From 4d8dcad190abb602ac47b6a200c0fa7a71a2210b Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Fri, 4 Dec 2020 14:08:14 +0100 Subject: [PATCH] Speed up tests (#153) * Improve openssh_* tests. * Use 2048 instead of 4096 bit keys in many places. ci_complete * Parameterize default RSA key length for tests. * Reduce default RSA key size to 1024. ci_complete * Fix error. ci_complete * Use variable more often. * Use 2048 bits for RSA keys for certificates on RHEL8 and CentOS8. ci_complete * Fix missing constant. ci_complete * Print default key sizes. --- .../targets/acme_certificate/tasks/impl.yml | 22 ++++---- .../acme_certificate_revoke/tasks/impl.yml | 10 ++-- .../acme_challenge_cert_helper/tasks/main.yml | 2 +- .../targets/openssh_cert/tasks/main.yml | 30 +--------- .../targets/openssh_keypair/tasks/main.yml | 31 +++++++++- .../openssh_keypair/tests/validate.yml | 22 +++++--- .../targets/openssl_csr/tasks/impl.yml | 2 + .../targets/openssl_csr/tasks/main.yml | 1 + .../targets/openssl_csr_info/tasks/main.yml | 2 + .../targets/openssl_csr_pipe/tasks/impl.yml | 1 + .../targets/openssl_csr_pipe/tasks/main.yml | 1 + .../targets/openssl_pkcs12/tasks/impl.yml | 4 ++ .../targets/openssl_privatekey/tasks/impl.yml | 56 +++++++++++++------ .../targets/openssl_privatekey/tasks/main.yml | 5 +- .../openssl_privatekey/tests/validate.yml | 4 +- .../openssl_privatekey_info/tasks/impl.yml | 2 +- .../openssl_privatekey_info/tasks/main.yml | 3 +- .../openssl_privatekey_pipe/tasks/impl.yml | 16 +++--- .../openssl_privatekey_pipe/tasks/main.yml | 1 + .../targets/openssl_publickey/tasks/impl.yml | 4 ++ .../targets/openssl_publickey/tasks/main.yml | 1 + .../targets/openssl_signature/tasks/main.yml | 2 +- .../targets/setup_acme/tasks/obtain-cert.yml | 2 +- .../targets/setup_acme/vars/main.yml | 1 + .../targets/setup_openssl/tasks/main.yml | 4 ++ .../targets/setup_openssl/vars/main.yml | 3 + .../x509_certificate-acme/tasks/impl.yml | 4 +- .../x509_certificate/tasks/assertonly.yml | 2 + .../x509_certificate/tasks/expired.yml | 1 + .../targets/x509_certificate/tasks/ownca.yml | 2 + .../x509_certificate/tasks/removal.yml | 1 + .../x509_certificate/tasks/selfsigned.yml | 4 ++ .../x509_certificate_info/tasks/main.yml | 2 + .../x509_certificate_pipe/tasks/impl.yml | 2 +- .../x509_certificate_pipe/tasks/main.yml | 1 + 35 files changed, 162 insertions(+), 89 deletions(-) create mode 120000 tests/integration/targets/setup_acme/vars/main.yml create mode 100644 tests/integration/targets/setup_openssl/vars/main.yml diff --git a/tests/integration/targets/acme_certificate/tasks/impl.yml b/tests/integration/targets/acme_certificate/tasks/impl.yml index 1e255ed9..8547245d 100644 --- a/tests/integration/targets/acme_certificate/tasks/impl.yml +++ b/tests/integration/targets/acme_certificate/tasks/impl.yml @@ -4,8 +4,8 @@ command: "{{ openssl_binary }} ecparam -name prime256v1 -genkey -out {{ output_dir }}/account-ec256.pem" - name: Create ECC384 account key command: "{{ openssl_binary }} ecparam -name secp384r1 -genkey -out {{ output_dir }}/account-ec384.pem" -- name: Create RSA-2048 account key - command: "{{ openssl_binary }} genrsa -out {{ output_dir }}/account-rsa2048.pem 2048" +- name: Create RSA account key + command: "{{ openssl_binary }} genrsa -out {{ output_dir }}/account-rsa.pem {{ default_rsa_key_size }}" ## SET UP ACCOUNTS ############################################################################ - name: Make sure ECC256 account hasn't been created yet acme_account: @@ -28,13 +28,13 @@ contact: - mailto:example@example.org - mailto:example@example.com -- name: Create RSA-2048 account +- name: Create RSA account acme_account: select_crypto_backend: "{{ select_crypto_backend }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no - account_key_src: "{{ output_dir }}/account-rsa2048.pem" + account_key_src: "{{ output_dir }}/account-rsa.pem" state: present allow_creation: yes terms_agreed: yes @@ -46,7 +46,7 @@ certgen_title: Certificate 1 certificate_name: cert-1 key_type: rsa - rsa_bits: 2048 + rsa_bits: "{{ default_rsa_key_size }}" subject_alt_name: "DNS:example.com" subject_alt_name_critical: no account_key: account-ec256 @@ -107,7 +107,7 @@ key_type: ec384 subject_alt_name: "DNS:*.example.com,DNS:example.org,DNS:t1.example.com" subject_alt_name_critical: no - account_key_content: "{{ lookup('file', output_dir ~ '/account-rsa2048.pem') }}" + account_key_content: "{{ lookup('file', output_dir ~ '/account-rsa.pem') }}" challenge: dns-01 modify_account: no deactivate_authzs: no @@ -131,10 +131,10 @@ certgen_title: Certificate 4 certificate_name: cert-4 key_type: rsa - rsa_bits: 2048 + rsa_bits: "{{ default_rsa_key_size }}" subject_alt_name: "DNS:example.com,DNS:t1.example.com,DNS:test.t2.example.com,DNS:example.org,DNS:test.example.org" subject_alt_name_critical: no - account_key: account-rsa2048 + account_key: account-rsa challenge: http-01 modify_account: no deactivate_authzs: yes @@ -242,7 +242,7 @@ certgen_title: Certificate 6 certificate_name: cert-6 key_type: rsa - rsa_bits: 2048 + rsa_bits: "{{ default_rsa_key_size }}" subject_alt_name: "DNS:example.org" subject_alt_name_critical: no account_key: account-ec256 @@ -274,7 +274,7 @@ certgen_title: Certificate 7 certificate_name: cert-7 key_type: rsa - rsa_bits: 2048 + rsa_bits: "{{ default_rsa_key_size }}" subject_alt_name: - "IP:127.0.0.1" # - "IP:::1" @@ -302,7 +302,7 @@ certgen_title: Certificate 8 certificate_name: cert-8 key_type: rsa - rsa_bits: 2048 + rsa_bits: "{{ default_rsa_key_size }}" subject_alt_name: - "IP:127.0.0.1" # IPv4 only since our test validation server doesn't work diff --git a/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml b/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml index a6572c36..cafafa99 100644 --- a/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml +++ b/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml @@ -4,8 +4,8 @@ command: "{{ openssl_binary }} ecparam -name prime256v1 -genkey -out {{ output_dir }}/account-ec256.pem" - name: Create ECC384 account key command: "{{ openssl_binary }} ecparam -name secp384r1 -genkey -out {{ output_dir }}/account-ec384.pem" -- name: Create RSA-2048 account key - command: "{{ openssl_binary }} genrsa -out {{ output_dir }}/account-rsa2048.pem 2048" +- name: Create RSA account key + command: "{{ openssl_binary }} genrsa -out {{ output_dir }}/account-rsa.pem {{ default_rsa_key_size }}" ## CREATE ACCOUNTS AND OBTAIN CERTIFICATES #################################################### - name: Obtain cert 1 include_tasks: obtain-cert.yml @@ -13,7 +13,7 @@ certgen_title: Certificate 1 for revocation certificate_name: cert-1 key_type: rsa - rsa_bits: 2048 + rsa_bits: "{{ default_rsa_key_size }}" subject_alt_name: "DNS:example.com" subject_alt_name_critical: no account_key_content: "{{ lookup('file', output_dir ~ '/account-ec256.pem') }}" @@ -48,7 +48,7 @@ key_type: ec384 subject_alt_name: "DNS:t1.example.com" subject_alt_name_critical: no - account_key: account-rsa2048 + account_key: account-rsa challenge: dns-01 modify_account: yes deactivate_authzs: no @@ -80,7 +80,7 @@ - name: Revoke certificate 3 via account key (fullchain) acme_certificate_revoke: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_content: "{{ lookup('file', output_dir ~ '/account-rsa2048.pem') }}" + account_key_content: "{{ lookup('file', output_dir ~ '/account-rsa.pem') }}" certificate: "{{ output_dir }}/cert-3-fullchain.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir diff --git a/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml b/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml index dc3b606f..cd306a4a 100644 --- a/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml +++ b/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml @@ -14,7 +14,7 @@ certgen_title: Certificate 1 certificate_name: cert-1 key_type: rsa - rsa_bits: 2048 + rsa_bits: "{{ default_rsa_key_size }}" subject_alt_name: "DNS:example.com" subject_alt_name_critical: no account_key: account-ec256 diff --git a/tests/integration/targets/openssh_cert/tasks/main.yml b/tests/integration/targets/openssh_cert/tasks/main.yml index 4bce2ac0..15782613 100644 --- a/tests/integration/targets/openssh_cert/tasks/main.yml +++ b/tests/integration/targets/openssh_cert/tasks/main.yml @@ -6,24 +6,11 @@ - name: openssh_cert integration tests when: not (ansible_facts['distribution'] == "CentOS" and ansible_facts['distribution_major_version'] == "6") block: - - name: Generate keypair (check mode) - openssh_keypair: - path: '{{ output_dir }}/id_key' - type: rsa - check_mode: yes - name: Generate keypair openssh_keypair: path: '{{ output_dir }}/id_key' type: rsa - - name: Generate keypair (idempotent) - openssh_keypair: - path: '{{ output_dir }}/id_key' - type: rsa - - name: Generate keypair (idempotent, check mode) - openssh_keypair: - path: '{{ output_dir }}/id_key' - type: rsa - check_mode: yes + size: 2048 - name: Generate always valid cert (check mode) openssh_cert: type: user @@ -393,24 +380,10 @@ #valid_from: "2001-01-21" #valid_to: "2019-01-21" check_mode: yes - - name: Remove keypair (check mode) - openssh_keypair: - path: '{{ output_dir }}/id_key' - state: absent - check_mode: yes - name: Remove keypair openssh_keypair: path: '{{ output_dir }}/id_key' state: absent - - name: Remove keypair (idempotent) - openssh_keypair: - path: '{{ output_dir }}/id_key' - state: absent - - name: Remove keypair (idempotent, check mode) - openssh_keypair: - path: '{{ output_dir }}/id_key' - state: absent - check_mode: yes - name: openssh_cert integration tests that require ssh-agent when: openssh_version is version("7.6",">=") @@ -421,6 +394,7 @@ openssh_keypair: path: '{{ output_dir }}/id_key' type: rsa + size: 2048 - name: Generate always valid cert using agent without key in agent (should fail) openssh_cert: type: user diff --git a/tests/integration/targets/openssh_keypair/tasks/main.yml b/tests/integration/targets/openssh_keypair/tasks/main.yml index e543a615..993c8ad4 100644 --- a/tests/integration/targets/openssh_keypair/tasks/main.yml +++ b/tests/integration/targets/openssh_keypair/tasks/main.yml @@ -4,20 +4,35 @@ # and should not be used as examples of how to write Ansible roles # #################################################################### +- name: Generate privatekey1 - standard (check mode) + openssh_keypair: + path: '{{ output_dir }}/privatekey1' + size: 2048 + register: privatekey1_result_check + check_mode: true + - name: Generate privatekey1 - standard openssh_keypair: path: '{{ output_dir }}/privatekey1' + size: 2048 register: privatekey1_result +- name: Generate privatekey1 - standard (check mode idempotent) + openssh_keypair: + path: '{{ output_dir }}/privatekey1' + size: 2048 + register: privatekey1_idem_result_check + check_mode: true + - name: Generate privatekey1 - standard (idempotent) openssh_keypair: path: '{{ output_dir }}/privatekey1' + size: 2048 register: privatekey1_idem_result -- name: Generate privatekey2 - size 2048 +- name: Generate privatekey2 - default size openssh_keypair: path: '{{ output_dir }}/privatekey2' - size: 2048 - name: Generate privatekey3 - type dsa openssh_keypair: @@ -27,6 +42,7 @@ - name: Generate privatekey4 - standard openssh_keypair: path: '{{ output_dir }}/privatekey4' + size: 2048 - name: Delete privatekey4 - standard openssh_keypair: @@ -36,17 +52,20 @@ - name: Generate privatekey5 - standard openssh_keypair: path: '{{ output_dir }}/privatekey5' + size: 2048 register: publickey_gen - name: Generate privatekey6 openssh_keypair: path: '{{ output_dir }}/privatekey6' type: rsa + size: 2048 - name: Regenerate privatekey6 via force openssh_keypair: path: '{{ output_dir }}/privatekey6' type: rsa + size: 2048 force: yes register: output_regenerated_via_force @@ -63,6 +82,7 @@ openssh_keypair: path: '{{ output_dir }}/privatekeybroken' type: rsa + size: 2048 register: output_broken ignore_errors: yes @@ -71,6 +91,7 @@ path: '{{ output_dir }}/privatekeybroken' type: rsa force: yes + size: 2048 register: output_broken_force - name: Generate read-only private key @@ -78,24 +99,28 @@ path: '{{ output_dir }}/privatekeyreadonly' type: rsa mode: '0200' + size: 2048 - name: Regenerate read-only private key via force openssh_keypair: path: '{{ output_dir }}/privatekeyreadonly' type: rsa force: yes + size: 2048 register: output_read_only - name: Generate privatekey7 - standard with comment openssh_keypair: path: '{{ output_dir }}/privatekey7' comment: 'test@privatekey7' + size: 2048 register: privatekey7_result - name: Modify privatekey7 comment openssh_keypair: path: '{{ output_dir }}/privatekey7' comment: 'test_modified@privatekey7' + size: 2048 register: privatekey7_modified_result - name: Generate password protected key @@ -104,6 +129,7 @@ - name: Try to modify the password protected key - should fail openssh_keypair: path: '{{ output_dir }}/privatekey8' + size: 2048 register: privatekey8_result ignore_errors: yes @@ -111,6 +137,7 @@ openssh_keypair: path: '{{ output_dir }}/privatekey8' force: yes + size: 2048 register: privatekey8_result_force - import_tasks: ../tests/validate.yml diff --git a/tests/integration/targets/openssh_keypair/tests/validate.yml b/tests/integration/targets/openssh_keypair/tests/validate.yml index 9f34ab22..e9d76a7a 100644 --- a/tests/integration/targets/openssh_keypair/tests/validate.yml +++ b/tests/integration/targets/openssh_keypair/tests/validate.yml @@ -3,6 +3,14 @@ debug: var: privatekey1_result +- name: Validate general behavior + assert: + that: + - privatekey1_result_check is changed + - privatekey1_result is changed + - privatekey1_idem_result_check is not changed + - privatekey1_idem_result is not changed + - name: Validate privatekey1 return fingerprint assert: that: @@ -21,7 +29,7 @@ assert: that: - privatekey1_result["size"]|type_debug == 'int' - - privatekey1_result["size"] == 4096 + - privatekey1_result["size"] == 2048 - name: Validate privatekey1 return key type assert: @@ -29,14 +37,14 @@ - privatekey1_result["type"] is string - privatekey1_result["type"] == "rsa" -- name: Validate privatekey1 (test - RSA key with size 4096 bits) +- name: Validate privatekey1 (test - RSA key with size 2048 bits) shell: "ssh-keygen -lf {{ output_dir }}/privatekey1 | grep -o -E '^[0-9]+'" register: privatekey1 -- name: Validate privatekey1 (assert - RSA key with size 4096 bits) +- name: Validate privatekey1 (assert - RSA key with size 2048 bits) assert: that: - - privatekey1.stdout == '4096' + - privatekey1.stdout == '2048' - name: Validate privatekey1 idempotence assert: @@ -44,14 +52,14 @@ - privatekey1_idem_result is not changed -- name: Validate privatekey2 (test - RSA key with size 2048 bits) +- name: Validate privatekey2 (test - RSA key with default size 4096 bits) shell: "ssh-keygen -lf {{ output_dir }}/privatekey2 | grep -o -E '^[0-9]+'" register: privatekey2 -- name: Validate privatekey2 (assert - RSA key with size 2048 bits) +- name: Validate privatekey2 (assert - RSA key with size 4096 bits) assert: that: - - privatekey2.stdout == '2048' + - privatekey2.stdout == '4096' - name: Validate privatekey3 (test - DSA key with size 1024 bits) diff --git a/tests/integration/targets/openssl_csr/tasks/impl.yml b/tests/integration/targets/openssl_csr/tasks/impl.yml index e325a060..2db7c60b 100644 --- a/tests/integration/targets/openssl_csr/tasks/impl.yml +++ b/tests/integration/targets/openssl_csr/tasks/impl.yml @@ -2,6 +2,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey" openssl_privatekey: path: '{{ output_dir }}/privatekey.pem' + size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate CSR (check mode)" openssl_csr: @@ -261,6 +262,7 @@ passphrase: hunter2 cipher: auto select_crypto_backend: cryptography + size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate CSR with privatekey passphrase" openssl_csr: diff --git a/tests/integration/targets/openssl_csr/tasks/main.yml b/tests/integration/targets/openssl_csr/tasks/main.yml index 0de5112a..575bc79d 100644 --- a/tests/integration/targets/openssl_csr/tasks/main.yml +++ b/tests/integration/targets/openssl_csr/tasks/main.yml @@ -7,6 +7,7 @@ - name: Prepare private key for backend autodetection test openssl_privatekey: path: '{{ output_dir }}/privatekey_backend_selection.pem' + size: '{{ default_rsa_key_size }}' - name: Run module with backend autodetection openssl_csr: path: '{{ output_dir }}/csr_backend_selection.csr' diff --git a/tests/integration/targets/openssl_csr_info/tasks/main.yml