diff --git a/tests/integration/targets/openssl_csr/tasks/impl.yml b/tests/integration/targets/openssl_csr/tasks/impl.yml index 61b8d5e2..e325a060 100644 --- a/tests/integration/targets/openssl_csr/tasks/impl.yml +++ b/tests/integration/targets/openssl_csr/tasks/impl.yml @@ -1,9 +1,9 @@ --- -- name: Generate privatekey +- name: "({{ select_crypto_backend }}) Generate privatekey" openssl_privatekey: path: '{{ output_dir }}/privatekey.pem' -- name: Generate CSR (check mode) +- name: "({{ select_crypto_backend }}) Generate CSR (check mode)" openssl_csr: path: '{{ output_dir }}/csr.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -14,7 +14,7 @@ check_mode: yes register: generate_csr_check -- name: Generate CSR +- name: "({{ select_crypto_backend }}) Generate CSR" openssl_csr: path: '{{ output_dir }}/csr.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -24,7 +24,7 @@ return_content: yes register: generate_csr -- name: Generate CSR (idempotent) +- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" openssl_csr: path: '{{ output_dir }}/csr.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -34,7 +34,7 @@ return_content: yes register: generate_csr_idempotent -- name: Generate CSR (idempotent, check mode) +- name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)" openssl_csr: path: '{{ output_dir }}/csr.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -45,7 +45,7 @@ check_mode: yes register: generate_csr_idempotent_check -- name: Generate CSR without SAN (check mode) +- name: "({{ select_crypto_backend }}) Generate CSR without SAN (check mode)" openssl_csr: path: '{{ output_dir }}/csr-nosan.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -56,7 +56,7 @@ check_mode: yes register: generate_csr_nosan_check -- name: Generate CSR without SAN +- name: "({{ select_crypto_backend }}) Generate CSR without SAN" openssl_csr: path: '{{ output_dir }}/csr-nosan.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -66,7 +66,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: generate_csr_nosan -- name: Generate CSR without SAN (idempotent) +- name: "({{ select_crypto_backend }}) Generate CSR without SAN (idempotent)" openssl_csr: path: '{{ output_dir }}/csr-nosan.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -76,7 +76,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: generate_csr_nosan_check_idempotent -- name: Generate CSR without SAN (idempotent, check mode) +- name: "({{ select_crypto_backend }}) Generate CSR without SAN (idempotent, check mode)" openssl_csr: path: '{{ output_dir }}/csr-nosan.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -91,7 +91,7 @@ # interchangeably. Hence the long name is specified here # but the short name is used to test idempotency for ipsecuser # and vice-versa for biometricInfo -- name: Generate CSR with KU and XKU +- name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU" openssl_csr: path: '{{ output_dir }}/csr_ku_xku.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -107,7 +107,7 @@ - biometricInfo select_crypto_backend: '{{ select_crypto_backend }}' -- name: Generate CSR with KU and XKU (test idempotency) +- name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test idempotency)" openssl_csr: path: '{{ output_dir }}/csr_ku_xku.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -124,7 +124,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: csr_ku_xku -- name: Generate CSR with KU and XKU (test XKU change) +- name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test XKU change)" openssl_csr: path: '{{ output_dir }}/csr_ku_xku.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -140,7 +140,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: csr_ku_xku_change -- name: Generate CSR with KU and XKU (test KU change) +- name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test KU change)" openssl_csr: path: '{{ output_dir }}/csr_ku_xku.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -155,14 +155,14 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: csr_ku_xku_change_2 -- name: Generate CSR with old API +- name: "({{ select_crypto_backend }}) Generate CSR with old API" openssl_csr: path: '{{ output_dir }}/csr_oldapi.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' -- name: Generate CSR with invalid SAN (1/2) +- name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (1/2)" openssl_csr: path: '{{ output_dir }}/csrinvsan.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -171,7 +171,7 @@ register: generate_csr_invalid_san ignore_errors: yes -- name: Generate CSR with invalid SAN (2/2) +- name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (2/2)" openssl_csr: path: '{{ output_dir }}/csrinvsan2.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -180,7 +180,7 @@ register: generate_csr_invalid_san_2 ignore_errors: yes -- name: Generate CSR with OCSP Must Staple +- name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple" openssl_csr: path: '{{ output_dir }}/csr_ocsp.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -188,7 +188,7 @@ ocsp_must_staple: true select_crypto_backend: '{{ select_crypto_backend }}' -- name: Generate CSR with OCSP Must Staple (test idempotency) +- name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple (test idempotency)" openssl_csr: path: '{{ output_dir }}/csr_ocsp.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -197,13 +197,13 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: csr_ocsp_idempotency -- name: Generate ECC privatekey +- name: "({{ select_crypto_backend }}) Generate ECC privatekey" openssl_privatekey: path: '{{ output_dir }}/privatekey2.pem' type: ECC curve: secp384r1 -- name: Generate CSR with ECC privatekey +- name: "({{ select_crypto_backend }}) Generate CSR with ECC privatekey" openssl_csr: path: '{{ output_dir }}/csr2.csr' privatekey_path: '{{ output_dir }}/privatekey2.pem' @@ -211,7 +211,7 @@ commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' -- name: Generate CSR with text common name +- name: "({{ select_crypto_backend }}) Generate CSR with text common name" openssl_csr: path: '{{ output_dir }}/csr3.csr' privatekey_path: '{{ output_dir }}/privatekey2.pem' @@ -220,7 +220,7 @@ useCommonNameForSAN: no select_crypto_backend: '{{ select_crypto_backend }}' -- name: Generate CSR with country name +- name: "({{ select_crypto_backend }}) Generate CSR with country name" openssl_csr: path: '{{ output_dir }}/csr4.csr' privatekey_path: '{{ output_dir }}/privatekey2.pem' @@ -228,7 +228,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: country_idempotent_1 -- name: Generate CSR with country name (idempotent) +- name: "({{ select_crypto_backend }}) Generate CSR with country name (idempotent)" openssl_csr: path: '{{ output_dir }}/csr4.csr' privatekey_path: '{{ output_dir }}/privatekey2.pem' @@ -236,7 +236,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: country_idempotent_2 -- name: Generate CSR with country name (idempotent 2) +- name: "({{ select_crypto_backend }}) Generate CSR with country name (idempotent 2)" openssl_csr: path: '{{ output_dir }}/csr4.csr' privatekey_path: '{{ output_dir }}/privatekey2.pem' @@ -245,7 +245,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: country_idempotent_3 -- name: Generate CSR with country name (bad country name) +- name: "({{ select_crypto_backend }}) Generate CSR with country name (bad country name)" openssl_csr: path: '{{ output_dir }}/csr4.csr' privatekey_path: '{{ output_dir }}/privatekey2.pem' @@ -255,14 +255,14 @@ register: country_fail_4 ignore_errors: yes -- name: Generate privatekey with password +- name: "({{ select_crypto_backend }}) Generate privatekey with password" openssl_privatekey: path: '{{ output_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: auto select_crypto_backend: cryptography -- name: Generate CSR with privatekey passphrase +- name: "({{ select_crypto_backend }}) Generate CSR with privatekey passphrase" openssl_csr: path: '{{ output_dir }}/csr_pw.csr' privatekey_path: '{{ output_dir }}/privatekeypw.pem' @@ -270,7 +270,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: passphrase_1 -- name: Generate CSR (failed passphrase 1) +- name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 1)" openssl_csr: path: '{{ output_dir }}/csr_pw1.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -279,7 +279,7 @@ ignore_errors: yes register: passphrase_error_1 -- name: Generate CSR (failed passphrase 2) +- name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 2)" openssl_csr: path: '{{ output_dir }}/csr_pw2.csr' privatekey_path: '{{ output_dir }}/privatekeypw.pem' @@ -288,7 +288,7 @@ ignore_errors: yes register: passphrase_error_2 -- name: Generate CSR (failed passphrase 3) +- name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 3)" openssl_csr: path: '{{ output_dir }}/csr_pw3.csr' privatekey_path: '{{ output_dir }}/privatekeypw.pem' @@ -296,11 +296,11 @@ ignore_errors: yes register: passphrase_error_3 -- name: Create broken CSR +- name: "({{ select_crypto_backend }}) Create broken CSR" copy: dest: "{{ output_dir }}/csrbroken.csr" content: "broken" -- name: Regenerate broken CSR +- name: "({{ select_crypto_backend }}) Regenerate broken CSR" openssl_csr: path: '{{ output_dir }}/csrbroken.csr' privatekey_path: '{{ output_dir }}/privatekey2.pem' @@ -310,7 +310,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: output_broken -- name: Generate CSR +- name: "({{ select_crypto_backend }}) Generate CSR" openssl_csr: path: '{{ output_dir }}/csr_backup.