a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Always show current backend during tests in `name:`. (#118) 

* Always show current backend during tests.

* Remove double prefix.
pull/121/head
Felix Fontein 2020-10-09 11:10:53 +02:00 committed by GitHub
parent c645b7d732
commit 8e10e1e590
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 257 additions and 257 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
tests/integration/targets/openssl_csr/tasks/impl.yml
View File

@ -1,9 +1,9 @@
---
- name: Generate privatekey
- name: "({{ select_crypto_backend }}) Generate privatekey"
openssl_privatekey:
path: '{{ output_dir }}/privatekey.pem'
- name: Generate CSR (check mode)
- name: "({{ select_crypto_backend }}) Generate CSR (check mode)"
openssl_csr:
path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -14,7 +14,7 @@
check_mode: yes
register: generate_csr_check
- name: Generate CSR
- name: "({{ select_crypto_backend }}) Generate CSR"
openssl_csr:
path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -24,7 +24,7 @@
return_content: yes
register: generate_csr
- name: Generate CSR (idempotent)
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
openssl_csr:
path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -34,7 +34,7 @@
return_content: yes
register: generate_csr_idempotent
- name: Generate CSR (idempotent, check mode)
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)"
openssl_csr:
path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -45,7 +45,7 @@
check_mode: yes
register: generate_csr_idempotent_check
- name: Generate CSR without SAN (check mode)
- name: "({{ select_crypto_backend }}) Generate CSR without SAN (check mode)"
openssl_csr:
path: '{{ output_dir }}/csr-nosan.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -56,7 +56,7 @@
check_mode: yes
register: generate_csr_nosan_check
- name: Generate CSR without SAN
- name: "({{ select_crypto_backend }}) Generate CSR without SAN"
openssl_csr:
path: '{{ output_dir }}/csr-nosan.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -66,7 +66,7 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_nosan
- name: Generate CSR without SAN (idempotent)
- name: "({{ select_crypto_backend }}) Generate CSR without SAN (idempotent)"
openssl_csr:
path: '{{ output_dir }}/csr-nosan.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -76,7 +76,7 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_nosan_check_idempotent
- name: Generate CSR without SAN (idempotent, check mode)
- name: "({{ select_crypto_backend }}) Generate CSR without SAN (idempotent, check mode)"
openssl_csr:
path: '{{ output_dir }}/csr-nosan.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -91,7 +91,7 @@
# interchangeably. Hence the long name is specified here
# but the short name is used to test idempotency for ipsecuser
# and vice-versa for biometricInfo
- name: Generate CSR with KU and XKU
- name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU"
openssl_csr:
path: '{{ output_dir }}/csr_ku_xku.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -107,7 +107,7 @@
- biometricInfo
select_crypto_backend: '{{ select_crypto_backend }}'
- name: Generate CSR with KU and XKU (test idempotency)
- name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test idempotency)"
openssl_csr:
path: '{{ output_dir }}/csr_ku_xku.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -124,7 +124,7 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_ku_xku
- name: Generate CSR with KU and XKU (test XKU change)
- name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test XKU change)"
openssl_csr:
path: '{{ output_dir }}/csr_ku_xku.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -140,7 +140,7 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_ku_xku_change
- name: Generate CSR with KU and XKU (test KU change)
- name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test KU change)"
openssl_csr:
path: '{{ output_dir }}/csr_ku_xku.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -155,14 +155,14 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_ku_xku_change_2
- name: Generate CSR with old API
- name: "({{ select_crypto_backend }}) Generate CSR with old API"
openssl_csr:
path: '{{ output_dir }}/csr_oldapi.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
- name: Generate CSR with invalid SAN (1/2)
- name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (1/2)"
openssl_csr:
path: '{{ output_dir }}/csrinvsan.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -171,7 +171,7 @@
register: generate_csr_invalid_san
ignore_errors: yes
- name: Generate CSR with invalid SAN (2/2)
- name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (2/2)"
openssl_csr:
path: '{{ output_dir }}/csrinvsan2.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -180,7 +180,7 @@
register: generate_csr_invalid_san_2
ignore_errors: yes
- name: Generate CSR with OCSP Must Staple
- name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple"
openssl_csr:
path: '{{ output_dir }}/csr_ocsp.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -188,7 +188,7 @@
ocsp_must_staple: true
select_crypto_backend: '{{ select_crypto_backend }}'
- name: Generate CSR with OCSP Must Staple (test idempotency)
- name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple (test idempotency)"
openssl_csr:
path: '{{ output_dir }}/csr_ocsp.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -197,13 +197,13 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_ocsp_idempotency
- name: Generate ECC privatekey
- name: "({{ select_crypto_backend }}) Generate ECC privatekey"
openssl_privatekey:
path: '{{ output_dir }}/privatekey2.pem'
type: ECC
curve: secp384r1
- name: Generate CSR with ECC privatekey
- name: "({{ select_crypto_backend }}) Generate CSR with ECC privatekey"
openssl_csr:
path: '{{ output_dir }}/csr2.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
@ -211,7 +211,7 @@
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
- name: Generate CSR with text common name
- name: "({{ select_crypto_backend }}) Generate CSR with text common name"
openssl_csr:
path: '{{ output_dir }}/csr3.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
@ -220,7 +220,7 @@
useCommonNameForSAN: no
select_crypto_backend: '{{ select_crypto_backend }}'
- name: Generate CSR with country name
- name: "({{ select_crypto_backend }}) Generate CSR with country name"
openssl_csr:
path: '{{ output_dir }}/csr4.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
@ -228,7 +228,7 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: country_idempotent_1
- name: Generate CSR with country name (idempotent)
- name: "({{ select_crypto_backend }}) Generate CSR with country name (idempotent)"
openssl_csr:
path: '{{ output_dir }}/csr4.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
@ -236,7 +236,7 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: country_idempotent_2
- name: Generate CSR with country name (idempotent 2)
- name: "({{ select_crypto_backend }}) Generate CSR with country name (idempotent 2)"
openssl_csr:
path: '{{ output_dir }}/csr4.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
@ -245,7 +245,7 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: country_idempotent_3
- name: Generate CSR with country name (bad country name)
- name: "({{ select_crypto_backend }}) Generate CSR with country name (bad country name)"
openssl_csr:
path: '{{ output_dir }}/csr4.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