b/tests/integration/targets/openssl_csr_info/tasks/main.yml index 67d5230c..e55ffa44 100644 --- a/tests/integration/targets/openssl_csr_info/tasks/main.yml +++ b/tests/integration/targets/openssl_csr_info/tasks/main.yml @@ -7,6 +7,7 @@ - name: Generate privatekey openssl_privatekey: path: '{{ output_dir }}/privatekey.pem' + size: '{{ default_rsa_key_size }}' - name: Generate privatekey with password openssl_privatekey: @@ -14,6 +15,7 @@ passphrase: hunter2 cipher: auto select_crypto_backend: cryptography + size: '{{ default_rsa_key_size }}' - name: Generate CSR 1 openssl_csr: diff --git a/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml b/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml index aba2dea6..844ed77e 100644 --- a/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml +++ b/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml @@ -2,6 +2,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey" openssl_privatekey: path: '{{ output_dir }}/privatekey.pem' + size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate CSR (check mode)" openssl_csr_pipe: diff --git a/tests/integration/targets/openssl_csr_pipe/tasks/main.yml b/tests/integration/targets/openssl_csr_pipe/tasks/main.yml index 330edb8f..8f3d9c59 100644 --- a/tests/integration/targets/openssl_csr_pipe/tasks/main.yml +++ b/tests/integration/targets/openssl_csr_pipe/tasks/main.yml @@ -7,6 +7,7 @@ - name: Prepare private key for backend autodetection test openssl_privatekey: path: '{{ output_dir }}/privatekey_backend_selection.pem' + size: '{{ default_rsa_key_size }}' - name: Run module with backend autodetection openssl_csr_pipe: privatekey_path: '{{ output_dir }}/privatekey_backend_selection.pem' diff --git a/tests/integration/targets/openssl_pkcs12/tasks/impl.yml b/tests/integration/targets/openssl_pkcs12/tasks/impl.yml index f0d76364..c4b24400 100644 --- a/tests/integration/targets/openssl_pkcs12/tasks/impl.yml +++ b/tests/integration/targets/openssl_pkcs12/tasks/impl.yml @@ -2,12 +2,15 @@ - name: Generate privatekey openssl_privatekey: path: '{{ output_dir }}/ansible_pkey.pem' + size: '{{ default_rsa_key_size_certifiates }}' - name: Generate privatekey2 openssl_privatekey: path: '{{ output_dir }}/ansible_pkey2.pem' + size: '{{ default_rsa_key_size_certifiates }}' - name: Generate privatekey3 openssl_privatekey: path: '{{ output_dir }}/ansible_pkey3.pem' + size: '{{ default_rsa_key_size_certifiates }}' - name: Generate CSR openssl_csr: path: '{{ output_dir }}/ansible.csr' @@ -137,6 +140,7 @@ path: '{{ output_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: auto + size: '{{ default_rsa_key_size }}' select_crypto_backend: cryptography - name: Generate PKCS#12 file (password fail 1) openssl_pkcs12: diff --git a/tests/integration/targets/openssl_privatekey/tasks/impl.yml b/tests/integration/targets/openssl_privatekey/tasks/impl.yml index 9acac2cc..6fb8def8 100644 --- a/tests/integration/targets/openssl_privatekey/tasks/impl.yml +++ b/tests/integration/targets/openssl_privatekey/tasks/impl.yml @@ -29,6 +29,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey4 - standard" openssl_privatekey: path: '{{ output_dir }}/privatekey4.pem' + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Delete privatekey4 - standard" @@ -51,6 +52,7 @@ path: '{{ output_dir }}/privatekey5.pem' passphrase: ansible cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate privatekey5 - standard - idempotence" @@ -58,6 +60,7 @@ path: '{{ output_dir }}/privatekey5.pem' passphrase: ansible cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey5_idempotence @@ -66,6 +69,7 @@ path: '{{ output_dir }}/privatekey6.pem' passphrase: ànsïblé cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' - set_fact: @@ -202,6 +206,7 @@ path: '{{ output_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' backup: yes register: passphrase_1 @@ -211,6 +216,7 @@ path: '{{ output_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' backup: yes register: passphrase_2 @@ -218,6 +224,7 @@ - name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase" openssl_privatekey: path: '{{ output_dir }}/privatekeypw.pem' + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' backup: yes register: passphrase_3 @@ -225,6 +232,7 @@ - name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase (idempotent)" openssl_privatekey: path: '{{ output_dir }}/privatekeypw.pem' + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' backup: yes register: passphrase_4 @@ -234,6 +242,7 @@ path: '{{ output_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' backup: yes register: passphrase_5 @@ -245,6 +254,7 @@ - name: "({{ select_crypto_backend }}) Regenerate broken key" openssl_privatekey: path: '{{ output_dir }}/broken.pem' + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: output_broken @@ -253,6 +263,7 @@ path: '{{ output_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' backup: yes state: absent @@ -263,6 +274,7 @@ path: '{{ output_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' backup: yes state: absent @@ -272,6 +284,7 @@ openssl_privatekey: path: '{{ output_dir }}/privatekey_mode.pem' mode: '0400' + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_mode_1 - name: "({{ select_crypto_backend }}) Stat for privatekey_mode" @@ -283,6 +296,7 @@ openssl_privatekey: path: '{{ output_dir }}/privatekey_mode.pem' mode: '0400' + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_mode_2 @@ -298,6 +312,7 @@ path: '{{ output_dir }}/privatekey_mode.pem' mode: '0400' force: yes + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_mode_3 - name: "({{ select_crypto_backend }}) Stat for privatekey_mode" @@ -310,6 +325,7 @@ openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: auto + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_1 @@ -317,6 +333,7 @@ openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: auto + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_2 @@ -324,6 +341,7 @@ openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: pkcs1 + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_3 @@ -331,6 +349,7 @@ openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: pkcs8 + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_4 @@ -338,6 +357,7 @@ openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: pkcs8 + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_5 @@ -345,6 +365,7 @@ openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: auto_ignore + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_6 @@ -352,6 +373,7 @@ openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: auto + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_7 @@ -359,6 +381,7 @@ openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: raw + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' ignore_errors: yes register: privatekey_fmt_1_step_8 @@ -374,6 +397,7 @@ path: '{{ output_dir }}/privatekey_fmt_1.pem' format: pkcs8 format_mismatch: convert + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_9 @@ -496,14 +520,14 @@ openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: RSA - size: 1024 + size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" - name: "({{ select_crypto_backend }}) Regenerate - setup password protected keys" openssl_privatekey: path: '{{ output_dir }}/regenerate-b-{{ item }}.pem' type: RSA - size: 1024 + size: '{{ default_rsa_key_size }}' passphrase: hunter2 cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" select_crypto_backend: '{{ select_crypto_backend }}' @@ -519,7 +543,7 @@ openssl_privatekey: path: '{{ output_dir }}/regenerate-c-{{ item }}.pem' type: RSA - size: 1024 + size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' check_mode: yes @@ -541,7 +565,7 @@ openssl_privatekey: path: '{{ output_dir }}/regenerate-c-{{ item }}.pem' type: RSA - size: 1024 + size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" @@ -562,7 +586,7 @@ openssl_privatekey: path: '{{ output_dir }}/regenerate-b-{{ item }}.pem' type: RSA - size: 1024 + size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' check_mode: yes @@ -584,7 +608,7 @@ openssl_privatekey: path: '{{ output_dir }}/regenerate-b-{{ item }}.pem' type: RSA - size: 1024 + size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" @@ -605,7 +629,7 @@ openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: RSA - size: 1024 + size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' check_mode: yes @@ -623,7 +647,7 @@ openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: RSA - size: 1024 + size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" @@ -640,7 +664,7 @@ openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: RSA - size: 1048 + size: '{{ default_rsa_key_size + 20 }}' regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' check_mode: yes @@ -660,7 +684,7 @@ openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: RSA - size: 1048 + size: '{{ default_rsa_key_size + 20 }}' regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" @@ -687,7 +711,7 @@ openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: DSA - size: 1024 + size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' check_mode: yes @@ -707,7 +731,7 @@ openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: DSA - size: 1024 + size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" @@ -735,7 +759,7 @@ openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: DSA - size: 1024 + size: '{{ default_rsa_key_size }}' format: pkcs8 regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' @@ -756,7 +780,7 @@ openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: DSA - size: 1024 + size: '{{ default_rsa_key_size }}' format: pkcs8 regenerate: '{{ item }}' select_crypto_backend: '{{ select_crypto_backend }}' @@ -784,7 +808,7 @@ openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: DSA - size: 1024 + size: '{{ default_rsa_key_size }}' format: pkcs1 format_mismatch: convert regenerate: '{{ item }}' @@ -804,7 +828,7 @@ openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: DSA - size: 1024 + size: '{{ default_rsa_key_size }}' format: pkcs1 format_mismatch: convert regenerate: '{{ item }}' diff --git a/tests/integration/targets/openssl_privatekey/tasks/main.yml b/tests/integration/targets/openssl_privatekey/tasks/main.yml index 439d03c3..057a7b9a 100644 --- a/tests/integration/targets/openssl_privatekey/tasks/main.yml +++ b/tests/integration/targets/openssl_privatekey/tasks/main.yml @@ -34,6 +34,7 @@ - name: Run module with backend autodetection openssl_privatekey: path: '{{ output_dir }}/privatekey_backend_selection.pem' + size: '{{ default_rsa_key_size }}' - block: - name: Running tests with pyOpenSSL backend @@ -76,7 +77,7 @@ openssl_privatekey: path: '{{ output_dir }}/fingerprint-{{ item }}.pem' type: "{{ item }}" - size: 1024 + size: '{{ default_rsa_key_size }}' select_crypto_backend: pyopenssl loop: - RSA @@ -87,7 +88,7 @@ openssl_privatekey: path: '{{ output_dir }}/fingerprint-{{ item }}.pem' type: "{{ item }}" - size: 1024 + size: '{{ default_rsa_key_size }}' select_crypto_backend: cryptography loop: - RSA diff --git a/tests/integration/targets/openssl_privatekey/tests/validate.yml b/tests/integration/targets/openssl_privatekey/tests/validate.yml index 11a985af..5672d927 100644 --- a/tests/integration/targets/openssl_privatekey/tests/validate.yml +++ b/tests/integration/targets/openssl_privatekey/tests/validate.yml @@ -68,7 +68,7 @@ - name: "({{ select_crypto_backend }}) Validate privatekey5 (assert - Passphrase protected key + idempotence)" assert: that: - - privatekey5.stdout == '4096' + - privatekey5.stdout == '{{ default_rsa_key_size }}' when: openssl_version.stdout is version('0.9.8zh', '>=') - name: "({{ select_crypto_backend }}) Validate privatekey5 idempotence (assert - Passphrase protected key + idempotence)" @@ -85,7 +85,7 @@ - name: "({{ select_crypto_backend }}) Validate privatekey6 (assert - Passphrase protected key with non ascii character)" assert: that: - - privatekey6.stdout == '4096' + - privatekey6.stdout == '{{ default_rsa_key_size }}' when: openssl_version.stdout is version('0.9.8zh', '>=') - name: "({{ select_crypto_backend }}) Validate ECC generation (dump with OpenSSL)" diff --git a/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml b/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml index c74acdec..2ecbb48a 100644 --- a/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml +++ b/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml @@ -50,7 +50,7 @@ - "'type' in result" - "result.type == 'RSA'" - "'public_data' in result" - - "result.public_data.size == 2048" + - "result.public_data.size == default_rsa_key_size" - "2 ** (result.public_data.size - 1) < result.public_data.modulus < 2 ** result.public_data.size" - "result.public_data.exponent > 5" - "'private_data' in result" diff --git a/tests/integration/targets/openssl_privatekey_info/tasks/main.yml b/tests/integration/targets/openssl_privatekey_info/tasks/main.yml index 62f9f7bc..c477d194 100644 --- a/tests/integration/targets/openssl_privatekey_info/tasks/main.yml +++ b/tests/integration/targets/openssl_privatekey_info/tasks/main.yml @@ -12,13 +12,14 @@ openssl_privatekey: path: '{{ output_dir }}/privatekey_2.pem' type: RSA - size: 2048 + size: '{{ default_rsa_key_size }}' - name: Generate privatekey 3 (with password) openssl_privatekey: path: '{{ output_dir }}/privatekey_3.pem' passphrase: hunter2 cipher: auto + size: '{{ default_rsa_key_size }}' select_crypto_backend: cryptography - name: Generate privatekey 4 (ECC) diff --git a/tests/integration/targets/openssl_privatekey_pipe/tasks/impl.yml b/tests/integration/targets/openssl_privatekey_pipe/tasks/impl.yml index 8b1db479..bee4fce6 100644 --- a/tests/integration/targets/openssl_privatekey_pipe/tasks/impl.yml +++ b/tests/integration/targets/openssl_privatekey_pipe/tasks/impl.yml @@ -27,7 +27,7 @@ openssl_privatekey_pipe: select_crypto_backend: '{{ select_crypto_backend }}' content: "{{ result.privatekey }}" - size: 2048 + size: '{{ default_rsa_key_size }}' register: update_check check_mode: true @@ -35,7 +35,7 @@ openssl_privatekey_pipe: select_crypto_backend: '{{ select_crypto_backend }}' content: "{{ result.privatekey }}" - size: 2048 + size: '{{ default_rsa_key_size }}' return_current_key: true register: update_check_return check_mode: true @@ -44,14 +44,14 @@ openssl_privatekey_pipe: select_crypto_backend: '{{ select_crypto_backend }}' content: "{{ result.privatekey }}" - size: 2048 + size: '{{ default_rsa_key_size }}' register: update - name: ({{select_crypto_backend}}) Update key (idempotent, check mode) openssl_privatekey_pipe: select_crypto_backend: '{{ select_crypto_backend }}' content: "{{ update.privatekey }}" - size: 2048 + size: '{{ default_rsa_key_size }}' register: update_idempotent_check check_mode: true @@ -59,14 +59,14 @@ openssl_privatekey_pipe: select_crypto_backend: '{{ select_crypto_backend }}' content: "{{ update.privatekey }}" - size: 2048 + size: '{{ default_rsa_key_size }}' register: update_idempotent - name: ({{select_crypto_backend}}) Update key (idempotent, check mode, with return_current_key=true) openssl_privatekey_pipe: select_crypto_backend: '{{ select_crypto_backend }}' content: "{{ update.privatekey }}" - size: 2048 + size: '{{ default_rsa_key_size }}' return_current_key: true register: update_idempotent_return_check check_mode: true @@ -75,7 +75,7 @@ openssl_privatekey_pipe: select_crypto_backend: '{{ select_crypto_backend }}' content: "{{ update.privatekey }}" - size: 2048 + size: '{{ default_rsa_key_size }}' return_current_key: true register: update_idempotent_return @@ -92,7 +92,7 @@ - update_check_return.privatekey == result.privatekey - update is changed - update.privatekey != result.privatekey - - update_info.public_data.size == 2048 + - update_info.public_data.size == default_rsa_key_size - update_idempotent_check is not changed - update_idempotent_check.privatekey is undefined - update_idempotent is not changed diff --git a/tests/integration/targets/openssl_privatekey_pipe/tasks/main.yml b/tests/integration/targets/openssl_privatekey_pipe/tasks/main.yml index 316212b3..c8205aeb 100644 --- a/tests/integration/targets/openssl_privatekey_pipe/tasks/main.yml +++ b/tests/integration/targets/openssl_privatekey_pipe/tasks/main.yml @@ -6,6 +6,7 @@ - name: Run module with backend autodetection openssl_privatekey_pipe: + size: '{{ default_rsa_key_size }}' - block: - name: Running tests with pyOpenSSL backend diff --git a/tests/integration/targets/openssl_publickey/tasks/impl.yml