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -319,7 +319,7 @@ backup: yes select_crypto_backend: '{{ select_crypto_backend }}' register: csr_backup_1 -- name: Generate CSR (idempotent) +- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" openssl_csr: path: '{{ output_dir }}/csr_backup.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -328,7 +328,7 @@ backup: yes select_crypto_backend: '{{ select_crypto_backend }}' register: csr_backup_2 -- name: Generate CSR (change) +- name: "({{ select_crypto_backend }}) Generate CSR (change)" openssl_csr: path: '{{ output_dir }}/csr_backup.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -337,7 +337,7 @@ backup: yes select_crypto_backend: '{{ select_crypto_backend }}' register: csr_backup_3 -- name: Generate CSR (remove) +- name: "({{ select_crypto_backend }}) Generate CSR (remove)" openssl_csr: path: '{{ output_dir }}/csr_backup.csr' state: absent @@ -345,7 +345,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' return_content: yes register: csr_backup_4 -- name: Generate CSR (remove, idempotent) +- name: "({{ select_crypto_backend }}) Generate CSR (remove, idempotent)" openssl_csr: path: '{{ output_dir }}/csr_backup.csr' state: absent @@ -353,7 +353,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: csr_backup_5 -- name: Generate CSR with subject key identifier +- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier" openssl_csr: path: '{{ output_dir }}/csr_ski.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -364,7 +364,7 @@ when: select_crypto_backend != 'pyopenssl' register: subject_key_identifier_1 -- name: Generate CSR with subject key identifier (idempotency) +- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (idempotency)" openssl_csr: path: '{{ output_dir }}/csr_ski.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -375,7 +375,7 @@ when: select_crypto_backend != 'pyopenssl' register: subject_key_identifier_2 -- name: Generate CSR with subject key identifier (change) +- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (change)" openssl_csr: path: '{{ output_dir }}/csr_ski.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -386,7 +386,7 @@ when: select_crypto_backend != 'pyopenssl' register: subject_key_identifier_3 -- name: Generate CSR with subject key identifier (auto-create) +- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (auto-create)" openssl_csr: path: '{{ output_dir }}/csr_ski.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -397,7 +397,7 @@ when: select_crypto_backend != 'pyopenssl' register: subject_key_identifier_4 -- name: Generate CSR with subject key identifier (auto-create idempotency) +- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (auto-create idempotency)" openssl_csr: path: '{{ output_dir }}/csr_ski.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -408,7 +408,7 @@ when: select_crypto_backend != 'pyopenssl' register: subject_key_identifier_5 -- name: Generate CSR with subject key identifier (remove) +- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (remove)" openssl_csr: path: '{{ output_dir }}/csr_ski.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -418,7 +418,7 @@ when: select_crypto_backend != 'pyopenssl' register: subject_key_identifier_6 -- name: Generate CSR with authority key identifier +- name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier" openssl_csr: path: '{{ output_dir }}/csr_aki.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -429,7 +429,7 @@ when: select_crypto_backend != 'pyopenssl' register: authority_key_identifier_1 -- name: Generate CSR with authority key identifier (idempotency) +- name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (idempotency)" openssl_csr: path: '{{ output_dir }}/csr_aki.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -440,7 +440,7 @@ when: select_crypto_backend != 'pyopenssl' register: authority_key_identifier_2 -- name: Generate CSR with authority key identifier (change) +- name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (change)" openssl_csr: path: '{{ output_dir }}/csr_aki.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -451,7 +451,7 @@ when: select_crypto_backend != 'pyopenssl' register: authority_key_identifier_3 -- name: Generate CSR with authority key identifier (remove) +- name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (remove)" openssl_csr: path: '{{ output_dir }}/csr_aki.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -461,7 +461,7 @@ when: select_crypto_backend != 'pyopenssl' register: authority_key_identifier_4 -- name: Generate CSR with authority cert issuer / serial number +- name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number" openssl_csr: path: '{{ output_dir }}/csr_acisn.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -475,7 +475,7 @@ when: select_crypto_backend != 'pyopenssl' register: authority_cert_issuer_sn_1 -- name: Generate CSR with authority cert issuer / serial number (idempotency) +- name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (idempotency)" openssl_csr: path: '{{ output_dir }}/csr_acisn.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -489,7 +489,7 @@ when: select_crypto_backend != 'pyopenssl' register: authority_cert_issuer_sn_2 -- name: Generate CSR with authority cert issuer / serial number (change issuer) +- name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (change issuer)" openssl_csr: path: '{{ output_dir }}/csr_acisn.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -503,7 +503,7 @@ when: select_crypto_backend != 'pyopenssl' register: authority_cert_issuer_sn_3 -- name: Generate CSR with authority cert issuer / serial number (change serial number) +- name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (change serial number)" openssl_csr: path: '{{ output_dir }}/csr_acisn.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -517,7 +517,7 @@ when: select_crypto_backend != 'pyopenssl' register: authority_cert_issuer_sn_4 -- name: Generate CSR with authority cert issuer / serial number (remove) +- name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (remove)" openssl_csr: path: '{{ output_dir }}/csr_acisn.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -526,7 +526,7 @@ when: select_crypto_backend != 'pyopenssl' register: authority_cert_issuer_sn_5 -- name: Generate CSR with everything +- name: "({{ select_crypto_backend }}) Generate CSR with everything" openssl_csr: path: '{{ output_dir }}/csr_everything.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -634,7 +634,7 @@ - "IP:1.2.3.0/255.255.255.0" register: everything_1 -- name: Generate CSR with everything (idempotent, check mode) +- name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent, check mode)" openssl_csr: path: '{{ output_dir }}/csr_everything.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -743,7 +743,7 @@ check_mode: yes register: everything_2 -- name: Generate CSR with everything (idempotent) +- name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent)" openssl_csr: path: '{{ output_dir }}/csr_everything.csr' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -851,15 +851,15 @@ - "IP:1.2.3.0/255.255.255.0" register: everything_3 -- name: Get info from CSR with everything +- name: "({{ select_crypto_backend }}) Get info from CSR with everything" community.crypto.openssl_csr_info: path: '{{ output_dir }}/csr_everything.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: everything_info -- name: Ed25519 and Ed448 tests (for cryptography >= 2.6) +- name: "({{ select_crypto_backend }}) Ed25519 and Ed448 tests (for cryptography >= 2.6)" block: - - name: Generate privatekeys + - name: "({{ select_crypto_backend }}) Generate privatekeys" openssl_privatekey: path: '{{ output_dir }}/privatekey_{{ item }}.pem' type: '{{ item }}' @@ -869,11 +869,11 @@ register: generate_csr_ed25519_ed448_privatekey ignore_errors: yes - - name: Generate CSR if private key generation succeeded + - name: "({{ select_crypto_backend }}) Generate CSR if private key generation succeeded" when: generate_csr_ed25519_ed448_privatekey is not failed block: - - name: Generate CSR + - name: "({{ select_crypto_backend }}) Generate CSR" openssl_csr: path: '{{ output_dir }}/csr_{{ item }}.csr' privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem' @@ -886,7 +886,7 @@ register: generate_csr_ed25519_ed448 ignore_errors: yes - - name: Generate CSR (idempotent) + - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" openssl_csr: path: '{{ output_dir }}/csr_{{ item }}.csr' privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem' diff --git a/tests/integration/targets/openssl_csr/tests/validate.yml b/tests/integration/targets/openssl_csr/tests/validate.yml index 2936ca9a..2683bb2a 100644 --- a/tests/integration/targets/openssl_csr/tests/validate.yml +++ b/tests/integration/targets/openssl_csr/tests/validate.yml @@ -1,23 +1,23 @@ --- -- name: Validate CSR (test - privatekey modulus) +- name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)" shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem' register: privatekey_modulus -- name: Validate CSR (test - Common Name) +- name: "({{ select_crypto_backend }}) Validate CSR (test - Common Name)" shell: "openssl req -noout -subject -in {{ output_dir }}/csr.csr -nameopt oneline,-space_eq" register: csr_cn -- name: Validate CSR (test - csr modulus) +- name: "({{ select_crypto_backend }}) Validate CSR (test - csr modulus)" shell: 'openssl req -noout -modulus -in {{ output_dir }}/csr.csr' register: csr_modulus -- name: Validate CSR (assert) +- name: "({{ select_crypto_backend }}) Validate CSR (assert)" assert: that: - csr_cn.stdout.split('=')[-1] == 'www.ansible.com' - csr_modulus.stdout == privatekey_modulus.stdout -- name: Validate CSR (check mode, idempotency) +- name: "({{ select_crypto_backend }}) Validate CSR (check mode, idempotency)" assert: that: - generate_csr_check is changed @@ -25,7 +25,7 @@ - generate_csr_idempotent is not changed - generate_csr_idempotent_check is not changed -- name: Validate CSR (data retrieval) +- name: "({{ select_crypto_backend }}) Validate CSR (data retrieval)" assert: that: - generate_csr_check.csr is none @@ -33,7 +33,7 @@ - generate_csr.csr == generate_csr_idempotent.csr - generate_csr.csr == generate_csr_idempotent_check.csr -- name: Validate CSR without SAN (check mode, idempotency) +- name: "({{ select_crypto_backend }}) Validate CSR without SAN (check mode, idempotency)" assert: that: - generate_csr_nosan_check is changed @@ -41,34 +41,34 @@ - generate_csr_nosan_check_idempotent is not changed - generate_csr_nosan_check_idempotent_check is not changed -- name: Validate CSR_KU_XKU (assert idempotency, change) +- name: "({{ select_crypto_backend }}) Validate CSR_KU_XKU (assert idempotency, change)" assert: that: - csr_ku_xku is not changed - csr_ku_xku_change is changed - csr_ku_xku_change_2 is changed -- name: Validate old_API CSR (test - Common Name) +- name: "({{ select_crypto_backend }}) Validate old_API CSR (test - Common Name)" shell: "openssl req -noout -subject -in {{ output_dir }}/csr_oldapi.csr -nameopt oneline,-space_eq" register: csr_oldapi_cn -- name: Validate old_API CSR (test - csr modulus) +- name: "({{ select_crypto_backend }}) Validate old_API CSR (test - csr modulus)" shell: 'openssl req -noout -modulus -in {{ output_dir }}/csr_oldapi.csr' register: csr_oldapi_modulus -- name: Validate old_API CSR (assert) +- name: "({{ select_crypto_backend }}) Validate old_API CSR (assert)" assert: that: - csr_oldapi_cn.stdout.split('=')[-1] == 'www.ansible.com' - csr_oldapi_modulus.stdout == privatekey_modulus.stdout -- name: Validate invalid SAN (1/2) +- name: "({{ select_crypto_backend }}) Validate invalid SAN (1/2)" assert: that: - generate_csr_invalid_san is failed - "'Subject Alternative Name' in generate_csr_invalid_san.msg" -- name: Validate invalid SAN (2/2) +- name: "({{ select_crypto_backend }}) Validate invalid SAN (2/2)" # Note that pyOpenSSL simply accepts this name, and modern cryptography versions do so as well. # The error has been observed with cryptography 1.7.2 and 1.9, but not with 2.3 and newer. assert: @@ -77,49 +77,49 @@ - "'The label system:kube-controller-manager is not a valid A-label' in generate_csr_invalid_san_2.msg" when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.0', '<') -- name: Validate OCSP Must Staple CSR (test - everything) +- name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (test - everything)" shell: "openssl req -noout -in {{ output_dir }}/csr_ocsp.csr -text" register: csr_ocsp -- name: Validate OCSP Must Staple CSR (assert) +- name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (assert)" assert: that: - "(csr_ocsp.stdout is search('\\s+TLS Feature:\\s*\\n\\s+status_request\\s+')) or (csr_ocsp.stdout is search('\\s+1.3.6.1.5.5.7.1.24:\\s*\\n\\s+0\\.\\.\\.\\.\\s+'))" -- name: Validate OCSP Must Staple CSR (assert idempotency) +- name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (assert idempotency)" assert: that: - csr_ocsp_idempotency is not changed -- name: Validate ECC CSR (test - privatekey's public key) +- name: "({{ select_crypto_backend }}) Validate ECC CSR (test - privatekey's public key)" shell: 'openssl ec -pubout -in {{ output_dir }}/privatekey2.pem' register: privatekey_ecc_key -- name: Validate ECC CSR (test - Common Name) +- name: "({{ select_crypto_backend }}) Validate ECC CSR (test - Common Name)" shell: "openssl req -noout -subject -in {{ output_dir }}/csr2.csr -nameopt oneline,-space_eq" register: csr_ecc_cn -- name: Validate ECC CSR (test - CSR pubkey) +- name: "({{ select_crypto_backend }}) Validate ECC CSR (test - CSR pubkey)" shell: 'openssl req -noout -pubkey -in {{ output_dir }}/csr2.csr' register: csr_ecc_pubkey -- name: Validate ECC CSR (assert) +- name: "({{ select_crypto_backend }}) Validate ECC CSR (assert)" assert: that: - csr_ecc_cn.stdout.split('=')[-1] == 'www.ansible.com' - csr_ecc_pubkey.stdout == privatekey_ecc_key.stdout -- name: Validate CSR (text common name - Common Name) +- name: "({{ select_crypto_backend }}) Validate CSR (text common name - Common Name)" shell: "openssl req -noout -subject -in {{ output_dir }}/csr3.csr -nameopt oneline,-space_eq" register: csr3_cn -- name: Validate CSR (assert) +- name: "({{ select_crypto_backend }}) Validate CSR (assert)" assert: that: - csr3_cn.stdout.split('=')[-1] == 'This is for Ansible' -- name: Validate country name idempotency and validation +- name: "({{ select_crypto_backend }}) Validate country name idempotency and validation" assert: that: - country_idempotent_1 is changed @@ -137,12 +137,12 @@ - passphrase_error_3 is failed - "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg" -- name: Verify that broken CSR will be regenerated +- name: "({{ select_crypto_backend }}) Verify that broken CSR will be regenerated" assert: that: - output_broken is changed -- name: Verify that subject key identifier handling works +- name: "({{ select_crypto_backend }}) Verify that subject key identifier handling works" assert: that: - subject_key_identifier_1 is changed @@ -153,7 +153,7 @@ - subject_key_identifier_6 is changed when: select_crypto_backend != 'pyopenssl' -- name: Verify that authority key identifier handling works +- name: "({{ select_crypto_backend }}) Verify that authority key identifier handling works" assert: that: - authority_key_identifier_1 is changed @@ -162,7 +162,7 @@ - authority_key_identifier_4 is changed when: select_crypto_backend != 'pyopenssl' -- name: Verify that authority cert issuer / serial number handling works +- name: "({{ select_crypto_backend }}) Verify that authority cert issuer / serial number handling works" assert: that: - authority_cert_issuer_sn_1 is changed @@ -172,7 +172,7 @@ - authority_cert_issuer_sn_5 is changed when: select_crypto_backend != 'pyopenssl' -- name: Check backup +- name: "({{ select_crypto_backend }}) Check backup" assert: that: - csr_backup_1 is changed @@ -187,7 +187,7 @@ - csr_backup_5.backup_file is undefined - csr_backup_4.csr is none -- name: Check CSR with everything +- name: "({{ select_crypto_backend }}) Check CSR with everything" assert: that: - everything_1 is changed @@ -238,7 +238,7 @@ ] - everything_info.name_constraints_critical == true -- name: Check CSR with everything (pyOpenSSL specific) +- name: "({{ select_crypto_backend }}) Check CSR with everything (pyOpenSSL specific)" assert: that: - everything_info.subject_alt_name == [ @@ -269,7 +269,7 @@ ] when: select_crypto_backend == 'pyopenssl' -- name: Check CSR with everything (non-pyOpenSSL specific) +- name: "({{ select_crypto_backend }}) Check CSR with everything (non-pyOpenSSL specific)" assert: that: - everything_info.authority_cert_issuer == [ @@ -313,7 +313,7 @@ ] when: select_crypto_backend != 'pyopenssl' -- name: Verify Ed25519 and Ed448 tests (for cryptography >= 2.6, < 2.8) +- name: "({{ select_crypto_backend }}) Verify Ed25519 and Ed448 tests (for cryptography >= 2.6, < 2.8)" assert: that: - generate_csr_ed25519_ed448.results[0] is failed @@ -324,7 +324,7 @@ - generate_csr_ed25519_ed448_idempotent.results[1] is failed when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') and cryptography_version.stdout is version('2.8', '<') and generate_csr_ed25519_ed448_privatekey is not failed -- name: Verify Ed25519 and Ed448 tests (for cryptography >= 2.8) +- name: "({{ select_crypto_backend }}) Verify Ed25519 and Ed448 tests (for cryptography >= 2.8)" assert: that: - generate_csr_ed25519_ed448 is succeeded diff --git a/tests/integration/targets/openssl_csr_info/tasks/impl.yml b/tests/integration/targets/openssl_csr_info/tasks/impl.yml index 2ab8b87b..bc9037eb 100644 --- a/tests/integration/targets/openssl_csr_info/tasks/impl.yml +++ b/tests/integration/targets/openssl_csr_info/tasks/impl.yml @@ -2,20 +2,20 @@ - debug: msg: "Executing tests with backend {{ select_crypto_backend }}" -- name: ({{select_crypto_backend}}) Get CSR info +- name: "({{ select_crypto_backend }}) Get CSR info" openssl_csr_info: path: '{{ output_dir }}/csr_1.