@ -255,14 +255,14 @@
register: country_fail_4
ignore_errors: yes
- name: Generate privatekey with password
- name: "({{ select_crypto_backend }}) Generate privatekey with password"
openssl_privatekey:
path: '{{ output_dir }}/privatekeypw.pem'
passphrase: hunter2
cipher: auto
select_crypto_backend: cryptography
- name: Generate CSR with privatekey passphrase
- name: "({{ select_crypto_backend }}) Generate CSR with privatekey passphrase"
openssl_csr:
path: '{{ output_dir }}/csr_pw.csr'
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
@ -270,7 +270,7 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: passphrase_1
- name: Generate CSR (failed passphrase 1)
- name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 1)"
openssl_csr:
path: '{{ output_dir }}/csr_pw1.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -279,7 +279,7 @@
ignore_errors: yes
register: passphrase_error_1
- name: Generate CSR (failed passphrase 2)
- name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 2)"
openssl_csr:
path: '{{ output_dir }}/csr_pw2.csr'
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
@ -288,7 +288,7 @@
ignore_errors: yes
register: passphrase_error_2
- name: Generate CSR (failed passphrase 3)
- name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 3)"
openssl_csr:
path: '{{ output_dir }}/csr_pw3.csr'
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
@ -296,11 +296,11 @@
ignore_errors: yes
register: passphrase_error_3
- name: Create broken CSR
- name: "({{ select_crypto_backend }}) Create broken CSR"
copy:
dest: "{{ output_dir }}/csrbroken.csr"
content: "broken"
- name: Regenerate broken CSR
- name: "({{ select_crypto_backend }}) Regenerate broken CSR"
openssl_csr:
path: '{{ output_dir }}/csrbroken.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
@ -310,7 +310,7 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: output_broken
- name: Generate CSR
- name: "({{ select_crypto_backend }}) Generate CSR"
openssl_csr:
path: '{{ output_dir }}/csr_backup.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -319,7 +319,7 @@
backup: yes
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_1
- name: Generate CSR (idempotent)
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
openssl_csr:
path: '{{ output_dir }}/csr_backup.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -328,7 +328,7 @@
backup: yes
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_2
- name: Generate CSR (change)
- name: "({{ select_crypto_backend }}) Generate CSR (change)"
openssl_csr:
path: '{{ output_dir }}/csr_backup.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -337,7 +337,7 @@
backup: yes
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_3
- name: Generate CSR (remove)
- name: "({{ select_crypto_backend }}) Generate CSR (remove)"
openssl_csr:
path: '{{ output_dir }}/csr_backup.csr'
state: absent
@ -345,7 +345,7 @@
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
register: csr_backup_4
- name: Generate CSR (remove, idempotent)
- name: "({{ select_crypto_backend }}) Generate CSR (remove, idempotent)"
openssl_csr:
path: '{{ output_dir }}/csr_backup.csr'
state: absent
@ -353,7 +353,7 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_5
- name: Generate CSR with subject key identifier
- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier"
openssl_csr:
path: '{{ output_dir }}/csr_ski.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -364,7 +364,7 @@
when: select_crypto_backend != 'pyopenssl'
register: subject_key_identifier_1
- name: Generate CSR with subject key identifier (idempotency)
- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (idempotency)"
openssl_csr:
path: '{{ output_dir }}/csr_ski.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -375,7 +375,7 @@
when: select_crypto_backend != 'pyopenssl'
register: subject_key_identifier_2
- name: Generate CSR with subject key identifier (change)
- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (change)"
openssl_csr:
path: '{{ output_dir }}/csr_ski.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -386,7 +386,7 @@
when: select_crypto_backend != 'pyopenssl'
register: subject_key_identifier_3
- name: Generate CSR with subject key identifier (auto-create)
- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (auto-create)"
openssl_csr:
path: '{{ output_dir }}/csr_ski.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -397,7 +397,7 @@
when: select_crypto_backend != 'pyopenssl'
register: subject_key_identifier_4
- name: Generate CSR with subject key identifier (auto-create idempotency)
- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (auto-create idempotency)"
openssl_csr:
path: '{{ output_dir }}/csr_ski.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -408,7 +408,7 @@
when: select_crypto_backend != 'pyopenssl'
register: subject_key_identifier_5
- name: Generate CSR with subject key identifier (remove)
- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (remove)"
openssl_csr:
path: '{{ output_dir }}/csr_ski.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -418,7 +418,7 @@
when: select_crypto_backend != 'pyopenssl'
register: subject_key_identifier_6
- name: Generate CSR with authority key identifier
- name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier"
openssl_csr:
path: '{{ output_dir }}/csr_aki.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -429,7 +429,7 @@
when: select_crypto_backend != 'pyopenssl'
register: authority_key_identifier_1
- name: Generate CSR with authority key identifier (idempotency)
- name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (idempotency)"
openssl_csr:
path: '{{ output_dir }}/csr_aki.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -440,7 +440,7 @@
when: select_crypto_backend != 'pyopenssl'
register: authority_key_identifier_2
- name: Generate CSR with authority key identifier (change)
- name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (change)"
openssl_csr:
path: '{{ output_dir }}/csr_aki.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -451,7 +451,7 @@
when: select_crypto_backend != 'pyopenssl'
register: authority_key_identifier_3
- name: Generate CSR with authority key identifier (remove)
- name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (remove)"
openssl_csr:
path: '{{ output_dir }}/csr_aki.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -461,7 +461,7 @@
when: select_crypto_backend != 'pyopenssl'
register: authority_key_identifier_4
- name: Generate CSR with authority cert issuer / serial number
- name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number"
openssl_csr:
path: '{{ output_dir }}/csr_acisn.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -475,7 +475,7 @@
when: select_crypto_backend != 'pyopenssl'
register: authority_cert_issuer_sn_1
- name: Generate CSR with authority cert issuer / serial number (idempotency)
- name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (idempotency)"
openssl_csr:
path: '{{ output_dir }}/csr_acisn.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -489,7 +489,7 @@
when: select_crypto_backend != 'pyopenssl'
register: authority_cert_issuer_sn_2
- name: Generate CSR with authority cert issuer / serial number (change issuer)
- name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (change issuer)"
openssl_csr:
path: '{{ output_dir }}/csr_acisn.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -503,7 +503,7 @@
