate 1 via account key
@ -88,8 +88,8 @@
certificate: "{{ remote_tmp_dir }}/cert-1.pem" certificate: "{{ remote_tmp_dir }}/cert-1.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
ignore_errors: yes ignore_errors: true
register: cert_1_revoke register: cert_1_revoke
- name: Revoke certificate 2 via certificate private key - name: Revoke certificate 2 via certificate private key
acme_certificate_revoke: acme_certificate_revoke:
@ -99,8 +99,8 @@
certificate: "{{ remote_tmp_dir }}/cert-2.pem" certificate: "{{ remote_tmp_dir }}/cert-2.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
ignore_errors: yes ignore_errors: true
register: cert_2_revoke register: cert_2_revoke
- name: Read account key (RSA) - name: Read account key (RSA)
slurp: slurp:
@ -113,6 +113,6 @@
certificate: "{{ remote_tmp_dir }}/cert-3-fullchain.pem" certificate: "{{ remote_tmp_dir }}/cert-3-fullchain.pem"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
ignore_errors: yes ignore_errors: true
register: cert_3_revoke register: cert_3_revoke

10
tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml
View File

@ -24,15 +24,15 @@
key_type: rsa key_type: rsa
rsa_bits: "{{ default_rsa_key_size }}" rsa_bits: "{{ default_rsa_key_size }}"
subject_alt_name: "DNS:example.com" subject_alt_name: "DNS:example.com"
subject_alt_name_critical: no subject_alt_name_critical: false
account_key: account-ec256 account_key: account-ec256
challenge: tls-alpn-01 challenge: tls-alpn-01
challenge_alpn_tls: acme_challenge_cert_helper challenge_alpn_tls: acme_challenge_cert_helper
modify_account: yes modify_account: true
deactivate_authzs: no deactivate_authzs: false
force: no force: false
remaining_days: 10 remaining_days: 10
terms_agreed: yes terms_agreed: true
account_email: "example@example.org" account_email: "example@example.org"
when: cryptography_version.stdout is version('1.5', '>=') when: cryptography_version.stdout is version('1.5', '>=')

20
tests/integration/targets/acme_inspect/tasks/impl.yml
View File

@ -26,7 +26,7 @@
acme_inspect: acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2 acme_version: 2
validate_certs: no validate_certs: false
method: directory-only method: directory-only
register: directory register: directory
- debug: var=directory - debug: var=directory
@ -35,7 +35,7 @@
acme_inspect: acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2 acme_version: 2
validate_certs: no validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
url: "{{ directory.directory.newAccount}}" url: "{{ directory.directory.newAccount}}"
method: post method: post
@ -49,7 +49,7 @@
acme_inspect: acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2 acme_version: 2
validate_certs: no validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}" account_uri: "{{ account_creation.headers.location }}"
url: "{{ account_creation.headers.location }}" url: "{{ account_creation.headers.location }}"
@ -61,7 +61,7 @@
acme_inspect: acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2 acme_version: 2
validate_certs: no validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}" account_uri: "{{ account_creation.headers.location }}"
url: "{{ account_creation.headers.location }}" url: "{{ account_creation.headers.location }}"
@ -80,7 +80,7 @@
acme_inspect: acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2 acme_version: 2
validate_certs: no validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}" account_uri: "{{ account_creation.headers.location }}"
url: "{{ directory.directory.newOrder }}" url: "{{ directory.directory.newOrder }}"
@ -103,7 +103,7 @@
acme_inspect: acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2 acme_version: 2
validate_certs: no validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}" account_uri: "{{ account_creation.headers.location }}"
url: "{{ new_order.headers.location }}" url: "{{ new_order.headers.location }}"
@ -115,7 +115,7 @@
acme_inspect: acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2 acme_version: 2
validate_certs: no validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}" account_uri: "{{ account_creation.headers.location }}"
url: "{{ item }}" url: "{{ item }}"
@ -128,7 +128,7 @@
acme_inspect: acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2 acme_version: 2
validate_certs: no validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}" account_uri: "{{ account_creation.headers.location }}"
url: "{{ (item.challenges | selectattr('type', 'equalto', 'http-01') | list)[0].url }}" url: "{{ (item.challenges | selectattr('type', 'equalto', 'http-01') | list)[0].url }}"
@ -141,7 +141,7 @@
acme_inspect: acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2 acme_version: 2
validate_certs: no validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}" account_uri: "{{ account_creation.headers.location }}"
url: "{{ item.url }}" url: "{{ item.url }}"
@ -155,7 +155,7 @@
acme_inspect: acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2 acme_version: 2
validate_certs: no validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}" account_uri: "{{ account_creation.headers.location }}"
url: "{{ item.url }}" url: "{{ item.url }}"

2
tests/integration/targets/certificate_complete_chain/tasks/created.yml
View File

@ -17,7 +17,7 @@
- '{{ remote_tmp_dir }}/a-root.pem' - '{{ remote_tmp_dir }}/a-root.pem'
- name: Case B => doesn't work, but this is expected - name: Case B => doesn't work, but this is expected
failed_when: no failed_when: false
register: caseb register: caseb
certificate_complete_chain: certificate_complete_chain:
input_chain: "{{ read_certificates['d-leaf'] }}" input_chain: "{{ read_certificates['d-leaf'] }}"

14
tests/integration/targets/filter_openssl_csr_info/tasks/main.yml
View File

@ -48,7 +48,7 @@
emailAddress: test@example.com emailAddress: test@example.com
postalAddress: 1234 Somewhere postalAddress: 1234 Somewhere
postalCode: "1234" postalCode: "1234"
useCommonNameForSAN: no useCommonNameForSAN: false
key_usage: key_usage:
- digitalSignature - digitalSignature
- keyAgreement - keyAgreement
@ -59,7 +59,7 @@
- cRLSign - cRLSign
- Encipher Only - Encipher Only
- decipherOnly - decipherOnly
key_usage_critical: yes key_usage_critical: true
extended_key_usage: extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication" - serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication - TLS Web Server Authentication
@ -83,8 +83,8 @@
basic_constraints: basic_constraints:
- "CA:TRUE" - "CA:TRUE"
- "pathlen:23" - "pathlen:23"
basic_constraints_critical: yes basic_constraints_critical: true
ocsp_must_staple: yes ocsp_must_staple: true
subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}' subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}'
@ -99,7 +99,7 @@
path: '{{ remote_tmp_dir }}/csr_2.csr' path: '{{ remote_tmp_dir }}/csr_2.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: hunter2 privatekey_passphrase: hunter2
useCommonNameForSAN: no useCommonNameForSAN: false
basic_constraints: basic_constraints:
- "CA:TRUE" - "CA:TRUE"
@ -107,7 +107,7 @@
openssl_csr: openssl_csr:
path: '{{ remote_tmp_dir }}/csr_3.csr' path: '{{ remote_tmp_dir }}/csr_3.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no useCommonNameForSAN: false
subject_alt_name: subject_alt_name:
- "DNS:*.ansible.com" - "DNS:*.ansible.com"
- "DNS:*.example.org" - "DNS:*.example.org"
@ -125,7 +125,7 @@
openssl_csr: openssl_csr:
path: '{{ remote_tmp_dir }}/csr_4.csr' path: '{{ remote_tmp_dir }}/csr_4.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no useCommonNameForSAN: false
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
- name: Running tests - name: Running tests

2
tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml
View File

@ -44,7 +44,7 @@
set_fact: set_fact:
result_: >- result_: >-
{{ lookup('file', remote_tmp_dir ~ '/privatekey_3.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }} {{ lookup('file', remote_tmp_dir ~ '/privatekey_3.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }}
ignore_errors: yes ignore_errors: true
register: result register: result
- name: Check that loading passphrase protected key without passphrase failed - name: Check that loading passphrase protected key without passphrase failed

14
tests/integration/targets/filter_x509_certificate_info/tasks/main.yml
View File

@ -49,7 +49,7 @@
emailAddress: test@example.com emailAddress: test@example.com
postalAddress: 1234 Somewhere postalAddress: 1234 Somewhere
postalCode: "1234" postalCode: "1234"
useCommonNameForSAN: no useCommonNameForSAN: false
key_usage: key_usage:
- digitalSignature - digitalSignature
- keyAgreement - keyAgreement
@ -60,7 +60,7 @@
- cRLSign - cRLSign
- Encipher Only - Encipher Only
- decipherOnly - decipherOnly
key_usage_critical: yes key_usage_critical: true
extended_key_usage: extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication" - serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication - TLS Web Server Authentication
@ -86,8 +86,8 @@
basic_constraints: basic_constraints:
- "CA:TRUE" - "CA:TRUE"
- "pathlen:23" - "pathlen:23"
basic_constraints_critical: yes basic_constraints_critical: true
ocsp_must_staple: yes ocsp_must_staple: true
subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}' subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}'
@ -102,7 +102,7 @@
path: '{{ remote_tmp_dir }}/csr_2.csr' path: '{{ remote_tmp_dir }}/csr_2.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: hunter2 privatekey_passphrase: hunter2
useCommonNameForSAN: no useCommonNameForSAN: false
basic_constraints: basic_constraints:
- "CA:TRUE" - "CA:TRUE"
@ -110,7 +110,7 @@
openssl_csr: openssl_csr:
path: '{{ remote_tmp_dir }}/csr_3.csr' path: '{{ remote_tmp_dir }}/csr_3.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no useCommonNameForSAN: false
subject_alt_name: subject_alt_name:
- "DNS:*.ansible.com" - "DNS:*.ansible.com"
- "DNS:*.example.org" - "DNS:*.example.org"
@ -128,7 +128,7 @@
openssl_csr: openssl_csr:
path: '{{ remote_tmp_dir }}/csr_4.csr' path: '{{ remote_tmp_dir }}/csr_4.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no useCommonNameForSAN: false
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
- name: Generate selfsigned certificates - name: Generate selfsigned certificates

14
tests/integration/targets/filter_x509_crl_info/tasks/impl.yml
View File

@ -17,7 +17,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z revocation_date: 20191013000000Z
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
revocation_date: 20191001000000Z revocation_date: 20191001000000Z
@ -84,7 +84,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z revocation_date: 20191013000000Z
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
revocation_date: 20191001000000Z revocation_date: 20191001000000Z
@ -127,11 +127,11 @@
revoked_certificates: revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
ignore_timestamps: no ignore_timestamps: false
mode: update mode: update
return_content: yes return_content: true
register: crl_2_change register: crl_2_change
- name: Retrieve CRL 2 infos - name: Retrieve CRL 2 infos
@ -153,11 +153,11 @@
revoked_certificates: revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
ignore_timestamps: true ignore_timestamps: true
mode: update mode: update
return_content: yes return_content: true
register: crl_2_change_order register: crl_2_change_order
- name: Retrieve CRL 2 infos again - name: Retrieve CRL 2 infos again

6
tests/integration/targets/filter_x509_crl_info/tasks/main.yml
View File

@ -18,11 +18,11 @@
- name: ca - name: ca
subject: subject:
commonName: Ansible commonName: Ansible
is_ca: yes is_ca: true
- name: ca-2 - name: ca-2
subject: subject:
commonName: Ansible Other CA commonName: Ansible Other CA
is_ca: yes is_ca: true
- name: cert-1 - name: cert-1
subject_alt_name: subject_alt_name:
- DNS:ansible.com - DNS:ansible.com
@ -52,7 +52,7 @@
subject: "{{ item.subject | default(omit) }}" subject: "{{ item.subject | default(omit) }}"
subject_alt_name: "{{ item.subject_alt_name | default(omit) }}" subject_alt_name: "{{ item.subject_alt_name | default(omit) }}"
basic_constraints: "{{ 'CA:TRUE' if item.is_ca | default(false) else omit }}" basic_constraints: "{{ 'CA:TRUE' if item.is_ca | default(false) else omit }}"
use_common_name_for_san: no use_common_name_for_san: false
loop: "{{ certificates }}" loop: "{{ certificates }}"
- name: Generate CA certificates - name: Generate CA certificates

4
tests/integration/targets/get_certificate/tests/validate.yml
View File

@ -131,10 +131,10 @@
privatekey_path: '{{ remote_tmp_dir }}/bogus_ca.key' privatekey_path: '{{ remote_tmp_dir }}/bogus_ca.key'
subject: subject:
commonName: Bogus CA commonName: Bogus CA
useCommonNameForSAN: no useCommonNameForSAN: false
basic_constraints: basic_constraints:
- 'CA:TRUE' - 'CA:TRUE'
basic_constraints_critical: yes basic_constraints_critical: true
- name: Generate selfsigned bogus CA certificate - name: Generate selfsigned bogus CA certificate
x509_certificate: x509_certificate:

6
tests/integration/targets/luks_device/tasks/main.yml
View File

@ -80,11 +80,11 @@
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: absent state: absent
become: yes become: true
ignore_errors: yes ignore_errors: true
- command: losetup -d "{{ cryptfile_device }}" - command: losetup -d "{{ cryptfile_device }}"
become: yes become: true
- file: - file:
dest: "{{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile" dest: "{{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile"

2
tests/integration/targets/luks_device/tasks/run-test.yml
View File

@ -7,6 +7,6 @@
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: absent state: absent
become: yes become: true
- name: "Loading tasks from {{ item }}" - name: "Loading tasks from {{ item }}"
include_tasks: "{{ item }}" include_tasks: "{{ item }}"

64
tests/integration/targets/luks_device/tasks/tests/create-destroy.yml
View File

@ -10,8 +10,8 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf: pbkdf:
iteration_time: 0.1 iteration_time: 0.1
check_mode: yes check_mode: true
become: yes become: true
register: create_check register: create_check
- name: Create - name: Create
luks_device: luks_device:
@ -20,7 +20,7 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf: pbkdf:
iteration_time: 0.1 iteration_time: 0.1
become: yes become: true
register: create register: create
- name: Create (idempotent) - name: Create (idempotent)
luks_device: luks_device:
@ -29,7 +29,7 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf: pbkdf:
iteration_time: 0.1 iteration_time: 0.1
become: yes become: true
register: create_idem register: create_idem
- name: Create (idempotent, check) - name: Create (idempotent, check)
luks_device: luks_device:
@ -38,8 +38,8 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf: pbkdf:
iteration_time: 0.1 iteration_time: 0.1
check_mode: yes check_mode: true
become: yes become: true
register: create_idem_check register: create_idem_check
- assert: - assert:
that: that:
@ -53,30 +53,30 @@
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
check_mode: yes check_mode: true
become: yes become: true
register: open_check register: open_check
- name: Open - name: Open
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes become: true
register: open register: open
- name: Open (idempotent) - name: Open (idempotent)
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes become: true
register: open_idem register: open_idem
- name: Open (idempotent, check) - name: Open (idempotent, check)
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
check_mode: yes check_mode: true
become: yes become: true
register: open_idem_check register: open_idem_check
- assert: - assert:
that: that:
@ -89,27 +89,27 @@
luks_device: luks_device:
name: "{{ open.name }}" name: "{{ open.name }}"
state: closed state: closed
check_mode: yes check_mode: true
become: yes become: true
register: close_check register: close_check
- name: Closed (via name) - name: Closed (via name)
luks_device: luks_device:
name: "{{ open.name }}" name: "{{ open.name }}"
state: closed state: closed
become: yes become: true
register: close register: close
- name: Closed (via name, idempotent) - name: Closed (via name, idempotent)
luks_device: luks_device:
name: "{{ open.name }}" name: "{{ open.name }}"
state: closed state: closed
become: yes become: true
register: close_idem register: close_idem
- name: Closed (via name, idempotent, check) - name: Closed (via name, idempotent, check)
luks_device: luks_device:
name: "{{ open.name }}" name: "{{ open.name }}"
state: closed state: closed
check_mode: yes check_mode: true
become: yes become: true
register: close_idem_check register: close_idem_check
- assert: - assert:
that: that:
@ -123,33 +123,33 @@
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes become: true
- name: Closed (via device, check) - name: Closed (via device, check)
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: closed state: closed
check_mode: yes check_mode: true
become: yes become: true
register: close_check register: close_check
- name: Closed (via device) - name: Closed (via device)
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: closed state: closed
become: yes become: true
register: close register: close
- name: Closed (via device, idempotent) - name: Closed (via device, idempotent)
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: closed state: closed
become: yes become: true
register: close_idem register: close_idem
- name: Closed (via device, idempotent, check) - name: Closed (via device, idempotent, check)
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: closed state: closed
check_mode: yes check_mode: true
become: yes become: true
register: close_idem_check register: close_idem_check
- assert: - assert:
that: that:
@ -163,33 +163,33 @@
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes become: true
- name: Absent (check) - name: Absent (check)
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: absent state: absent
check_mode: yes check_mode: true
become: yes become: true
register: absent_check register: absent_check
- name: Absent - name: Absent
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: absent state: absent
become: yes become: true
register: absent register: absent
- name: Absent (idempotence) - name: Absent (idempotence)
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: absent state: absent
become: yes become: true
register: absent_idem register: absent_idem
- name: Absent (idempotence, check) - name: Absent (idempotence, check)
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: absent state: absent
check_mode: yes check_mode: true
become: yes become: true
register: absent_idem_check register: absent_idem_check
- assert: - assert:
that: that:

20
tests/integration/targets/luks_device/tasks/tests/device-check.yml
View File

@ -10,9 +10,9 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf: pbkdf:
iteration_time: 0.1 iteration_time: 0.1
check_mode: yes check_mode: true
ignore_errors: yes ignore_errors: true
become: yes become: true
register: create_check register: create_check
- name: Create with invalid device name - name: Create with invalid device name
luks_device: luks_device:
@ -21,8 +21,8 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf: pbkdf:
iteration_time: 0.1 iteration_time: 0.1
ignore_errors: yes ignore_errors: true
become: yes become: true
register: create register: create
- assert: - assert:
that: that:
@ -38,9 +38,9 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf: pbkdf:
iteration_time: 0.1 iteration_time: 0.1
check_mode: yes check_mode: true
ignore_errors: yes ignore_errors: true
become: yes become: true
register: create_check register: create_check
- name: Create with something which is not a device - name: Create with something which is not a device
luks_device: luks_device:
@ -49,8 +49,8 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf: pbkdf:
iteration_time: 0.1 iteration_time: 0.1
ignore_errors: yes ignore_errors: true
become: yes become: true
register: create register: create
- assert: - assert:
that: that:

58
tests/integration/targets/luks_device/tasks/tests/key-management.yml
View File

@ -10,7 +10,7 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf: pbkdf:
iteration_time: 0.1 iteration_time: 0.1
become: yes become: true
# Access: keyfile1 # Access: keyfile1
@ -19,8 +19,8 @@
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: open_try register: open_try
- assert: - assert:
that: that:
@ -29,15 +29,15 @@
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: closed state: closed
become: yes become: true
- name: Try to open with keyfile2 - name: Try to open with keyfile2
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile2" keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: open_try register: open_try
- assert: - assert:
that: that:
@ -51,7 +51,7 @@
new_keyfile: "{{ remote_tmp_dir }}/keyfile2" new_keyfile: "{{ remote_tmp_dir }}/keyfile2"
pbkdf: pbkdf:
iteration_time: 0.1 iteration_time: 0.1
become: yes become: true
register: result_1 register: result_1
- name: Give access to keyfile2 (idempotent) - name: Give access to keyfile2 (idempotent)
@ -60,7 +60,7 @@
state: closed state: closed
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
new_keyfile: "{{ remote_tmp_dir }}/keyfile2" new_keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes become: true
register: result_2 register: result_2
- assert: - assert:
@ -75,8 +75,8 @@
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile2" keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: open_try register: open_try
- assert: - assert:
that: that:
@ -85,11 +85,11 @@
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: closed state: closed
become: yes become: true
- name: Dump LUKS header - name: Dump LUKS header
command: "cryptsetup luksDump {{ cryptfile_device }}" command: "cryptsetup luksDump {{ cryptfile_device }}"
become: yes become: true
- name: Remove access from keyfile1 - name: Remove access from keyfile1
luks_device: luks_device:
@ -97,7 +97,7 @@
state: closed state: closed
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
remove_keyfile: "{{ remote_tmp_dir }}/keyfile1" remove_keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes become: true
register: result_1 register: result_1
- name: Remove access from keyfile1 (idempotent) - name: Remove access from keyfile1 (idempotent)
@ -106,7 +106,7 @@
state: closed state: closed
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
remove_keyfile: "{{ remote_tmp_dir }}/keyfile1" remove_keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes become: true
register: result_2 register: result_2
- assert: - assert:
@ -121,8 +121,8 @@
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: open_try register: open_try
- assert: - assert:
that: that:
@ -133,8 +133,8 @@
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile2" keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: open_try register: open_try
- assert: - assert:
that: that:
@ -143,11 +143,11 @@
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: closed state: closed
become: yes become: true
- name: Dump LUKS header - name: Dump LUKS header
command: "cryptsetup luksDump {{ cryptfile_device }}" command: "cryptsetup luksDump {{ cryptfile_device }}"
become: yes become: true
- name: Remove access from keyfile2 - name: Remove access from keyfile2
luks_device: luks_device:
@ -155,8 +155,8 @@
state: closed state: closed
keyfile: "{{ remote_tmp_dir }}/keyfile2" keyfile: "{{ remote_tmp_dir }}/keyfile2"
remove_keyfile: "{{ remote_tmp_dir }}/keyfile2" remove_keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: remove_last_key register: remove_last_key
- assert: - assert:
that: that:
@ -170,8 +170,8 @@
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile2" keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: open_try register: open_try
- assert: - assert:
that: that:
@ -180,7 +180,7 @@
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: closed state: closed
become: yes become: true
- name: Remove access from keyfile2 - name: Remove access from keyfile2
luks_device: luks_device:
@ -188,8 +188,8 @@
state: closed state: closed
keyfile: "{{ remote_tmp_dir }}/keyfile2" keyfile: "{{ remote_tmp_dir }}/keyfile2"
remove_keyfile: "{{ remote_tmp_dir }}/keyfile2" remove_keyfile: "{{ remote_tmp_dir }}/keyfile2"
force_remove_last_key: yes force_remove_last_key: true
become: yes become: true
# Access: none # Access: none
@ -198,8 +198,8 @@
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile2" keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: open_try register: open_try
- assert: - assert:
that: that:

10
tests/integration/targets/luks_device/tasks/tests/options.yml
View File

@ -12,7 +12,7 @@
pbkdf: pbkdf:
algorithm: pbkdf2 algorithm: pbkdf2
iteration_count: 1000 iteration_count: 1000
become: yes become: true
register: create_with_keysize register: create_with_keysize
- name: Create with keysize (idempotent) - name: Create with keysize (idempotent)
luks_device: luks_device:
@ -23,7 +23,7 @@
pbkdf: pbkdf:
algorithm: pbkdf2 algorithm: pbkdf2
iteration_count: 1000 iteration_count: 1000
become: yes become: true
register: create_idem_with_keysize register: create_idem_with_keysize
- name: Create with different keysize (idempotent since we do not update keysize) - name: Create with different keysize (idempotent since we do not update keysize)
luks_device: luks_device:
@ -34,7 +34,7 @@
pbkdf: pbkdf:
algorithm: pbkdf2 algorithm: pbkdf2
iteration_count: 1000 iteration_count: 1000
become: yes become: true
register: create_idem_with_diff_keysize register: create_idem_with_diff_keysize
- name: Create with ambiguous arguments - name: Create with ambiguous arguments
luks_device: luks_device:
@ -45,8 +45,8 @@
pbkdf: pbkdf:
algorithm: pbkdf2 algorithm: pbkdf2
iteration_count: 1000 iteration_count: 1000
ignore_errors: yes ignore_errors: true
become: yes become: true
register: create_with_ambiguous register: create_with_ambiguous
- assert: - assert:

66
tests/integration/targets/luks_device/tasks/tests/passphrase.yml
View File

@ -15,8 +15,8 @@
memory: 1000 memory: 1000
parallel: 1 parallel: 1
sector_size: 1024 sector_size: 1024
become: yes become: true
ignore_errors: yes ignore_errors: true
register: create_passphrase_1 register: create_passphrase_1
- name: Make sure that the previous task only fails if LUKS2 is not supported - name: Make sure that the previous task only fails if LUKS2 is not supported
@ -32,7 +32,7 @@
passphrase: "{{ cryptfile_passphrase1 }}" passphrase: "{{ cryptfile_passphrase1 }}"
pbkdf: pbkdf:
iteration_time: 0.1 iteration_time: 0.1
become: yes become: true
when: create_passphrase_1 is failed when: create_passphrase_1 is failed
- name: Open with passphrase1 - name: Open with passphrase1
@ -40,8 +40,8 @@
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
passphrase: "{{ cryptfile_passphrase1 }}" passphrase: "{{ cryptfile_passphrase1 }}"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: open_try register: open_try
- assert: - assert:
that: that:
@ -50,7 +50,7 @@
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: closed state: closed
become: yes become: true
- name: Give access with ambiguous new_ arguments - name: Give access with ambiguous new_ arguments
luks_device: luks_device:
@ -61,8 +61,8 @@
new_keyfile: "{{ remote_tmp_dir }}/keyfile1" new_keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf: pbkdf:
iteration_time: 0.1 iteration_time: 0.1
become: yes become: true
ignore_errors: yes ignore_errors: true
register: new_try register: new_try
- assert: - assert:
that: that:
@ -73,8 +73,8 @@
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
passphrase: "{{ cryptfile_passphrase2 }}" passphrase: "{{ cryptfile_passphrase2 }}"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: open_try register: open_try
- assert: - assert:
that: that:
@ -88,7 +88,7 @@
new_passphrase: "{{ cryptfile_passphrase2 }}" new_passphrase: "{{ cryptfile_passphrase2 }}"
pbkdf: pbkdf:
iteration_time: 0.1 iteration_time: 0.1
become: yes become: true
register: result_1 register: result_1
- name: Give access to passphrase2 (idempotent) - name: Give access to passphrase2 (idempotent)
@ -97,7 +97,7 @@
state: closed state: closed
passphrase: "{{ cryptfile_passphrase1 }}" passphrase: "{{ cryptfile_passphrase1 }}"
new_passphrase: "{{ cryptfile_passphrase2 }}" new_passphrase: "{{ cryptfile_passphrase2 }}"
become: yes become: true
register: result_2 register: result_2
- assert: - assert:
@ -110,8 +110,8 @@
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
passphrase: "{{ cryptfile_passphrase2 }}" passphrase: "{{ cryptfile_passphrase2 }}"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: open_try register: open_try
- assert: - assert:
that: that:
@ -120,15 +120,15 @@
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: closed state: closed
become: yes become: true
- name: Try to open with keyfile1 - name: Try to open with keyfile1
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: open_try register: open_try
- assert: - assert:
that: that:
@ -142,7 +142,7 @@
new_keyfile: "{{ remote_tmp_dir }}/keyfile1" new_keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf: pbkdf:
iteration_time: 0.1 iteration_time: 0.1
become: yes become: true
- name: Remove access with ambiguous remove_ arguments - name: Remove access with ambiguous remove_ arguments
luks_device: luks_device:
@ -150,8 +150,8 @@
state: closed state: closed
remove_keyfile: "{{ remote_tmp_dir }}/keyfile1" remove_keyfile: "{{ remote_tmp_dir }}/keyfile1"
remove_passphrase: "{{ cryptfile_passphrase1 }}" remove_passphrase: "{{ cryptfile_passphrase1 }}"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: remove_try register: remove_try
- assert: - assert:
that: that:
@ -162,8 +162,8 @@
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1" keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: open_try register: open_try
- assert: - assert:
that: that:
@ -172,14 +172,14 @@
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: closed state: closed
become: yes become: true
- name: Remove access for passphrase1 - name: Remove access for passphrase1
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: closed state: closed
remove_passphrase: "{{ cryptfile_passphrase1 }}" remove_passphrase: "{{ cryptfile_passphrase1 }}"
become: yes become: true
register: result_1 register: result_1
- name: Remove access for passphrase1 (idempotent) - name: Remove access for passphrase1 (idempotent)
@ -187,7 +187,7 @@
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: closed state: closed
remove_passphrase: "{{ cryptfile_passphrase1 }}" remove_passphrase: "{{ cryptfile_passphrase1 }}"
become: yes become: true
register: result_2 register: result_2
- assert: - assert:
@ -200,8 +200,8 @@
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
passphrase: "{{ cryptfile_passphrase1 }}" passphrase: "{{ cryptfile_passphrase1 }}"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: open_try register: open_try
- assert: - assert:
that: that:
@ -212,8 +212,8 @@
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
passphrase: "{{ cryptfile_passphrase3 }}" passphrase: "{{ cryptfile_passphrase3 }}"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: open_try register: open_try
- assert: - assert:
that: that:
@ -227,15 +227,15 @@
new_passphrase: "{{ cryptfile_passphrase3 }}" new_passphrase: "{{ cryptfile_passphrase3 }}"
pbkdf: pbkdf:
iteration_time: 0.1 iteration_time: 0.1
become: yes become: true
- name: Open with passphrase3 - name: Open with passphrase3
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: opened state: opened
passphrase: "{{ cryptfile_passphrase3 }}" passphrase: "{{ cryptfile_passphrase3 }}"
become: yes become: true
ignore_errors: yes ignore_errors: true
register: open_try register: open_try
- assert: - assert:
that: that:
@ -244,4 +244,4 @@
luks_device: luks_device:
device: "{{ cryptfile_device }}" device: "{{ cryptfile_device }}"
state: closed state: closed
become: yes become: true

18
tests/integration/targets/luks_device/tasks/tests/performance.yml
View File

@ -17,8 +17,8 @@
persistent: true persistent: true
pbkdf: pbkdf:
iteration_time: 0.1 iteration_time: 0.1
check_mode: yes check_mode: true
become: yes become: true
register: create_open_check register: create_open_check
- name: Create and open - name: Create and open
luks_device: luks_device:
@ -32,7 +32,7 @@
perf_no_read_workqueue: true perf_no_read_workqueue: true
perf_no_write_workqueue: true perf_no_write_workqueue: true
persistent: true persistent: true
become: yes become: true
register: create_open register: create_open
- name: Create and open (idempotent) - name: Create and open (idempotent)
luks_device: luks_device:
@ -46,7 +46,7 @@
perf_no_read_workqueue: true perf_no_read_workqueue: true
perf_no_write_workqueue: true perf_no_write_workqueue: true
persistent: true persistent: true
become: yes become: true
register: create_open_idem register: create_open_idem
- name: Create and open (idempotent, check) - name: Create and open (idempotent, check)
luks_device: luks_device:
@ -60,8 +60,8 @@
perf_no_read_workqueue: true perf_no_read_workqueue: true
perf_no_write_workqueue: true perf_no_write_workqueue: true
persistent: true persistent: true
check_mode: yes check_mode: true
become: yes become: true
register: create_open_idem_check register: create_open_idem_check
- assert: - assert:
that: that:
@ -72,7 +72,7 @@
- name: Dump LUKS Header - name: Dump LUKS Header
command: "cryptsetup luksDump {{ cryptfile_device }}" command: "cryptsetup luksDump {{ cryptfile_device }}"
become: yes become: true
register: luks_header register: luks_header
- assert: - assert:
that: that:
@ -83,7 +83,7 @@
- name: Dump device mapper table - name: Dump device mapper table
command: "dmsetup table {{ create_open.name }}" command: "dmsetup table {{ create_open.name }}"
become: yes become: true
register: dm_table register: dm_table
- assert: - assert:
that: that:
@ -96,7 +96,7 @@
luks_device: luks_device:
name: "{{ cryptfile_device }}" name: "{{ cryptfile_device }}"
state: absent state: absent
become: yes become: true
when: when:
- ansible_facts.kernel is version('5.9.0', '>=') - ansible_facts.kernel is version('5.9.0', '>=')