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: result -- name: Check whether subject behaves as expected +- name: "({{ select_crypto_backend }}) Check whether subject behaves as expected" assert: that: - result.subject.organizationalUnitName == 'ACME Department' - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered" - "['organizationalUnitName', 'ACME Department'] in result.subject_ordered" -- name: Check SubjectKeyIdentifier and AuthorityKeyIdentifier +- name: "({{ select_crypto_backend }}) Check SubjectKeyIdentifier and AuthorityKeyIdentifier" assert: that: - result.subject_key_identifier == "00:11:22:33" @@ -28,38 +28,38 @@ - "IP:1.2.3.4" when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=') -- name: Update result list +- name: "({{ select_crypto_backend }}) Update result list" set_fact: info_results: "{{ info_results + [result] }}" -- name: ({{select_crypto_backend}}) Get CSR info directly +- name: "({{ select_crypto_backend }}) Get CSR info directly" openssl_csr_info: content: '{{ lookup("file", output_dir ~ "/csr_1.csr") }}' select_crypto_backend: '{{ select_crypto_backend }}' register: result_direct -- name: ({{select_crypto_backend}}) Compare output of direct and loaded info +- name: "({{ select_crypto_backend }}) Compare output of direct and loaded info" assert: that: - result == result_direct -- name: ({{select_crypto_backend}}) Get CSR info +- name: "({{ select_crypto_backend }}) Get CSR info" openssl_csr_info: path: '{{ output_dir }}/csr_2.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: result -- name: Update result list +- name: "({{ select_crypto_backend }}) Update result list" set_fact: info_results: "{{ info_results + [result] }}" -- name: ({{select_crypto_backend}}) Get CSR info +- name: "({{ select_crypto_backend }}) Get CSR info" openssl_csr_info: path: '{{ output_dir }}/csr_3.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: result -- name: Check AuthorityKeyIdentifier +- name: "({{ select_crypto_backend }}) Check AuthorityKeyIdentifier" assert: that: - result.authority_key_identifier is none @@ -71,17 +71,17 @@ - "IP:1.2.3.4" when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=') -- name: Update result list +- name: "({{ select_crypto_backend }}) Update result list" set_fact: info_results: "{{ info_results + [result] }}" -- name: ({{select_crypto_backend}}) Get CSR info +- name: "({{ select_crypto_backend }}) Get CSR info" openssl_csr_info: path: '{{ output_dir }}/csr_4.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: result -- name: Check AuthorityKeyIdentifier +- name: "({{ select_crypto_backend }}) Check AuthorityKeyIdentifier" assert: that: - result.authority_key_identifier == "44:55:66:77" @@ -89,6 +89,6 @@ - result.authority_cert_serial_number is none when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=') -- name: Update result list +- name: "({{ select_crypto_backend }}) Update result list" set_fact: info_results: "{{ info_results + [result] }}" diff --git a/tests/integration/targets/openssl_privatekey/tasks/impl.yml b/tests/integration/targets/openssl_privatekey/tasks/impl.yml index a1e501cd..9e5b11cf 100644 --- a/tests/integration/targets/openssl_privatekey/tasks/impl.yml +++ b/tests/integration/targets/openssl_privatekey/tasks/impl.yml @@ -1,37 +1,37 @@ --- -- name: Generate privatekey1 - standard +- name: "({{ select_crypto_backend }}) Generate privatekey1 - standard" openssl_privatekey: path: '{{ output_dir }}/privatekey1.pem' select_crypto_backend: '{{ select_crypto_backend }}' return_content: yes register: privatekey1 -- name: Generate privatekey1 - standard (idempotence) +- name: "({{ select_crypto_backend }}) Generate privatekey1 - standard (idempotence)" openssl_privatekey: path: '{{ output_dir }}/privatekey1.pem' select_crypto_backend: '{{ select_crypto_backend }}' return_content: yes register: privatekey1_idempotence -- name: Generate privatekey2 - size 2048 +- name: "({{ select_crypto_backend }}) Generate privatekey2 - size 2048" openssl_privatekey: path: '{{ output_dir }}/privatekey2.pem' size: 2048 select_crypto_backend: '{{ select_crypto_backend }}' -- name: Generate privatekey3 - type DSA +- name: "({{ select_crypto_backend }}) Generate privatekey3 - type DSA" openssl_privatekey: path: '{{ output_dir }}/privatekey3.pem' type: DSA size: 3072 select_crypto_backend: '{{ select_crypto_backend }}' -- name: Generate privatekey4 - standard +- name: "({{ select_crypto_backend }}) Generate privatekey4 - standard" openssl_privatekey: path: '{{ output_dir }}/privatekey4.pem' select_crypto_backend: '{{ select_crypto_backend }}' -- name: Delete privatekey4 - standard +- name: "({{ select_crypto_backend }}) Delete privatekey4 - standard" openssl_privatekey: state: absent path: '{{ output_dir }}/privatekey4.pem' @@ -39,21 +39,21 @@ return_content: yes register: privatekey4_delete -- name: Delete privatekey4 - standard (idempotence) +- name: "({{ select_crypto_backend }}) Delete privatekey4 - standard (idempotence)" openssl_privatekey: state: absent path: '{{ output_dir }}/privatekey4.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey4_delete_idempotence -- name: Generate privatekey5 - standard - with passphrase +- name: "({{ select_crypto_backend }}) Generate privatekey5 - standard - with passphrase" openssl_privatekey: path: '{{ output_dir }}/privatekey5.pem' passphrase: ansible cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" select_crypto_backend: '{{ select_crypto_backend }}' -- name: Generate privatekey5 - standard - idempotence +- name: "({{ select_crypto_backend }}) Generate privatekey5 - standard - idempotence" openssl_privatekey: path: '{{ output_dir }}/privatekey5.pem' passphrase: ansible @@ -61,7 +61,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey5_idempotence -- name: Generate privatekey6 - standard - with non-ASCII passphrase +- name: "({{ select_crypto_backend }}) Generate privatekey6 - standard - with non-ASCII passphrase" openssl_privatekey: path: '{{ output_dir }}/privatekey6.pem' passphrase: ànsïblé @@ -132,7 +132,7 @@ min_cryptography_version: "0.5" when: select_crypto_backend == 'cryptography' -- name: Test ECC key generation +- name: "({{ select_crypto_backend }}) Test ECC key generation" openssl_privatekey: path: '{{ output_dir }}/privatekey-{{ item.curve }}.pem' type: ECC @@ -146,7 +146,7 @@ label: "{{ item.curve }}" register: privatekey_ecc_generate -- name: Test ECC key generation (idempotency) +- name: "({{ select_crypto_backend }}) Test ECC key generation (idempotency)" openssl_privatekey: path: '{{ output_dir }}/privatekey-{{ item.curve }}.pem' type: ECC @@ -161,7 +161,7 @@ register: privatekey_ecc_idempotency - block: - - name: Test other type generation + - name: "({{ select_crypto_backend }}) Test other type generation" openssl_privatekey: path: '{{ output_dir }}/privatekey-{{ item.type }}.pem' type: "{{ item.type }}" @@ -173,7 +173,7 @@ ignore_errors: yes register: privatekey_t1_generate - - name: Test other type generation (idempotency) + - name: "({{ select_crypto_backend }}) Test other type generation (idempotency)" openssl_privatekey: path: '{{ output_dir }}/privatekey-{{ item.type }}.pem' type: "{{ item.type }}" @@ -197,7 +197,7 @@ - type: X448 min_version: '2.6' -- name: Generate privatekey with passphrase +- name: "({{ select_crypto_backend }}) Generate privatekey with passphrase" openssl_privatekey: path: '{{ output_dir }}/privatekeypw.pem' passphrase: hunter2 @@ -206,7 +206,7 @@ backup: yes register: passphrase_1 -- name: Generate privatekey with passphrase (idempotent) +- name: "({{ select_crypto_backend }}) Generate privatekey with passphrase (idempotent)" openssl_privatekey: path: '{{ output_dir }}/privatekeypw.pem' passphrase: hunter2 @@ -215,21 +215,21 @@ backup: yes register: passphrase_2 -- name: Regenerate privatekey without passphrase +- name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase" openssl_privatekey: path: '{{ output_dir }}/privatekeypw.pem' select_crypto_backend: '{{ select_crypto_backend }}' backup: yes register: passphrase_3 -- name: Regenerate privatekey without passphrase (idempotent) +- name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase (idempotent)" openssl_privatekey: path: '{{ output_dir }}/privatekeypw.pem' select_crypto_backend: '{{ select_crypto_backend }}' backup: yes register: passphrase_4 -- name: Regenerate privatekey with passphrase +- name: "({{ select_crypto_backend }}) Regenerate privatekey with passphrase" openssl_privatekey: path: '{{ output_dir }}/privatekeypw.pem' passphrase: hunter2 @@ -238,17 +238,17 @@ backup: yes register: passphrase_5 -- name: Create broken key +- name: "({{ select_crypto_backend }}) Create broken key" copy: dest: "{{ output_dir }}/broken" content: "broken" -- name: Regenerate broken key +- name: "({{ select_crypto_backend }}) Regenerate broken key" openssl_privatekey: path: '{{ output_dir }}/broken.