when: select_crypto_backend != 'pyopenssl'
register: authority_cert_issuer_sn_3
- name: Generate CSR with authority cert issuer / serial number (change serial number)
- name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (change serial number)"
openssl_csr:
path: '{{ output_dir }}/csr_acisn.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -517,7 +517,7 @@
when: select_crypto_backend != 'pyopenssl'
register: authority_cert_issuer_sn_4
- name: Generate CSR with authority cert issuer / serial number (remove)
- name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (remove)"
openssl_csr:
path: '{{ output_dir }}/csr_acisn.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -526,7 +526,7 @@
when: select_crypto_backend != 'pyopenssl'
register: authority_cert_issuer_sn_5
- name: Generate CSR with everything
- name: "({{ select_crypto_backend }}) Generate CSR with everything"
openssl_csr:
path: '{{ output_dir }}/csr_everything.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -634,7 +634,7 @@
- "IP:1.2.3.0/255.255.255.0"
register: everything_1
- name: Generate CSR with everything (idempotent, check mode)
- name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent, check mode)"
openssl_csr:
path: '{{ output_dir }}/csr_everything.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -743,7 +743,7 @@
check_mode: yes
register: everything_2
- name: Generate CSR with everything (idempotent)
- name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent)"
openssl_csr:
path: '{{ output_dir }}/csr_everything.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -851,15 +851,15 @@
- "IP:1.2.3.0/255.255.255.0"
register: everything_3
- name: Get info from CSR with everything
- name: "({{ select_crypto_backend }}) Get info from CSR with everything"
community.crypto.openssl_csr_info:
path: '{{ output_dir }}/csr_everything.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
register: everything_info
- name: Ed25519 and Ed448 tests (for cryptography >= 2.6)
- name: "({{ select_crypto_backend }}) Ed25519 and Ed448 tests (for cryptography >= 2.6)"
block:
- name: Generate privatekeys
- name: "({{ select_crypto_backend }}) Generate privatekeys"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_{{ item }}.pem'
type: '{{ item }}'
@ -869,11 +869,11 @@
register: generate_csr_ed25519_ed448_privatekey
ignore_errors: yes
- name: Generate CSR if private key generation succeeded
- name: "({{ select_crypto_backend }}) Generate CSR if private key generation succeeded"
when: generate_csr_ed25519_ed448_privatekey is not failed
block:
- name: Generate CSR
- name: "({{ select_crypto_backend }}) Generate CSR"
openssl_csr:
path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'
@ -886,7 +886,7 @@
register: generate_csr_ed25519_ed448
ignore_errors: yes
- name: Generate CSR (idempotent)
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
openssl_csr:
path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'

66
tests/integration/targets/openssl_csr/tests/validate.yml
View File

@ -1,23 +1,23 @@
---
- name: Validate CSR (test - privatekey modulus)
- name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)"
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'
register: privatekey_modulus
- name: Validate CSR (test - Common Name)
- name: "({{ select_crypto_backend }}) Validate CSR (test - Common Name)"
shell: "openssl req -noout -subject -in {{ output_dir }}/csr.csr -nameopt oneline,-space_eq"
register: csr_cn
- name: Validate CSR (test - csr modulus)
- name: "({{ select_crypto_backend }}) Validate CSR (test - csr modulus)"
shell: 'openssl req -noout -modulus -in {{ output_dir }}/csr.csr'
register: csr_modulus
- name: Validate CSR (assert)
- name: "({{ select_crypto_backend }}) Validate CSR (assert)"
assert:
that:
- csr_cn.stdout.split('=')[-1] == 'www.ansible.com'
- csr_modulus.stdout == privatekey_modulus.stdout
- name: Validate CSR (check mode, idempotency)
- name: "({{ select_crypto_backend }}) Validate CSR (check mode, idempotency)"
assert:
that:
- generate_csr_check is changed
@ -25,7 +25,7 @@
- generate_csr_idempotent is not changed
- generate_csr_idempotent_check is not changed
- name: Validate CSR (data retrieval)
- name: "({{ select_crypto_backend }}) Validate CSR (data retrieval)"
assert:
that:
- generate_csr_check.csr is none
@ -33,7 +33,7 @@
- generate_csr.csr == generate_csr_idempotent.csr
- generate_csr.csr == generate_csr_idempotent_check.csr
- name: Validate CSR without SAN (check mode, idempotency)
- name: "({{ select_crypto_backend }}) Validate CSR without SAN (check mode, idempotency)"
assert:
that:
- generate_csr_nosan_check is changed
@ -41,34 +41,34 @@
- generate_csr_nosan_check_idempotent is not changed
- generate_csr_nosan_check_idempotent_check is not changed
- name: Validate CSR_KU_XKU (assert idempotency, change)
- name: "({{ select_crypto_backend }}) Validate CSR_KU_XKU (assert idempotency, change)"
assert:
that:
- csr_ku_xku is not changed
- csr_ku_xku_change is changed
- csr_ku_xku_change_2 is changed
- name: Validate old_API CSR (test - Common Name)
- name: "({{ select_crypto_backend }}) Validate old_API CSR (test - Common Name)"
shell: "openssl req -noout -subject -in {{ output_dir }}/csr_oldapi.csr -nameopt oneline,-space_eq"
register: csr_oldapi_cn
- name: Validate old_API CSR (test - csr modulus)
- name: "({{ select_crypto_backend }}) Validate old_API CSR (test - csr modulus)"
shell: 'openssl req -noout -modulus -in {{ output_dir }}/csr_oldapi.csr'
register: csr_oldapi_modulus
- name: Validate old_API CSR (assert)
- name: "({{ select_crypto_backend }}) Validate old_API CSR (assert)"
assert:
that:
- csr_oldapi_cn.stdout.split('=')[-1] == 'www.ansible.com'
- csr_oldapi_modulus.stdout == privatekey_modulus.stdout
- name: Validate invalid SAN (1/2)
- name: "({{ select_crypto_backend }}) Validate invalid SAN (1/2)"
assert:
that:
- generate_csr_invalid_san is failed
- "'Subject Alternative Name' in generate_csr_invalid_san.msg"
- name: Validate invalid SAN (2/2)
- name: "({{ select_crypto_backend }}) Validate invalid SAN (2/2)"
# Note that pyOpenSSL simply accepts this name, and modern cryptography versions do so as well.
# The error has been observed with cryptography 1.7.2 and 1.9, but not with 2.3 and newer.
assert:
@ -77,49 +77,49 @@
- "'The label system:kube-controller-manager is not a valid A-label' in generate_csr_invalid_san_2.msg"
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.0', '<')
- name: Validate OCSP Must Staple CSR (test - everything)
- name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (test - everything)"
shell: "openssl req -noout -in {{ output_dir }}/csr_ocsp.csr -text"
register: csr_ocsp
- name: Validate OCSP Must Staple CSR (assert)
- name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (assert)"
assert:
that:
- "(csr_ocsp.stdout is search('\\s+TLS Feature:\\s*\\n\\s+status_request\\s+')) or
(csr_ocsp.stdout is search('\\s+1.3.6.1.5.5.7.1.24:\\s*\\n\\s+0\\.\\.\\.\\.\\s+'))"
- name: Validate OCSP Must Staple CSR (assert idempotency)
- name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (assert idempotency)"
assert:
that:
- csr_ocsp_idempotency is not changed
- name: Validate ECC CSR (test - privatekey's public key)
- name: "({{ select_crypto_backend }}) Validate ECC CSR (test - privatekey's public key)"
shell: 'openssl ec -pubout -in {{ output_dir }}/privatekey2.pem'
register: privatekey_ecc_key
- name: Validate ECC CSR (test - Common Name)
