ci: enable rhel9.0 tests for openssh_cert (#463)

* ci: enable rhel9.0 tests for openssh_cert * ci: allow openssh_cert second signature algorithm test for versions >8.7 * ci: narrowing condition to not attempt RSA1 signing exclusively on RHEL >=9 * ci: grouping and documenting condition
2022-05-21 10:43:54 -04:00 · 2022-05-21 10:43:54 -04:00 · 4ab45e8c21
parent c566a7abf3
commit 4ab45e8c21
2 changed files with 18 additions and 15 deletions
--- a/tests/integration/targets/openssh_cert/aliases
+++ b/tests/integration/targets/openssh_cert/aliases
@ -1,3 +1,2 @@
 shippable/posix/group1
 destructive
 skip/rhel9.0  # TODO figure out why and fix
--- a/tests/integration/targets/openssh_cert/tests/key_idempotency.yml
+++ b/tests/integration/targets/openssh_cert/tests/key_idempotency.yml
@ -53,21 +53,25 @@
        that:
          - updated_signature_algorithm_idempotent is not changed
-    - name: Generate cert with original signature algorithm
+    - block:
-      openssh_cert:
+      - name: Generate cert with original signature algorithm
-        type: user
+        openssh_cert:
-        path: "{{ certificate_path }}"
+          type: user
-        public_key: "{{ public_key }}"
+          path: "{{ certificate_path }}"
-        signing_key: "{{ signing_key }}"
+          public_key: "{{ public_key }}"
-        signature_algorithm: ssh-rsa
+          signing_key: "{{ signing_key }}"
-        valid_from: always
+          signature_algorithm: ssh-rsa
-        valid_to: forever
+          valid_from: always
-      register: second_signature_algorithm
+          valid_to: forever
        register: second_signature_algorithm
-    - name: Assert second signature algorithm update causes change
+      - name: Assert second signature algorithm update causes change
-      assert:
+        assert:
-        that:
+          that:
-          - second_signature_algorithm is changed
+            - second_signature_algorithm is changed
      # RHEL9 disables SHA-1 algorithms by default making this test fail with a 'libcrypt' error. Other systems which
      # impose a similar restriction may also need to skip this block in the future.
      when: not (ansible_facts['distribution'] == "RedHat" and (ansible_facts['distribution_major_version'] | int) >= 9)
    - name: Omit signature algorithm
      openssh_cert: