a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Normalize bools in tests. (#577)

pull/580/head
Felix Fontein 2023-02-15 22:23:36 +01:00 committed by GitHub
parent b08f6eefe8
commit 2fb543b144
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
40 changed files with 590 additions and 590 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
tests/integration/targets/acme_account/tasks/impl.yml
View File

@ -36,10 +36,10 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: no
ignore_errors: yes
allow_creation: false
ignore_errors: true
register: account_not_created
- name: Create it now (check mode, diff)
@ -48,14 +48,14 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: yes
terms_agreed: yes
allow_creation: true
terms_agreed: true
contact:
- mailto:example@example.org
check_mode: yes
diff: yes
check_mode: true
diff: true
register: account_created_check
- name: Create it now
@ -64,10 +64,10 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: yes
terms_agreed: yes
allow_creation: true
terms_agreed: true
contact:
- mailto:example@example.org
register: account_created
@ -78,10 +78,10 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: yes
terms_agreed: yes
allow_creation: true
terms_agreed: true
contact:
- mailto:example@example.org
register: account_created_idempotent
@ -97,13 +97,13 @@
account_key_content: "{{ slurp.content | b64decode }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
# allow_creation: no
# allow_creation: false
contact:
- mailto:example@example.com
check_mode: yes
diff: yes
check_mode: true
diff: true
register: account_modified_check
- name: Change email address
@ -112,9 +112,9 @@
account_key_content: "{{ slurp.content | b64decode }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
# allow_creation: no
# allow_creation: false
contact:
- mailto:example@example.com
register: account_modified
@ -126,9 +126,9 @@
account_uri: "{{ account_created.account_uri }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
# allow_creation: no
# allow_creation: false
contact:
- mailto:example@example.com
register: account_modified_idempotent
@ -140,10 +140,10 @@
account_uri: "{{ account_created.account_uri ~ '12345thisdoesnotexist' }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
contact: []
ignore_errors: yes
ignore_errors: true
register: account_modified_wrong_uri
- name: Clear contact email addresses (check mode, diff)
@ -152,12 +152,12 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
# allow_creation: no
# allow_creation: false
contact: []
check_mode: yes
diff: yes
check_mode: true
diff: true
register: account_modified_2_check
- name: Clear contact email addresses
@ -166,9 +166,9 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
# allow_creation: no
# allow_creation: false
contact: []
register: account_modified_2
@ -178,9 +178,9 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
# allow_creation: no
# allow_creation: false
contact: []
register: account_modified_2_idempotent
@ -190,14 +190,14 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
new_account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
state: changed_key
contact:
- mailto:example@example.com
check_mode: yes
diff: yes
check_mode: true
diff: true
register: account_change_key_check
- name: Change account key
@ -206,7 +206,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
new_account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
state: changed_key
@ -221,10 +221,10 @@
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: absent
check_mode: yes
diff: yes
check_mode: true
diff: true
register: account_deactivate_check
- name: Deactivate account
@ -234,7 +234,7 @@
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: absent
register: account_deactivate
@ -245,7 +245,7 @@
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: absent
register: account_deactivate_idempotent
@ -256,10 +256,10 @@
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: no
ignore_errors: yes
allow_creation: false
ignore_errors: true
register: account_not_created_2
- name: Do not try to create account III
@ -268,10 +268,10 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: no
ignore_errors: yes
allow_creation: false
ignore_errors: true
register: account_not_created_3
- name: Create account with External Account Binding
@ -280,10 +280,10 @@
account_key_src: "{{ remote_tmp_dir }}/{{ item.account }}.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: yes
terms_agreed: yes
allow_creation: true
terms_agreed: true
contact:
- mailto:example@example.org
external_account_binding:
@ -291,7 +291,7 @@
alg: "{{ item.alg }}"
key: "{{ item.key }}"
register: account_created_eab
ignore_errors: yes
ignore_errors: true
loop:
- account: accountkey3
kid: kid-1

22
tests/integration/targets/acme_account_info/tasks/impl.yml
View File

@ -29,7 +29,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
register: account_not_created
- name: Create it now
@ -38,10 +38,10 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: yes
terms_agreed: yes
allow_creation: true
terms_agreed: true
contact:
- mailto:example@example.org
@ -51,7 +51,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
register: account_created
- name: Read account key
@ -65,9 +65,9 @@
account_key_content: "{{ slurp.content | b64decode }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: no
allow_creation: false
contact: []
- name: Check that account was modified
@ -76,7 +76,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
account_uri: "{{ account_created.account_uri }}"
register: account_modified
@ -86,7 +86,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
account_uri: "{{ account_created.account_uri }}test1234doesnotexists"
register: account_not_exist
@ -96,7 +96,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
account_uri: "{{ account_created.account_uri }}"
ignore_errors: yes
ignore_errors: true
register: account_wrong_key