- name: "({{ select_crypto_backend }}) Validate ECC CSR (test - Common Name)"
shell: "openssl req -noout -subject -in {{ output_dir }}/csr2.csr -nameopt oneline,-space_eq"
register: csr_ecc_cn
- name: Validate ECC CSR (test - CSR pubkey)
- name: "({{ select_crypto_backend }}) Validate ECC CSR (test - CSR pubkey)"
shell: 'openssl req -noout -pubkey -in {{ output_dir }}/csr2.csr'
register: csr_ecc_pubkey
- name: Validate ECC CSR (assert)
- name: "({{ select_crypto_backend }}) Validate ECC CSR (assert)"
assert:
that:
- csr_ecc_cn.stdout.split('=')[-1] == 'www.ansible.com'
- csr_ecc_pubkey.stdout == privatekey_ecc_key.stdout
- name: Validate CSR (text common name - Common Name)
- name: "({{ select_crypto_backend }}) Validate CSR (text common name - Common Name)"
shell: "openssl req -noout -subject -in {{ output_dir }}/csr3.csr -nameopt oneline,-space_eq"
register: csr3_cn
- name: Validate CSR (assert)
- name: "({{ select_crypto_backend }}) Validate CSR (assert)"
assert:
that:
- csr3_cn.stdout.split('=')[-1] == 'This is for Ansible'
- name: Validate country name idempotency and validation
- name: "({{ select_crypto_backend }}) Validate country name idempotency and validation"
assert:
that:
- country_idempotent_1 is changed
@ -137,12 +137,12 @@
- passphrase_error_3 is failed
- "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg"
- name: Verify that broken CSR will be regenerated
- name: "({{ select_crypto_backend }}) Verify that broken CSR will be regenerated"
assert:
that:
- output_broken is changed
- name: Verify that subject key identifier handling works
- name: "({{ select_crypto_backend }}) Verify that subject key identifier handling works"
assert:
that:
- subject_key_identifier_1 is changed
@ -153,7 +153,7 @@
- subject_key_identifier_6 is changed
when: select_crypto_backend != 'pyopenssl'
- name: Verify that authority key identifier handling works
- name: "({{ select_crypto_backend }}) Verify that authority key identifier handling works"
assert:
that:
- authority_key_identifier_1 is changed
@ -162,7 +162,7 @@
- authority_key_identifier_4 is changed
when: select_crypto_backend != 'pyopenssl'
- name: Verify that authority cert issuer / serial number handling works
- name: "({{ select_crypto_backend }}) Verify that authority cert issuer / serial number handling works"
assert:
that:
- authority_cert_issuer_sn_1 is changed
@ -172,7 +172,7 @@
- authority_cert_issuer_sn_5 is changed
when: select_crypto_backend != 'pyopenssl'
- name: Check backup
- name: "({{ select_crypto_backend }}) Check backup"
assert:
that:
- csr_backup_1 is changed
@ -187,7 +187,7 @@
- csr_backup_5.backup_file is undefined
- csr_backup_4.csr is none
- name: Check CSR with everything
- name: "({{ select_crypto_backend }}) Check CSR with everything"
assert:
that:
- everything_1 is changed
@ -238,7 +238,7 @@
]
- everything_info.name_constraints_critical == true
- name: Check CSR with everything (pyOpenSSL specific)
- name: "({{ select_crypto_backend }}) Check CSR with everything (pyOpenSSL specific)"
assert:
that:
- everything_info.subject_alt_name == [
@ -269,7 +269,7 @@
]
when: select_crypto_backend == 'pyopenssl'
- name: Check CSR with everything (non-pyOpenSSL specific)
- name: "({{ select_crypto_backend }}) Check CSR with everything (non-pyOpenSSL specific)"
assert:
that:
- everything_info.authority_cert_issuer == [
@ -313,7 +313,7 @@
]
when: select_crypto_backend != 'pyopenssl'
- name: Verify Ed25519 and Ed448 tests (for cryptography >= 2.6, < 2.8)
- name: "({{ select_crypto_backend }}) Verify Ed25519 and Ed448 tests (for cryptography >= 2.6, < 2.8)"
assert:
that:
- generate_csr_ed25519_ed448.results[0] is failed
@ -324,7 +324,7 @@
- generate_csr_ed25519_ed448_idempotent.results[1] is failed
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') and cryptography_version.stdout is version('2.8', '<') and generate_csr_ed25519_ed448_privatekey is not failed
- name: Verify Ed25519 and Ed448 tests (for cryptography >= 2.8)
- name: "({{ select_crypto_backend }}) Verify Ed25519 and Ed448 tests (for cryptography >= 2.8)"
assert:
that:
- generate_csr_ed25519_ed448 is succeeded

28
tests/integration/targets/openssl_csr_info/tasks/impl.yml
View File

@ -2,20 +2,20 @@
- debug:
msg: "Executing tests with backend {{ select_crypto_backend }}"
- name: ({{select_crypto_backend}}) Get CSR info
- name: "({{ select_crypto_backend }}) Get CSR info"
openssl_csr_info:
path: '{{ output_dir }}/csr_1.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: Check whether subject behaves as expected
- name: "({{ select_crypto_backend }}) Check whether subject behaves as expected"
assert:
that:
- result.subject.organizationalUnitName == 'ACME Department'
- "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
- "['organizationalUnitName', 'ACME Department'] in result.subject_ordered"
- name: Check SubjectKeyIdentifier and AuthorityKeyIdentifier
- name: "({{ select_crypto_backend }}) Check SubjectKeyIdentifier and AuthorityKeyIdentifier"
assert:
that:
- result.subject_key_identifier == "00:11:22:33"
@ -28,38 +28,38 @@
- "IP:1.2.3.4"
when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')
- name: Update result list
- name: "({{ select_crypto_backend }}) Update result list"
set_fact:
info_results: "{{ info_results + [result] }}"
- name: ({{select_crypto_backend}}) Get CSR info directly
- name: "({{ select_crypto_backend }}) Get CSR info directly"
openssl_csr_info:
content: '{{ lookup("file", output_dir ~ "/csr_1.csr") }}'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result_direct
- name: ({{select_crypto_backend}}) Compare output of direct and loaded info
- name: "({{ select_crypto_backend }}) Compare output of direct and loaded info"
assert:
that:
- result == result_direct
- name: ({{select_crypto_backend}}) Get CSR info
- name: "({{ select_crypto_backend }}) Get CSR info"
openssl_csr_info:
path: '{{ output_dir }}/csr_2.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: Update result list
- name: "({{ select_crypto_backend }}) Update result list"
set_fact:
info_results: "{{ info_results + [result] }}"
- name: ({{select_crypto_backend}}) Get CSR info
- name: "({{ select_crypto_backend }}) Get CSR info"
openssl_csr_info:
path: '{{ output_dir }}/csr_3.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: Check AuthorityKeyIdentifier
- name: "({{ select_crypto_backend }}) Check AuthorityKeyIdentifier"
assert:
that:
- result.authority_key_identifier is none
@ -71,17 +71,17 @@
- "IP:1.2.3.4"
when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')
- name: Update result list
- name: "({{ select_crypto_backend }}) Update result list"
set_fact:
info_results: "{{ info_results + [result] }}"
- name: ({{select_crypto_backend}}) Get CSR info
- name: "({{ select_crypto_backend }}) Get CSR info"
openssl_csr_info:
path: '{{ output_dir }}/csr_4.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: Check AuthorityKeyIdentifier
- name: "({{ select_crypto_backend }}) Check AuthorityKeyIdentifier"
assert:
that:
- result.authority_key_identifier == "44:55:66:77"
@ -89,6 +89,6 @@
- result.authority_cert_serial_number is none
when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')
- name: Update result list
- name: "({{ select_crypto_backend }}) Update result list"
set_fact:
info_results: "{{ info_results + [result] }}"

144
tests/integration/targets/openssl_privatekey/tasks/impl.yml
View File

@ -1,37 +1,37 @@
---
- name: Generate privatekey1 - standard
- name: "({{ select_crypto_backend }}) Generate privatekey1 - standard"
openssl_privatekey:
path: '{{ output_dir }}/privatekey1.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
register: privatekey1
- name: Generate privatekey1 - standard (idempotence)
- name: "({{ select_crypto_backend }}) Generate privatekey1 - standard (idempotence)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey1.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
register: privatekey1_idempotence
- name: Generate privatekey2 - size 2048
- name: "({{ select_crypto_backend }}) Generate privatekey2 - size 2048"
openssl_privatekey:
path: '{{ output_dir }}/privatekey2.pem'
size: 2048
select_crypto_backend: '{{ select_crypto_backend }}'
- name: Generate privatekey3 - type DSA
- name: "({{ select_crypto_backend }}) Generate privatekey3 - type DSA"
openssl_privatekey:
path: '{{ output_dir }}/privatekey3.pem'
type: DSA
size: 3072
select_crypto_backend: '{{ select_crypto_backend }}'
- name: Generate privatekey4 - standard
- name: "({{ select_crypto_backend }}) Generate privatekey4 - standard"
openssl_privatekey:
path: '{{ output_dir }}/privatekey4.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
- name: Delete privatekey4 - standard
- name: "({{ select_crypto_backend }}) Delete privatekey4 - standard"
openssl_privatekey:
state: absent
path: '{{ output_dir }}/privatekey4.pem'
@ -39,21 +39,21 @@
return_content: yes
register: privatekey4_delete
- name: Delete privatekey4 - standard (idempotence)
- name: "({{ select_crypto_backend }}) Delete privatekey4 - standard (idempotence)"
openssl_privatekey:
state: absent
path: '{{ output_dir }}/privatekey4.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey4_delete_idempotence
- name: Generate privatekey5 - standard - with passphrase
- name: "({{ select_crypto_backend }}) Generate privatekey5 - standard - with passphrase"
openssl_privatekey:
path: '{{ output_dir }}/privatekey5.pem'
passphrase: ansible
cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
select_crypto_backend: '{{ select_crypto_backend }}'
- name: Generate privatekey5 - standard - idempotence
- name: "({{ select_crypto_backend }}) Generate privatekey5 - standard - idempotence"
openssl_privatekey:
path: '{{ output_dir }}/privatekey5.pem'
passphrase: ansible
@ -61,7 +61,7 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey5_idempotence
- name: Generate privatekey6 - standard - with non-ASCII passphrase
- name: "({{ select_crypto_backend }}) Generate privatekey6 - standard - with non-ASCII passphrase"
openssl_privatekey:
path: '{{ output_dir }}/privatekey6.pem'
passphrase: ànsïblé
@ -132,7 +132,7 @@
min_cryptography_version: "0.5"
when: select_crypto_backend == 'cryptography'
- name: Test ECC key generation
- name: "({{ select_crypto_backend }}) Test ECC key generation"
openssl_privatekey:
path: '{{ output_dir }}/privatekey-{{ item.curve }}.pem'
type: ECC
@ -146,7 +146,7 @@
label: "{{ item.curve }}"
register: privatekey_ecc_generate
- name: Test ECC key generation (idempotency)
- name: "({{ select_crypto_backend }}) Test ECC key generation (idempotency)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey-{{ item.curve }}.pem'
type: ECC
@ -161,7 +161,7 @@
register: privatekey_ecc_idempotency
- block:
- name: Test other type generation
- name: "({{ select_crypto_backend }}) Test other type generation"
openssl_privatekey:
path: '{{ output_dir }}/privatekey-{{ item.type }}.pem'
type: "{{ item.type }}"
@ -173,7 +173,7 @@
ignore_errors: yes
register: privatekey_t1_generate
- name: Test other type generation (idempotency)
- name: "({{ select_crypto_backend }}) Test other type generation (idempotency)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey-{{ item.type }}.pem'
type: "{{ item.type }}"
@ -197,7 +197,7 @@
- type: X448
min_version: '2.6'
- name: Generate privatekey with passphrase
- name: "({{ select_crypto_backend }}) Generate privatekey with passphrase"
openssl_privatekey:
path: '{{ output_dir }}/privatekeypw.pem'
passphrase: hunter2
@ -206,7 +206,7 @@
backup: yes
register: passphrase_1
- name: Generate privatekey with passphrase (idempotent)
- name: "({{ select_crypto_backend }}) Generate privatekey with passphrase (idempotent)"
openssl_privatekey:
path: '{{ output_dir }}/privatekeypw.pem'
passphrase: hunter2
@ -215,21 +215,21 @@
backup: yes
register: passphrase_2
- name: Regenerate privatekey without passphrase
- name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase"
openssl_privatekey:
path: '{{ output_dir }}/privatekeypw.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes
register: passphrase_3
- name: Regenerate privatekey without passphrase (idempotent)
- name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase (idempotent)"
openssl_privatekey:
path: '{{ output_dir }}/privatekeypw.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes
register: passphrase_4
- name: Regenerate privatekey with passphrase
- name: "({{ select_crypto_backend }}) Regenerate privatekey with passphrase"
openssl_privatekey:
path: '{{ output_dir }}/privatekeypw.pem'
passphrase: hunter2
@ -238,17 +238,17 @@
backup: yes
register: passphrase_5
- name: Create broken key
- name: "({{ select_crypto_backend }}) Create broken key"
copy:
dest: "{{ output_dir }}/broken"
content: "broken"
- name: Regenerate broken key
- name: "({{ select_crypto_backend }}) Regenerate broken key"
openssl_privatekey:
path: '{{ output_dir }}/broken.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
register: output_broken
- name: Remove module
- name: "({{ select_crypto_backend }}) Remove module"
openssl_privatekey:
path: '{{ output_dir }}/privatekeypw.pem'
passphrase: hunter2
@ -258,7 +258,7 @@
state: absent
register: remove_1
- name: Remove module (idempotent)
- name: "({{ select_crypto_backend }}) Remove module (idempotent)"
openssl_privatekey:
path: '{{ output_dir }}/privatekeypw.pem'
passphrase: hunter2
@ -268,87 +268,87 @@
state: absent
register: remove_2
- name: Generate privatekey_mode (mode 0400)
- name: "({{ select_crypto_backend }}) Generate privatekey_mode (mode 0400)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_mode.pem'
mode: '0400'
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey_mode_1
- name: Stat for privatekey_mode
- name: "({{ select_crypto_backend }}) Stat for privatekey_mode"
stat:
path: '{{ output_dir }}/privatekey_mode.pem'
register: privatekey_mode_1_stat
- name: Generate privatekey_mode (mode 0400, idempotency)
- name: "({{ select_crypto_backend }}) Generate privatekey_mode (mode 0400, idempotency)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_mode.pem'
mode: '0400'
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey_mode_2
- name: Generate privatekey_mode (mode 0400, force)
- name: "({{ select_crypto_backend }}) Generate privatekey_mode (mode 0400, force)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_mode.pem'
mode: '0400'
force: yes
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey_mode_3
- name: Stat for privatekey_mode
- name: "({{ select_crypto_backend }}) Stat for privatekey_mode"
stat:
path: '{{ output_dir }}/privatekey_mode.pem'
register: privatekey_mode_3_stat
- block:
- name: Generate privatekey_fmt_1 - auto format
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - auto format"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_fmt_1.pem'
format: auto
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey_fmt_1_step_1