104
tests/integration/targets/openssl_csr/tasks/impl.yml
View File

@ -20,8 +20,8 @@
subject: subject:
commonName: www.ansible.com commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
check_mode: yes check_mode: true
register: generate_csr_check register: generate_csr_check
- name: "({{ select_crypto_backend }}) Generate CSR" - name: "({{ select_crypto_backend }}) Generate CSR"
@ -31,7 +31,7 @@
subject: subject:
commonName: www.ansible.com commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: generate_csr register: generate_csr
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
@ -41,7 +41,7 @@
subject_ordered: subject_ordered:
- commonName: www.ansible.com - commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: generate_csr_idempotent register: generate_csr_idempotent
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)" - name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)"
@ -51,8 +51,8 @@
subject: subject:
commonName: www.ansible.com commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
check_mode: yes check_mode: true
register: generate_csr_idempotent_check register: generate_csr_idempotent_check
- name: "({{ select_crypto_backend }}) Generate CSR without SAN (check mode)" - name: "({{ select_crypto_backend }}) Generate CSR without SAN (check mode)"
@ -61,9 +61,9 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject: subject:
commonName: www.ansible.com commonName: www.ansible.com
useCommonNameForSAN: no useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
register: generate_csr_nosan_check register: generate_csr_nosan_check
- name: "({{ select_crypto_backend }}) Generate CSR without SAN" - name: "({{ select_crypto_backend }}) Generate CSR without SAN"
@ -72,7 +72,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject: subject:
commonName: www.ansible.com commonName: www.ansible.com
useCommonNameForSAN: no useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_nosan register: generate_csr_nosan
@ -82,7 +82,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject: subject:
commonName: www.ansible.com commonName: www.ansible.com
useCommonNameForSAN: no useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_nosan_check_idempotent register: generate_csr_nosan_check_idempotent
@ -92,9 +92,9 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject: subject:
commonName: www.ansible.com commonName: www.ansible.com
useCommonNameForSAN: no useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
register: generate_csr_nosan_check_idempotent_check register: generate_csr_nosan_check_idempotent_check
# keyUsage longname and shortname should be able to be used # keyUsage longname and shortname should be able to be used
@ -179,7 +179,7 @@
subject_alt_name: invalid-san.example.com subject_alt_name: invalid-san.example.com
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_invalid_san register: generate_csr_invalid_san
ignore_errors: yes ignore_errors: true
- name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (2/2)" - name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (2/2)"
openssl_csr: openssl_csr:
@ -188,7 +188,7 @@
subject_alt_name: "DNS:system:kube-controller-manager" subject_alt_name: "DNS:system:kube-controller-manager"
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_invalid_san_2 register: generate_csr_invalid_san_2
ignore_errors: yes ignore_errors: true
- name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple" - name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple"
openssl_csr: openssl_csr:
@ -227,7 +227,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
subject: subject:
commonName: This is for Ansible commonName: This is for Ansible
useCommonNameForSAN: no useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
- name: "({{ select_crypto_backend }}) Generate CSR with country name" - name: "({{ select_crypto_backend }}) Generate CSR with country name"
@ -263,7 +263,7 @@
C: dex C: dex
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: country_fail_4 register: country_fail_4
ignore_errors: yes ignore_errors: true
- name: "({{ select_crypto_backend }}) Generate privatekey with password" - name: "({{ select_crypto_backend }}) Generate privatekey with password"
openssl_privatekey: openssl_privatekey:
@ -300,7 +300,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
privatekey_passphrase: hunter2 privatekey_passphrase: hunter2
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes ignore_errors: true
register: passphrase_error_1 register: passphrase_error_1
- name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 2)" - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 2)"
@ -309,7 +309,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: wrong_password privatekey_passphrase: wrong_password
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes ignore_errors: true
register: passphrase_error_2 register: passphrase_error_2
- name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 3)" - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 3)"
@ -317,7 +317,7 @@
path: '{{ remote_tmp_dir }}/csr_pw3.csr' path: '{{ remote_tmp_dir }}/csr_pw3.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes ignore_errors: true
register: passphrase_error_3 register: passphrase_error_3
- name: "({{ select_crypto_backend }}) Create broken CSR" - name: "({{ select_crypto_backend }}) Create broken CSR"
@ -330,7 +330,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
subject: subject:
commonName: This is for Ansible commonName: This is for Ansible
useCommonNameForSAN: no useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: output_broken register: output_broken
@ -340,7 +340,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject: subject:
commonName: www.ansible.com commonName: www.ansible.com
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_1 register: csr_backup_1
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
@ -349,7 +349,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject: subject:
commonName: www.ansible.com commonName: www.ansible.com
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_2 register: csr_backup_2
- name: "({{ select_crypto_backend }}) Generate CSR (change)" - name: "({{ select_crypto_backend }}) Generate CSR (change)"
@ -358,22 +358,22 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject: subject:
commonName: ansible.com commonName: ansible.com
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_3 register: csr_backup_3
- name: "({{ select_crypto_backend }}) Generate CSR (remove)" - name: "({{ select_crypto_backend }}) Generate CSR (remove)"
openssl_csr: openssl_csr:
path: '{{ remote_tmp_dir }}/csr_backup.csr' path: '{{ remote_tmp_dir }}/csr_backup.csr'
state: absent state: absent
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: csr_backup_4 register: csr_backup_4
- name: "({{ select_crypto_backend }}) Generate CSR (remove, idempotent)" - name: "({{ select_crypto_backend }}) Generate CSR (remove, idempotent)"
openssl_csr: openssl_csr:
path: '{{ remote_tmp_dir }}/csr_backup.csr' path: '{{ remote_tmp_dir }}/csr_backup.csr'
state: absent state: absent
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_5 register: csr_backup_5
@ -413,7 +413,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject: subject:
commonName: www.ansible.com commonName: www.ansible.com
create_subject_key_identifier: yes create_subject_key_identifier: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: subject_key_identifier_4 register: subject_key_identifier_4
@ -423,7 +423,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject: subject:
commonName: www.ansible.com commonName: www.ansible.com
create_subject_key_identifier: yes create_subject_key_identifier: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: subject_key_identifier_5 register: subject_key_identifier_5
@ -556,7 +556,7 @@
- emailAddress: test@example.com - emailAddress: test@example.com
- postalAddress: 1234 Somewhere - postalAddress: 1234 Somewhere
- postalCode: "1234" - postalCode: "1234"
useCommonNameForSAN: no useCommonNameForSAN: false
key_usage: key_usage:
- digitalSignature - digitalSignature
- keyAgreement - keyAgreement
@ -567,19 +567,19 @@
- cRLSign - cRLSign
- Encipher Only - Encipher Only
- decipherOnly - decipherOnly
key_usage_critical: yes key_usage_critical: true
extended_key_usage: '{{ value_for_extended_key_usage }}' extended_key_usage: '{{ value_for_extended_key_usage }}'
subject_alt_name: '{{ value_for_san }}' subject_alt_name: '{{ value_for_san }}'
basic_constraints: basic_constraints:
- "CA:TRUE" - "CA:TRUE"
- "pathlen:23" - "pathlen:23"
basic_constraints_critical: yes basic_constraints_critical: true
name_constraints_permitted: '{{ value_for_name_constraints_permitted }}' name_constraints_permitted: '{{ value_for_name_constraints_permitted }}'
name_constraints_excluded: name_constraints_excluded:
- "DNS:.example.com" - "DNS:.example.com"
- "DNS:.org" - "DNS:.org"
name_constraints_critical: yes name_constraints_critical: true
ocsp_must_staple: yes ocsp_must_staple: true
subject_key_identifier: 00:11:22:33 subject_key_identifier: 00:11:22:33
authority_key_identifier: 44:55:66:77 authority_key_identifier: 44:55:66:77
authority_cert_issuer: '{{ value_for_authority_cert_issuer }}' authority_cert_issuer: '{{ value_for_authority_cert_issuer }}'
@ -641,7 +641,7 @@
- emailAddress: test@example.com - emailAddress: test@example.com
- postalAddress: 1234 Somewhere - postalAddress: 1234 Somewhere
- postalCode: "1234" - postalCode: "1234"
useCommonNameForSAN: no useCommonNameForSAN: false
key_usage: key_usage:
- digitalSignature - digitalSignature
- keyAgreement - keyAgreement
@ -652,19 +652,19 @@
- cRLSign - cRLSign
- Encipher Only - Encipher Only
- decipherOnly - decipherOnly
key_usage_critical: yes key_usage_critical: true
extended_key_usage: '{{ value_for_extended_key_usage }}' extended_key_usage: '{{ value_for_extended_key_usage }}'
subject_alt_name: '{{ value_for_san }}' subject_alt_name: '{{ value_for_san }}'
basic_constraints: basic_constraints:
- "CA:TRUE" - "CA:TRUE"
- "pathlen:23" - "pathlen:23"
basic_constraints_critical: yes basic_constraints_critical: true
name_constraints_permitted: '{{ value_for_name_constraints_permitted }}' name_constraints_permitted: '{{ value_for_name_constraints_permitted }}'
name_constraints_excluded: name_constraints_excluded:
- "DNS:.org" - "DNS:.org"
- "DNS:.example.com" - "DNS:.example.com"
name_constraints_critical: yes name_constraints_critical: true
ocsp_must_staple: yes ocsp_must_staple: true
subject_key_identifier: 00:11:22:33 subject_key_identifier: 00:11:22:33
authority_key_identifier: 44:55:66:77 authority_key_identifier: 44:55:66:77
authority_cert_issuer: '{{ value_for_authority_cert_issuer }}' authority_cert_issuer: '{{ value_for_authority_cert_issuer }}'
@ -703,7 +703,7 @@
- "DNS:www.example.com" - "DNS:www.example.com"
- "IP:1.2.3.0/255.255.255.0" - "IP:1.2.3.0/255.255.255.0"
- "IP:0::0:1:0:0/112" - "IP:0::0:1:0:0/112"
check_mode: yes check_mode: true
register: everything_2 register: everything_2
- name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent)" - name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent)"
@ -728,7 +728,7 @@
emailAddress: test@example.com emailAddress: test@example.com
postalAddress: 1234 Somewhere postalAddress: 1234 Somewhere
postalCode: "1234" postalCode: "1234"
useCommonNameForSAN: no useCommonNameForSAN: false
key_usage: key_usage:
- digitalSignature - digitalSignature
- keyAgreement - keyAgreement
@ -739,19 +739,19 @@
- cRLSign - cRLSign
- Encipher Only - Encipher Only
- decipherOnly - decipherOnly
key_usage_critical: yes key_usage_critical: true
extended_key_usage: '{{ value_for_extended_key_usage }}' extended_key_usage: '{{ value_for_extended_key_usage }}'
subject_alt_name: '{{ value_for_san }}' subject_alt_name: '{{ value_for_san }}'
basic_constraints: basic_constraints:
- "CA:TRUE" - "CA:TRUE"
- "pathlen:23" - "pathlen:23"
basic_constraints_critical: yes basic_constraints_critical: true
name_constraints_permitted: '{{ value_for_name_constraints_permitted }}' name_constraints_permitted: '{{ value_for_name_constraints_permitted }}'
name_constraints_excluded: name_constraints_excluded:
- "DNS:.org" - "DNS:.org"
- "DNS:.example.com" - "DNS:.example.com"
name_constraints_critical: yes name_constraints_critical: true
ocsp_must_staple: yes ocsp_must_staple: true
subject_key_identifier: 00:11:22:33 subject_key_identifier: 00:11:22:33
authority_key_identifier: 44:55:66:77 authority_key_identifier: 44:55:66:77
authority_cert_issuer: '{{ value_for_authority_cert_issuer }}' authority_cert_issuer: '{{ value_for_authority_cert_issuer }}'
@ -814,7 +814,7 @@
- emailAddress: test@example.com - emailAddress: test@example.com
- postalAddress: 1234 Somewhere - postalAddress: 1234 Somewhere
- postalCode: "1234" - postalCode: "1234"
useCommonNameForSAN: no useCommonNameForSAN: false
key_usage: key_usage:
- digitalSignature - digitalSignature
- keyAgreement - keyAgreement
@ -825,19 +825,19 @@
- cRLSign - cRLSign
- Encipher Only - Encipher Only
- decipherOnly - decipherOnly
key_usage_critical: yes key_usage_critical: true
extended_key_usage: '{{ value_for_extended_key_usage }}' extended_key_usage: '{{ value_for_extended_key_usage }}'
subject_alt_name: '{{ value_for_san }}' subject_alt_name: '{{ value_for_san }}'
basic_constraints: basic_constraints:
- "CA:TRUE" - "CA:TRUE"
- "pathlen:23" - "pathlen:23"
basic_constraints_critical: yes basic_constraints_critical: true
name_constraints_permitted: '{{ value_for_name_constraints_permitted }}' name_constraints_permitted: '{{ value_for_name_constraints_permitted }}'
name_constraints_excluded: name_constraints_excluded:
- "DNS:.org" - "DNS:.org"
- "DNS:.example.com" - "DNS:.example.com"
name_constraints_critical: yes name_constraints_critical: true
ocsp_must_staple: yes ocsp_must_staple: true
subject_key_identifier: 00:11:22:33 subject_key_identifier: 00:11:22:33
authority_key_identifier: 44:55:66:77 authority_key_identifier: 44:55:66:77
authority_cert_issuer: '{{ value_for_authority_cert_issuer }}' authority_cert_issuer: '{{ value_for_authority_cert_issuer }}'
@ -895,7 +895,7 @@
- Ed25519 - Ed25519
- Ed448 - Ed448
register: generate_csr_ed25519_ed448_privatekey register: generate_csr_ed25519_ed448_privatekey
ignore_errors: yes ignore_errors: true
- name: "({{ select_crypto_backend }}) Generate CSR if private key generation succeeded" - name: "({{ select_crypto_backend }}) Generate CSR if private key generation succeeded"
when: generate_csr_ed25519_ed448_privatekey is not failed when: generate_csr_ed25519_ed448_privatekey is not failed
@ -912,7 +912,7 @@
- Ed25519 - Ed25519
- Ed448 - Ed448
register: generate_csr_ed25519_ed448 register: generate_csr_ed25519_ed448
ignore_errors: yes ignore_errors: true
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
openssl_csr: openssl_csr:
@ -925,7 +925,7 @@
- Ed25519 - Ed25519
- Ed448 - Ed448
register: generate_csr_ed25519_ed448_idempotent register: generate_csr_ed25519_ed448_idempotent
ignore_errors: yes ignore_errors: true
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=')

14
tests/integration/targets/openssl_csr_info/tasks/main.yml
View File

@ -49,7 +49,7 @@
emailAddress: test@example.com emailAddress: test@example.com
postalAddress: 1234 Somewhere postalAddress: 1234 Somewhere
postalCode: "1234" postalCode: "1234"
useCommonNameForSAN: no useCommonNameForSAN: false
key_usage: key_usage:
- digitalSignature - digitalSignature
- keyAgreement - keyAgreement
@ -60,7 +60,7 @@
- cRLSign - cRLSign
- Encipher Only - Encipher Only
- decipherOnly - decipherOnly
key_usage_critical: yes key_usage_critical: true
extended_key_usage: extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication" - serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication - TLS Web Server Authentication
@ -84,8 +84,8 @@
basic_constraints: basic_constraints:
- "CA:TRUE" - "CA:TRUE"
- "pathlen:23" - "pathlen:23"
basic_constraints_critical: yes basic_constraints_critical: true
ocsp_must_staple: yes ocsp_must_staple: true
subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}' subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}'
@ -100,7 +100,7 @@
path: '{{ remote_tmp_dir }}/csr_2.csr' path: '{{ remote_tmp_dir }}/csr_2.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: hunter2 privatekey_passphrase: hunter2
useCommonNameForSAN: no useCommonNameForSAN: false
basic_constraints: basic_constraints:
- "CA:TRUE" - "CA:TRUE"
@ -108,7 +108,7 @@
openssl_csr: openssl_csr:
path: '{{ remote_tmp_dir }}/csr_3.csr' path: '{{ remote_tmp_dir }}/csr_3.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no useCommonNameForSAN: false
subject_alt_name: subject_alt_name:
- "DNS:*.ansible.com" - "DNS:*.ansible.com"
- "DNS:*.example.org" - "DNS:*.example.org"
@ -126,7 +126,7 @@
openssl_csr: openssl_csr:
path: '{{ remote_tmp_dir }}/csr_4.csr' path: '{{ remote_tmp_dir }}/csr_4.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no useCommonNameForSAN: false
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
- name: Running tests with cryptography backend - name: Running tests with cryptography backend

6
tests/integration/targets/openssl_csr_pipe/tasks/impl.yml
View File

@ -14,7 +14,7 @@
subject: subject:
commonName: www.ansible.com commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
register: generate_csr_check register: generate_csr_check
- name: "({{ select_crypto_backend }}) Generate CSR" - name: "({{ select_crypto_backend }}) Generate CSR"
@ -41,7 +41,7 @@
subject: subject:
commonName: www.ansible.com commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
register: generate_csr_idempotent_check register: generate_csr_idempotent_check
- name: "({{ select_crypto_backend }}) Generate CSR (changed)" - name: "({{ select_crypto_backend }}) Generate CSR (changed)"
@ -60,7 +60,7 @@
subject: subject:
commonName: ansible.com commonName: ansible.com
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
register: generate_csr_changed_check register: generate_csr_changed_check
- name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)" - name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)"