b/tests/integration/targets/openssl_publickey/tasks/impl.yml index 75e869f4..cfe930fd 100644 --- a/tests/integration/targets/openssl_publickey/tasks/impl.yml +++ b/tests/integration/targets/openssl_publickey/tasks/impl.yml @@ -2,6 +2,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey" openssl_privatekey: path: '{{ output_dir }}/privatekey.pem' + size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate publickey - PEM format" openssl_publickey: @@ -64,6 +65,7 @@ path: '{{ output_dir }}/privatekey3.pem' passphrase: ansible cipher: aes256 + size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate publickey3 - with passphrase protected privatekey" openssl_publickey: @@ -96,6 +98,7 @@ path: '{{ output_dir }}/privatekey5.pem' type: ECC curve: secp256r1 + size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format" openssl_publickey: @@ -125,6 +128,7 @@ passphrase: hunter2 cipher: auto select_crypto_backend: cryptography + size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 1)" openssl_publickey: diff --git a/tests/integration/targets/openssl_publickey/tasks/main.yml b/tests/integration/targets/openssl_publickey/tasks/main.yml index 4b688925..eb423054 100644 --- a/tests/integration/targets/openssl_publickey/tasks/main.yml +++ b/tests/integration/targets/openssl_publickey/tasks/main.yml @@ -8,6 +8,7 @@ - name: Generate privatekey1 - standard openssl_privatekey: path: '{{ output_dir }}/privatekey_autodetect.pem' + size: '{{ default_rsa_key_size }}' - name: Run module with backend autodetection openssl_publickey: diff --git a/tests/integration/targets/openssl_signature/tasks/main.yml b/tests/integration/targets/openssl_signature/tasks/main.yml index 49ab49ef..b0b97c89 100644 --- a/tests/integration/targets/openssl_signature/tasks/main.yml +++ b/tests/integration/targets/openssl_signature/tasks/main.yml @@ -32,7 +32,7 @@ - name: Add RSA tests set_fact: - key_types: "{{ key_types + [ { 'type': 'RSA' } ] }}" + key_types: "{{ key_types + [ { 'type': 'RSA', 'size': default_rsa_key_size } ] }}" when: cryptography_version.stdout is version('1.4', '>=') - name: Add DSA + ECDSA tests diff --git a/tests/integration/targets/setup_acme/tasks/obtain-cert.yml b/tests/integration/targets/setup_acme/tasks/obtain-cert.yml index 698db57a..ec53510b 100644 --- a/tests/integration/targets/setup_acme/tasks/obtain-cert.yml +++ b/tests/integration/targets/setup_acme/tasks/obtain-cert.yml @@ -1,7 +1,7 @@ --- ## PRIVATE KEY ################################################################################ - name: ({{ certgen_title }}) Create cert private key (RSA) - command: "{{ openssl_binary }} genrsa -out {{ output_dir }}/{{ certificate_name }}.key {{ rsa_bits if key_type == 'rsa' else 2048 }}" + command: "{{ openssl_binary }} genrsa -out {{ output_dir }}/{{ certificate_name }}.key {{ rsa_bits if key_type == 'rsa' else default_rsa_key_size }}" when: "key_type == 'rsa'" - name: ({{ certgen_title }}) Create cert private key (ECC 256) command: "{{ openssl_binary }} ecparam -name prime256v1 -genkey -out {{ output_dir }}/{{ certificate_name }}.key" diff --git a/tests/integration/targets/setup_acme/vars/main.yml b/tests/integration/targets/setup_acme/vars/main.yml new file mode 120000 index 00000000..1a806ff7 --- /dev/null +++ b/tests/integration/targets/setup_acme/vars/main.yml @@ -0,0 +1 @@ +../../setup_openssl/vars/main.yml \ No newline at end of file diff --git a/tests/integration/targets/setup_openssl/tasks/main.yml b/tests/integration/targets/setup_openssl/tasks/main.yml index fbd8521b..907f44b7 100644 --- a/tests/integration/targets/setup_openssl/tasks/main.yml +++ b/tests/integration/targets/setup_openssl/tasks/main.yml @@ -96,3 +96,7 @@ - name: Register cryptography version command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'" register: cryptography_version + +- name: Print default key sizes + debug: + msg: "Default RSA key size: {{ default_rsa_key_size }} (for certificates: {{ default_rsa_key_size_certifiates }})" diff --git a/tests/integration/targets/setup_openssl/vars/main.yml b/tests/integration/targets/setup_openssl/vars/main.yml new file mode 100644 index 00000000..37ae9578 --- /dev/null +++ b/tests/integration/targets/setup_openssl/vars/main.yml @@ -0,0 +1,3 @@ +--- +default_rsa_key_size: 1024 +default_rsa_key_size_certifiates: '{{ 2048 if ansible_os_family == "RedHat" and ansible_facts.distribution_major_version | int >= 8 else 1024 }}' diff --git a/tests/integration/targets/x509_certificate-acme/tasks/impl.yml b/tests/integration/targets/x509_certificate-acme/tasks/impl.yml index 9337bbd6..7de7da68 100644 --- a/tests/integration/targets/x509_certificate-acme/tasks/impl.yml +++ b/tests/integration/targets/x509_certificate-acme/tasks/impl.yml @@ -2,12 +2,12 @@ - name: Generate account key openssl_privatekey: path: '{{ output_dir }}/account.key' - size: 2048 + size: '{{ default_rsa_key_size }}' - name: Generate privatekey openssl_privatekey: path: '{{ output_dir }}/privatekey.pem' - size: 2048 + size: '{{ default_rsa_key_size }}' - name: Generate CSRs openssl_csr: diff --git a/tests/integration/targets/x509_certificate/tasks/assertonly.yml b/tests/integration/targets/x509_certificate/tasks/assertonly.yml index 6cabccaa..b6f355a7 100644 --- a/tests/integration/targets/x509_certificate/tasks/assertonly.yml +++ b/tests/integration/targets/x509_certificate/tasks/assertonly.yml @@ -2,6 +2,7 @@ - name: (Assertonly, {{select_crypto_backend}}) - Generate privatekey