diff --git a/tests/integration/targets/incidental_setup_openssl/aliases b/tests/integration/targets/incidental_setup_openssl/aliases deleted file mode 100644 index 136c05e0..00000000 --- a/tests/integration/targets/incidental_setup_openssl/aliases +++ /dev/null @@ -1 +0,0 @@ -hidden diff --git a/tests/integration/targets/incidental_setup_openssl/tasks/main.yml b/tests/integration/targets/incidental_setup_openssl/tasks/main.yml deleted file mode 100644 index 5a634458..00000000 --- a/tests/integration/targets/incidental_setup_openssl/tasks/main.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: Include OS-specific variables - include_vars: '{{ ansible_os_family }}.yml' - when: not ansible_os_family == "Darwin" - -- name: Install OpenSSL - become: True - package: - name: '{{ openssl_package_name }}' - when: not ansible_os_family == 'Darwin' - -- name: Install pyOpenSSL (Python 3) - become: True - package: - name: '{{ pyopenssl_package_name_python3 }}' - when: not ansible_os_family == 'Darwin' and ansible_python_version is version('3.0', '>=') - -- name: Install pyOpenSSL (Python 2) - become: True - package: - name: '{{ pyopenssl_package_name }}' - when: not ansible_os_family == 'Darwin' and ansible_python_version is version('3.0', '<') - -- name: Install pyOpenSSL (Darwin) - become: True - pip: - name: pyOpenSSL - when: ansible_os_family == 'Darwin' - -- name: register pyOpenSSL version - command: "{{ ansible_python.executable }} -c 'import OpenSSL; print(OpenSSL.__version__)'" - register: pyopenssl_version - -- name: register openssl version - shell: "openssl version | cut -d' ' -f2" - register: openssl_version - -- name: register cryptography version - command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'" - register: cryptography_version diff --git a/tests/integration/targets/incidental_setup_openssl/vars/Debian.yml b/tests/integration/targets/incidental_setup_openssl/vars/Debian.yml deleted file mode 100644 index 755c7a08..00000000 --- a/tests/integration/targets/incidental_setup_openssl/vars/Debian.yml +++ /dev/null @@ -1,3 +0,0 @@ -pyopenssl_package_name: python-openssl -pyopenssl_package_name_python3: python3-openssl -openssl_package_name: openssl diff --git a/tests/integration/targets/incidental_setup_openssl/vars/FreeBSD.yml b/tests/integration/targets/incidental_setup_openssl/vars/FreeBSD.yml deleted file mode 100644 index 60868915..00000000 --- a/tests/integration/targets/incidental_setup_openssl/vars/FreeBSD.yml +++ /dev/null @@ -1,3 +0,0 @@ -pyopenssl_package_name: py27-openssl -pyopenssl_package_name_python3: py36-openssl -openssl_package_name: openssl diff --git a/tests/integration/targets/incidental_setup_openssl/vars/RedHat.yml b/tests/integration/targets/incidental_setup_openssl/vars/RedHat.yml deleted file mode 100644 index 2959932c..00000000 --- a/tests/integration/targets/incidental_setup_openssl/vars/RedHat.yml +++ /dev/null @@ -1,3 +0,0 @@ -pyopenssl_package_name: pyOpenSSL -pyopenssl_package_name_python3: python3-pyOpenSSL -openssl_package_name: openssl diff --git a/tests/integration/targets/incidental_setup_openssl/vars/Suse.yml b/tests/integration/targets/incidental_setup_openssl/vars/Suse.yml deleted file mode 100644 index 2d5200f3..00000000 --- a/tests/integration/targets/incidental_setup_openssl/vars/Suse.yml +++ /dev/null @@ -1,3 +0,0 @@ -pyopenssl_package_name: python-pyOpenSSL -pyopenssl_package_name_python3: python3-pyOpenSSL -openssl_package_name: openssl diff --git a/tests/integration/targets/incidental_x509_crl/aliases b/tests/integration/targets/incidental_x509_crl/aliases deleted file mode 100644 index 357b0886..00000000 --- a/tests/integration/targets/incidental_x509_crl/aliases +++ /dev/null @@ -1,3 +0,0 @@ -x509_crl_info -shippable/posix/incidental -destructive diff --git a/tests/integration/targets/incidental_x509_crl/meta/main.yml b/tests/integration/targets/incidental_x509_crl/meta/main.yml deleted file mode 100644 index 0b241de3..00000000 --- a/tests/integration/targets/incidental_x509_crl/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - incidental_setup_openssl diff --git a/tests/integration/targets/incidental_x509_crl/tasks/impl.yml b/tests/integration/targets/incidental_x509_crl/tasks/impl.yml deleted file mode 100644 index eafb2dad..00000000 --- a/tests/integration/targets/incidental_x509_crl/tasks/impl.yml +++ /dev/null @@ -1,289 +0,0 @@ ---- -- name: Create CRL 1 (check mode) - x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_path: '{{ output_dir }}/ca.key' - issuer: - CN: Ansible - last_update: 20191013000000Z - next_update: 20191113000000Z - revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' - revocation_date: 20191013000000Z - - path: '{{ output_dir }}/cert-2.pem' - revocation_date: 20191013000000Z - reason: key_compromise - reason_critical: yes - invalidity_date: 20191012000000Z - - serial_number: 1234 - revocation_date: 20191001000000Z - check_mode: yes - register: crl_1_check -- name: Create CRL 1 - x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_path: '{{ output_dir }}/ca.key' - issuer: - CN: Ansible - last_update: 20191013000000Z - next_update: 20191113000000Z - revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' - revocation_date: 20191013000000Z - - path: '{{ output_dir }}/cert-2.pem' - revocation_date: 20191013000000Z - reason: key_compromise - reason_critical: yes - invalidity_date: 20191012000000Z - - serial_number: 1234 - revocation_date: 20191001000000Z - register: crl_1 -- name: Retrieve CRL 1 infos - x509_crl_info: - path: '{{ output_dir }}/ca-crl1.crl' - register: crl_1_info_1 -- name: Retrieve CRL 1 infos via file content - x509_crl_info: - content: '{{ lookup("file", output_dir ~ "/ca-crl1.crl") }}' - register: crl_1_info_2 -- name: Create CRL 1 (idempotent, check mode) - x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_path: '{{ output_dir }}/ca.key' - issuer: - CN: Ansible - last_update: 20191013000000Z - next_update: 20191113000000Z - revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' - revocation_date: 20191013000000Z - - path: '{{ output_dir }}/cert-2.pem' - revocation_date: 20191013000000Z - reason: key_compromise - reason_critical: yes - invalidity_date: 20191012000000Z - - serial_number: 1234 - revocation_date: 20191001000000Z - check_mode: yes - register: crl_1_idem_check -- name: Create CRL 1 (idempotent) - x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_path: '{{ output_dir }}/ca.key' - issuer: - CN: Ansible - last_update: 20191013000000Z - next_update: 20191113000000Z - revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' - revocation_date: 20191013000000Z - - path: '{{ output_dir }}/cert-2.pem' - revocation_date: 20191013000000Z - reason: key_compromise - reason_critical: yes - invalidity_date: 20191012000000Z - - serial_number: 1234 - revocation_date: 20191001000000Z - register: crl_1_idem -- name: Create CRL 1 (idempotent with content, check mode) - x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_content: "{{ lookup('file', output_dir ~ '/ca.key') }}" - issuer: - CN: Ansible - last_update: 20191013000000Z - next_update: 20191113000000Z - revoked_certificates: - - content: "{{ lookup('file', output_dir ~ '/cert-1.pem') }}" - revocation_date: 20191013000000Z - - content: "{{ lookup('file', output_dir ~ '/cert-2.pem') }}" - revocation_date: 20191013000000Z - reason: key_compromise - reason_critical: yes - invalidity_date: 20191012000000Z - - serial_number: 1234 - revocation_date: 20191001000000Z - check_mode: yes - register: crl_1_idem_content_check -- name: Create CRL 1 (idempotent with content) - x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_content: "{{ lookup('file', output_dir ~ '/ca.key') }}" - issuer: - CN: Ansible - last_update: 20191013000000Z - next_update: 20191113000000Z - revoked_certificates: - - content: "{{ lookup('file', output_dir ~ '/cert-1.pem') }}" - revocation_date: 20191013000000Z - - content: "{{ lookup('file', output_dir ~ '/cert-2.pem') }}" - revocation_date: 20191013000000Z - reason: key_compromise - reason_critical: yes - invalidity_date: 20191012000000Z - - serial_number: 1234 - revocation_date: 20191001000000Z - register: crl_1_idem_content - -- name: Create CRL 2 (check mode) - x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' - issuer: - CN: Ansible - last_update: +0d - next_update: +0d - revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' - - path: '{{ output_dir }}/cert-2.pem' - reason: key_compromise - reason_critical: yes - invalidity_date: 20191012000000Z - - serial_number: 1234 - check_mode: yes - register: crl_2_check -- name: Create CRL 2 - x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' - issuer: - CN: Ansible - last_update: +0d - next_update: +0d - revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' - - path: '{{ output_dir }}/cert-2.pem' - reason: key_compromise - reason_critical: yes - invalidity_date: 20191012000000Z - - serial_number: 1234 - register: crl_2 -- name: Create CRL 2 (idempotent, check mode) - x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' - issuer: - CN: Ansible - last_update: +0d - next_update: +0d - revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' - - path: '{{ output_dir }}/cert-2.pem' - reason: key_compromise - reason_critical: yes - invalidity_date: 20191012000000Z - - serial_number: 1234 - ignore_timestamps: yes - check_mode: yes - register: crl_2_idem_check -- name: Create CRL 2 (idempotent) - x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' - issuer: - CN: Ansible - last_update: +0d - next_update: +0d - revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' - - path: '{{ output_dir }}/cert-2.pem' - reason: key_compromise - reason_critical: yes - invalidity_date: 20191012000000Z - - serial_number: 1234 - ignore_timestamps: yes - register: crl_2_idem -- name: Create CRL 2 (idempotent update, check mode) - x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' - issuer: - CN: Ansible - last_update: +0d - next_update: +0d - revoked_certificates: - - serial_number: 1235 - ignore_timestamps: yes - mode: update - check_mode: yes - register: crl_2_idem_update_change_check -- name: Create CRL 2 (idempotent update) - x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' - issuer: - CN: Ansible - last_update: +0d - next_update: +0d - revoked_certificates: - - serial_number: 1235 - ignore_timestamps: yes - mode: update - register: crl_2_idem_update_change -- name: Create CRL 2 (idempotent update, check mode) - x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' - issuer: - CN: Ansible - last_update: +0d - next_update: +0d - revoked_certificates: - - path: '{{ output_dir }}/cert-2.pem' - reason: key_compromise - reason_critical: yes - invalidity_date: 20191012000000Z - ignore_timestamps: yes - mode: update - check_mode: yes - register: crl_2_idem_update_check -- name: Create CRL 2 (idempotent update) - x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' - issuer: - CN: Ansible - last_update: +0d - next_update: +0d - revoked_certificates: - - path: '{{ output_dir }}/cert-2.pem' - reason: key_compromise - reason_critical: yes - invalidity_date: 20191012000000Z - ignore_timestamps: yes - mode: update - register: crl_2_idem_update -- name: Create CRL 2 (changed timestamps, check mode) - x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' - issuer: - CN: Ansible - last_update: +0d - next_update: +0d - revoked_certificates: - - path: '{{ output_dir }}/cert-2.pem' - reason: key_compromise - reason_critical: yes - invalidity_date: 20191012000000Z - ignore_timestamps: no - mode: update - check_mode: yes - register: crl_2_change_check -- name: Create CRL 2 (changed timestamps) - x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' - issuer: - CN: Ansible - last_update: +0d - next_update: +0d - revoked_certificates: - - path: '{{ output_dir }}/cert-2.pem' - reason: key_compromise - reason_critical: yes - invalidity_date: 20191012000000Z - ignore_timestamps: no - mode: update - return_content: yes - register: crl_2_change diff --git a/tests/integration/targets/incidental_x509_crl/tasks/main.yml b/tests/integration/targets/incidental_x509_crl/tasks/main.yml deleted file mode 100644 index 1f82ff9e..00000000 --- a/tests/integration/targets/incidental_x509_crl/tasks/main.yml +++ /dev/null @@ -1,83 +0,0 @@ ---- -- set_fact: - certificates: - - name: ca - subject: - commonName: Ansible - is_ca: yes - - name: ca-2 - subject: - commonName: Ansible Other CA - is_ca: yes - - name: cert-1 - subject_alt_name: - - DNS:ansible.com - - name: cert-2 - subject_alt_name: - - DNS:example.com - - name: cert-3 - subject_alt_name: - - DNS:example.org - - IP:1.2.3.4 - - name: cert-4 - subject_alt_name: - - DNS:test.ansible.com - - DNS:b64.ansible.com - -- name: Generate private keys - openssl_privatekey: - path: '{{ output_dir }}/{{ item.name }}.key' - type: ECC - curve: secp256r1 - loop: "{{ certificates }}" - -- name: Generate CSRs - openssl_csr: - path: '{{ output_dir }}/{{ item.name }}.csr' - privatekey_path: '{{ output_dir }}/{{ item.name }}.key' - subject: "{{ item.subject | default(omit) }}" - subject_alt_name: "{{ item.subject_alt_name | default(omit) }}" - basic_constraints: "{{ 'CA:TRUE' if item.is_ca | default(false) else omit }}" - use_common_name_for_san: no - loop: "{{ certificates }}" - -- name: Generate CA certificates - openssl_certificate: - path: '{{ output_dir }}/{{ item.name }}.pem' - csr_path: '{{ output_dir }}/{{ item.name }}.csr' - privatekey_path: '{{ output_dir }}/{{ item.name }}.key' - provider: selfsigned - loop: "{{ certificates }}" - when: item.is_ca | default(false) - -- name: Generate other certificates - openssl_certificate: - path: '{{ output_dir }}/{{ item.name }}.pem' - csr_path: '{{ output_dir }}/{{ item.name }}.csr' - provider: ownca - ownca_path: '{{ output_dir }}/ca.pem' - ownca_privatekey_path: '{{ output_dir }}/ca.key' - loop: "{{ certificates }}" - when: not (item.is_ca | default(false)) - -- name: Get certificate infos - openssl_certificate_info: - path: '{{ output_dir }}/{{ item }}.pem' - loop: - - cert-1 - - cert-2 - - cert-3 - - cert-4 - register: certificate_infos - -- block: - - name: Running tests with cryptography backend - include_tasks: impl.yml - vars: - select_crypto_backend: cryptography - - - import_tasks: ../tests/validate.yml - vars: - select_crypto_backend: cryptography - - when: cryptography_version.stdout is version('1.2', '>=') diff --git a/tests/integration/targets/incidental_x509_crl/tests/validate.yml b/tests/integration/targets/incidental_x509_crl/tests/validate.yml deleted file mode 100644 index 17b31f34..00000000 --- a/tests/integration/targets/incidental_x509_crl/tests/validate.yml +++ /dev/null @@ -1,61 +0,0 @@ ---- -- name: Validate CRL 1 - assert: - that: - - crl_1_check is changed - - crl_1 is changed - - crl_1_idem_check is not changed - - crl_1_idem is not changed - - crl_1_idem_content_check is not changed - - crl_1_idem_content is not changed - -- name: Validate CRL 1 info - assert: - that: - - crl_1_info_1 == crl_1_info_2 - - crl_1_info_1.digest == 'ecdsa-with-SHA256' - - crl_1_info_1.issuer | length == 1 - - crl_1_info_1.issuer.commonName == 'Ansible' - - crl_1_info_1.issuer_ordered | length == 1 - - crl_1_info_1.last_update == '20191013000000Z' - - crl_1_info_1.next_update == '20191113000000Z' - - crl_1_info_1.revoked_certificates | length == 3 - - crl_1_info_1.revoked_certificates[0].invalidity_date is none - - crl_1_info_1.revoked_certificates[0].invalidity_date_critical == false - - crl_1_info_1.revoked_certificates[0].issuer is none - - crl_1_info_1.revoked_certificates[0].issuer_critical == false - - crl_1_info_1.revoked_certificates[0].reason is none - - crl_1_info_1.revoked_certificates[0].reason_critical == false - - crl_1_info_1.revoked_certificates[0].revocation_date == '20191013000000Z' - - crl_1_info_1.revoked_certificates[0].serial_number == certificate_infos.results[0].serial_number - - crl_1_info_1.revoked_certificates[1].invalidity_date == '20191012000000Z' - - crl_1_info_1.revoked_certificates[1].invalidity_date_critical == false - - crl_1_info_1.revoked_certificates[1].issuer is none - - crl_1_info_1.revoked_certificates[1].issuer_critical == false - - crl_1_info_1.revoked_certificates[1].reason == 'key_compromise' - - crl_1_info_1.revoked_certificates[1].reason_critical == true - - crl_1_info_1.revoked_certificates[1].revocation_date == '20191013000000Z' - - crl_1_info_1.revoked_certificates[1].serial_number == certificate_infos.results[1].serial_number - - crl_1_info_1.revoked_certificates[2].invalidity_date is none - - crl_1_info_1.revoked_certificates[2].invalidity_date_critical == false - - crl_1_info_1.revoked_certificates[2].issuer is none - - crl_1_info_1.revoked_certificates[2].issuer_critical == false - - crl_1_info_1.revoked_certificates[2].reason is none - - crl_1_info_1.revoked_certificates[2].reason_critical == false - - crl_1_info_1.revoked_certificates[2].revocation_date == '20191001000000Z' - - crl_1_info_1.revoked_certificates[2].serial_number == 1234 - -- name: Validate CRL 2 - assert: - that: - - crl_2_check is changed - - crl_2 is changed - - crl_2_idem_check is not changed - - crl_2_idem is not changed - - crl_2_idem_update_change_check is changed - - crl_2_idem_update_change is changed - - crl_2_idem_update_check is not changed - - crl_2_idem_update is not changed - - crl_2_change_check is changed - - crl_2_change is changed - - crl_2_change.crl == lookup('file', output_dir ~ '/ca-crl2.crl', rstrip=False)