28
tests/integration/targets/openssl_dhparam/tasks/impl.yml
View File

@ -10,7 +10,7 @@
size: 768 size: 768
path: '{{ remote_tmp_dir }}/dh768.pem' path: '{{ remote_tmp_dir }}/dh768.pem'
select_crypto_backend: "{{ select_crypto_backend }}" select_crypto_backend: "{{ select_crypto_backend }}"
return_content: yes return_content: true
check_mode: true check_mode: true
register: dhparam_check register: dhparam_check
@ -19,7 +19,7 @@
size: 768 size: 768
path: '{{ remote_tmp_dir }}/dh768.pem' path: '{{ remote_tmp_dir }}/dh768.pem'
select_crypto_backend: "{{ select_crypto_backend }}" select_crypto_backend: "{{ select_crypto_backend }}"
return_content: yes return_content: true
register: dhparam register: dhparam
- name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change (check mode)" - name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change (check mode)"
@ -27,7 +27,7 @@
size: 768 size: 768
path: '{{ remote_tmp_dir }}/dh768.pem' path: '{{ remote_tmp_dir }}/dh768.pem'
select_crypto_backend: "{{ select_crypto_backend }}" select_crypto_backend: "{{ select_crypto_backend }}"
return_content: yes return_content: true
check_mode: true check_mode: true
register: dhparam_changed_check register: dhparam_changed_check
@ -36,7 +36,7 @@
size: 768 size: 768
path: '{{ remote_tmp_dir }}/dh768.pem' path: '{{ remote_tmp_dir }}/dh768.pem'
select_crypto_backend: "{{ select_crypto_backend }}" select_crypto_backend: "{{ select_crypto_backend }}"
return_content: yes return_content: true
register: dhparam_changed register: dhparam_changed
- name: "[{{ select_crypto_backend }}] Generate parameters with size option" - name: "[{{ select_crypto_backend }}] Generate parameters with size option"
@ -54,7 +54,7 @@
- copy: - copy:
src: '{{ remote_tmp_dir }}/dh768.pem' src: '{{ remote_tmp_dir }}/dh768.pem'
remote_src: yes remote_src: true
dest: '{{ remote_tmp_dir }}/dh512.pem' dest: '{{ remote_tmp_dir }}/dh512.pem'
- name: "[{{ select_crypto_backend }}] Re-generate if size is different" - name: "[{{ select_crypto_backend }}] Re-generate if size is different"
@ -68,7 +68,7 @@
openssl_dhparam: openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh512.pem' path: '{{ remote_tmp_dir }}/dh512.pem'
size: 512 size: 512
force: yes force: true
select_crypto_backend: "{{ select_crypto_backend }}" select_crypto_backend: "{{ select_crypto_backend }}"
register: dhparam_changed_force register: dhparam_changed_force
@ -80,7 +80,7 @@
openssl_dhparam: openssl_dhparam:
path: '{{ remote_tmp_dir }}/dhbroken.pem' path: '{{ remote_tmp_dir }}/dhbroken.pem'
size: 512 size: 512
force: yes force: true
select_crypto_backend: "{{ select_crypto_backend }}" select_crypto_backend: "{{ select_crypto_backend }}"
register: output_broken register: output_broken
@ -88,36 +88,36 @@
openssl_dhparam: openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh_backup.pem' path: '{{ remote_tmp_dir }}/dh_backup.pem'
size: 512 size: 512
backup: yes backup: true
select_crypto_backend: "{{ select_crypto_backend }}" select_crypto_backend: "{{ select_crypto_backend }}"
register: dhparam_backup_1 register: dhparam_backup_1
- name: "[{{ select_crypto_backend }}] Generate params (idempotent)" - name: "[{{ select_crypto_backend }}] Generate params (idempotent)"
openssl_dhparam: openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh_backup.pem' path: '{{ remote_tmp_dir }}/dh_backup.pem'
size: 512 size: 512
backup: yes backup: true
select_crypto_backend: "{{ select_crypto_backend }}" select_crypto_backend: "{{ select_crypto_backend }}"
register: dhparam_backup_2 register: dhparam_backup_2
- name: "[{{ select_crypto_backend }}] Generate params (change)" - name: "[{{ select_crypto_backend }}] Generate params (change)"
openssl_dhparam: openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh_backup.pem' path: '{{ remote_tmp_dir }}/dh_backup.pem'
size: 512 size: 512
force: yes force: true
backup: yes backup: true
select_crypto_backend: "{{ select_crypto_backend }}" select_crypto_backend: "{{ select_crypto_backend }}"
register: dhparam_backup_3 register: dhparam_backup_3
- name: "[{{ select_crypto_backend }}] Generate params (remove)" - name: "[{{ select_crypto_backend }}] Generate params (remove)"
openssl_dhparam: openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh_backup.pem' path: '{{ remote_tmp_dir }}/dh_backup.pem'
state: absent state: absent
backup: yes backup: true
select_crypto_backend: "{{ select_crypto_backend }}" select_crypto_backend: "{{ select_crypto_backend }}"
return_content: yes return_content: true
register: dhparam_backup_4 register: dhparam_backup_4
- name: "[{{ select_crypto_backend }}] Generate params (remove, idempotent)" - name: "[{{ select_crypto_backend }}] Generate params (remove, idempotent)"
openssl_dhparam: openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh_backup.pem' path: '{{ remote_tmp_dir }}/dh_backup.pem'
state: absent state: absent
backup: yes backup: true
select_crypto_backend: "{{ select_crypto_backend }}" select_crypto_backend: "{{ select_crypto_backend }}"
register: dhparam_backup_5 register: dhparam_backup_5

92
tests/integration/targets/openssl_privatekey/tasks/impl.yml
View File

@ -7,7 +7,7 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey1.pem' path: '{{ remote_tmp_dir }}/privatekey1.pem'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
check_mode: true check_mode: true
register: privatekey1_check register: privatekey1_check
@ -15,14 +15,14 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey1.pem' path: '{{ remote_tmp_dir }}/privatekey1.pem'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: privatekey1 register: privatekey1
- name: "({{ select_crypto_backend }}) Generate privatekey1 - standard (idempotence, check mode)" - name: "({{ select_crypto_backend }}) Generate privatekey1 - standard (idempotence, check mode)"
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey1.pem' path: '{{ remote_tmp_dir }}/privatekey1.pem'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
check_mode: true check_mode: true
register: privatekey1_idempotence_check register: privatekey1_idempotence_check
@ -30,7 +30,7 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey1.pem' path: '{{ remote_tmp_dir }}/privatekey1.pem'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: privatekey1_idempotence register: privatekey1_idempotence
- name: "({{ select_crypto_backend }}) Generate privatekey2 - size 2048" - name: "({{ select_crypto_backend }}) Generate privatekey2 - size 2048"
@ -57,7 +57,7 @@
state: absent state: absent
path: '{{ remote_tmp_dir }}/privatekey4.pem' path: '{{ remote_tmp_dir }}/privatekey4.pem'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: privatekey4_delete register: privatekey4_delete
- name: "({{ select_crypto_backend }}) Delete privatekey4 - standard (idempotence)" - name: "({{ select_crypto_backend }}) Delete privatekey4 - standard (idempotence)"
@ -190,7 +190,7 @@
loop: "{{ types }}" loop: "{{ types }}"
loop_control: loop_control:
label: "{{ item.type }}" label: "{{ item.type }}"
ignore_errors: yes ignore_errors: true
register: privatekey_t1_generate register: privatekey_t1_generate
- name: "({{ select_crypto_backend }}) Test other type generation (idempotency)" - name: "({{ select_crypto_backend }}) Test other type generation (idempotency)"
@ -202,7 +202,7 @@
loop: "{{ types }}" loop: "{{ types }}"
loop_control: loop_control:
label: "{{ item.type }}" label: "{{ item.type }}"
ignore_errors: yes ignore_errors: true
register: privatekey_t1_idempotency register: privatekey_t1_idempotency
when: select_crypto_backend == 'cryptography' when: select_crypto_backend == 'cryptography'
@ -224,7 +224,7 @@
cipher: auto cipher: auto
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes backup: true
register: passphrase_1 register: passphrase_1
- name: "({{ select_crypto_backend }}) Generate privatekey with passphrase (idempotent)" - name: "({{ select_crypto_backend }}) Generate privatekey with passphrase (idempotent)"
@ -234,7 +234,7 @@
cipher: auto cipher: auto
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes backup: true
register: passphrase_2 register: passphrase_2
- name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase" - name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase"
@ -242,7 +242,7 @@
path: '{{ remote_tmp_dir }}/privatekeypw.pem' path: '{{ remote_tmp_dir }}/privatekeypw.pem'
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes backup: true
register: passphrase_3 register: passphrase_3
- name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase (idempotent)" - name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase (idempotent)"
@ -250,7 +250,7 @@
path: '{{ remote_tmp_dir }}/privatekeypw.pem' path: '{{ remote_tmp_dir }}/privatekeypw.pem'
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes backup: true
register: passphrase_4 register: passphrase_4
- name: "({{ select_crypto_backend }}) Regenerate privatekey with passphrase" - name: "({{ select_crypto_backend }}) Regenerate privatekey with passphrase"
@ -260,7 +260,7 @@
cipher: auto cipher: auto
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes backup: true
register: passphrase_5 register: passphrase_5
- name: "({{ select_crypto_backend }}) Create broken key" - name: "({{ select_crypto_backend }}) Create broken key"
@ -281,7 +281,7 @@
cipher: auto cipher: auto
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes backup: true
state: absent state: absent
register: remove_1 register: remove_1
@ -292,7 +292,7 @@
cipher: auto cipher: auto
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes backup: true
state: absent state: absent
register: remove_2 register: remove_2
@ -327,7 +327,7 @@
openssl_privatekey: openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey_mode.pem' path: '{{ remote_tmp_dir }}/privatekey_mode.pem'
mode: '0400' mode: '0400'
force: yes force: true
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey_mode_3 register: privatekey_mode_3
@ -405,7 +405,7 @@
format: raw format: raw
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes ignore_errors: true
register: privatekey_fmt_1_step_8 register: privatekey_fmt_1_step_8
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)" - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)"
@ -438,7 +438,7 @@
type: X448 type: X448
format: pkcs8 format: pkcs8
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes ignore_errors: true
register: privatekey_fmt_2_step_1 register: privatekey_fmt_2_step_1
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - PKCS8 format (idempotent)" - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - PKCS8 format (idempotent)"
@ -447,7 +447,7 @@
type: X448 type: X448
format: pkcs8 format: pkcs8
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes ignore_errors: true
register: privatekey_fmt_2_step_2 register: privatekey_fmt_2_step_2
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - raw format" - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - raw format"
@ -456,14 +456,14 @@
type: X448 type: X448
format: raw format: raw
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
ignore_errors: yes ignore_errors: true
register: privatekey_fmt_2_step_3 register: privatekey_fmt_2_step_3
- name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem" - name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem"
slurp: slurp:
src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem" src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem"
ignore_errors: yes ignore_errors: true
register: content register: content
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded" - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded"
@ -478,14 +478,14 @@
type: X448 type: X448
format: raw format: raw
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
ignore_errors: yes ignore_errors: true
register: privatekey_fmt_2_step_4 register: privatekey_fmt_2_step_4
- name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem" - name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem"
slurp: slurp:
src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem" src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem"
ignore_errors: yes ignore_errors: true
register: content register: content
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded" - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded"
@ -500,14 +500,14 @@
type: X448 type: X448
format: auto_ignore format: auto_ignore
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
ignore_errors: yes ignore_errors: true
register: privatekey_fmt_2_step_5 register: privatekey_fmt_2_step_5
- name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem" - name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem"
slurp: slurp:
src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem" src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem"
ignore_errors: yes ignore_errors: true
register: content register: content
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded" - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded"
@ -522,8 +522,8 @@
type: X448 type: X448
format: auto format: auto
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
ignore_errors: yes ignore_errors: true
register: privatekey_fmt_2_step_6 register: privatekey_fmt_2_step_6
- name: "({{ select_crypto_backend }}) Read private key" - name: "({{ select_crypto_backend }}) Read private key"
@ -574,9 +574,9 @@
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
regenerate: '{{ item }}' regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
loop: "{{ regenerate_values }}" loop: "{{ regenerate_values }}"
ignore_errors: yes ignore_errors: true
register: result register: result
- assert: - assert:
that: that:
@ -597,7 +597,7 @@
regenerate: '{{ item }}' regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}" loop: "{{ regenerate_values }}"
ignore_errors: yes ignore_errors: true
register: result register: result
- assert: - assert:
that: that:
@ -617,9 +617,9 @@
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
regenerate: '{{ item }}' regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
loop: "{{ regenerate_values }}" loop: "{{ regenerate_values }}"
ignore_errors: yes ignore_errors: true
register: result register: result
- assert: - assert:
that: that:
@ -640,7 +640,7 @@
regenerate: '{{ item }}' regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}" loop: "{{ regenerate_values }}"
ignore_errors: yes ignore_errors: true
register: result register: result
- assert: - assert:
that: that:
@ -660,7 +660,7 @@
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
regenerate: '{{ item }}' regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
loop: "{{ regenerate_values }}" loop: "{{ regenerate_values }}"
register: result register: result
- assert: - assert:
@ -695,9 +695,9 @@
size: '{{ default_rsa_key_size + 20 }}' size: '{{ default_rsa_key_size + 20 }}'
regenerate: '{{ item }}' regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
loop: "{{ regenerate_values }}" loop: "{{ regenerate_values }}"
ignore_errors: yes ignore_errors: true
register: result register: result
- assert: - assert:
that: that:
@ -716,7 +716,7 @@
regenerate: '{{ item }}' regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}" loop: "{{ regenerate_values }}"
ignore_errors: yes ignore_errors: true
register: result register: result
- assert: - assert:
that: that:
@ -742,9 +742,9 @@
size: '{{ default_rsa_key_size }}' size: '{{ default_rsa_key_size }}'
regenerate: '{{ item }}' regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
loop: "{{ regenerate_values }}" loop: "{{ regenerate_values }}"
ignore_errors: yes ignore_errors: true
register: result register: result
- assert: - assert:
that: that:
@ -763,7 +763,7 @@
regenerate: '{{ item }}' regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}" loop: "{{ regenerate_values }}"
ignore_errors: yes ignore_errors: true
register: result register: result
- assert: - assert:
that: that:
@ -791,9 +791,9 @@
format: pkcs8 format: pkcs8
regenerate: '{{ item }}' regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
loop: "{{ regenerate_values }}" loop: "{{ regenerate_values }}"
ignore_errors: yes ignore_errors: true
register: result register: result
- assert: - assert:
that: that:
@ -813,7 +813,7 @@
regenerate: '{{ item }}' regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}" loop: "{{ regenerate_values }}"
ignore_errors: yes ignore_errors: true
register: result register: result
- assert: - assert:
that: that:
@ -841,7 +841,7 @@
format_mismatch: convert format_mismatch: convert
regenerate: '{{ item }}' regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
loop: "{{ regenerate_values }}" loop: "{{ regenerate_values }}"
register: result register: result
- assert: - assert:

12
tests/integration/targets/openssl_privatekey_info/tasks/impl.yml
View File

@ -43,7 +43,7 @@
- name: ({{select_crypto_backend}}) Get key 2 info - name: ({{select_crypto_backend}}) Get key 2 info
openssl_privatekey_info: openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_2.pem' path: '{{ remote_tmp_dir }}/privatekey_2.pem'
return_private_key_data: yes return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: result register: result
@ -65,9 +65,9 @@
- name: ({{select_crypto_backend}}) Get key 3 info (without passphrase) - name: ({{select_crypto_backend}}) Get key 3 info (without passphrase)
openssl_privatekey_info: openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_3.pem' path: '{{ remote_tmp_dir }}/privatekey_3.pem'
return_private_key_data: yes return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes ignore_errors: true
register: result register: result
- name: Check that loading passphrase protected key without passphrase failed - name: Check that loading passphrase protected key without passphrase failed
@ -91,7 +91,7 @@
openssl_privatekey_info: openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_3.pem' path: '{{ remote_tmp_dir }}/privatekey_3.pem'
passphrase: hunter2 passphrase: hunter2
return_private_key_data: yes return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: result register: result
@ -112,7 +112,7 @@
- name: ({{select_crypto_backend}}) Get key 4 info - name: ({{select_crypto_backend}}) Get key 4 info
openssl_privatekey_info: openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_4.pem' path: '{{ remote_tmp_dir }}/privatekey_4.pem'
return_private_key_data: yes return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: result register: result
@ -134,7 +134,7 @@
- name: ({{select_crypto_backend}}) Get key 5 info - name: ({{select_crypto_backend}}) Get key 5 info
openssl_privatekey_info: openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_5.pem' path: '{{ remote_tmp_dir }}/privatekey_5.pem'
return_private_key_data: yes return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: result register: result

26
tests/integration/targets/openssl_publickey/tasks/impl.yml
View File

@ -13,7 +13,7 @@
path: '{{ remote_tmp_dir }}/publickey.pub' path: '{{ remote_tmp_dir }}/publickey.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
check_mode: true check_mode: true
register: publickey_check register: publickey_check
@ -22,7 +22,7 @@
path: '{{ remote_tmp_dir }}/publickey.pub' path: '{{ remote_tmp_dir }}/publickey.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: publickey register: publickey
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (check mode, idempotence)" - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (check mode, idempotence)"
@ -30,7 +30,7 @@
path: '{{ remote_tmp_dir }}/publickey.pub' path: '{{ remote_tmp_dir }}/publickey.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
check_mode: true check_mode: true
register: publickey_check2 register: publickey_check2
@ -39,7 +39,7 @@
path: '{{ remote_tmp_dir }}/publickey.pub' path: '{{ remote_tmp_dir }}/publickey.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: publickey_idempotence register: publickey_idempotence
- name: "({{ select_crypto_backend }}) Verify check mode" - name: "({{ select_crypto_backend }}) Verify check mode"
@ -79,7 +79,7 @@
path: '{{ remote_tmp_dir }}/publickey2.pub' path: '{{ remote_tmp_dir }}/publickey2.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: publickey2_absent register: publickey2_absent
- name: "({{ select_crypto_backend }}) Delete publickey2 - standard (idempotence)" - name: "({{ select_crypto_backend }}) Delete publickey2 - standard (idempotence)"
@ -134,21 +134,21 @@
openssl_publickey: openssl_publickey:
path: '{{ remote_tmp_dir }}/publickey5.pub' path: '{{ remote_tmp_dir }}/publickey5.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey5_1 register: privatekey5_1
- name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (idempotent)" - name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (idempotent)"
openssl_publickey: openssl_publickey:
path: '{{ remote_tmp_dir }}/publickey5.pub' path: '{{ remote_tmp_dir }}/publickey5.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey5_2 register: privatekey5_2
- name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (different private key)" - name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (different private key)"
openssl_publickey: openssl_publickey:
path: '{{ remote_tmp_dir }}/publickey5.pub' path: '{{ remote_tmp_dir }}/publickey5.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey5.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey5.pem'
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey5_3 register: privatekey5_3
@ -166,7 +166,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
privatekey_passphrase: hunter2 privatekey_passphrase: hunter2
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes ignore_errors: true
register: passphrase_error_1 register: passphrase_error_1
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 2)" - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 2)"
@ -175,7 +175,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: wrong_password privatekey_passphrase: wrong_password
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes ignore_errors: true
register: passphrase_error_2 register: passphrase_error_2
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 3)" - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 3)"
@ -183,7 +183,7 @@
path: '{{ remote_tmp_dir }}/publickey_pw3.pub' path: '{{ remote_tmp_dir }}/publickey_pw3.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes ignore_errors: true
register: passphrase_error_3 register: passphrase_error_3
- name: "({{ select_crypto_backend }}) Create broken key" - name: "({{ select_crypto_backend }}) Create broken key"
@ -207,7 +207,7 @@
state: absent state: absent
path: '{{ remote_tmp_dir }}/publickey_removal.pub' path: '{{ remote_tmp_dir }}/publickey_removal.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: remove_1 register: remove_1
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (removal, idempotent)" - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (removal, idempotent)"
@ -215,6 +215,6 @@
state: absent state: absent
path: '{{ remote_tmp_dir }}/publickey_removal.pub' path: '{{ remote_tmp_dir }}/publickey_removal.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: remove_2 register: remove_2

4
tests/integration/targets/setup_acme/tasks/obtain-cert.yml
View File

@ -34,7 +34,7 @@
select_crypto_backend: "{{ select_crypto_backend }}" select_crypto_backend: "{{ select_crypto_backend }}"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}" account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}"
account_key_content: "{{ account_key_content | default(omit) }}" account_key_content: "{{ account_key_content | default(omit) }}"
account_key_passphrase: "{{ account_key_passphrase | default(omit) | default(omit, true) }}" account_key_passphrase: "{{ account_key_passphrase | default(omit) | default(omit, true) }}"
@ -112,7 +112,7 @@
select_crypto_backend: "{{ select_crypto_backend }}" select_crypto_backend: "{{ select_crypto_backend }}"
acme_version: 2 acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no validate_certs: false
account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}" account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}"
account_key_content: "{{ account_key_content | default(omit) }}" account_key_content: "{{ account_key_content | default(omit) }}"
account_key_passphrase: "{{ account_key_passphrase | default(omit) | default(omit, true) }}" account_key_passphrase: "{{ account_key_passphrase | default(omit) | default(omit, true) }}"

2
tests/integration/targets/setup_openssl/tasks/main.yml
View File

@ -59,7 +59,7 @@
homebrew: homebrew:
name: openssl name: openssl
state: present state: present
become: yes become: true
become_user: "{{ brew_stat.stat.pw_name }}" become_user: "{{ brew_stat.stat.pw_name }}"
- name: MACOS | Locale openssl binary - name: MACOS | Locale openssl binary

4
tests/integration/targets/setup_pkg_mgr/tasks/main.yml
View File

@ -11,11 +11,11 @@
- set_fact: - set_fact:
pkg_mgr: community.general.pkgng pkg_mgr: community.general.pkgng
ansible_pkg_mgr: community.general.pkgng ansible_pkg_mgr: community.general.pkgng
cacheable: yes cacheable: true
when: ansible_os_family == 'FreeBSD' and ansible_version.string is version('2.10', '>=') when: ansible_os_family == 'FreeBSD' and ansible_version.string is version('2.10', '>=')
- set_fact: - set_fact:
pkg_mgr: community.general.zypper pkg_mgr: community.general.zypper
ansible_pkg_mgr: community.general.zypper ansible_pkg_mgr: community.general.zypper
cacheable: yes cacheable: true
when: ansible_os_family == 'Suse' and ansible_version.string is version('2.10', '>=') when: ansible_os_family == 'Suse' and ansible_version.string is version('2.10', '>=')

4
tests/integration/targets/setup_pyopenssl/tasks/main.yml
View File

@ -60,7 +60,7 @@
- name: Register pyOpenSSL debug details - name: Register pyOpenSSL debug details
command: "{{ ansible_python.executable }} -m OpenSSL.debug" command: "{{ ansible_python.executable }} -m OpenSSL.debug"
register: pyopenssl_debug_version register: pyopenssl_debug_version
ignore_errors: yes ignore_errors: true
# Depending on which pyOpenSSL version has been installed, it could be that cryptography has # Depending on which pyOpenSSL version has been installed, it could be that cryptography has
# been upgraded to a newer version. Make sure to register cryptography_version another time here # been upgraded to a newer version. Make sure to register cryptography_version another time here
@ -68,4 +68,4 @@
- name: Register cryptography version - name: Register cryptography version
command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'" command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'"
register: cryptography_version register: cryptography_version
ignore_errors: yes # in case cryptography was not installed, and setup_openssl hasn't been run before, ignore errors ignore_errors: true # in case cryptography was not installed, and setup_openssl hasn't been run before, ignore errors

2
tests/integration/targets/setup_remote_tmp_dir/tasks/default-cleanup.yml
View File

@ -7,4 +7,4 @@
file: file:
path: "{{ remote_tmp_dir }}" path: "{{ remote_tmp_dir }}"
state: absent state: absent
no_log: yes no_log: true