- name: Generate privatekey_fmt_1 - auto format (idempotent)
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - auto format (idempotent)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_fmt_1.pem'
format: auto
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey_fmt_1_step_2
- name: Generate privatekey_fmt_1 - PKCS1 format
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS1 format"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_fmt_1.pem'
format: pkcs1
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey_fmt_1_step_3
- name: Generate privatekey_fmt_1 - PKCS8 format
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_fmt_1.pem'
format: pkcs8
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey_fmt_1_step_4
- name: Generate privatekey_fmt_1 - PKCS8 format (idempotent)
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (idempotent)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_fmt_1.pem'
format: pkcs8
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey_fmt_1_step_5
- name: Generate privatekey_fmt_1 - auto format (ignore)
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - auto format (ignore)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_fmt_1.pem'
format: auto_ignore
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey_fmt_1_step_6
- name: Generate privatekey_fmt_1 - auto format (no ignore)
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - auto format (no ignore)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_fmt_1.pem'
format: auto
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey_fmt_1_step_7
- name: Generate privatekey_fmt_1 - raw format (fail)
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - raw format (fail)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_fmt_1.pem'
format: raw
@ -356,13 +356,13 @@
ignore_errors: yes
register: privatekey_fmt_1_step_8
- name: Generate privatekey_fmt_1 - PKCS8 format (convert)
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)"
openssl_privatekey_info:
path: '{{ output_dir }}/privatekey_fmt_1.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey_fmt_1_step_9_before
- name: Generate privatekey_fmt_1 - PKCS8 format (convert)
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_fmt_1.pem'
format: pkcs8
@ -370,7 +370,7 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey_fmt_1_step_9
- name: Generate privatekey_fmt_1 - PKCS8 format (convert)
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)"
openssl_privatekey_info:
path: '{{ output_dir }}/privatekey_fmt_1.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
@ -379,7 +379,7 @@
when: 'select_crypto_backend == "cryptography"'
- block:
- name: Generate privatekey_fmt_2 - PKCS8 format
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - PKCS8 format"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_fmt_2.pem'
type: X448
@ -388,7 +388,7 @@
ignore_errors: yes
register: privatekey_fmt_2_step_1
- name: Generate privatekey_fmt_2 - PKCS8 format (idempotent)
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - PKCS8 format (idempotent)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_fmt_2.pem'
type: X448
@ -397,7 +397,7 @@
ignore_errors: yes
register: privatekey_fmt_2_step_2
- name: Generate privatekey_fmt_2 - raw format
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - raw format"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_fmt_2.pem'
type: X448
@ -407,19 +407,19 @@
ignore_errors: yes
register: privatekey_fmt_2_step_3
- name: Read privatekey_fmt_2.pem
- name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem"
slurp:
src: "{{ output_dir }}/privatekey_fmt_2.pem"
ignore_errors: yes
register: content
- name: Generate privatekey_fmt_2 - verify that returned content is base64 encoded
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded"
assert:
that:
- privatekey_fmt_2_step_3.privatekey == content.content
when: privatekey_fmt_2_step_1 is not failed
- name: Generate privatekey_fmt_2 - raw format (idempotent)
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - raw format (idempotent)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_fmt_2.pem'
type: X448
@ -429,19 +429,19 @@
ignore_errors: yes
register: privatekey_fmt_2_step_4
- name: Read privatekey_fmt_2.pem
- name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem"
slurp:
src: "{{ output_dir }}/privatekey_fmt_2.pem"
ignore_errors: yes
register: content
- name: Generate privatekey_fmt_2 - verify that returned content is base64 encoded
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded"
assert:
that:
- privatekey_fmt_2_step_4.privatekey == content.content
when: privatekey_fmt_2_step_1 is not failed
- name: Generate privatekey_fmt_2 - auto format (ignore)
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - auto format (ignore)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_fmt_2.pem'
type: X448
@ -451,19 +451,19 @@
ignore_errors: yes
register: privatekey_fmt_2_step_5
- name: Read privatekey_fmt_2.pem
- name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem"
slurp:
src: "{{ output_dir }}/privatekey_fmt_2.pem"
ignore_errors: yes
register: content
- name: Generate privatekey_fmt_2 - verify that returned content is base64 encoded
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded"
assert:
that:
- privatekey_fmt_2_step_5.privatekey == content.content
when: privatekey_fmt_2_step_1 is not failed
- name: Generate privatekey_fmt_2 - auto format (no ignore)
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - auto format (no ignore)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey_fmt_2.pem'
type: X448
@ -473,7 +473,7 @@
ignore_errors: yes
register: privatekey_fmt_2_step_6
- name: Generate privatekey_fmt_2 - verify that returned content is not base64 encoded
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is not base64 encoded"
assert:
that:
- privatekey_fmt_2_step_6.privatekey == lookup('file', output_dir ~ '/privatekey_fmt_2.pem', rstrip=False)
@ -485,14 +485,14 @@
# Test regenerate option
- name: Regenerate - setup simple keys
- name: "({{ select_crypto_backend }}) Regenerate - setup simple keys"
openssl_privatekey:
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type: RSA
size: 1024
select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}"
- name: Regenerate - setup password protected keys
- name: "({{ select_crypto_backend }}) Regenerate - setup password protected keys"
openssl_privatekey:
path: '{{ output_dir }}/regenerate-b-{{ item }}.pem'
type: RSA
@ -501,14 +501,14 @@
cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}"
- name: Regenerate - setup broken keys
- name: "({{ select_crypto_backend }}) Regenerate - setup broken keys"
copy:
dest: '{{ output_dir }}/regenerate-c-{{ item }}.pem'
content: 'broken key'
mode: '0700'
loop: "{{ regenerate_values }}"
- name: Regenerate - modify broken keys (check mode)
- name: "({{ select_crypto_backend }}) Regenerate - modify broken keys (check mode)"
openssl_privatekey:
path: '{{ output_dir }}/regenerate-c-{{ item }}.pem'
type: RSA
@ -530,7 +530,7 @@
- result.results[3] is changed
- result.results[4] is changed
- name: Regenerate - modify broken keys
- name: "({{ select_crypto_backend }}) Regenerate - modify broken keys"
openssl_privatekey:
path: '{{ output_dir }}/regenerate-c-{{ item }}.pem'
type: RSA
@ -551,7 +551,7 @@
- result.results[3] is changed
- result.results[4] is changed
- name: Regenerate - modify password protected keys (check mode)