156
tests/integration/targets/acme_certificate/tasks/impl.yml
View File

@ -31,7 +31,7 @@
select_crypto_backend: "{{ select_crypto_backend }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
state: absent
- name: Read account key (EC384)
@ -43,11 +43,11 @@
select_crypto_backend: "{{ select_crypto_backend }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
account_key_content: "{{ slurp.content | b64decode }}"
state: present
allow_creation: yes
terms_agreed: yes
allow_creation: true
terms_agreed: true
contact:
- mailto:example@example.org
- mailto:example@example.com
@ -56,11 +56,11 @@
select_crypto_backend: "{{ select_crypto_backend }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/account-rsa.pem"
state: present
allow_creation: yes
terms_agreed: yes
allow_creation: true
terms_agreed: true
contact: []
## OBTAIN CERTIFICATES ########################################################################
- name: Obtain cert 1
@ -71,16 +71,16 @@
key_type: rsa
rsa_bits: "{{ default_rsa_key_size }}"
subject_alt_name: "DNS:example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-ec256
challenge: http-01
modify_account: yes
deactivate_authzs: no
force: no
modify_account: true
deactivate_authzs: false
force: false
remaining_days: 10
terms_agreed: yes
terms_agreed: true
account_email: "example@example.org"
retrieve_all_alternates: yes
retrieve_all_alternates: true
acme_expected_root_number: 1
select_chain:
- test_certificates: last
@ -98,17 +98,17 @@
certificate_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else '' }}"
key_type: ec256
subject_alt_name: "DNS:*.example.com,DNS:example.com"
subject_alt_name_critical: yes
subject_alt_name_critical: true
account_key: account-ec384
challenge: dns-01
modify_account: no
deactivate_authzs: yes
force: no
modify_account: false
deactivate_authzs: true
force: false
remaining_days: 10
terms_agreed: no
terms_agreed: false
account_email: ""
acme_expected_root_number: 0
retrieve_all_alternates: yes
retrieve_all_alternates: true
select_chain:
# All intermediates have the same subject, so always the first
# chain will be found, and we need a second condition to make sure
@ -134,17 +134,17 @@
certificate_name: cert-3
key_type: ec384
subject_alt_name: "DNS:*.example.com,DNS:example.org,DNS:t1.example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key_content: "{{ slurp_account_key.content | b64decode }}"
challenge: dns-01
modify_account: no
deactivate_authzs: no
force: no
modify_account: false
deactivate_authzs: false
force: false
remaining_days: 10
terms_agreed: no
terms_agreed: false
account_email: ""
acme_expected_root_number: 0
retrieve_all_alternates: yes
retrieve_all_alternates: true
select_chain:
- test_certificates: last
subject: "{{ acme_roots[1].subject }}"
@ -161,14 +161,14 @@
key_type: rsa
rsa_bits: "{{ default_rsa_key_size }}"
subject_alt_name: "DNS:example.com,DNS:t1.example.com,DNS:test.t2.example.com,DNS:example.org,DNS:test.example.org"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-rsa
challenge: http-01
modify_account: no
deactivate_authzs: yes
force: yes
modify_account: false
deactivate_authzs: true
force: true
remaining_days: 10
terms_agreed: no
terms_agreed: false
account_email: ""
acme_expected_root_number: 2
select_chain:
@ -188,14 +188,14 @@
certificate_name: cert-5
key_type: ec521
subject_alt_name: "DNS:t2.example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-ec384
challenge: http-01
modify_account: no
deactivate_authzs: yes
force: yes
modify_account: false
deactivate_authzs: true
force: true
remaining_days: 10
terms_agreed: no
terms_agreed: false
account_email: ""
use_csr_content: true
- name: Store obtain results for cert 5a
@ -209,14 +209,14 @@
certificate_name: cert-5
key_type: ec521
subject_alt_name: "DNS:t2.example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-ec384
challenge: http-01
modify_account: no
deactivate_authzs: yes
force: no
modify_account: false
deactivate_authzs: true
force: false
remaining_days: 10
terms_agreed: no
terms_agreed: false
account_email: ""
use_csr_content: false
- name: Store obtain results for cert 5b
@ -229,14 +229,14 @@
certificate_name: cert-5
key_type: ec521
subject_alt_name: "DNS:t2.example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-ec384
challenge: http-01
modify_account: no
deactivate_authzs: yes
force: yes
modify_account: false
deactivate_authzs: true
force: true
remaining_days: 1000
terms_agreed: no
terms_agreed: false
account_email: ""
use_csr_content: true
- name: Store obtain results for cert 5c
@ -254,14 +254,14 @@
certificate_name: cert-5
key_type: ec521
subject_alt_name: "DNS:t2.example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key_content: "{{ slurp_account_key.content | b64decode }}"
challenge: http-01
modify_account: no
deactivate_authzs: yes
force: yes
modify_account: false
deactivate_authzs: true
force: true
remaining_days: 10
terms_agreed: no
terms_agreed: false
account_email: ""
use_csr_content: false
- name: Store obtain results for cert 5d
@ -277,14 +277,14 @@
key_type: rsa
rsa_bits: "{{ default_rsa_key_size }}"
subject_alt_name: "DNS:example.org"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-ec256
challenge: tls-alpn-01
modify_account: yes
deactivate_authzs: no
force: no
modify_account: true
deactivate_authzs: false
force: false
remaining_days: 10
terms_agreed: yes
terms_agreed: true
account_email: "example@example.org"
acme_expected_root_number: 0
select_chain:
@ -313,14 +313,14 @@
subject_alt_name:
- "IP:127.0.0.1"
# - "IP:::1"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-ec256
challenge: http-01
modify_account: yes
deactivate_authzs: no
force: no
modify_account: true
deactivate_authzs: false
force: false
remaining_days: 10
terms_agreed: yes
terms_agreed: true
account_email: "example@example.org"
acme_expected_root_number: 2
select_chain:
@ -344,15 +344,15 @@
- "IP:127.0.0.1"
# IPv4 only since our test validation server doesn't work
# with IPv6 (thanks to Python's socketserver).
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-ec256
challenge: tls-alpn-01
challenge_alpn_tls: acme_challenge_cert_helper
modify_account: yes
deactivate_authzs: no
force: no
modify_account: true
deactivate_authzs: false
force: false
remaining_days: 10
terms_agreed: yes
terms_agreed: true
account_email: "example@example.org"
use_csr_content: true
- name: Store obtain results for cert 8
@ -364,37 +364,37 @@
# Make sure certificates are valid. Root certificate for Pebble equals the chain certificate.
- name: Verifying cert 1
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-1-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-1-chain.pem" "{{ remote_tmp_dir }}/cert-1.pem"'
ignore_errors: yes
ignore_errors: true
register: cert_1_valid
- name: Verifying cert 2
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-2-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-2-chain.pem" "{{ remote_tmp_dir }}/cert-2.pem"'
ignore_errors: yes
ignore_errors: true
register: cert_2_valid
- name: Verifying cert 3
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-3-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-3-chain.pem" "{{ remote_tmp_dir }}/cert-3.pem"'
ignore_errors: yes
ignore_errors: true
register: cert_3_valid
- name: Verifying cert 4
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-4-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-4-chain.pem" "{{ remote_tmp_dir }}/cert-4.pem"'
ignore_errors: yes
ignore_errors: true
register: cert_4_valid
- name: Verifying cert 5
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-5-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-5-chain.pem" "{{ remote_tmp_dir }}/cert-5.pem"'
ignore_errors: yes
ignore_errors: true
register: cert_5_valid
- name: Verifying cert 6
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-6-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-6-chain.pem" "{{ remote_tmp_dir }}/cert-6.pem"'
ignore_errors: yes
ignore_errors: true
register: cert_6_valid
when: acme_intermediates[0].subject_key_identifier is defined
- name: Verifying cert 7
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-7-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-7-chain.pem" "{{ remote_tmp_dir }}/cert-7.pem"'
ignore_errors: yes
ignore_errors: true
register: cert_7_valid
when: acme_roots[2].subject_key_identifier is defined
- name: Verifying cert 8
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-8-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-8-chain.pem" "{{ remote_tmp_dir }}/cert-8.pem"'
ignore_errors: yes
ignore_errors: true
register: cert_8_valid
when: cryptography_version.stdout is version('1.3', '>=')
# Dump certificate info
@ -468,7 +468,7 @@
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
retrieve_orders: ignore
register: account_orders_not
- name: Retrieve orders as URL list (1/2)
@ -477,7 +477,7 @@
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
retrieve_orders: url_list
register: account_orders_urls
- name: Retrieve orders as URL list (2/2)
@ -486,7 +486,7 @@
account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
retrieve_orders: url_list
register: account_orders_urls2
- name: Retrieve orders as object list (1/2)
@ -495,7 +495,7 @@
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
retrieve_orders: object_list
register: account_orders_full
- name: Retrieve orders as object list (2/2)
@ -504,6 +504,6 @@
account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
retrieve_orders: object_list
register: account_orders_full2

42
tests/integration/targets/acme_certificate_revoke/tasks/impl.yml
View File

@ -38,14 +38,14 @@
key_type: rsa
rsa_bits: "{{ default_rsa_key_size }}"
subject_alt_name: "DNS:example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key_content: "{{ slurp_account_key.content | b64decode }}"
challenge: http-01
modify_account: yes
deactivate_authzs: no
force: no
modify_account: true
deactivate_authzs: false
force: false
remaining_days: 10
terms_agreed: yes
terms_agreed: true
account_email: "example@example.org"
- name: Obtain cert 2
include_tasks: obtain-cert.yml
@ -55,14 +55,14 @@
certificate_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else '' }}"
key_type: ec256
subject_alt_name: "DNS:*.example.com"
subject_alt_name_critical: yes
subject_alt_name_critical: true
account_key: account-ec384
challenge: dns-01
modify_account: yes
deactivate_authzs: yes
force: no
modify_account: true
deactivate_authzs: true
force: false
remaining_days: 10
terms_agreed: yes
terms_agreed: true
account_email: "example@example.org"
- name: Obtain cert 3
include_tasks: obtain-cert.yml
@ -71,14 +71,14 @@
certificate_name: cert-3
key_type: ec384
subject_alt_name: "DNS:t1.example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-rsa
challenge: dns-01
modify_account: yes
deactivate_authzs: no
force: no
modify_account: true
deactivate_authzs: false
force: false
remaining_days: 10
terms_agreed: yes
terms_agreed: true
account_email: "example@example.org"
## REVOKE CERTIFICATES ########################################################################
- name: Revoke certificate 1 via account key
@ -88,8 +88,8 @@
certificate: "{{ remote_tmp_dir }}/cert-1.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
ignore_errors: yes
validate_certs: false
ignore_errors: true
register: cert_1_revoke
- name: Revoke certificate 2 via certificate private key
acme_certificate_revoke:
@ -99,8 +99,8 @@
certificate: "{{ remote_tmp_dir }}/cert-2.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
ignore_errors: yes
validate_certs: false
ignore_errors: true
register: cert_2_revoke
- name: Read account key (RSA)
slurp:
@ -113,6 +113,6 @@
certificate: "{{ remote_tmp_dir }}/cert-3-fullchain.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
ignore_errors: yes
validate_certs: false
ignore_errors: true
register: cert_3_revoke

10
tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml
View File

@ -24,15 +24,15 @@
key_type: rsa
rsa_bits: "{{ default_rsa_key_size }}"
subject_alt_name: "DNS:example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-ec256
challenge: tls-alpn-01
challenge_alpn_tls: acme_challenge_cert_helper
modify_account: yes
deactivate_authzs: no
force: no
modify_account: true
deactivate_authzs: false
force: false
remaining_days: 10
terms_agreed: yes
terms_agreed: true
account_email: "example@example.org"
when: cryptography_version.stdout is version('1.5', '>=')

20
tests/integration/targets/acme_inspect/tasks/impl.yml
View File

@ -26,7 +26,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
method: directory-only
register: directory
- debug: var=directory
@ -35,7 +35,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
url: "{{ directory.directory.newAccount}}"
method: post
@ -49,7 +49,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ account_creation.headers.location }}"
@ -61,7 +61,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ account_creation.headers.location }}"
@ -80,7 +80,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ directory.directory.newOrder }}"
@ -103,7 +103,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ new_order.headers.location }}"
@ -115,7 +115,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ item }}"
@ -128,7 +128,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ (item.challenges | selectattr('type', 'equalto', 'http-01') | list)[0].url }}"
@ -141,7 +141,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ item.url }}"
@ -155,7 +155,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ item.url }}"

2
tests/integration/targets/certificate_complete_chain/tasks/created.yml
View File

@ -17,7 +17,7 @@
- '{{ remote_tmp_dir }}/a-root.pem'
- name: Case B => doesn't work, but this is expected
failed_when: no
failed_when: false
register: caseb
certificate_complete_chain:
input_chain: "{{ read_certificates['d-leaf'] }}"