66
tests/integration/targets/x509_certificate/tasks/ownca.yml
View File

@ -21,10 +21,10 @@
path: '{{ item.path }}' path: '{{ item.path }}'
privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
subject: '{{ item.subject }}' subject: '{{ item.subject }}'
useCommonNameForSAN: no useCommonNameForSAN: false
basic_constraints: basic_constraints:
- 'CA:TRUE' - 'CA:TRUE'
basic_constraints_critical: yes basic_constraints_critical: true
loop: loop:
- path: '{{ remote_tmp_dir }}/ca_csr.csr' - path: '{{ remote_tmp_dir }}/ca_csr.csr'
subject: subject:
@ -40,10 +40,10 @@
privatekey_passphrase: hunter2 privatekey_passphrase: hunter2
subject: subject:
commonName: Example CA commonName: Example CA
useCommonNameForSAN: no useCommonNameForSAN: false
basic_constraints: basic_constraints:
- 'CA:TRUE' - 'CA:TRUE'
basic_constraints_critical: yes basic_constraints_critical: true
- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate (check mode) - name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate (check mode)
x509_certificate: x509_certificate:
@ -101,7 +101,7 @@
provider: ownca provider: ownca
ownca_digest: sha256 ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: ownca_certificate register: ownca_certificate
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent) - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent)
@ -114,7 +114,7 @@
provider: ownca provider: ownca
ownca_digest: sha256 ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: ownca_certificate_idempotence register: ownca_certificate_idempotence
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (check mode) - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (check mode)
@ -127,7 +127,7 @@
provider: ownca provider: ownca
ownca_digest: sha256 ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
- name: (OwnCA, {{select_crypto_backend}}) Copy ownca certificate to new file to check regeneration - name: (OwnCA, {{select_crypto_backend}}) Copy ownca certificate to new file to check regeneration
copy: copy:
@ -148,7 +148,7 @@
provider: ownca provider: ownca
ownca_digest: sha256 ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: ownca_certificate_ca_subject_changed register: ownca_certificate_ca_subject_changed
- name: (OwnCA, {{select_crypto_backend}}) Regenerate ownca certificate with different CA key - name: (OwnCA, {{select_crypto_backend}}) Regenerate ownca certificate with different CA key
@ -162,7 +162,7 @@
provider: ownca provider: ownca
ownca_digest: sha256 ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: ownca_certificate_ca_key_changed register: ownca_certificate_ca_key_changed
- name: (OwnCA, {{select_crypto_backend}}) Get certificate information - name: (OwnCA, {{select_crypto_backend}}) Get certificate information
@ -300,7 +300,7 @@
provider: ownca provider: ownca
ownca_digest: sha256 ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes ignore_errors: true
register: passphrase_error_1 register: passphrase_error_1
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 2) - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 2)
@ -313,7 +313,7 @@
provider: ownca provider: ownca
ownca_digest: sha256 ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes ignore_errors: true
register: passphrase_error_2 register: passphrase_error_2
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 3) - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 3)
@ -325,7 +325,7 @@
provider: ownca provider: ownca
ownca_digest: sha256 ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes ignore_errors: true
register: passphrase_error_3 register: passphrase_error_3
- name: (OwnCA, {{select_crypto_backend}}) Create broken certificate - name: (OwnCA, {{select_crypto_backend}}) Create broken certificate
@ -351,7 +351,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca provider: ownca
ownca_digest: sha256 ownca_digest: sha256
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_1 register: ownca_backup_1
- name: (OwnCA, {{select_crypto_backend}}) Backup test (idempotent) - name: (OwnCA, {{select_crypto_backend}}) Backup test (idempotent)
@ -362,7 +362,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca provider: ownca
ownca_digest: sha256 ownca_digest: sha256
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_2 register: ownca_backup_2
- name: (OwnCA, {{select_crypto_backend}}) Backup test (change) - name: (OwnCA, {{select_crypto_backend}}) Backup test (change)
@ -373,7 +373,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca provider: ownca
ownca_digest: sha256 ownca_digest: sha256
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_3 register: ownca_backup_3
- name: (OwnCA, {{select_crypto_backend}}) Backup test (remove) - name: (OwnCA, {{select_crypto_backend}}) Backup test (remove)
@ -381,7 +381,7 @@
path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem' path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem'
state: absent state: absent
provider: ownca provider: ownca
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_4 register: ownca_backup_4
- name: (OwnCA, {{select_crypto_backend}}) Backup test (remove, idempotent) - name: (OwnCA, {{select_crypto_backend}}) Backup test (remove, idempotent)
@ -389,7 +389,7 @@
path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem' path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem'
state: absent state: absent
provider: ownca provider: ownca
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_5 register: ownca_backup_5
@ -461,7 +461,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca provider: ownca
ownca_digest: sha256 ownca_digest: sha256
ownca_create_authority_key_identifier: yes ownca_create_authority_key_identifier: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_authority_key_identifier_1 register: ownca_authority_key_identifier_1
@ -473,7 +473,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca provider: ownca
ownca_digest: sha256 ownca_digest: sha256
ownca_create_authority_key_identifier: yes ownca_create_authority_key_identifier: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_authority_key_identifier_2 register: ownca_authority_key_identifier_2
@ -485,7 +485,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca provider: ownca
ownca_digest: sha256 ownca_digest: sha256
ownca_create_authority_key_identifier: no ownca_create_authority_key_identifier: false
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_authority_key_identifier_3 register: ownca_authority_key_identifier_3
@ -497,7 +497,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca provider: ownca
ownca_digest: sha256 ownca_digest: sha256
ownca_create_authority_key_identifier: no ownca_create_authority_key_identifier: false
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_authority_key_identifier_4 register: ownca_authority_key_identifier_4
@ -509,7 +509,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca provider: ownca
ownca_digest: sha256 ownca_digest: sha256
ownca_create_authority_key_identifier: yes ownca_create_authority_key_identifier: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_authority_key_identifier_5 register: ownca_authority_key_identifier_5
@ -523,7 +523,7 @@
- Ed25519 - Ed25519
- Ed448 - Ed448
register: ownca_certificate_ed25519_ed448_privatekey register: ownca_certificate_ed25519_ed448_privatekey
ignore_errors: yes ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate CSR etc. if private key generation succeeded - name: (OwnCA, {{select_crypto_backend}}) Generate CSR etc. if private key generation succeeded
when: ownca_certificate_ed25519_ed448_privatekey is not failed when: ownca_certificate_ed25519_ed448_privatekey is not failed
@ -539,7 +539,7 @@
loop: loop:
- Ed25519 - Ed25519
- Ed448 - Ed448
ignore_errors: yes ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate
x509_certificate: x509_certificate:
@ -554,7 +554,7 @@
- Ed25519 - Ed25519
- Ed448 - Ed448
register: ownca_certificate_ed25519_ed448 register: ownca_certificate_ed25519_ed448
ignore_errors: yes ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent) - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent)
x509_certificate: x509_certificate:
@ -569,7 +569,7 @@
- Ed25519 - Ed25519
- Ed448 - Ed448
register: ownca_certificate_ed25519_ed448_idempotence register: ownca_certificate_ed25519_ed448_idempotence
ignore_errors: yes ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey - name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey
openssl_privatekey: openssl_privatekey:
@ -577,7 +577,7 @@
type: '{{ item }}' type: '{{ item }}'
cipher: auto cipher: auto
passphrase: Test123 passphrase: Test123
ignore_errors: yes ignore_errors: true
loop: loop:
- Ed25519 - Ed25519
- Ed448 - Ed448
@ -589,17 +589,17 @@
privatekey_passphrase: Test123 privatekey_passphrase: Test123
subject: subject:
commonName: Example CA commonName: Example CA
useCommonNameForSAN: no useCommonNameForSAN: false
basic_constraints: basic_constraints:
- 'CA:TRUE' - 'CA:TRUE'
basic_constraints_critical: yes basic_constraints_critical: true
key_usage: key_usage:
- cRLSign - cRLSign
- keyCertSign - keyCertSign
loop: loop:
- Ed25519 - Ed25519
- Ed448 - Ed448
ignore_errors: yes ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate - name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate
x509_certificate: x509_certificate:
@ -612,7 +612,7 @@
loop: loop:
- Ed25519 - Ed25519
- Ed448 - Ed448
ignore_errors: yes ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate
x509_certificate: x509_certificate:
@ -628,7 +628,7 @@
- Ed25519 - Ed25519
- Ed448 - Ed448
register: ownca_certificate_ed25519_ed448_2 register: ownca_certificate_ed25519_ed448_2
ignore_errors: yes ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent) - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent)
x509_certificate: x509_certificate:
@ -644,7 +644,7 @@
- Ed25519 - Ed25519
- Ed448 - Ed448
register: ownca_certificate_ed25519_ed448_2_idempotence register: ownca_certificate_ed25519_ed448_2_idempotence
ignore_errors: yes ignore_errors: true
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=')

2
tests/integration/targets/x509_certificate/tasks/removal.yml
View File

@ -32,7 +32,7 @@
path: "{{ remote_tmp_dir }}/removal_cert.pem" path: "{{ remote_tmp_dir }}/removal_cert.pem"
state: absent state: absent
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: removal_1 register: removal_1
- name: "(Removal, {{select_crypto_backend}}) Check that file is gone" - name: "(Removal, {{select_crypto_backend}}) Check that file is gone"

38
tests/integration/targets/x509_certificate/tasks/selfsigned.yml
View File

@ -23,7 +23,7 @@
provider: selfsigned provider: selfsigned
selfsigned_digest: sha256 selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: selfsigned_certificate_no_csr register: selfsigned_certificate_no_csr
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR - idempotency - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR - idempotency
@ -33,7 +33,7 @@
provider: selfsigned provider: selfsigned
selfsigned_digest: sha256 selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: selfsigned_certificate_no_csr_idempotence register: selfsigned_certificate_no_csr_idempotence
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR (check mode) - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR (check mode)
@ -43,7 +43,7 @@
provider: selfsigned provider: selfsigned
selfsigned_digest: sha256 selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
register: selfsigned_certificate_no_csr_idempotence_check register: selfsigned_certificate_no_csr_idempotence_check
- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR - name: (Selfsigned, {{select_crypto_backend}}) Generate CSR
@ -68,7 +68,7 @@
provider: selfsigned provider: selfsigned
selfsigned_digest: sha256 selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: selfsigned_certificate register: selfsigned_certificate
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - idempotency - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - idempotency
@ -79,7 +79,7 @@
provider: selfsigned provider: selfsigned
selfsigned_digest: sha256 selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes return_content: true
register: selfsigned_certificate_idempotence register: selfsigned_certificate_idempotence
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (check mode) - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (check mode)
@ -90,7 +90,7 @@
provider: selfsigned provider: selfsigned
selfsigned_digest: sha256 selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (check mode, other CSR) - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (check mode, other CSR)
x509_certificate: x509_certificate:
@ -100,7 +100,7 @@
provider: selfsigned provider: selfsigned
selfsigned_digest: sha256 selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
register: selfsigned_certificate_csr_minimal_change register: selfsigned_certificate_csr_minimal_change
- name: (Selfsigned, {{select_crypto_backend}}) Get certificate information - name: (Selfsigned, {{select_crypto_backend}}) Get certificate information
@ -272,7 +272,7 @@
provider: selfsigned provider: selfsigned
selfsigned_digest: sha256 selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes ignore_errors: true
register: passphrase_error_1 register: passphrase_error_1
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 2) - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 2)
@ -284,7 +284,7 @@
provider: selfsigned provider: selfsigned
selfsigned_digest: sha256 selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes ignore_errors: true
register: passphrase_error_2 register: passphrase_error_2
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 3) - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 3)
@ -295,7 +295,7 @@
provider: selfsigned provider: selfsigned
selfsigned_digest: sha256 selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes ignore_errors: true
register: passphrase_error_3 register: passphrase_error_3
- name: (Selfsigned, {{select_crypto_backend}}) Create broken certificate - name: (Selfsigned, {{select_crypto_backend}}) Create broken certificate
@ -318,7 +318,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem'
provider: selfsigned provider: selfsigned
selfsigned_digest: sha256 selfsigned_digest: sha256
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: selfsigned_backup_1 register: selfsigned_backup_1
- name: (Selfsigned, {{select_crypto_backend}}) Backup test (idempotent) - name: (Selfsigned, {{select_crypto_backend}}) Backup test (idempotent)
@ -328,7 +328,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem'
provider: selfsigned provider: selfsigned
selfsigned_digest: sha256 selfsigned_digest: sha256
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: selfsigned_backup_2 register: selfsigned_backup_2
- name: (Selfsigned, {{select_crypto_backend}}) Backup test (change) - name: (Selfsigned, {{select_crypto_backend}}) Backup test (change)
@ -338,7 +338,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
provider: selfsigned provider: selfsigned
selfsigned_digest: sha256 selfsigned_digest: sha256
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: selfsigned_backup_3 register: selfsigned_backup_3
- name: (Selfsigned, {{select_crypto_backend}}) Backup test (remove) - name: (Selfsigned, {{select_crypto_backend}}) Backup test (remove)
@ -346,7 +346,7 @@
path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem' path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem'
state: absent state: absent
provider: selfsigned provider: selfsigned
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: selfsigned_backup_4 register: selfsigned_backup_4
- name: (Selfsigned, {{select_crypto_backend}}) Backup test (remove, idempotent) - name: (Selfsigned, {{select_crypto_backend}}) Backup test (remove, idempotent)
@ -354,7 +354,7 @@
path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem' path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem'
state: absent state: absent
provider: selfsigned provider: selfsigned
backup: yes backup: true
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
register: selfsigned_backup_5 register: selfsigned_backup_5
@ -423,7 +423,7 @@
- Ed25519 - Ed25519
- Ed448 - Ed448
register: selfsigned_certificate_ed25519_ed448_privatekey register: selfsigned_certificate_ed25519_ed448_privatekey
ignore_errors: yes ignore_errors: true
- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR etc. if private key generation succeeded - name: (Selfsigned, {{select_crypto_backend}}) Generate CSR etc. if private key generation succeeded
when: selfsigned_certificate_ed25519_ed448_privatekey is not failed when: selfsigned_certificate_ed25519_ed448_privatekey is not failed
@ -439,7 +439,7 @@
loop: loop:
- Ed25519 - Ed25519
- Ed448 - Ed448
ignore_errors: yes ignore_errors: true
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate
x509_certificate: x509_certificate:
@ -453,7 +453,7 @@
- Ed25519 - Ed25519
- Ed448 - Ed448
register: selfsigned_certificate_ed25519_ed448 register: selfsigned_certificate_ed25519_ed448
ignore_errors: yes ignore_errors: true
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - idempotency - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - idempotency
x509_certificate: x509_certificate:
@ -467,7 +467,7 @@
- Ed25519 - Ed25519
- Ed448 - Ed448
register: selfsigned_certificate_ed25519_ed448_idempotence register: selfsigned_certificate_ed25519_ed448_idempotence
ignore_errors: yes ignore_errors: true
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=')

14
tests/integration/targets/x509_certificate_info/tasks/main.yml
View File

@ -49,7 +49,7 @@
emailAddress: test@example.com emailAddress: test@example.com
postalAddress: 1234 Somewhere postalAddress: 1234 Somewhere
postalCode: "1234" postalCode: "1234"
useCommonNameForSAN: no useCommonNameForSAN: false
key_usage: key_usage:
- digitalSignature - digitalSignature
- keyAgreement - keyAgreement
@ -60,7 +60,7 @@
- cRLSign - cRLSign
- Encipher Only - Encipher Only
- decipherOnly - decipherOnly
key_usage_critical: yes key_usage_critical: true
extended_key_usage: extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication" - serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication - TLS Web Server Authentication
@ -86,8 +86,8 @@
basic_constraints: basic_constraints:
- "CA:TRUE" - "CA:TRUE"
- "pathlen:23" - "pathlen:23"
basic_constraints_critical: yes basic_constraints_critical: true
ocsp_must_staple: yes ocsp_must_staple: true
subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}' subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}'
@ -102,7 +102,7 @@
path: '{{ remote_tmp_dir }}/csr_2.csr' path: '{{ remote_tmp_dir }}/csr_2.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: hunter2 privatekey_passphrase: hunter2
useCommonNameForSAN: no useCommonNameForSAN: false
basic_constraints: basic_constraints:
- "CA:TRUE" - "CA:TRUE"
@ -110,7 +110,7 @@
openssl_csr: openssl_csr:
path: '{{ remote_tmp_dir }}/csr_3.csr' path: '{{ remote_tmp_dir }}/csr_3.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no useCommonNameForSAN: false
subject_alt_name: subject_alt_name:
- "DNS:*.ansible.com" - "DNS:*.ansible.com"
- "DNS:*.example.org" - "DNS:*.example.org"
@ -128,7 +128,7 @@
openssl_csr: openssl_csr:
path: '{{ remote_tmp_dir }}/csr_4.csr' path: '{{ remote_tmp_dir }}/csr_4.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no useCommonNameForSAN: false
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
- name: Generate selfsigned certificates - name: Generate selfsigned certificates

12
tests/integration/targets/x509_certificate_pipe/tasks/impl.yml
View File

@ -42,7 +42,7 @@
selfsigned_not_after: 20191023133742Z selfsigned_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert.csr' csr_path: '{{ remote_tmp_dir }}/cert.csr'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
register: generate_certificate_check register: generate_certificate_check
- name: "({{ select_crypto_backend }}) Generate self-signed certificate" - name: "({{ select_crypto_backend }}) Generate self-signed certificate"
@ -75,7 +75,7 @@
selfsigned_not_after: 20191023133742Z selfsigned_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert.csr' csr_path: '{{ remote_tmp_dir }}/cert.csr'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
register: generate_certificate_idempotent_check register: generate_certificate_idempotent_check
- name: "({{ select_crypto_backend }}) Generate self-signed certificate (changed)" - name: "({{ select_crypto_backend }}) Generate self-signed certificate (changed)"
@ -98,7 +98,7 @@
selfsigned_not_after: 20191023133742Z selfsigned_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert-2.csr' csr_path: '{{ remote_tmp_dir }}/cert-2.csr'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
register: generate_certificate_changed_check register: generate_certificate_changed_check
- name: "({{ select_crypto_backend }}) Validate certificate (test - privatekey modulus)" - name: "({{ select_crypto_backend }}) Validate certificate (test - privatekey modulus)"
@ -144,7 +144,7 @@
ownca_not_after: 20191023133742Z ownca_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert-3.csr' csr_path: '{{ remote_tmp_dir }}/cert-3.csr'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
register: ownca_generate_certificate_check register: ownca_generate_certificate_check
- name: "({{ select_crypto_backend }}) Generate own CA certificate" - name: "({{ select_crypto_backend }}) Generate own CA certificate"
@ -180,7 +180,7 @@
ownca_not_after: 20191023133742Z ownca_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert-3.csr' csr_path: '{{ remote_tmp_dir }}/cert-3.csr'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
register: ownca_generate_certificate_idempotent_check register: ownca_generate_certificate_idempotent_check
- name: "({{ select_crypto_backend }}) Generate own CA certificate (changed)" - name: "({{ select_crypto_backend }}) Generate own CA certificate (changed)"
@ -205,7 +205,7 @@
ownca_not_after: 20191023133742Z ownca_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert-4.csr' csr_path: '{{ remote_tmp_dir }}/cert-4.csr'
select_crypto_backend: '{{ select_crypto_backend }}' select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes check_mode: true
register: ownca_generate_certificate_changed_check register: ownca_generate_certificate_changed_check
- name: "({{ select_crypto_backend }}) Validate certificate (test - privatekey modulus)" - name: "({{ select_crypto_backend }}) Validate certificate (test - privatekey modulus)"

92
tests/integration/targets/x509_crl/tasks/impl.yml
View File

@ -17,7 +17,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z revocation_date: 20191013000000Z
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
revocation_date: 20191001000000Z revocation_date: 20191001000000Z
@ -38,7 +38,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z revocation_date: 20191013000000Z
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
revocation_date: 20191001000000Z revocation_date: 20191001000000Z
@ -83,11 +83,11 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z revocation_date: 20191013000000Z
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
revocation_date: 20191001000000Z revocation_date: 20191001000000Z
check_mode: yes check_mode: true
register: crl_1_idem_check register: crl_1_idem_check
- name: Create CRL 1 (idempotent) - name: Create CRL 1 (idempotent)
@ -104,7 +104,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z revocation_date: 20191013000000Z
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
revocation_date: 20191001000000Z revocation_date: 20191001000000Z
@ -133,11 +133,11 @@
- content: "{{ slurp.results[2].content | b64decode }}" - content: "{{ slurp.results[2].content | b64decode }}"
revocation_date: 20191013000000Z revocation_date: 20191013000000Z
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
revocation_date: 20191001000000Z revocation_date: 20191001000000Z
check_mode: yes check_mode: true
register: crl_1_idem_content_check register: crl_1_idem_content_check
- name: Create CRL 1 (idempotent with content) - name: Create CRL 1 (idempotent with content)
@ -154,7 +154,7 @@
- content: "{{ slurp.results[2].content | b64decode }}" - content: "{{ slurp.results[2].content | b64decode }}"
revocation_date: 20191013000000Z revocation_date: 20191013000000Z
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
revocation_date: 20191001000000Z revocation_date: 20191001000000Z
@ -175,11 +175,11 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z revocation_date: 20191013000000Z
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
revocation_date: 20191001000000Z revocation_date: 20191001000000Z
check_mode: yes check_mode: true
register: crl_1_format_check register: crl_1_format_check
- name: Create CRL 1 (format) - name: Create CRL 1 (format)
@ -197,7 +197,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z revocation_date: 20191013000000Z
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
revocation_date: 20191001000000Z revocation_date: 20191001000000Z
@ -218,11 +218,11 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z revocation_date: 20191013000000Z
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
revocation_date: 20191001000000Z revocation_date: 20191001000000Z
check_mode: yes check_mode: true
register: crl_1_format_idem_check register: crl_1_format_idem_check
- name: Create CRL 1 (format, idempotent) - name: Create CRL 1 (format, idempotent)
@ -240,11 +240,11 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z revocation_date: 20191013000000Z
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
revocation_date: 20191001000000Z revocation_date: 20191001000000Z
return_content: yes return_content: true
register: crl_1_format_idem register: crl_1_format_idem
- name: Retrieve CRL 1 infos via file - name: Retrieve CRL 1 infos via file
@ -277,10 +277,10 @@
- path: '{{ remote_tmp_dir }}/cert-1.pem' - path: '{{ remote_tmp_dir }}/cert-1.pem'
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
check_mode: yes check_mode: true
register: crl_2_check register: crl_2_check
- name: Create CRL 2 - name: Create CRL 2
@ -298,7 +298,7 @@
- path: '{{ remote_tmp_dir }}/cert-1.pem' - path: '{{ remote_tmp_dir }}/cert-1.pem'
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
register: crl_2 register: crl_2
@ -318,11 +318,11 @@
- path: '{{ remote_tmp_dir }}/cert-1.pem' - path: '{{ remote_tmp_dir }}/cert-1.pem'
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
ignore_timestamps: yes ignore_timestamps: true
check_mode: yes check_mode: true
register: crl_2_idem_check register: crl_2_idem_check
- name: Create CRL 2 (idempotent) - name: Create CRL 2 (idempotent)
@ -340,10 +340,10 @@
- path: '{{ remote_tmp_dir }}/cert-1.pem' - path: '{{ remote_tmp_dir }}/cert-1.pem'
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
ignore_timestamps: yes ignore_timestamps: true
register: crl_2_idem register: crl_2_idem
- name: Create CRL 2 (idempotent update, check mode) - name: Create CRL 2 (idempotent update, check mode)
@ -359,9 +359,9 @@
next_update: +0d next_update: +0d
revoked_certificates: revoked_certificates:
- serial_number: 1235 - serial_number: 1235
ignore_timestamps: yes ignore_timestamps: true
mode: update mode: update
check_mode: yes check_mode: true
register: crl_2_idem_update_change_check register: crl_2_idem_update_change_check
- name: Create CRL 2 (idempotent update) - name: Create CRL 2 (idempotent update)
@ -377,7 +377,7 @@
next_update: +0d next_update: +0d
revoked_certificates: revoked_certificates:
- serial_number: 1235 - serial_number: 1235
ignore_timestamps: yes ignore_timestamps: true
mode: update mode: update
register: crl_2_idem_update_change register: crl_2_idem_update_change
@ -395,11 +395,11 @@
revoked_certificates: revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
ignore_timestamps: yes ignore_timestamps: true
mode: update mode: update
check_mode: yes check_mode: true
register: crl_2_idem_update_check register: crl_2_idem_update_check
- name: Create CRL 2 (idempotent update) - name: Create CRL 2 (idempotent update)
@ -416,9 +416,9 @@
revoked_certificates: revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
ignore_timestamps: yes ignore_timestamps: true
mode: update mode: update
register: crl_2_idem_update register: crl_2_idem_update
@ -436,11 +436,11 @@
revoked_certificates: revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
ignore_timestamps: no ignore_timestamps: false
mode: update mode: update
check_mode: yes check_mode: true
register: crl_2_change_check register: crl_2_change_check
- name: Create CRL 2 (changed timestamps) - name: Create CRL 2 (changed timestamps)
@ -457,11 +457,11 @@
revoked_certificates: revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
ignore_timestamps: no ignore_timestamps: false
mode: update mode: update
return_content: yes return_content: true
register: crl_2_change register: crl_2_change
- name: Read ca-crl2.crl - name: Read ca-crl2.crl
@ -490,11 +490,11 @@
revoked_certificates: revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
ignore_timestamps: true ignore_timestamps: true
mode: update mode: update
return_content: yes return_content: true
register: crl_2_change_order_ignore register: crl_2_change_order_ignore
- name: Create CRL 2 (changed order) - name: Create CRL 2 (changed order)
@ -511,11 +511,11 @@
revoked_certificates: revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
ignore_timestamps: true ignore_timestamps: true
mode: update mode: update
return_content: yes return_content: true
register: crl_2_change_order register: crl_2_change_order
- name: Read ca-crl2.crl - name: Read ca-crl2.crl
@ -639,7 +639,7 @@
- Ed25519 - Ed25519
- Ed448 - Ed448
register: ed25519_ed448_privatekey register: ed25519_ed448_privatekey
ignore_errors: yes ignore_errors: true
- when: ed25519_ed448_privatekey is not failed - when: ed25519_ed448_privatekey is not failed
block: block:
@ -658,7 +658,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z revocation_date: 20191013000000Z
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
revocation_date: 20191001000000Z revocation_date: 20191001000000Z
@ -666,7 +666,7 @@
loop: loop:
- Ed25519 - Ed25519
- Ed448 - Ed448
ignore_errors: yes ignore_errors: true
- name: Create CRL (idempotence) - name: Create CRL (idempotence)
x509_crl: x509_crl:
@ -682,7 +682,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z revocation_date: 20191013000000Z
reason: key_compromise reason: key_compromise
reason_critical: yes reason_critical: true
invalidity_date: 20191012000000Z invalidity_date: 20191012000000Z
- serial_number: 1234 - serial_number: 1234
revocation_date: 20191001000000Z revocation_date: 20191001000000Z
@ -690,6 +690,6 @@
loop: loop:
- Ed25519 - Ed25519
- Ed448 - Ed448
ignore_errors: yes ignore_errors: true
when: cryptography_version.stdout is version('2.6', '>=') when: cryptography_version.stdout is version('2.6', '>=')

6
tests/integration/targets/x509_crl/tasks/main.yml
View File

@ -18,11 +18,11 @@
- name: ca - name: ca
subject: subject:
commonName: Ansible commonName: Ansible
is_ca: yes is_ca: true
- name: ca-2 - name: ca-2
subject: subject:
commonName: Ansible Other CA commonName: Ansible Other CA
is_ca: yes is_ca: true
- name: cert-1 - name: cert-1
subject_alt_name: subject_alt_name:
- DNS:ansible.com - DNS:ansible.com
@ -52,7 +52,7 @@
subject: "{{ item.subject | default(omit) }}" subject: "{{ item.subject | default(omit) }}"
subject_alt_name: "{{ item.subject_alt_name | default(omit) }}" subject_alt_name: "{{ item.subject_alt_name | default(omit) }}"
basic_constraints: "{{ 'CA:TRUE' if item.is_ca | default(false) else omit }}" basic_constraints: "{{ 'CA:TRUE' if item.is_ca | default(false) else omit }}"
use_common_name_for_san: no use_common_name_for_san: false
loop: "{{ certificates }}" loop: "{{ certificates }}"
- name: Generate CA certificates - name: Generate CA certificates