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: output_broken -- name: Remove module +- name: "({{ select_crypto_backend }}) Remove module" openssl_privatekey: path: '{{ output_dir }}/privatekeypw.pem' passphrase: hunter2 @@ -258,7 +258,7 @@ state: absent register: remove_1 -- name: Remove module (idempotent) +- name: "({{ select_crypto_backend }}) Remove module (idempotent)" openssl_privatekey: path: '{{ output_dir }}/privatekeypw.pem' passphrase: hunter2 @@ -268,87 +268,87 @@ state: absent register: remove_2 -- name: Generate privatekey_mode (mode 0400) +- name: "({{ select_crypto_backend }}) Generate privatekey_mode (mode 0400)" openssl_privatekey: path: '{{ output_dir }}/privatekey_mode.pem' mode: '0400' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_mode_1 -- name: Stat for privatekey_mode +- name: "({{ select_crypto_backend }}) Stat for privatekey_mode" stat: path: '{{ output_dir }}/privatekey_mode.pem' register: privatekey_mode_1_stat -- name: Generate privatekey_mode (mode 0400, idempotency) +- name: "({{ select_crypto_backend }}) Generate privatekey_mode (mode 0400, idempotency)" openssl_privatekey: path: '{{ output_dir }}/privatekey_mode.pem' mode: '0400' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_mode_2 -- name: Generate privatekey_mode (mode 0400, force) +- name: "({{ select_crypto_backend }}) Generate privatekey_mode (mode 0400, force)" openssl_privatekey: path: '{{ output_dir }}/privatekey_mode.pem' mode: '0400' force: yes select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_mode_3 -- name: Stat for privatekey_mode +- name: "({{ select_crypto_backend }}) Stat for privatekey_mode" stat: path: '{{ output_dir }}/privatekey_mode.pem' register: privatekey_mode_3_stat - block: - - name: Generate privatekey_fmt_1 - auto format + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - auto format" openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: auto select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_1 - - name: Generate privatekey_fmt_1 - auto format (idempotent) + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - auto format (idempotent)" openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: auto select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_2 - - name: Generate privatekey_fmt_1 - PKCS1 format + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS1 format" openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: pkcs1 select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_3 - - name: Generate privatekey_fmt_1 - PKCS8 format + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format" openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: pkcs8 select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_4 - - name: Generate privatekey_fmt_1 - PKCS8 format (idempotent) + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (idempotent)" openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: pkcs8 select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_5 - - name: Generate privatekey_fmt_1 - auto format (ignore) + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - auto format (ignore)" openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: auto_ignore select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_6 - - name: Generate privatekey_fmt_1 - auto format (no ignore) + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - auto format (no ignore)" openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: auto select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_7 - - name: Generate privatekey_fmt_1 - raw format (fail) + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - raw format (fail)" openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: raw @@ -356,13 +356,13 @@ ignore_errors: yes register: privatekey_fmt_1_step_8 - - name: Generate privatekey_fmt_1 - PKCS8 format (convert) + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)" openssl_privatekey_info: path: '{{ output_dir }}/privatekey_fmt_1.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_9_before - - name: Generate privatekey_fmt_1 - PKCS8 format (convert) + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)" openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_1.pem' format: pkcs8 @@ -370,7 +370,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_9 - - name: Generate privatekey_fmt_1 - PKCS8 format (convert) + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)" openssl_privatekey_info: path: '{{ output_dir }}/privatekey_fmt_1.pem' select_crypto_backend: '{{ select_crypto_backend }}' @@ -379,7 +379,7 @@ when: 'select_crypto_backend == "cryptography"' - block: - - name: Generate privatekey_fmt_2 - PKCS8 format + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - PKCS8 format" openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_2.pem' type: X448 @@ -388,7 +388,7 @@ ignore_errors: yes register: privatekey_fmt_2_step_1 - - name: Generate privatekey_fmt_2 - PKCS8 format (idempotent) + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - PKCS8 format (idempotent)" openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_2.pem' type: X448 @@ -397,7 +397,7 @@ ignore_errors: yes register: privatekey_fmt_2_step_2 - - name: Generate privatekey_fmt_2 - raw format + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - raw format" openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_2.pem' type: X448 @@ -407,19 +407,19 @@ ignore_errors: yes register: privatekey_fmt_2_step_3 - - name: Read privatekey_fmt_2.pem + - name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem" slurp: src: "{{ output_dir }}/privatekey_fmt_2.pem" ignore_errors: yes register: content - - name: Generate privatekey_fmt_2 - verify that returned content is base64 encoded + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded" assert: that: - privatekey_fmt_2_step_3.privatekey == content.content when: privatekey_fmt_2_step_1 is not failed - - name: Generate privatekey_fmt_2 - raw format (idempotent) + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - raw format (idempotent)" openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_2.pem' type: X448 @@ -429,19 +429,19 @@ ignore_errors: yes register: privatekey_fmt_2_step_4 - - name: Read privatekey_fmt_2.pem + - name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem" slurp: src: "{{ output_dir }}/privatekey_fmt_2.pem" ignore_errors: yes register: content - - name: Generate privatekey_fmt_2 - verify that returned content is base64 encoded + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded" assert: that: - privatekey_fmt_2_step_4.privatekey == content.content when: privatekey_fmt_2_step_1 is not failed - - name: Generate privatekey_fmt_2 - auto format (ignore) + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - auto format (ignore)" openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_2.pem' type: X448 @@ -451,19 +451,19 @@ ignore_errors: yes register: privatekey_fmt_2_step_5 - - name: Read privatekey_fmt_2.pem + - name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem" slurp: src: "{{ output_dir }}/privatekey_fmt_2.pem" ignore_errors: yes register: content - - name: Generate privatekey_fmt_2 - verify that returned content is base64 encoded + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded" assert: that: - privatekey_fmt_2_step_5.privatekey == content.content when: privatekey_fmt_2_step_1 is not failed - - name: Generate privatekey_fmt_2 - auto format (no ignore) + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - auto format (no ignore)" openssl_privatekey: path: '{{ output_dir }}/privatekey_fmt_2.pem' type: X448 @@ -473,7 +473,7 @@ ignore_errors: yes register: privatekey_fmt_2_step_6 - - name: Generate privatekey_fmt_2 - verify that returned content is not base64 encoded + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is not base64 encoded" assert: that: - privatekey_fmt_2_step_6.privatekey == lookup('file', output_dir ~ '/privatekey_fmt_2.pem', rstrip=False) @@ -485,14 +485,14 @@ # Test regenerate option -- name: Regenerate - setup simple keys +- name: "({{ select_crypto_backend }}) Regenerate - setup simple keys" openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: RSA size: 1024 select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" -- name: Regenerate - setup password protected keys +- name: "({{ select_crypto_backend }}) Regenerate - setup password protected keys" openssl_privatekey: path: '{{ output_dir }}/regenerate-b-{{ item }}.pem' type: RSA @@ -501,14 +501,14 @@ cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" -- name: Regenerate - setup broken keys +- name: "({{ select_crypto_backend }}) Regenerate - setup broken keys" copy: dest: '{{ output_dir }}/regenerate-c-{{ item }}.pem' content: 'broken key' mode: '0700' loop: "{{ regenerate_values }}" -- name: Regenerate - modify broken keys (check mode) +- name: "({{ select_crypto_backend }}) Regenerate - modify broken keys (check mode)" openssl_privatekey: path: '{{ output_dir }}/regenerate-c-{{ item }}.pem' type: RSA @@ -530,7 +530,7 @@ - result.results[3] is changed - result.results[4] is changed -- name: Regenerate - modify broken keys +- name: "({{ select_crypto_backend }}) Regenerate - modify broken keys" openssl_privatekey: path: '{{ output_dir }}/regenerate-c-{{ item }}.pem' type: RSA @@ -551,7 +551,7 @@ - result.results[3] is changed - result.results[4] is changed -- name: Regenerate - modify password protected keys (check mode) +- name: "({{ select_crypto_backend }}) Regenerate - modify password protected keys (check mode)" openssl_privatekey: path: '{{ output_dir }}/regenerate-b-{{ item }}.pem' type: RSA @@ -573,7 +573,7 @@ - result.results[3] is changed - result.results[4] is changed -- name: Regenerate - modify password protected keys +- name: "({{ select_crypto_backend }}) Regenerate - modify password protected keys" openssl_privatekey: path: '{{ output_dir }}/regenerate-b-{{ item }}.pem' type: RSA @@ -594,7 +594,7 @@ - result.results[3] is changed - result.results[4] is changed -- name: Regenerate - not modify regular keys (check mode) +- name: "({{ select_crypto_backend }}) Regenerate - not modify regular keys (check mode)" openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: RSA @@ -612,7 +612,7 @@ - result.results[3] is not changed - result.results[4] is changed -- name: Regenerate - not modify regular keys +- name: "({{ select_crypto_backend }}) Regenerate - not modify regular keys" openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: RSA @@ -629,7 +629,7 @@ - result.results[3] is not changed - result.results[4] is changed -- name: Regenerate - adjust key size (check mode) +- name: "({{ select_crypto_backend }}) Regenerate - adjust key size (check mode)" openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: RSA @@ -649,7 +649,7 @@ - result.results[3] is changed - result.results[4] is changed -- name: Regenerate - adjust key size +- name: "({{ select_crypto_backend }}) Regenerate - adjust key size" openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: RSA @@ -668,7 +668,7 @@ - result.results[3] is changed - result.results[4] is changed -- name: Regenerate - redistribute keys +- name: "({{ select_crypto_backend }}) Regenerate - redistribute keys" copy: src: '{{ output_dir }}/regenerate-a-always.pem' dest: '{{ output_dir }}/regenerate-a-{{ item }}.pem' @@ -676,7 +676,7 @@ loop: "{{ regenerate_values }}" when: "item != 'always'" -- name: Regenerate - adjust key type (check mode) +- name: "({{ select_crypto_backend }}) Regenerate - adjust key type (check mode)" openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: DSA @@ -696,7 +696,7 @@ - result.results[3] is changed - result.results[4] is changed -- name: Regenerate - adjust key type +- name: "({{ select_crypto_backend }}) Regenerate - adjust key type" openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: DSA @@ -716,7 +716,7 @@ - result.results[4] is changed - block: - - name: Regenerate - redistribute keys + - name: "({{ select_crypto_backend }}) Regenerate - redistribute keys" copy: src: '{{ output_dir }}/regenerate-a-always.pem' dest: '{{ output_dir }}/regenerate-a-{{ item }}.pem' @@ -724,7 +724,7 @@ loop: "{{ regenerate_values }}" when: "item != 'always'" - - name: Regenerate - format mismatch (check mode) + - name: "({{ select_crypto_backend }}) Regenerate - format mismatch (check mode)" openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: DSA @@ -745,7 +745,7 @@ - result.results[3] is changed - result.results[4] is changed - - name: Regenerate - format mismatch + - name: "({{ select_crypto_backend }}) Regenerate - format mismatch" openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: DSA @@ -765,7 +765,7 @@ - result.results[3] is changed - result.results[4] is changed - - name: Regenerate - redistribute keys + - name: "({{ select_crypto_backend }}) Regenerate - redistribute keys" copy: src: '{{ output_dir }}/regenerate-a-always.pem' dest: '{{ output_dir }}/regenerate-a-{{ item }}.pem' @@ -773,7 +773,7 @@ loop: "{{ regenerate_values }}" when: "item != 'always'" - - name: Regenerate - convert format (check mode) + - name: "({{ select_crypto_backend }}) Regenerate - convert format (check mode)" openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: DSA @@ -793,7 +793,7 @@ - result.results[3] is changed - result.results[4] is changed - - name: Regenerate - convert format + - name: "({{ select_crypto_backend }}) Regenerate - convert format" openssl_privatekey: path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' type: DSA diff --git a/tests/integration/targets/openssl_privatekey/tests/validate.yml b/tests/integration/targets/openssl_privatekey/tests/validate.yml index 56649715..3c2e0af2 100644 --- a/tests/integration/targets/openssl_privatekey/tests/validate.yml +++ b/tests/integration/targets/openssl_privatekey/tests/validate.yml @@ -2,7 +2,7 @@ - set_fact: system_potentially_has_no_algorithm_support: "{{ ansible_os_family == 'FreeBSD' }}" -- name: Validate privatekey1 idempotency and content returned +- name: "({{ select_crypto_backend }}) Validate privatekey1 idempotency and content returned" assert: that: - privatekey1_idempotence is not changed @@ -10,27 +10,27 @@ - privatekey1.privatekey == privatekey1_idempotence.privatekey -- name: Validate privatekey1 (test - RSA key with size 4096 bits) +- name: "({{ select_crypto_backend }}) Validate privatekey1 (test - RSA key with size 4096 bits)" shell: "openssl rsa -noout -text -in {{ output_dir }}/privatekey1.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" register: privatekey1 -- name: Validate privatekey1 (assert - RSA key with size 4096 bits) +- name: "({{ select_crypto_backend }}) Validate privatekey1 (assert - RSA key with size 4096 bits)" assert: that: - privatekey1.stdout == '4096' -- name: Validate privatekey2 (test - RSA key with size 2048 bits) +- name: "({{ select_crypto_backend }}) Validate privatekey2 (test - RSA key with size 2048 bits)" shell: "openssl rsa -noout -text -in {{ output_dir }}/privatekey2.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" register: privatekey2 -- name: Validate privatekey2 (assert - RSA key with size 2048 bits) +- name: "({{ select_crypto_backend }}) Validate privatekey2 (assert - RSA key with size 2048 bits)" assert: that: - privatekey2.stdout == '2048' -- name: Validate privatekey3 (test - DSA key with size 3072 bits) +- name: "({{ select_crypto_backend }}) Validate privatekey3 (test - DSA key with size 3072 bits)" shell: "openssl dsa -noout -text -in {{ output_dir }}/privatekey3.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" register: privatekey3 @@ -40,17 +40,17 @@ - privatekey3.stdout == '3072' -- name: Validate privatekey4 (test - Ensure key has been removed) +- name: "({{ select_crypto_backend }}) Validate privatekey4 (test - Ensure key has been removed)" stat: path: '{{ output_dir }}/privatekey4.pem' register: privatekey4 -- name: Validate privatekey4 (assert - Ensure key has been removed) +- name: "({{ select_crypto_backend }}) Validate privatekey4 (assert - Ensure key has been removed)" assert: that: - privatekey4.stat.exists == False -- name: Validate privatekey4 removal behavior +- name: "({{ select_crypto_backend }}) Validate privatekey4 removal behavior" assert: that: - privatekey4_delete is changed @@ -58,37 +58,37 @@ - privatekey4_delete_idempotence is not changed -- name: Validate privatekey5 (test - Passphrase protected key + idempotence) +- name: "({{ select_crypto_backend }}) Validate privatekey5 (test - Passphrase protected key + idempotence)" shell: "openssl rsa -noout -text -in {{ output_dir }}/privatekey5.pem -passin pass:ansible | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" register: privatekey5 # Current version of OS/X that runs in the CI (10.11) does not have an up to date version of the OpenSSL library # leading to this test to fail when run in the CI. However, this test has been run for 10.12 and has returned succesfully. when: openssl_version.stdout is version('0.9.8zh', '>=') -- name: Validate privatekey5 (assert - Passphrase protected key + idempotence) +- name: "({{ select_crypto_backend }}) Validate privatekey5 (assert - Passphrase protected key + idempotence)" assert: that: - privatekey5.stdout == '4096' when: openssl_version.stdout is version('0.9.8zh', '>=') -- name: Validate privatekey5 idempotence (assert - Passphrase protected key + idempotence) +- name: "({{ select_crypto_backend }}) Validate privatekey5 idempotence (assert - Passphrase protected key + idempotence)" assert: that: - privatekey5_idempotence is not changed -- name: Validate privatekey6 (test - Passphrase protected key with non ascii character) +- name: "({{ select_crypto_backend }}) Validate privatekey6 (test - Passphrase protected key with non ascii character)" shell: "openssl rsa -noout -text -in {{ output_dir }}/privatekey6.pem -passin