14
tests/integration/targets/filter_openssl_csr_info/tasks/main.yml
View File

@ -48,7 +48,7 @@
emailAddress: test@example.com
postalAddress: 1234 Somewhere
postalCode: "1234"
useCommonNameForSAN: no
useCommonNameForSAN: false
key_usage:
- digitalSignature
- keyAgreement
@ -59,7 +59,7 @@
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
key_usage_critical: true
extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
@ -83,8 +83,8 @@
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
ocsp_must_staple: yes
basic_constraints_critical: true
ocsp_must_staple: true
subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}'
@ -99,7 +99,7 @@
path: '{{ remote_tmp_dir }}/csr_2.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: hunter2
useCommonNameForSAN: no
useCommonNameForSAN: false
basic_constraints:
- "CA:TRUE"
@ -107,7 +107,7 @@
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_3.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no
useCommonNameForSAN: false
subject_alt_name:
- "DNS:*.ansible.com"
- "DNS:*.example.org"
@ -125,7 +125,7 @@
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_4.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no
useCommonNameForSAN: false
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
- name: Running tests

2
tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml
View File

@ -44,7 +44,7 @@
set_fact:
result_: >-
{{ lookup('file', remote_tmp_dir ~ '/privatekey_3.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }}
ignore_errors: yes
ignore_errors: true
register: result
- name: Check that loading passphrase protected key without passphrase failed

14
tests/integration/targets/filter_x509_certificate_info/tasks/main.yml
View File

@ -49,7 +49,7 @@
emailAddress: test@example.com
postalAddress: 1234 Somewhere
postalCode: "1234"
useCommonNameForSAN: no
useCommonNameForSAN: false
key_usage:
- digitalSignature
- keyAgreement
@ -60,7 +60,7 @@
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
key_usage_critical: true
extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
@ -86,8 +86,8 @@
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
ocsp_must_staple: yes
basic_constraints_critical: true
ocsp_must_staple: true
subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}'
@ -102,7 +102,7 @@
path: '{{ remote_tmp_dir }}/csr_2.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: hunter2
useCommonNameForSAN: no
useCommonNameForSAN: false
basic_constraints:
- "CA:TRUE"
@ -110,7 +110,7 @@
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_3.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no
useCommonNameForSAN: false
subject_alt_name:
- "DNS:*.ansible.com"
- "DNS:*.example.org"
@ -128,7 +128,7 @@
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_4.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no
useCommonNameForSAN: false
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
- name: Generate selfsigned certificates

14
tests/integration/targets/filter_x509_crl_info/tasks/impl.yml
View File

@ -17,7 +17,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@ -84,7 +84,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@ -127,11 +127,11 @@
revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
ignore_timestamps: no
ignore_timestamps: false
mode: update
return_content: yes
return_content: true
register: crl_2_change
- name: Retrieve CRL 2 infos
@ -153,11 +153,11 @@
revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
ignore_timestamps: true
mode: update
return_content: yes
return_content: true
register: crl_2_change_order
- name: Retrieve CRL 2 infos again

6
tests/integration/targets/filter_x509_crl_info/tasks/main.yml
View File

@ -18,11 +18,11 @@
- name: ca
subject:
commonName: Ansible
is_ca: yes
is_ca: true
- name: ca-2
subject:
commonName: Ansible Other CA
is_ca: yes
is_ca: true
- name: cert-1
subject_alt_name:
- DNS:ansible.com
@ -52,7 +52,7 @@
subject: "{{ item.subject | default(omit) }}"
subject_alt_name: "{{ item.subject_alt_name | default(omit) }}"
basic_constraints: "{{ 'CA:TRUE' if item.is_ca | default(false) else omit }}"
use_common_name_for_san: no
use_common_name_for_san: false
loop: "{{ certificates }}"
- name: Generate CA certificates

4
tests/integration/targets/get_certificate/tests/validate.yml
View File

@ -131,10 +131,10 @@
privatekey_path: '{{ remote_tmp_dir }}/bogus_ca.key'
subject:
commonName: Bogus CA
useCommonNameForSAN: no
useCommonNameForSAN: false
basic_constraints:
- 'CA:TRUE'
basic_constraints_critical: yes
basic_constraints_critical: true
- name: Generate selfsigned bogus CA certificate
x509_certificate:

6
tests/integration/targets/luks_device/tasks/main.yml
View File

@ -80,11 +80,11 @@
luks_device:
device: "{{ cryptfile_device }}"
state: absent
become: yes
ignore_errors: yes
become: true
ignore_errors: true
- command: losetup -d "{{ cryptfile_device }}"
become: yes
become: true
- file:
dest: "{{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile"

2
tests/integration/targets/luks_device/tasks/run-test.yml
View File

@ -7,6 +7,6 @@
luks_device:
device: "{{ cryptfile_device }}"
state: absent
become: yes
become: true
- name: "Loading tasks from {{ item }}"
include_tasks: "{{ item }}"

64
tests/integration/targets/luks_device/tasks/tests/create-destroy.yml
View File

@ -10,8 +10,8 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
check_mode: yes
become: yes
check_mode: true
become: true
register: create_check
- name: Create
luks_device:
@ -20,7 +20,7 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
become: yes
become: true
register: create
- name: Create (idempotent)
luks_device:
@ -29,7 +29,7 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
become: yes
become: true
register: create_idem
- name: Create (idempotent, check)
luks_device:
@ -38,8 +38,8 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
check_mode: yes
become: yes
check_mode: true
become: true
register: create_idem_check
- assert:
that:
@ -53,30 +53,30 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
check_mode: yes
become: yes
check_mode: true
become: true
register: open_check
- name: Open
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
become: true
register: open
- name: Open (idempotent)
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
become: true
register: open_idem
- name: Open (idempotent, check)
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
check_mode: yes
become: yes
check_mode: true
become: true
register: open_idem_check
- assert:
that:
@ -89,27 +89,27 @@
luks_device:
name: "{{ open.name }}"
state: closed
check_mode: yes
become: yes
check_mode: true
become: true
register: close_check
- name: Closed (via name)
luks_device:
name: "{{ open.name }}"
state: closed
become: yes
become: true
register: close
- name: Closed (via name, idempotent)
luks_device:
name: "{{ open.name }}"
state: closed
become: yes
become: true
register: close_idem
- name: Closed (via name, idempotent, check)
luks_device:
name: "{{ open.name }}"
state: closed
check_mode: yes
become: yes
check_mode: true
become: true
register: close_idem_check
- assert:
that:
@ -123,33 +123,33 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
become: true
- name: Closed (via device, check)
luks_device:
device: "{{ cryptfile_device }}"
state: closed
check_mode: yes
become: yes
check_mode: true
become: true
register: close_check
- name: Closed (via device)
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
register: close
- name: Closed (via device, idempotent)
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
register: close_idem
- name: Closed (via device, idempotent, check)
luks_device:
device: "{{ cryptfile_device }}"
state: closed
check_mode: yes
become: yes
check_mode: true
become: true
register: close_idem_check
- assert:
that:
@ -163,33 +163,33 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
become: true
- name: Absent (check)
luks_device:
device: "{{ cryptfile_device }}"
state: absent
check_mode: yes
become: yes
check_mode: true
become: true
register: absent_check
- name: Absent
luks_device:
device: "{{ cryptfile_device }}"
state: absent
become: yes
become: true
register: absent
- name: Absent (idempotence)
luks_device:
device: "{{ cryptfile_device }}"
state: absent
become: yes
become: true
register: absent_idem
- name: Absent (idempotence, check)
luks_device:
device: "{{ cryptfile_device }}"
state: absent
check_mode: yes
become: yes
check_mode: true
become: true
register: absent_idem_check
- assert:
that:

20
tests/integration/targets/luks_device/tasks/tests/device-check.yml
View File

@ -10,9 +10,9 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
check_mode: yes
ignore_errors: yes
become: yes
check_mode: true
ignore_errors: true
become: true
register: create_check
- name: Create with invalid device name
luks_device:
@ -21,8 +21,8 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
ignore_errors: yes
become: yes
ignore_errors: true
become: true
register: create
- assert:
that:
@ -38,9 +38,9 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
check_mode: yes
ignore_errors: yes
become: yes
check_mode: true
ignore_errors: true
become: true
register: create_check
- name: Create with something which is not a device
luks_device:
@ -49,8 +49,8 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
ignore_errors: yes
become: yes
ignore_errors: true
become: true
register: create
- assert:
that:

58
tests/integration/targets/luks_device/tasks/tests/key-management.yml
View File