openssl_privatekey: path: '{{ output_dir }}/privatekey.pem' + size: '{{ default_rsa_key_size_certifiates }}' - name: (Assertonly, {{select_crypto_backend}}) - Generate privatekey with password openssl_privatekey: @@ -9,6 +10,7 @@ passphrase: hunter2 cipher: auto select_crypto_backend: cryptography + size: '{{ default_rsa_key_size_certifiates }}' - name: (Assertonly, {{select_crypto_backend}}) - Generate CSR (no extensions) openssl_csr: diff --git a/tests/integration/targets/x509_certificate/tasks/expired.yml b/tests/integration/targets/x509_certificate/tasks/expired.yml index b3035de8..76e21c83 100644 --- a/tests/integration/targets/x509_certificate/tasks/expired.yml +++ b/tests/integration/targets/x509_certificate/tasks/expired.yml @@ -2,6 +2,7 @@ - name: (Expired, {{select_crypto_backend}}) Generate privatekey openssl_privatekey: path: '{{ output_dir }}/has_expired_privatekey.pem' + size: '{{ default_rsa_key_size_certifiates }}' - name: (Expired, {{select_crypto_backend}}) Generate CSR openssl_csr: diff --git a/tests/integration/targets/x509_certificate/tasks/ownca.yml b/tests/integration/targets/x509_certificate/tasks/ownca.yml index 45ca894b..3feea15f 100644 --- a/tests/integration/targets/x509_certificate/tasks/ownca.yml +++ b/tests/integration/targets/x509_certificate/tasks/ownca.yml @@ -2,6 +2,7 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey openssl_privatekey: path: '{{ output_dir }}/ca_privatekey.pem' + size: '{{ default_rsa_key_size_certifiates }}' - name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey with passphrase openssl_privatekey: @@ -9,6 +10,7 @@ passphrase: hunter2 cipher: auto select_crypto_backend: cryptography + size: '{{ default_rsa_key_size_certifiates }}' - name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR openssl_csr: diff --git a/tests/integration/targets/x509_certificate/tasks/removal.yml b/tests/integration/targets/x509_certificate/tasks/removal.yml index 8a310ecc..581021c4 100644 --- a/tests/integration/targets/x509_certificate/tasks/removal.yml +++ b/tests/integration/targets/x509_certificate/tasks/removal.yml @@ -2,6 +2,7 @@ - name: (Removal, {{select_crypto_backend}}) Generate privatekey openssl_privatekey: path: '{{ output_dir }}/removal_privatekey.pem' + size: '{{ default_rsa_key_size_certifiates }}' - name: (Removal, {{select_crypto_backend}}) Generate CSR openssl_csr: diff --git a/tests/integration/targets/x509_certificate/tasks/selfsigned.yml b/tests/integration/targets/x509_certificate/tasks/selfsigned.yml index f61c078b..03c197aa 100644 --- a/tests/integration/targets/x509_certificate/tasks/selfsigned.yml +++ b/tests/integration/targets/x509_certificate/tasks/selfsigned.yml @@ -2,6 +2,7 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey openssl_privatekey: path: '{{ output_dir }}/privatekey.pem' + size: '{{ default_rsa_key_size_certifiates }}' - name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey with password openssl_privatekey: @@ -9,6 +10,7 @@ passphrase: hunter2 cipher: auto select_crypto_backend: cryptography + size: '{{ default_rsa_key_size_certifiates }}' - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR x509_certificate: @@ -126,6 +128,7 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey2 openssl_privatekey: path: '{{ output_dir }}/privatekey2.pem' + size: '{{ default_rsa_key_size_certifiates }}' - name: (Selfsigned, {{select_crypto_backend}}) Generate CSR2 openssl_csr: @@ -184,6 +187,7 @@ - name: (Selfsigned, {{select_crypto_backend}}) Create private key 3 openssl_privatekey: path: "{{ output_dir }}/privatekey3.pem" + size: '{{ default_rsa_key_size_certifiates }}' - name: (Selfsigned, {{select_crypto_backend}}) Create CSR 3 openssl_csr: diff --git a/tests/integration/targets/x509_certificate_info/tasks/main.yml b/tests/integration/targets/x509_certificate_info/tasks/main.yml index 52c82046..44da12e2 100644 --- a/tests/integration/targets/x509_certificate_info/tasks/main.yml +++ b/tests/integration/targets/x509_certificate_info/tasks/main.yml @@ -7,6 +7,7 @@ - name: Generate privatekey openssl_privatekey: path: '{{ output_dir }}/privatekey.pem' + size: '{{ default_rsa_key_size_certifiates }}' - name: Generate privatekey with password openssl_privatekey: @@ -14,6 +15,7 @@ passphrase: hunter2 cipher: auto select_crypto_backend: cryptography + size: '{{ default_rsa_key_size_certifiates }}' - name: Generate CSR 1 openssl_csr: diff --git a/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml b/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml index 5b024ac2..854ae5d6 100644 --- a/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml +++ b/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml @@ -2,7 +2,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey" openssl_privatekey: path: '{{ output_dir }}/{{ item }}.pem' - size: 2048 + size: '{{ default_rsa_key_size_certifiates }}' loop: - privatekey - privatekey2 diff --git a/tests/integration/targets/x509_certificate_pipe/tasks/main.yml b/tests/integration/targets/x509_certificate_pipe/tasks/main.yml index 02344364..6cb76213 100644 --- a/tests/integration/targets/x509_certificate_pipe/tasks/main.yml +++ b/tests/integration/targets/x509_certificate_pipe/tasks/main.yml @@ -7,6 +7,7 @@ - name: Prepare private key for backend autodetection test openssl_privatekey: path: '{{ output_dir }}/privatekey_backend_selection.pem' + size: '{{ default_rsa_key_size_certifiates }}' - name: Run module with backend autodetection x509_certificate_pipe: provider: selfsigned