pass:ànsïblé | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" register: privatekey6 when: openssl_version.stdout is version('0.9.8zh', '>=') -- name: Validate privatekey6 (assert - Passphrase protected key with non ascii character) +- name: "({{ select_crypto_backend }}) Validate privatekey6 (assert - Passphrase protected key with non ascii character)" assert: that: - privatekey6.stdout == '4096' when: openssl_version.stdout is version('0.9.8zh', '>=') -- name: Validate ECC generation (dump with OpenSSL) +- name: "({{ select_crypto_backend }}) Validate ECC generation (dump with OpenSSL)" shell: "openssl ec -in {{ output_dir }}/privatekey-{{ item.item.curve }}.pem -noout -text | grep 'ASN1 OID: ' | sed 's/ASN1 OID: \\([^ ]*\\)/\\1/'" loop: "{{ privatekey_ecc_generate.results }}" register: privatekey_ecc_dump @@ -96,7 +96,7 @@ loop_control: label: "{{ item.item.curve }}" -- name: Validate ECC generation +- name: "({{ select_crypto_backend }}) Validate ECC generation" assert: that: - item is changed @@ -105,7 +105,7 @@ loop_control: label: "{{ item.item.curve }}" -- name: Validate ECC generation (curve type) +- name: "({{ select_crypto_backend }}) Validate ECC generation (curve type)" assert: that: - "'skip_reason' in item or item.item.item.openssl_name == item.stdout" @@ -114,7 +114,7 @@ loop_control: label: "{{ item.item.item }} - {{ item.stdout if 'stdout' in item else '' }}" -- name: Validate ECC generation idempotency +- name: "({{ select_crypto_backend }}) Validate ECC generation idempotency" assert: that: - item is not changed @@ -123,7 +123,7 @@ loop_control: label: "{{ item.item.curve }}" -- name: Validate other type generation (just check changed) +- name: "({{ select_crypto_backend }}) Validate other type generation (just check changed)" assert: that: - (item is succeeded and item is changed) or @@ -133,7 +133,7 @@ loop_control: label: "{{ item.item.type }}" -- name: Validate other type generation idempotency +- name: "({{ select_crypto_backend }}) Validate other type generation idempotency" assert: that: - (item is succeeded and item is not changed) or @@ -143,7 +143,7 @@ loop_control: label: "{{ item.item.type }}" -- name: Validate passphrase changing +- name: "({{ select_crypto_backend }}) Validate passphrase changing" assert: that: - passphrase_1 is changed @@ -157,12 +157,12 @@ - passphrase_4.backup_file is undefined - passphrase_5.backup_file is string -- name: Verify that broken key will be regenerated +- name: "({{ select_crypto_backend }}) Verify that broken key will be regenerated" assert: that: - output_broken is changed -- name: Validate remove +- name: "({{ select_crypto_backend }}) Validate remove" assert: that: - remove_1 is changed @@ -170,7 +170,7 @@ - remove_1.backup_file is string - remove_2.backup_file is undefined -- name: Validate mode +- name: "({{ select_crypto_backend }}) Validate mode" assert: that: - privatekey_mode_1 is changed @@ -180,7 +180,7 @@ - privatekey_mode_3_stat.stat.mode == '0400' - privatekey_mode_1_stat.stat.mtime != privatekey_mode_3_stat.stat.mtime -- name: Validate format 1 +- name: "({{ select_crypto_backend }}) Validate format 1" assert: that: - privatekey_fmt_1_step_1 is changed @@ -195,7 +195,7 @@ - privatekey_fmt_1_step_9_before.public_key == privatekey_fmt_1_step_9_after.public_key when: 'select_crypto_backend == "cryptography"' -- name: Validate format 2 (failed) +- name: "({{ select_crypto_backend }}) Validate format 2 (failed)" assert: that: - system_potentially_has_no_algorithm_support @@ -203,7 +203,7 @@ - "'Cryptography backend does not support the algorithm required for ' in privatekey_fmt_2_step_1.msg" when: 'select_crypto_backend == "cryptography" and cryptography_version.stdout is version("2.6", ">=") and privatekey_fmt_2_step_1 is failed' -- name: Validate format 2 +- name: "({{ select_crypto_backend }}) Validate format 2" assert: that: - privatekey_fmt_2_step_1 is succeeded and privatekey_fmt_2_step_1 is changed diff --git a/tests/integration/targets/openssl_publickey/tasks/impl.yml b/tests/integration/targets/openssl_publickey/tasks/impl.yml index 738013ff..75e869f4 100644 --- a/tests/integration/targets/openssl_publickey/tasks/impl.yml +++ b/tests/integration/targets/openssl_publickey/tasks/impl.yml @@ -1,9 +1,9 @@ --- -- name: Generate privatekey +- name: "({{ select_crypto_backend }}) Generate privatekey" openssl_privatekey: path: '{{ output_dir }}/privatekey.pem' -- name: Generate publickey - PEM format +- name: "({{ select_crypto_backend }}) Generate publickey - PEM format" openssl_publickey: path: '{{ output_dir }}/publickey.pub' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -11,7 +11,7 @@ return_content: yes register: publickey -- name: Generate publickey - PEM format (idempotence) +- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (idempotence)" openssl_publickey: path: '{{ output_dir }}/publickey.pub' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -19,7 +19,7 @@ return_content: yes register: publickey_idempotence -- name: Generate publickey - OpenSSH format +- name: "({{ select_crypto_backend }}) Generate publickey - OpenSSH format" openssl_publickey: path: '{{ output_dir }}/publickey-ssh.pub' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -27,7 +27,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=') -- name: Generate publickey - OpenSSH format - test idempotence (issue 33256) +- name: "({{ select_crypto_backend }}) Generate publickey - OpenSSH format - test idempotence (issue 33256)" openssl_publickey: path: '{{ output_dir }}/publickey-ssh.pub' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -36,13 +36,13 @@ when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=') register: publickey_ssh_idempotence -- name: Generate publickey2 - standard +- name: "({{ select_crypto_backend }}) Generate publickey2 - standard" openssl_publickey: path: '{{ output_dir }}/publickey2.pub' privatekey_path: '{{ output_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' -- name: Delete publickey2 - standard +- name: "({{ select_crypto_backend }}) Delete publickey2 - standard" openssl_publickey: state: absent path: '{{ output_dir }}/publickey2.pub' @@ -51,7 +51,7 @@ return_content: yes register: publickey2_absent -- name: Delete publickey2 - standard (idempotence) +- name: "({{ select_crypto_backend }}) Delete publickey2 - standard (idempotence)" openssl_publickey: state: absent path: '{{ output_dir }}/publickey2.pub' @@ -59,20 +59,20 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: publickey2_absent_idempotence -- name: Generate privatekey3 - with passphrase +- name: "({{ select_crypto_backend }}) Generate privatekey3 - with passphrase" openssl_privatekey: path: '{{ output_dir }}/privatekey3.pem' passphrase: ansible cipher: aes256 -- name: Generate publickey3 - with passphrase protected privatekey +- name: "({{ select_crypto_backend }}) Generate publickey3 - with passphrase protected privatekey" openssl_publickey: path: '{{ output_dir }}/publickey3.pub' privatekey_path: '{{ output_dir }}/privatekey3.pem' privatekey_passphrase: ansible select_crypto_backend: '{{ select_crypto_backend }}' -- name: Generate publickey3 - with passphrase protected privatekey - idempotence +- name: "({{ select_crypto_backend }}) Generate publickey3 - with passphrase protected privatekey - idempotence" openssl_publickey: path: '{{ output_dir }}/publickey3.pub' privatekey_path: '{{ output_dir }}/privatekey3.pem' @@ -80,38 +80,38 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: publickey3_idempotence -- name: Generate empty file that will hold a public key (issue 33072) +- name: "({{ select_crypto_backend }}) Generate empty file that will hold a public key (issue 33072)" file: path: '{{ output_dir }}/publickey4.pub' state: touch -- name: Generate publickey in empty existing file (issue 33072) +- name: "({{ select_crypto_backend }}) Generate publickey in empty existing file (issue 33072)" openssl_publickey: path: '{{ output_dir }}/publickey4.pub' privatekey_path: '{{ output_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' -- name: Generate privatekey 5 (ECC) +- name: "({{ select_crypto_backend }}) Generate privatekey 5 (ECC)" openssl_privatekey: path: '{{ output_dir }}/privatekey5.pem' type: ECC curve: secp256r1 -- name: Generate publickey 5 - PEM format +- name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format" openssl_publickey: path: '{{ output_dir }}/publickey5.pub' privatekey_path: '{{ output_dir }}/privatekey.pem' backup: yes select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey5_1 -- name: Generate publickey 5 - PEM format (idempotent) +- name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (idempotent)" openssl_publickey: path: '{{ output_dir }}/publickey5.pub' privatekey_path: '{{ output_dir }}/privatekey.pem' backup: yes select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey5_2 -- name: Generate publickey 5 - PEM format (different private key) +- name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (different private key)" openssl_publickey: path: '{{ output_dir }}/publickey5.pub' privatekey_path: '{{ output_dir }}/privatekey5.pem' @@ -119,14 +119,14 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey5_3 -- name: Generate privatekey with password +- name: "({{ select_crypto_backend }}) Generate privatekey with password" openssl_privatekey: path: '{{ output_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: auto select_crypto_backend: cryptography -- name: Generate publickey - PEM format (failed passphrase 1) +- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 1)" openssl_publickey: path: '{{ output_dir }}/publickey_pw1.pub' privatekey_path: '{{ output_dir }}/privatekey.pem' @@ -135,7 +135,7 @@ ignore_errors: yes register: passphrase_error_1 -- name: Generate publickey - PEM format (failed passphrase 2) +- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 2)" openssl_publickey: path: '{{ output_dir }}/publickey_pw2.pub' privatekey_path: '{{ output_dir }}/privatekeypw.pem' @@ -144,7 +144,7 @@ ignore_errors: yes register: passphrase_error_2 -- name: Generate publickey - PEM format (failed passphrase 3) +- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 3)" openssl_publickey: path: '{{ output_dir }}/publickey_pw3.pub' privatekey_path: '{{ output_dir }}/privatekeypw.pem' @@ -152,23 +152,23 @@ ignore_errors: yes register: passphrase_error_3 -- name: Create broken key +- name: "({{ select_crypto_backend }}) Create broken key" copy: dest: "{{ output_dir }}/publickeybroken.pub" content: "broken" -- name: Regenerate broken key +- name: "({{ select_crypto_backend }}) Regenerate broken key" openssl_publickey: path: '{{ output_dir }}/publickeybroken.pub' privatekey_path: '{{ output_dir }}/privatekey5.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: output_broken -- name: Generate publickey - PEM format (for removal) +- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (for removal)" openssl_publickey: path: '{{ output_dir }}/publickey_removal.pub' privatekey_path: '{{ output_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' -- name: Generate publickey - PEM format (removal) +- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (removal)" openssl_publickey: state: absent path: '{{ output_dir }}/publickey_removal.pub' @@ -176,7 +176,7 @@ backup: yes select_crypto_backend: '{{ select_crypto_backend }}' register: remove_1 -- name: Generate publickey - PEM format (removal, idempotent) +- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (removal, idempotent)" openssl_publickey: state: absent path: '{{ output_dir }}/publickey_removal.pub' diff --git a/tests/integration/targets/openssl_publickey/tests/validate.yml b/tests/integration/targets/openssl_publickey/tests/validate.yml index aaf9c100..4558be09 100644 --- a/tests/integration/targets/openssl_publickey/tests/validate.yml +++ b/tests/integration/targets/openssl_publickey/tests/validate.yml @@ -1,5 +1,5 @@ --- -- name: Validate publickey 1 idempotence and result behavior +- name: "({{ select_crypto_backend }}) Validate publickey 1 idempotence and result behavior" assert: that: - publickey is changed @@ -7,53 +7,53 @@ - publickey.publickey == lookup('file', output_dir ~ '/publickey.pub', rstrip=False) - publickey.publickey == publickey_idempotence.publickey -- name: Validate public key (test - privatekey modulus) +- name: "({{ select_crypto_backend }}) Validate public key (test - privatekey modulus)" shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem' register: privatekey_modulus -- name: Validate public key (test - publickey modulus) +- name: "({{ select_crypto_backend }}) Validate public key (test - publickey modulus)" shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey.pub' register: publickey_modulus -- name: Validate public key (assert) +- name: "({{ select_crypto_backend }}) Validate public key (assert)" assert: that: - publickey_modulus.stdout == privatekey_modulus.stdout -- name: Validate public key - OpenSSH format (test - privatekey's publickey) +- name: "({{ select_crypto_backend }}) Validate public key - OpenSSH format (test - privatekey's publickey)" shell: 'ssh-keygen -y -f {{ output_dir }}/privatekey.pem' register: privatekey_publickey when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=') -- name: Validate public key - OpenSSH format (test - publickey) +- name: "({{ select_crypto_backend }}) Validate public key - OpenSSH format (test - publickey)" slurp: src: '{{ output_dir }}/publickey-ssh.pub' register: publickey when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=') -- name: Validate public key - OpenSSH format (assert) +- name: "({{ select_crypto_backend }}) Validate public key - OpenSSH format (assert)" assert: that: - privatekey_publickey.stdout == '{{ publickey.content|b64decode }}' when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=') -- name: Validate public key - OpenSSH format - test idempotence (issue 33256) +- name: "({{ select_crypto_backend }}) Validate public key - OpenSSH format - test idempotence (issue 33256)" assert: that: - publickey_ssh_idempotence is not changed when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=') -- name: Validate publickey2 (test - Ensure key has been removed) +- name: "({{ select_crypto_backend }}) Validate publickey2 (test - Ensure key has been removed)" stat: path: '{{ output_dir }}/publickey2.pub' register: publickey2 -- name: Validate publickey2 (assert - Ensure key has been removed) +- name: "({{ select_crypto_backend }}) Validate publickey2 (assert - Ensure key has been removed)" assert: that: - publickey2.stat.exists == False -- name: Validate publickey2 removal behavior +- name: "({{ select_crypto_backend }}) Validate publickey2 removal behavior" assert: that: - publickey2_absent is changed @@ -61,44 +61,44 @@ - publickey2_absent.publickey is none -- name: Validate publickey3 (test - privatekey modulus) +- name: "({{ select_crypto_backend }}) Validate publickey3 (test - privatekey modulus)" shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey3.pem -passin pass:ansible' register: privatekey3_modulus when: openssl_version.stdout is version('0.9.8zh', '>=') -- name: Validate publickey3 (test - publickey modulus) +- name: "({{ select_crypto_backend }}) Validate publickey3 (test - publickey modulus)" shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey3.pub' register: publickey3_modulus when: openssl_version.stdout is version('0.9.8zh', '>=') -- name: Validate publickey3 (assert) +- name: "({{ select_crypto_backend }}) Validate publickey3 (assert)" assert: that: - publickey3_modulus.stdout == privatekey3_modulus.stdout when: openssl_version.stdout is version('0.9.8zh', '>=') -- name: Validate publickey3 idempotence (assert) +- name: "({{ select_crypto_backend }}) Validate publickey3 idempotence (assert)" assert: that: - publickey3_idempotence is not changed -- name: Validate publickey4 (test - privatekey modulus) +- name: "({{ select_crypto_backend }}) Validate publickey4 (test - privatekey modulus)" shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem' register: privatekey4_modulus when: openssl_version.stdout is version('0.9.8zh', '>=') -- name: Validate publickey4 (test - publickey modulus) +- name: "({{ select_crypto_backend }}) Validate publickey4 (test - publickey modulus)" shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey4.pub' register: publickey4_modulus when: openssl_version.stdout is version('0.9.8zh', '>=') -- name: Validate publickey4 (assert) +- name: "({{ select_crypto_backend }}) Validate publickey4 (assert)" assert: that: - publickey4_modulus.stdout == privatekey4_modulus.stdout when: openssl_version.stdout is version('0.9.8zh', '>=') -- name: Validate idempotency and backup +- name: "({{ select_crypto_backend }}) Validate idempotency and backup" assert: that: - privatekey5_1 is changed @@ -108,16 +108,16 @@ - privatekey5_3 is changed - privatekey5_3.backup_file is string -- name: Validate public key 5 (test - privatekey's pubkey) +- name: "({{ select_crypto_backend }}) Validate public key 5 (test - privatekey's pubkey)" command: 'openssl ec -in {{ output_dir }}/privatekey5.pem -pubout' register: privatekey5_pubkey -- name: Validate public key 5 (test - publickey pubkey) +- name: "({{ select_crypto_backend }}) Validate public key 5 (test - publickey pubkey)" # Fancy way of writing "cat {{ output_dir }}/publickey5.pub" command: 'openssl ec -pubin -in {{ output_dir }}/publickey5.pub -pubout' register: publickey5_pubkey -- name: Validate public key 5 (assert) +- name: "({{ select_crypto_backend }}) Validate public key 5 (assert)" assert: that: - publickey5_pubkey.stdout == privatekey5_pubkey.stdout @@ -132,12 +132,12 @@ - passphrase_error_3 is failed - "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg" -- name: Verify that broken key will be regenerated +- name: "({{ select_crypto_backend }}) Verify that broken key will be regenerated" assert: that: - output_broken is changed -- name: Validate remove +- name: "({{ select_crypto_backend }}) Validate remove" assert: that: - remove_1 is changed