@ -10,7 +10,7 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
become: yes
become: true
# Access: keyfile1
@ -19,8 +19,8 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@ -29,15 +29,15 @@
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
- name: Try to open with keyfile2
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@ -51,7 +51,7 @@
new_keyfile: "{{ remote_tmp_dir }}/keyfile2"
pbkdf:
iteration_time: 0.1
become: yes
become: true
register: result_1
- name: Give access to keyfile2 (idempotent)
@ -60,7 +60,7 @@
state: closed
keyfile: "{{ remote_tmp_dir }}/keyfile1"
new_keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes
become: true
register: result_2
- assert:
@ -75,8 +75,8 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@ -85,11 +85,11 @@
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
- name: Dump LUKS header
command: "cryptsetup luksDump {{ cryptfile_device }}"
become: yes
become: true
- name: Remove access from keyfile1
luks_device:
@ -97,7 +97,7 @@
state: closed
keyfile: "{{ remote_tmp_dir }}/keyfile1"
remove_keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
become: true
register: result_1
- name: Remove access from keyfile1 (idempotent)
@ -106,7 +106,7 @@
state: closed
keyfile: "{{ remote_tmp_dir }}/keyfile1"
remove_keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
become: true
register: result_2
- assert:
@ -121,8 +121,8 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@ -133,8 +133,8 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@ -143,11 +143,11 @@
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
- name: Dump LUKS header
command: "cryptsetup luksDump {{ cryptfile_device }}"
become: yes
become: true
- name: Remove access from keyfile2
luks_device:
@ -155,8 +155,8 @@
state: closed
keyfile: "{{ remote_tmp_dir }}/keyfile2"
remove_keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: remove_last_key
- assert:
that:
@ -170,8 +170,8 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@ -180,7 +180,7 @@
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
- name: Remove access from keyfile2
luks_device:
@ -188,8 +188,8 @@
state: closed
keyfile: "{{ remote_tmp_dir }}/keyfile2"
remove_keyfile: "{{ remote_tmp_dir }}/keyfile2"
force_remove_last_key: yes
become: yes
force_remove_last_key: true
become: true
# Access: none
@ -198,8 +198,8 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:

10
tests/integration/targets/luks_device/tasks/tests/options.yml
View File

@ -12,7 +12,7 @@
pbkdf:
algorithm: pbkdf2
iteration_count: 1000
become: yes
become: true
register: create_with_keysize
- name: Create with keysize (idempotent)
luks_device:
@ -23,7 +23,7 @@
pbkdf:
algorithm: pbkdf2
iteration_count: 1000
become: yes
become: true
register: create_idem_with_keysize
- name: Create with different keysize (idempotent since we do not update keysize)
luks_device:
@ -34,7 +34,7 @@
pbkdf:
algorithm: pbkdf2
iteration_count: 1000
become: yes
become: true
register: create_idem_with_diff_keysize
- name: Create with ambiguous arguments
luks_device:
@ -45,8 +45,8 @@
pbkdf:
algorithm: pbkdf2
iteration_count: 1000
ignore_errors: yes
become: yes
ignore_errors: true
become: true
register: create_with_ambiguous
- assert:

66
tests/integration/targets/luks_device/tasks/tests/passphrase.yml
View File

@ -15,8 +15,8 @@
memory: 1000
parallel: 1
sector_size: 1024
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: create_passphrase_1
- name: Make sure that the previous task only fails if LUKS2 is not supported
@ -32,7 +32,7 @@
passphrase: "{{ cryptfile_passphrase1 }}"
pbkdf:
iteration_time: 0.1
become: yes
become: true
when: create_passphrase_1 is failed
- name: Open with passphrase1
@ -40,8 +40,8 @@
device: "{{ cryptfile_device }}"
state: opened
passphrase: "{{ cryptfile_passphrase1 }}"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@ -50,7 +50,7 @@
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
- name: Give access with ambiguous new_ arguments
luks_device:
@ -61,8 +61,8 @@
new_keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: new_try
- assert:
that:
@ -73,8 +73,8 @@
device: "{{ cryptfile_device }}"
state: opened
passphrase: "{{ cryptfile_passphrase2 }}"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@ -88,7 +88,7 @@
new_passphrase: "{{ cryptfile_passphrase2 }}"
pbkdf:
iteration_time: 0.1
become: yes
become: true
register: result_1
- name: Give access to passphrase2 (idempotent)
@ -97,7 +97,7 @@
state: closed
passphrase: "{{ cryptfile_passphrase1 }}"
new_passphrase: "{{ cryptfile_passphrase2 }}"
become: yes
become: true
register: result_2
- assert:
@ -110,8 +110,8 @@
device: "{{ cryptfile_device }}"
state: opened
passphrase: "{{ cryptfile_passphrase2 }}"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@ -120,15 +120,15 @@
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
- name: Try to open with keyfile1
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@ -142,7 +142,7 @@
new_keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
become: yes
become: true
- name: Remove access with ambiguous remove_ arguments
luks_device:
@ -150,8 +150,8 @@
state: closed
remove_keyfile: "{{ remote_tmp_dir }}/keyfile1"
remove_passphrase: "{{ cryptfile_passphrase1 }}"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: remove_try
- assert:
that:
@ -162,8 +162,8 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@ -172,14 +172,14 @@
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
- name: Remove access for passphrase1
luks_device:
device: "{{ cryptfile_device }}"
state: closed
remove_passphrase: "{{ cryptfile_passphrase1 }}"
become: yes
become: true
register: result_1
- name: Remove access for passphrase1 (idempotent)
@ -187,7 +187,7 @@
device: "{{ cryptfile_device }}"
state: closed
remove_passphrase: "{{ cryptfile_passphrase1 }}"
become: yes
become: true
register: result_2
- assert:
@ -200,8 +200,8 @@
device: "{{ cryptfile_device }}"
state: opened
passphrase: "{{ cryptfile_passphrase1 }}"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@ -212,8 +212,8 @@
device: "{{ cryptfile_device }}"
state: opened
passphrase: "{{ cryptfile_passphrase3 }}"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@ -227,15 +227,15 @@
new_passphrase: "{{ cryptfile_passphrase3 }}"
pbkdf:
iteration_time: 0.1
become: yes
become: true
- name: Open with passphrase3
luks_device:
device: "{{ cryptfile_device }}"
state: opened
passphrase: "{{ cryptfile_passphrase3 }}"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@ -244,4 +244,4 @@
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true

18
tests/integration/targets/luks_device/tasks/tests/performance.yml
View File

@ -17,8 +17,8 @@
persistent: true
pbkdf:
iteration_time: 0.1
check_mode: yes
become: yes
check_mode: true
become: true
register: create_open_check
- name: Create and open
luks_device:
@ -32,7 +32,7 @@
perf_no_read_workqueue: true
perf_no_write_workqueue: true
persistent: true
become: yes
become: true
register: create_open
- name: Create and open (idempotent)
luks_device:
@ -46,7 +46,7 @@
perf_no_read_workqueue: true
perf_no_write_workqueue: true
persistent: true
become: yes
become: true
register: create_open_idem
- name: Create and open (idempotent, check)
luks_device:
@ -60,8 +60,8 @@
perf_no_read_workqueue: true
perf_no_write_workqueue: true
persistent: true
check_mode: yes
become: yes
check_mode: true
become: true
register: create_open_idem_check
- assert:
that:
@ -72,7 +72,7 @@
- name: Dump LUKS Header
command: "cryptsetup luksDump {{ cryptfile_device }}"
become: yes
become: true
register: luks_header
- assert:
that:
@ -83,7 +83,7 @@
- name: Dump device mapper table
command: "dmsetup table {{ create_open.name }}"
become: yes
become: true
register: dm_table
- assert:
that:
@ -96,7 +96,7 @@
luks_device:
name: "{{ cryptfile_device }}"
state: absent
become: yes
become: true
when:
- ansible_facts.kernel is version('5.9.0', '>=')