- name: "({{ select_crypto_backend }}) Regenerate - modify password protected keys (check mode)"
openssl_privatekey:
path: '{{ output_dir }}/regenerate-b-{{ item }}.pem'
type: RSA
@ -573,7 +573,7 @@
- result.results[3] is changed
- result.results[4] is changed
- name: Regenerate - modify password protected keys
- name: "({{ select_crypto_backend }}) Regenerate - modify password protected keys"
openssl_privatekey:
path: '{{ output_dir }}/regenerate-b-{{ item }}.pem'
type: RSA
@ -594,7 +594,7 @@
- result.results[3] is changed
- result.results[4] is changed
- name: Regenerate - not modify regular keys (check mode)
- name: "({{ select_crypto_backend }}) Regenerate - not modify regular keys (check mode)"
openssl_privatekey:
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type: RSA
@ -612,7 +612,7 @@
- result.results[3] is not changed
- result.results[4] is changed
- name: Regenerate - not modify regular keys
- name: "({{ select_crypto_backend }}) Regenerate - not modify regular keys"
openssl_privatekey:
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type: RSA
@ -629,7 +629,7 @@
- result.results[3] is not changed
- result.results[4] is changed
- name: Regenerate - adjust key size (check mode)
- name: "({{ select_crypto_backend }}) Regenerate - adjust key size (check mode)"
openssl_privatekey:
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type: RSA
@ -649,7 +649,7 @@
- result.results[3] is changed
- result.results[4] is changed
- name: Regenerate - adjust key size
- name: "({{ select_crypto_backend }}) Regenerate - adjust key size"
openssl_privatekey:
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type: RSA
@ -668,7 +668,7 @@
- result.results[3] is changed
- result.results[4] is changed
- name: Regenerate - redistribute keys
- name: "({{ select_crypto_backend }}) Regenerate - redistribute keys"
copy:
src: '{{ output_dir }}/regenerate-a-always.pem'
dest: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
@ -676,7 +676,7 @@
loop: "{{ regenerate_values }}"
when: "item != 'always'"
- name: Regenerate - adjust key type (check mode)
- name: "({{ select_crypto_backend }}) Regenerate - adjust key type (check mode)"
openssl_privatekey:
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type: DSA
@ -696,7 +696,7 @@
- result.results[3] is changed
- result.results[4] is changed
- name: Regenerate - adjust key type
- name: "({{ select_crypto_backend }}) Regenerate - adjust key type"
openssl_privatekey:
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type: DSA
@ -716,7 +716,7 @@
- result.results[4] is changed
- block:
- name: Regenerate - redistribute keys
- name: "({{ select_crypto_backend }}) Regenerate - redistribute keys"
copy:
src: '{{ output_dir }}/regenerate-a-always.pem'
dest: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
@ -724,7 +724,7 @@
loop: "{{ regenerate_values }}"
when: "item != 'always'"
- name: Regenerate - format mismatch (check mode)
- name: "({{ select_crypto_backend }}) Regenerate - format mismatch (check mode)"
openssl_privatekey:
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type: DSA
@ -745,7 +745,7 @@
- result.results[3] is changed
- result.results[4] is changed
- name: Regenerate - format mismatch
- name: "({{ select_crypto_backend }}) Regenerate - format mismatch"
openssl_privatekey:
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type: DSA
@ -765,7 +765,7 @@
- result.results[3] is changed
- result.results[4] is changed
- name: Regenerate - redistribute keys
- name: "({{ select_crypto_backend }}) Regenerate - redistribute keys"
copy:
src: '{{ output_dir }}/regenerate-a-always.pem'
dest: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
@ -773,7 +773,7 @@
loop: "{{ regenerate_values }}"
when: "item != 'always'"
- name: Regenerate - convert format (check mode)
- name: "({{ select_crypto_backend }}) Regenerate - convert format (check mode)"
openssl_privatekey:
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type: DSA
@ -793,7 +793,7 @@
- result.results[3] is changed
- result.results[4] is changed
- name: Regenerate - convert format
- name: "({{ select_crypto_backend }}) Regenerate - convert format"
openssl_privatekey:
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type: DSA

54
tests/integration/targets/openssl_privatekey/tests/validate.yml
View File

@ -2,7 +2,7 @@
- set_fact:
system_potentially_has_no_algorithm_support: "{{ ansible_os_family == 'FreeBSD' }}"
- name: Validate privatekey1 idempotency and content returned
- name: "({{ select_crypto_backend }}) Validate privatekey1 idempotency and content returned"
assert:
that:
- privatekey1_idempotence is not changed
@ -10,27 +10,27 @@
- privatekey1.privatekey == privatekey1_idempotence.privatekey
- name: Validate privatekey1 (test - RSA key with size 4096 bits)
- name: "({{ select_crypto_backend }}) Validate privatekey1 (test - RSA key with size 4096 bits)"
shell: "openssl rsa -noout -text -in {{ output_dir }}/privatekey1.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'"
register: privatekey1
- name: Validate privatekey1 (assert - RSA key with size 4096 bits)
- name: "({{ select_crypto_backend }}) Validate privatekey1 (assert - RSA key with size 4096 bits)"
assert:
that:
- privatekey1.stdout == '4096'
- name: Validate privatekey2 (test - RSA key with size 2048 bits)
- name: "({{ select_crypto_backend }}) Validate privatekey2 (test - RSA key with size 2048 bits)"
shell: "openssl rsa -noout -text -in {{ output_dir }}/privatekey2.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'"
register: privatekey2
- name: Validate privatekey2 (assert - RSA key with size 2048 bits)
- name: "({{ select_crypto_backend }}) Validate privatekey2 (assert - RSA key with size 2048 bits)"
assert:
that:
- privatekey2.stdout == '2048'
- name: Validate privatekey3 (test - DSA key with size 3072 bits)
- name: "({{ select_crypto_backend }}) Validate privatekey3 (test - DSA key with size 3072 bits)"
shell: "openssl dsa -noout -text -in {{ output_dir }}/privatekey3.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'"
register: privatekey3
@ -40,17 +40,17 @@
- privatekey3.stdout == '3072'
- name: Validate privatekey4 (test - Ensure key has been removed)
- name: "({{ select_crypto_backend }}) Validate privatekey4 (test - Ensure key has been removed)"
stat:
path: '{{ output_dir }}/privatekey4.pem'
register: privatekey4
- name: Validate privatekey4 (assert - Ensure key has been removed)
- name: "({{ select_crypto_backend }}) Validate privatekey4 (assert - Ensure key has been removed)"
assert:
that:
- privatekey4.stat.exists == False
- name: Validate privatekey4 removal behavior
- name: "({{ select_crypto_backend }}) Validate privatekey4 removal behavior"
assert:
that:
- privatekey4_delete is changed
@ -58,37 +58,37 @@
- privatekey4_delete_idempotence is not changed
- name: Validate privatekey5 (test - Passphrase protected key + idempotence)
- name: "({{ select_crypto_backend }}) Validate privatekey5 (test - Passphrase protected key + idempotence)"
shell: "openssl rsa -noout -text -in {{ output_dir }}/privatekey5.pem -passin pass:ansible | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'"
register: privatekey5
# Current version of OS/X that runs in the CI (10.11) does not have an up to date version of the OpenSSL library
# leading to this test to fail when run in the CI. However, this test has been run for 10.12 and has returned succesfully.