104
tests/integration/targets/openssl_csr/tasks/impl.yml
View File

@ -20,8 +20,8 @@
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
check_mode: yes
return_content: true
check_mode: true
register: generate_csr_check
- name: "({{ select_crypto_backend }}) Generate CSR"
@ -31,7 +31,7 @@
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: generate_csr
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
@ -41,7 +41,7 @@
subject_ordered:
- commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: generate_csr_idempotent
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)"
@ -51,8 +51,8 @@
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
check_mode: yes
return_content: true
check_mode: true
register: generate_csr_idempotent_check
- name: "({{ select_crypto_backend }}) Generate CSR without SAN (check mode)"
@ -61,9 +61,9 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
useCommonNameForSAN: no
useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: generate_csr_nosan_check
- name: "({{ select_crypto_backend }}) Generate CSR without SAN"
@ -72,7 +72,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
useCommonNameForSAN: no
useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_nosan
@ -82,7 +82,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
useCommonNameForSAN: no
useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_nosan_check_idempotent
@ -92,9 +92,9 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
useCommonNameForSAN: no
useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: generate_csr_nosan_check_idempotent_check
# keyUsage longname and shortname should be able to be used
@ -179,7 +179,7 @@
subject_alt_name: invalid-san.example.com
select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_invalid_san
ignore_errors: yes
ignore_errors: true
- name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (2/2)"
openssl_csr:
@ -188,7 +188,7 @@
subject_alt_name: "DNS:system:kube-controller-manager"
select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_invalid_san_2
ignore_errors: yes
ignore_errors: true
- name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple"
openssl_csr:
@ -227,7 +227,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
subject:
commonName: This is for Ansible
useCommonNameForSAN: no
useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}'
- name: "({{ select_crypto_backend }}) Generate CSR with country name"
@ -263,7 +263,7 @@
C: dex
select_crypto_backend: '{{ select_crypto_backend }}'
register: country_fail_4
ignore_errors: yes
ignore_errors: true
- name: "({{ select_crypto_backend }}) Generate privatekey with password"
openssl_privatekey:
@ -300,7 +300,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
privatekey_passphrase: hunter2
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_1
- name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 2)"
@ -309,7 +309,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: wrong_password
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_2
- name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 3)"
@ -317,7 +317,7 @@
path: '{{ remote_tmp_dir }}/csr_pw3.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_3
- name: "({{ select_crypto_backend }}) Create broken CSR"
@ -330,7 +330,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
subject:
commonName: This is for Ansible
useCommonNameForSAN: no
useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}'
register: output_broken
@ -340,7 +340,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_1
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
@ -349,7 +349,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_2
- name: "({{ select_crypto_backend }}) Generate CSR (change)"
@ -358,22 +358,22 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: ansible.com
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_3
- name: "({{ select_crypto_backend }}) Generate CSR (remove)"
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_backup.csr'
state: absent
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: csr_backup_4
- name: "({{ select_crypto_backend }}) Generate CSR (remove, idempotent)"
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_backup.csr'
state: absent
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_5
@ -413,7 +413,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
create_subject_key_identifier: yes
create_subject_key_identifier: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: subject_key_identifier_4
@ -423,7 +423,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
create_subject_key_identifier: yes
create_subject_key_identifier: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: subject_key_identifier_5
@ -556,7 +556,7 @@
- emailAddress: test@example.com
- postalAddress: 1234 Somewhere
- postalCode: "1234"
useCommonNameForSAN: no
useCommonNameForSAN: false
key_usage:
- digitalSignature
- keyAgreement
@ -567,19 +567,19 @@
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
key_usage_critical: true
extended_key_usage: '{{ value_for_extended_key_usage }}'
subject_alt_name: '{{ value_for_san }}'
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
basic_constraints_critical: true
name_constraints_permitted: '{{ value_for_name_constraints_permitted }}'
name_constraints_excluded:
- "DNS:.example.com"
- "DNS:.org"
name_constraints_critical: yes
ocsp_must_staple: yes
name_constraints_critical: true
ocsp_must_staple: true
subject_key_identifier: 00:11:22:33
authority_key_identifier: 44:55:66:77
authority_cert_issuer: '{{ value_for_authority_cert_issuer }}'
@ -641,7 +641,7 @@
- emailAddress: test@example.com
- postalAddress: 1234 Somewhere
- postalCode: "1234"
useCommonNameForSAN: no
useCommonNameForSAN: false
key_usage:
- digitalSignature
- keyAgreement
@ -652,19 +652,19 @@
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
key_usage_critical: true
extended_key_usage: '{{ value_for_extended_key_usage }}'
subject_alt_name: '{{ value_for_san }}'
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
basic_constraints_critical: true
name_constraints_permitted: '{{ value_for_name_constraints_permitted }}'
name_constraints_excluded:
- "DNS:.org"
- "DNS:.example.com"
name_constraints_critical: yes
ocsp_must_staple: yes
name_constraints_critical: true
ocsp_must_staple: true
subject_key_identifier: 00:11:22:33
authority_key_identifier: 44:55:66:77
authority_cert_issuer: '{{ value_for_authority_cert_issuer }}'
@ -703,7 +703,7 @@
- "DNS:www.example.com"
- "IP:1.2.3.0/255.255.255.0"
- "IP:0::0:1:0:0/112"
check_mode: yes
check_mode: true
register: everything_2
- name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent)"
@ -728,7 +728,7 @@
emailAddress: test@example.com
postalAddress: 1234 Somewhere
postalCode: "1234"
useCommonNameForSAN: no
useCommonNameForSAN: false
key_usage:
- digitalSignature
- keyAgreement
@ -739,19 +739,19 @@
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
key_usage_critical: true
extended_key_usage: '{{ value_for_extended_key_usage }}'
subject_alt_name: '{{ value_for_san }}'
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
basic_constraints_critical: true
name_constraints_permitted: '{{ value_for_name_constraints_permitted }}'
name_constraints_excluded:
- "DNS:.org"
- "DNS:.example.com"
name_constraints_critical: yes
ocsp_must_staple: yes
name_constraints_critical: true
ocsp_must_staple: true
subject_key_identifier: 00:11:22:33
authority_key_identifier: 44:55:66:77
authority_cert_issuer: '{{ value_for_authority_cert_issuer }}'
@ -814,7 +814,7 @@
- emailAddress: test@example.com
- postalAddress: 1234 Somewhere
- postalCode: "1234"
useCommonNameForSAN: no
useCommonNameForSAN: false
key_usage:
- digitalSignature
- keyAgreement
@ -825,19 +825,19 @@
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
key_usage_critical: true
extended_key_usage: '{{ value_for_extended_key_usage }}'
subject_alt_name: '{{ value_for_san }}'
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
basic_constraints_critical: true
name_constraints_permitted: '{{ value_for_name_constraints_permitted }}'
name_constraints_excluded:
- "DNS:.org"
- "DNS:.example.com"
name_constraints_critical: yes
ocsp_must_staple: yes
name_constraints_critical: true
ocsp_must_staple: true
subject_key_identifier: 00:11:22:33
authority_key_identifier: 44:55:66:77
authority_cert_issuer: '{{ value_for_authority_cert_issuer }}'
@ -895,7 +895,7 @@
- Ed25519
- Ed448
register: generate_csr_ed25519_ed448_privatekey
ignore_errors: yes
ignore_errors: true
- name: "({{ select_crypto_backend }}) Generate CSR if private key generation succeeded"
when: generate_csr_ed25519_ed448_privatekey is not failed
@ -912,7 +912,7 @@
- Ed25519
- Ed448
register: generate_csr_ed25519_ed448
ignore_errors: yes
ignore_errors: true
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
openssl_csr:
@ -925,7 +925,7 @@
- Ed25519
- Ed448
register: generate_csr_ed25519_ed448_idempotent
ignore_errors: yes
ignore_errors: true
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=')

14
tests/integration/targets/openssl_csr_info/tasks/main.yml
View File

@ -49,7 +49,7 @@
emailAddress: test@example.com
postalAddress: 1234 Somewhere
postalCode: "1234"
useCommonNameForSAN: no
useCommonNameForSAN: false
key_usage:
- digitalSignature
- keyAgreement
@ -60,7 +60,7 @@
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
key_usage_critical: true
extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
@ -84,8 +84,8 @@
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
ocsp_must_staple: yes
basic_constraints_critical: true
ocsp_must_staple: true
subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}'
@ -100,7 +100,7 @@
path: '{{ remote_tmp_dir }}/csr_2.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: hunter2
useCommonNameForSAN: no
useCommonNameForSAN: false
basic_constraints:
- "CA:TRUE"
@ -108,7 +108,7 @@
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_3.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no
useCommonNameForSAN: false
subject_alt_name:
- "DNS:*.ansible.com"
- "DNS:*.example.org"
@ -126,7 +126,7 @@
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_4.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no
useCommonNameForSAN: false
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
- name: Running tests with cryptography backend

6
tests/integration/targets/openssl_csr_pipe/tasks/impl.yml
View File

@ -14,7 +14,7 @@
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: generate_csr_check
- name: "({{ select_crypto_backend }}) Generate CSR"
@ -41,7 +41,7 @@
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: generate_csr_idempotent_check
- name: "({{ select_crypto_backend }}) Generate CSR (changed)"
@ -60,7 +60,7 @@
subject:
commonName: ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: generate_csr_changed_check
- name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)"

28
tests/integration/targets/openssl_dhparam/tasks/impl.yml
View File

@ -10,7 +10,7 @@
size: 768
path: '{{ remote_tmp_dir }}/dh768.pem'
select_crypto_backend: "{{ select_crypto_backend }}"
return_content: yes
return_content: true
check_mode: true
register: dhparam_check
@ -19,7 +19,7 @@
size: 768
path: '{{ remote_tmp_dir }}/dh768.pem'
select_crypto_backend: "{{ select_crypto_backend }}"
return_content: yes
return_content: true
register: dhparam
- name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change (check mode)"
@ -27,7 +27,7 @@
size: 768
path: '{{ remote_tmp_dir }}/dh768.pem'
select_crypto_backend: "{{ select_crypto_backend }}"
return_content: yes
return_content: true
check_mode: true
register: dhparam_changed_check
@ -36,7 +36,7 @@
size: 768
path: '{{ remote_tmp_dir }}/dh768.pem'
select_crypto_backend: "{{ select_crypto_backend }}"
return_content: yes
return_content: true
register: dhparam_changed
- name: "[{{ select_crypto_backend }}] Generate parameters with size option"
@ -54,7 +54,7 @@
- copy:
src: '{{ remote_tmp_dir }}/dh768.pem'
remote_src: yes
remote_src: true
dest: '{{ remote_tmp_dir }}/dh512.pem'
- name: "[{{ select_crypto_backend }}] Re-generate if size is different"
@ -68,7 +68,7 @@
openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh512.pem'
size: 512
force: yes
force: true
select_crypto_backend: "{{ select_crypto_backend }}"
register: dhparam_changed_force
@ -80,7 +80,7 @@
openssl_dhparam:
path: '{{ remote_tmp_dir }}/dhbroken.pem'
size: 512
force: yes
force: true
select_crypto_backend: "{{ select_crypto_backend }}"
register: output_broken
@ -88,36 +88,36 @@
openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh_backup.pem'
size: 512
backup: yes
backup: true
select_crypto_backend: "{{ select_crypto_backend }}"
register: dhparam_backup_1
- name: "[{{ select_crypto_backend }}] Generate params (idempotent)"
openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh_backup.pem'
size: 512
backup: yes
backup: true
select_crypto_backend: "{{ select_crypto_backend }}"
register: dhparam_backup_2
- name: "[{{ select_crypto_backend }}] Generate params (change)"
openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh_backup.pem'
size: 512
force: yes
backup: yes
force: true
backup: true
select_crypto_backend: "{{ select_crypto_backend }}"
register: dhparam_backup_3
- name: "[{{ select_crypto_backend }}] Generate params (remove)"
openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh_backup.pem'
state: absent
backup: yes
backup: true
select_crypto_backend: "{{ select_crypto_backend }}"
return_content: yes
return_content: true
register: dhparam_backup_4
- name: "[{{ select_crypto_backend }}] Generate params (remove, idempotent)"
openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh_backup.pem'
state: absent
backup: yes
backup: true
select_crypto_backend: "{{ select_crypto_backend }}"
register: dhparam_backup_5

92
tests/integration/targets/openssl_privatekey/tasks/impl.yml
View File

@ -7,7 +7,7 @@
openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey1.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
check_mode: true
register: privatekey1_check
@ -15,14 +15,14 @@
openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey1.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: privatekey1
- name: "({{ select_crypto_backend }}) Generate privatekey1 - standard (idempotence, check mode)"
openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey1.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
check_mode: true
register: privatekey1_idempotence_check
@ -30,7 +30,7 @@
openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey1.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: privatekey1_idempotence
- name: "({{ select_crypto_backend }}) Generate privatekey2 - size 2048"
@ -57,7 +57,7 @@
state: absent
path: '{{ remote_tmp_dir }}/privatekey4.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: privatekey4_delete
- name: "({{ select_crypto_backend }}) Delete privatekey4 - standard (idempotence)"
@ -190,7 +190,7 @@
loop: "{{ types }}"
loop_control:
label: "{{ item.type }}"
ignore_errors: yes
ignore_errors: true
register: privatekey_t1_generate
- name: "({{ select_crypto_backend }}) Test other type generation (idempotency)"
@ -202,7 +202,7 @@
loop: "{{ types }}"
loop_control:
label: "{{ item.type }}"
ignore_errors: yes
ignore_errors: true
register: privatekey_t1_idempotency
when: select_crypto_backend == 'cryptography'
@ -224,7 +224,7 @@
cipher: auto
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes
backup: true
register: passphrase_1
- name: "({{ select_crypto_backend }}) Generate privatekey with passphrase (idempotent)"
@ -234,7 +234,7 @@
cipher: auto
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes
backup: true
register: passphrase_2
- name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase"
@ -242,7 +242,7 @@
path: '{{ remote_tmp_dir }}/privatekeypw.pem'
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes
backup: true
register: passphrase_3
- name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase (idempotent)"
@ -250,7 +250,7 @@
path: '{{ remote_tmp_dir }}/privatekeypw.pem'
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes
backup: true
register: passphrase_4
- name: "({{ select_crypto_backend }}) Regenerate privatekey with passphrase"
@ -260,7 +260,7 @@
cipher: auto
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes
backup: true
register: passphrase_5
- name: "({{ select_crypto_backend }}) Create broken key"
@ -281,7 +281,7 @@
cipher: auto
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes
backup: true
state: absent
register: remove_1
@ -292,7 +292,7 @@
cipher: auto
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes
backup: true
state: absent
register: remove_2
@ -327,7 +327,7 @@
openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey_mode.pem'
mode: '0400'
force: yes
force: true
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey_mode_3
@ -405,7 +405,7 @@
format: raw
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: privatekey_fmt_1_step_8
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)"
@ -438,7 +438,7 @@
type: X448
format: pkcs8
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: privatekey_fmt_2_step_1
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - PKCS8 format (idempotent)"
@ -447,7 +447,7 @@
type: X448
format: pkcs8
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: privatekey_fmt_2_step_2
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - raw format"
@ -456,14 +456,14 @@
type: X448
format: raw
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
ignore_errors: yes
return_content: true
ignore_errors: true
register: privatekey_fmt_2_step_3
- name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem"
slurp:
src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem"
ignore_errors: yes
ignore_errors: true
register: content
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded"
@ -478,14 +478,14 @@
type: X448
format: raw
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
ignore_errors: yes
return_content: true
ignore_errors: true
register: privatekey_fmt_2_step_4
- name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem"
slurp:
src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem"
ignore_errors: yes
ignore_errors: true
register: content
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded"
@ -500,14 +500,14 @@
type: X448
format: auto_ignore
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
ignore_errors: yes
return_content: true
ignore_errors: true
register: privatekey_fmt_2_step_5
- name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem"
slurp:
src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem"
ignore_errors: yes
ignore_errors: true
register: content
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded"
@ -522,8 +522,8 @@
type: X448
format: auto
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
ignore_errors: yes
return_content: true
ignore_errors: true
register: privatekey_fmt_2_step_6
- name: "({{ select_crypto_backend }}) Read private key"
@ -574,9 +574,9 @@
size: '{{ default_rsa_key_size }}'
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@ -597,7 +597,7 @@
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@ -617,9 +617,9 @@
size: '{{ default_rsa_key_size }}'
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@ -640,7 +640,7 @@
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@ -660,7 +660,7 @@
size: '{{ default_rsa_key_size }}'
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
loop: "{{ regenerate_values }}"
register: result
- assert:
@ -695,9 +695,9 @@
size: '{{ default_rsa_key_size + 20 }}'
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@ -716,7 +716,7 @@
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@ -742,9 +742,9 @@
size: '{{ default_rsa_key_size }}'
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@ -763,7 +763,7 @@
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@ -791,9 +791,9 @@
format: pkcs8
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@ -813,7 +813,7 @@
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@ -841,7 +841,7 @@
format_mismatch: convert
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
loop: "{{ regenerate_values }}"
register: result
- assert:

12
tests/integration/targets/openssl_privatekey_info/tasks/impl.yml
View File

@ -43,7 +43,7 @@
- name: ({{select_crypto_backend}}) Get key 2 info
openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_2.pem'
return_private_key_data: yes
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
@ -65,9 +65,9 @@
- name: ({{select_crypto_backend}}) Get key 3 info (without passphrase)
openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_3.pem'
return_private_key_data: yes
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: result
- name: Check that loading passphrase protected key without passphrase failed
@ -91,7 +91,7 @@
openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_3.pem'
passphrase: hunter2
return_private_key_data: yes
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
@ -112,7 +112,7 @@
- name: ({{select_crypto_backend}}) Get key 4 info
openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_4.pem'
return_private_key_data: yes
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
@ -134,7 +134,7 @@
- name: ({{select_crypto_backend}}) Get key 5 info
openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_5.pem'
return_private_key_data: yes
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: result

26
tests/integration/targets/openssl_publickey/tasks/impl.yml
View File

@ -13,7 +13,7 @@
path: '{{ remote_tmp_dir }}/publickey.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
check_mode: true
register: publickey_check
@ -22,7 +22,7 @@
path: '{{ remote_tmp_dir }}/publickey.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: publickey
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (check mode, idempotence)"
@ -30,7 +30,7 @@
path: '{{ remote_tmp_dir }}/publickey.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
check_mode: true
register: publickey_check2
@ -39,7 +39,7 @@
path: '{{ remote_tmp_dir }}/publickey.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: publickey_idempotence
- name: "({{ select_crypto_backend }}) Verify check mode"
@ -79,7 +79,7 @@
path: '{{ remote_tmp_dir }}/publickey2.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: publickey2_absent
- name: "({{ select_crypto_backend }}) Delete publickey2 - standard (idempotence)"
@ -134,21 +134,21 @@
openssl_publickey:
path: '{{ remote_tmp_dir }}/publickey5.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey5_1
- name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (idempotent)"
openssl_publickey:
path: '{{ remote_tmp_dir }}/publickey5.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey5_2
- name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (different private key)"
openssl_publickey:
path: '{{ remote_tmp_dir }}/publickey5.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey5.pem'
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey5_3
@ -166,7 +166,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
privatekey_passphrase: hunter2
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_1
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 2)"
@ -175,7 +175,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: wrong_password
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_2
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 3)"
@ -183,7 +183,7 @@
path: '{{ remote_tmp_dir }}/publickey_pw3.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_3
- name: "({{ select_crypto_backend }}) Create broken key"
@ -207,7 +207,7 @@
state: absent
path: '{{ remote_tmp_dir }}/publickey_removal.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: remove_1
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (removal, idempotent)"
@ -215,6 +215,6 @@
state: absent
path: '{{ remote_tmp_dir }}/publickey_removal.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: remove_2

4
tests/integration/targets/setup_acme/tasks/obtain-cert.yml
View File

@ -34,7 +34,7 @@
select_crypto_backend: "{{ select_crypto_backend }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}"
account_key_content: "{{ account_key_content | default(omit) }}"
account_key_passphrase: "{{ account_key_passphrase | default(omit) | default(omit, true) }}"
@ -112,7 +112,7 @@
select_crypto_backend: "{{ select_crypto_backend }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}"
account_key_content: "{{ account_key_content | default(omit) }}"
account_key_passphrase: "{{ account_key_passphrase | default(omit) | default(omit, true) }}"

2
tests/integration/targets/setup_openssl/tasks/main.yml
View File

@ -59,7 +59,7 @@
homebrew:
name: openssl
state: present
become: yes
become: true
become_user: "{{ brew_stat.stat.pw_name }}"
- name: MACOS | Locale openssl binary

4
tests/integration/targets/setup_pkg_mgr/tasks/main.yml
View File

@ -11,11 +11,11 @@
- set_fact:
pkg_mgr: community.general.pkgng
ansible_pkg_mgr: community.general.pkgng
cacheable: yes
cacheable: true
when: ansible_os_family == 'FreeBSD' and ansible_version.string is version('2.10', '>=')
- set_fact:
pkg_mgr: community.general.zypper
ansible_pkg_mgr: community.general.zypper
cacheable: yes
cacheable: true
when: ansible_os_family == 'Suse' and ansible_version.string is version('2.10', '>=')

4
tests/integration/targets/setup_pyopenssl/tasks/main.yml
View File

@ -60,7 +60,7 @@
- name: Register pyOpenSSL debug details
command: "{{ ansible_python.executable }} -m OpenSSL.debug"
register: pyopenssl_debug_version
ignore_errors: yes
ignore_errors: true
# Depending on which pyOpenSSL version has been installed, it could be that cryptography has
# been upgraded to a newer version. Make sure to register cryptography_version another time here
@ -68,4 +68,4 @@
- name: Register cryptography version
command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'"
register: cryptography_version
ignore_errors: yes # in case cryptography was not installed, and setup_openssl hasn't been run before, ignore errors
ignore_errors: true # in case cryptography was not installed, and setup_openssl hasn't been run before, ignore errors

2
tests/integration/targets/setup_remote_tmp_dir/tasks/default-cleanup.yml
View File

@ -7,4 +7,4 @@
file:
path: "{{ remote_tmp_dir }}"
state: absent
no_log: yes
no_log: true

66
tests/integration/targets/x509_certificate/tasks/ownca.yml
View File

@ -21,10 +21,10 @@
path: '{{ item.path }}'
privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
subject: '{{ item.subject }}'
useCommonNameForSAN: no
useCommonNameForSAN: false
basic_constraints:
- 'CA:TRUE'
basic_constraints_critical: yes
basic_constraints_critical: true
loop:
- path: '{{ remote_tmp_dir }}/ca_csr.csr'
subject:
@ -40,10 +40,10 @@
privatekey_passphrase: hunter2
subject:
commonName: Example CA
useCommonNameForSAN: no
useCommonNameForSAN: false
basic_constraints:
- 'CA:TRUE'
basic_constraints_critical: yes
basic_constraints_critical: true
- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate (check mode)
x509_certificate:
@ -101,7 +101,7 @@
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: ownca_certificate
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent)
@ -114,7 +114,7 @@
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: ownca_certificate_idempotence
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (check mode)
@ -127,7 +127,7 @@
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
- name: (OwnCA, {{select_crypto_backend}}) Copy ownca certificate to new file to check regeneration
copy:
@ -148,7 +148,7 @@
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: ownca_certificate_ca_subject_changed
- name: (OwnCA, {{select_crypto_backend}}) Regenerate ownca certificate with different CA key
@ -162,7 +162,7 @@
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: ownca_certificate_ca_key_changed
- name: (OwnCA, {{select_crypto_backend}}) Get certificate information
@ -300,7 +300,7 @@
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_1
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 2)
@ -313,7 +313,7 @@
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_2
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 3)
@ -325,7 +325,7 @@
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_3
- name: (OwnCA, {{select_crypto_backend}}) Create broken certificate
@ -351,7 +351,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_1
- name: (OwnCA, {{select_crypto_backend}}) Backup test (idempotent)
@ -362,7 +362,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_2
- name: (OwnCA, {{select_crypto_backend}}) Backup test (change)
@ -373,7 +373,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_3
- name: (OwnCA, {{select_crypto_backend}}) Backup test (remove)
@ -381,7 +381,7 @@
path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem'
state: absent
provider: ownca
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_4
- name: (OwnCA, {{select_crypto_backend}}) Backup test (remove, idempotent)
@ -389,7 +389,7 @@
path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem'
state: absent
provider: ownca
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_5
@ -461,7 +461,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_authority_key_identifier: yes
ownca_create_authority_key_identifier: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_authority_key_identifier_1
@ -473,7 +473,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_authority_key_identifier: yes
ownca_create_authority_key_identifier: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_authority_key_identifier_2
@ -485,7 +485,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_authority_key_identifier: no
ownca_create_authority_key_identifier: false
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_authority_key_identifier_3
@ -497,7 +497,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_authority_key_identifier: no
ownca_create_authority_key_identifier: false
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_authority_key_identifier_4
@ -509,7 +509,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_authority_key_identifier: yes
ownca_create_authority_key_identifier: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_authority_key_identifier_5
@ -523,7 +523,7 @@
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_privatekey
ignore_errors: yes
ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate CSR etc. if private key generation succeeded
when: ownca_certificate_ed25519_ed448_privatekey is not failed
@ -539,7 +539,7 @@
loop:
- Ed25519
- Ed448
ignore_errors: yes
ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate
x509_certificate:
@ -554,7 +554,7 @@
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448
ignore_errors: yes
ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent)
x509_certificate:
@ -569,7 +569,7 @@
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_idempotence
ignore_errors: yes
ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey
openssl_privatekey:
@ -577,7 +577,7 @@
type: '{{ item }}'
cipher: auto
passphrase: Test123
ignore_errors: yes
ignore_errors: true
loop:
- Ed25519
- Ed448
@ -589,17 +589,17 @@
privatekey_passphrase: Test123
subject:
commonName: Example CA
useCommonNameForSAN: no
useCommonNameForSAN: false
basic_constraints:
- 'CA:TRUE'
basic_constraints_critical: yes
basic_constraints_critical: true
key_usage:
- cRLSign
- keyCertSign
loop:
- Ed25519
- Ed448
ignore_errors: yes
ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate
x509_certificate:
@ -612,7 +612,7 @@
loop:
- Ed25519
- Ed448
ignore_errors: yes
ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate
x509_certificate:
@ -628,7 +628,7 @@
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_2
ignore_errors: yes
ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent)
x509_certificate:
@ -644,7 +644,7 @@
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_2_idempotence
ignore_errors: yes
ignore_errors: true
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=')

2
tests/integration/targets/x509_certificate/tasks/removal.yml
View File

@ -32,7 +32,7 @@
path: "{{ remote_tmp_dir }}/removal_cert.pem"
state: absent
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: removal_1
- name: "(Removal, {{select_crypto_backend}}) Check that file is gone"

38
tests/integration/targets/x509_certificate/tasks/selfsigned.yml
View File

@ -23,7 +23,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: selfsigned_certificate_no_csr
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR - idempotency
@ -33,7 +33,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: selfsigned_certificate_no_csr_idempotence
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR (check mode)
@ -43,7 +43,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: selfsigned_certificate_no_csr_idempotence_check
- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR
@ -68,7 +68,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: selfsigned_certificate
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - idempotency
@ -79,7 +79,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: selfsigned_certificate_idempotence
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (check mode)
@ -90,7 +90,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (check mode, other CSR)
x509_certificate:
@ -100,7 +100,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: selfsigned_certificate_csr_minimal_change
- name: (Selfsigned, {{select_crypto_backend}}) Get certificate information
@ -272,7 +272,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_1
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 2)
@ -284,7 +284,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_2
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 3)
@ -295,7 +295,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_3
- name: (Selfsigned, {{select_crypto_backend}}) Create broken certificate
@ -318,7 +318,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem'
provider: selfsigned
selfsigned_digest: sha256
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: selfsigned_backup_1
- name: (Selfsigned, {{select_crypto_backend}}) Backup test (idempotent)
@ -328,7 +328,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem'
provider: selfsigned
selfsigned_digest: sha256
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: selfsigned_backup_2
- name: (Selfsigned, {{select_crypto_backend}}) Backup test (change)
@ -338,7 +338,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
provider: selfsigned
selfsigned_digest: sha256
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: selfsigned_backup_3
- name: (Selfsigned, {{select_crypto_backend}}) Backup test (remove)
@ -346,7 +346,7 @@
path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem'
state: absent
provider: selfsigned
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: selfsigned_backup_4
- name: (Selfsigned, {{select_crypto_backend}}) Backup test (remove, idempotent)
@ -354,7 +354,7 @@
path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem'
state: absent
provider: selfsigned
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: selfsigned_backup_5
@ -423,7 +423,7 @@
- Ed25519
- Ed448
register: selfsigned_certificate_ed25519_ed448_privatekey
ignore_errors: yes
ignore_errors: true
- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR etc. if private key generation succeeded
when: selfsigned_certificate_ed25519_ed448_privatekey is not failed
@ -439,7 +439,7 @@
loop:
- Ed25519
- Ed448
ignore_errors: yes
ignore_errors: true
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate
x509_certificate:
@ -453,7 +453,7 @@
- Ed25519
- Ed448
register: selfsigned_certificate_ed25519_ed448
ignore_errors: yes
ignore_errors: true
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - idempotency
x509_certificate:
@ -467,7 +467,7 @@
- Ed25519
- Ed448
register: selfsigned_certificate_ed25519_ed448_idempotence
ignore_errors: yes
ignore_errors: true
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=')

14
tests/integration/targets/x509_certificate_info/tasks/main.yml
View File

@ -49,7 +49,7 @@
emailAddress: test@example.com
postalAddress: 1234 Somewhere
postalCode: "1234"
useCommonNameForSAN: no
useCommonNameForSAN: false
key_usage:
- digitalSignature
- keyAgreement
@ -60,7 +60,7 @@
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
key_usage_critical: true
extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
@ -86,8 +86,8 @@
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
ocsp_must_staple: yes
basic_constraints_critical: true
ocsp_must_staple: true
subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}'
@ -102,7 +102,7 @@
path: '{{ remote_tmp_dir }}/csr_2.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: hunter2
useCommonNameForSAN: no
useCommonNameForSAN: false
basic_constraints:
- "CA:TRUE"
@ -110,7 +110,7 @@
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_3.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no
useCommonNameForSAN: false
subject_alt_name:
- "DNS:*.ansible.com"
- "DNS:*.example.org"
@ -128,7 +128,7 @@
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_4.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no
useCommonNameForSAN: false
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
- name: Generate selfsigned certificates

12
tests/integration/targets/x509_certificate_pipe/tasks/impl.yml
View File

@ -42,7 +42,7 @@
selfsigned_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: generate_certificate_check
- name: "({{ select_crypto_backend }}) Generate self-signed certificate"
@ -75,7 +75,7 @@
selfsigned_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: generate_certificate_idempotent_check
- name: "({{ select_crypto_backend }}) Generate self-signed certificate (changed)"
@ -98,7 +98,7 @@
selfsigned_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert-2.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: generate_certificate_changed_check
- name: "({{ select_crypto_backend }}) Validate certificate (test - privatekey modulus)"
@ -144,7 +144,7 @@
ownca_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert-3.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: ownca_generate_certificate_check
- name: "({{ select_crypto_backend }}) Generate own CA certificate"
@ -180,7 +180,7 @@
ownca_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert-3.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: ownca_generate_certificate_idempotent_check
- name: "({{ select_crypto_backend }}) Generate own CA certificate (changed)"
@ -205,7 +205,7 @@
ownca_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert-4.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: ownca_generate_certificate_changed_check
- name: "({{ select_crypto_backend }}) Validate certificate (test - privatekey modulus)"

92
tests/integration/targets/x509_crl/tasks/impl.yml
View File

@ -17,7 +17,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@ -38,7 +38,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@ -83,11 +83,11 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
check_mode: yes
check_mode: true
register: crl_1_idem_check
- name: Create CRL 1 (idempotent)
@ -104,7 +104,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@ -133,11 +133,11 @@
- content: "{{ slurp.results[2].content | b64decode }}"
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
check_mode: yes
check_mode: true
register: crl_1_idem_content_check
- name: Create CRL 1 (idempotent with content)
@ -154,7 +154,7 @@
- content: "{{ slurp.results[2].content | b64decode }}"
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@ -175,11 +175,11 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
check_mode: yes
check_mode: true
register: crl_1_format_check
- name: Create CRL 1 (format)
@ -197,7 +197,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@ -218,11 +218,11 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
check_mode: yes
check_mode: true
register: crl_1_format_idem_check
- name: Create CRL 1 (format, idempotent)
@ -240,11 +240,11 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
return_content: yes
return_content: true
register: crl_1_format_idem
- name: Retrieve CRL 1 infos via file
@ -277,10 +277,10 @@
- path: '{{ remote_tmp_dir }}/cert-1.pem'
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
check_mode: yes
check_mode: true
register: crl_2_check
- name: Create CRL 2
@ -298,7 +298,7 @@
- path: '{{ remote_tmp_dir }}/cert-1.pem'
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
register: crl_2
@ -318,11 +318,11 @@
- path: '{{ remote_tmp_dir }}/cert-1.pem'
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
ignore_timestamps: yes
check_mode: yes
ignore_timestamps: true
check_mode: true
register: crl_2_idem_check
- name: Create CRL 2 (idempotent)
@ -340,10 +340,10 @@
- path: '{{ remote_tmp_dir }}/cert-1.pem'
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
ignore_timestamps: yes
ignore_timestamps: true
register: crl_2_idem
- name: Create CRL 2 (idempotent update, check mode)
@ -359,9 +359,9 @@
next_update: +0d
revoked_certificates:
- serial_number: 1235
ignore_timestamps: yes
ignore_timestamps: true
mode: update
check_mode: yes
check_mode: true
register: crl_2_idem_update_change_check
- name: Create CRL 2 (idempotent update)
@ -377,7 +377,7 @@
next_update: +0d
revoked_certificates:
- serial_number: 1235
ignore_timestamps: yes
ignore_timestamps: true
mode: update
register: crl_2_idem_update_change
@ -395,11 +395,11 @@
revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
ignore_timestamps: yes
ignore_timestamps: true
mode: update
check_mode: yes
check_mode: true
register: crl_2_idem_update_check
- name: Create CRL 2 (idempotent update)
@ -416,9 +416,9 @@
revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
ignore_timestamps: yes
ignore_timestamps: true
mode: update
register: crl_2_idem_update
@ -436,11 +436,11 @@
revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
ignore_timestamps: no
ignore_timestamps: false
mode: update
check_mode: yes
check_mode: true
register: crl_2_change_check
- name: Create CRL 2 (changed timestamps)
@ -457,11 +457,11 @@
revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
ignore_timestamps: no
ignore_timestamps: false
mode: update
return_content: yes
return_content: true
register: crl_2_change
- name: Read ca-crl2.crl
@ -490,11 +490,11 @@
revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
ignore_timestamps: true
mode: update
return_content: yes
return_content: true
register: crl_2_change_order_ignore
- name: Create CRL 2 (changed order)
@ -511,11 +511,11 @@
revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
ignore_timestamps: true
mode: update
return_content: yes
return_content: true
register: crl_2_change_order
- name: Read ca-crl2.crl
@ -639,7 +639,7 @@
- Ed25519
- Ed448
register: ed25519_ed448_privatekey
ignore_errors: yes
ignore_errors: true
- when: ed25519_ed448_privatekey is not failed
block:
@ -658,7 +658,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@ -666,7 +666,7 @@
loop:
- Ed25519
- Ed448
ignore_errors: yes
ignore_errors: true
- name: Create CRL (idempotence)
x509_crl:
@ -682,7 +682,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@ -690,6 +690,6 @@
loop:
- Ed25519
- Ed448
ignore_errors: yes
ignore_errors: true
when: cryptography_version.stdout is version('2.6', '>=')

6
tests/integration/targets/x509_crl/tasks/main.yml
View File

@ -18,11 +18,11 @@
- name: ca
subject:
commonName: Ansible
is_ca: yes
is_ca: true
- name: ca-2
subject:
commonName: Ansible Other CA
is_ca: yes
is_ca: true
- name: cert-1
subject_alt_name:
- DNS:ansible.com
@ -52,7 +52,7 @@
subject: "{{ item.subject | default(omit) }}"
subject_alt_name: "{{ item.subject_alt_name | default(omit) }}"
basic_constraints: "{{ 'CA:TRUE' if item.is_ca | default(false) else omit }}"
use_common_name_for_san: no
use_common_name_for_san: false
loop: "{{ certificates }}"
- name: Generate CA certificates