when: openssl_version.stdout is version('0.9.8zh', '>=')
- name: Validate privatekey5 (assert - Passphrase protected key + idempotence)
- name: "({{ select_crypto_backend }}) Validate privatekey5 (assert - Passphrase protected key + idempotence)"
assert:
that:
- privatekey5.stdout == '4096'
when: openssl_version.stdout is version('0.9.8zh', '>=')
- name: Validate privatekey5 idempotence (assert - Passphrase protected key + idempotence)
- name: "({{ select_crypto_backend }}) Validate privatekey5 idempotence (assert - Passphrase protected key + idempotence)"
assert:
that:
- privatekey5_idempotence is not changed
- name: Validate privatekey6 (test - Passphrase protected key with non ascii character)
- name: "({{ select_crypto_backend }}) Validate privatekey6 (test - Passphrase protected key with non ascii character)"
shell: "openssl rsa -noout -text -in {{ output_dir }}/privatekey6.pem -passin pass:ànsïblé | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'"
register: privatekey6
when: openssl_version.stdout is version('0.9.8zh', '>=')
- name: Validate privatekey6 (assert - Passphrase protected key with non ascii character)
- name: "({{ select_crypto_backend }}) Validate privatekey6 (assert - Passphrase protected key with non ascii character)"
assert:
that:
- privatekey6.stdout == '4096'
when: openssl_version.stdout is version('0.9.8zh', '>=')
- name: Validate ECC generation (dump with OpenSSL)
- name: "({{ select_crypto_backend }}) Validate ECC generation (dump with OpenSSL)"
shell: "openssl ec -in {{ output_dir }}/privatekey-{{ item.item.curve }}.pem -noout -text | grep 'ASN1 OID: ' | sed 's/ASN1 OID: \\([^ ]*\\)/\\1/'"
loop: "{{ privatekey_ecc_generate.results }}"
register: privatekey_ecc_dump
@ -96,7 +96,7 @@
loop_control:
label: "{{ item.item.curve }}"
- name: Validate ECC generation
- name: "({{ select_crypto_backend }}) Validate ECC generation"
assert:
that:
- item is changed
@ -105,7 +105,7 @@
loop_control:
label: "{{ item.item.curve }}"
- name: Validate ECC generation (curve type)
- name: "({{ select_crypto_backend }}) Validate ECC generation (curve type)"
assert:
that:
- "'skip_reason' in item or item.item.item.openssl_name == item.stdout"
@ -114,7 +114,7 @@
loop_control:
label: "{{ item.item.item }} - {{ item.stdout if 'stdout' in item else '<unsupported>' }}"
- name: Validate ECC generation idempotency
- name: "({{ select_crypto_backend }}) Validate ECC generation idempotency"
assert:
that:
- item is not changed
@ -123,7 +123,7 @@
loop_control:
label: "{{ item.item.curve }}"
- name: Validate other type generation (just check changed)
- name: "({{ select_crypto_backend }}) Validate other type generation (just check changed)"
assert:
that:
- (item is succeeded and item is changed) or
@ -133,7 +133,7 @@
loop_control:
label: "{{ item.item.type }}"
- name: Validate other type generation idempotency
- name: "({{ select_crypto_backend }}) Validate other type generation idempotency"
assert:
that:
- (item is succeeded and item is not changed) or
@ -143,7 +143,7 @@
loop_control:
label: "{{ item.item.type }}"
- name: Validate passphrase changing
- name: "({{ select_crypto_backend }}) Validate passphrase changing"
assert:
that:
- passphrase_1 is changed
@ -157,12 +157,12 @@
- passphrase_4.backup_file is undefined
- passphrase_5.backup_file is string
- name: Verify that broken key will be regenerated
- name: "({{ select_crypto_backend }}) Verify that broken key will be regenerated"
assert:
that:
- output_broken is changed
- name: Validate remove
- name: "({{ select_crypto_backend }}) Validate remove"
assert:
that:
- remove_1 is changed
@ -170,7 +170,7 @@
- remove_1.backup_file is string
- remove_2.backup_file is undefined
- name: Validate mode
- name: "({{ select_crypto_backend }}) Validate mode"
assert:
that:
- privatekey_mode_1 is changed
@ -180,7 +180,7 @@
- privatekey_mode_3_stat.stat.mode == '0400'
- privatekey_mode_1_stat.stat.mtime != privatekey_mode_3_stat.stat.mtime
- name: Validate format 1
- name: "({{ select_crypto_backend }}) Validate format 1"
assert:
that:
- privatekey_fmt_1_step_1 is changed
@ -195,7 +195,7 @@
- privatekey_fmt_1_step_9_before.public_key == privatekey_fmt_1_step_9_after.public_key
when: 'select_crypto_backend == "cryptography"'
- name: Validate format 2 (failed)
- name: "({{ select_crypto_backend }}) Validate format 2 (failed)"
assert:
that:
- system_potentially_has_no_algorithm_support
@ -203,7 +203,7 @@
- "'Cryptography backend does not support the algorithm required for ' in privatekey_fmt_2_step_1.msg"
when: 'select_crypto_backend == "cryptography" and cryptography_version.stdout is version("2.6", ">=") and privatekey_fmt_2_step_1 is failed'
- name: Validate format 2
- name: "({{ select_crypto_backend }}) Validate format 2"
assert:
that:
- privatekey_fmt_2_step_1 is succeeded and privatekey_fmt_2_step_1 is changed

52
tests/integration/targets/openssl_publickey/tasks/impl.yml
View File

@ -1,9 +1,9 @@
---
- name: Generate privatekey
- name: "({{ select_crypto_backend }}) Generate privatekey"
openssl_privatekey:
path: '{{ output_dir }}/privatekey.pem'
- name: Generate publickey - PEM format
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format"
openssl_publickey:
path: '{{ output_dir }}/publickey.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -11,7 +11,7 @@
return_content: yes
register: publickey
- name: Generate publickey - PEM format (idempotence)
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (idempotence)"
openssl_publickey:
path: '{{ output_dir }}/publickey.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -19,7 +19,7 @@
return_content: yes
register: publickey_idempotence
- name: Generate publickey - OpenSSH format
- name: "({{ select_crypto_backend }}) Generate publickey - OpenSSH format"
openssl_publickey:
path: '{{ output_dir }}/publickey-ssh.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -27,7 +27,7 @@
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=')
- name: Generate publickey - OpenSSH format - test idempotence (issue 33256)
- name: "({{ select_crypto_backend }}) Generate publickey - OpenSSH format - test idempotence (issue 33256)"
openssl_publickey:
path: '{{ output_dir }}/publickey-ssh.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -36,13 +36,13 @@
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=')
register: publickey_ssh_idempotence
- name: Generate publickey2 - standard
- name: "({{ select_crypto_backend }}) Generate publickey2 - standard"
openssl_publickey:
path: '{{ output_dir }}/publickey2.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
- name: Delete publickey2 - standard
- name: "({{ select_crypto_backend }}) Delete publickey2 - standard"
openssl_publickey:
state: absent
path: '{{ output_dir }}/publickey2.pub'
@ -51,7 +51,7 @@
return_content: yes
register: publickey2_absent
- name: Delete publickey2 - standard (idempotence)
- name: "({{ select_crypto_backend }}) Delete publickey2 - standard (idempotence)"
openssl_publickey:
state: absent
path: '{{ output_dir }}/publickey2.pub'
@ -59,20 +59,20 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: publickey2_absent_idempotence
- name: Generate privatekey3 - with passphrase
- name: "({{ select_crypto_backend }}) Generate privatekey3 - with passphrase"
openssl_privatekey:
path: '{{ output_dir }}/privatekey3.pem'
passphrase: ansible
cipher: aes256
- name: Generate publickey3 - with passphrase protected privatekey
- name: "({{ select_crypto_backend }}) Generate publickey3 - with passphrase protected privatekey"
openssl_publickey:
path: '{{ output_dir }}/publickey3.pub'
privatekey_path: '{{ output_dir }}/privatekey3.pem'
privatekey_passphrase: ansible
select_crypto_backend: '{{ select_crypto_backend }}'
- name: Generate publickey3 - with passphrase protected privatekey - idempotence
- name: "({{ select_crypto_backend }}) Generate publickey3 - with passphrase protected privatekey - idempotence"
openssl_publickey:
path: '{{ output_dir }}/publickey3.pub'
privatekey_path: '{{ output_dir }}/privatekey3.pem'
@ -80,38 +80,38 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: publickey3_idempotence
- name: Generate empty file that will hold a public key (issue 33072)
- name: "({{ select_crypto_backend }}) Generate empty file that will hold a public key (issue 33072)"
file:
path: '{{ output_dir }}/publickey4.pub'
state: touch
- name: Generate publickey in empty existing file (issue 33072)
- name: "({{ select_crypto_backend }}) Generate publickey in empty existing file (issue 33072)"
openssl_publickey:
path: '{{ output_dir }}/publickey4.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
- name: Generate privatekey 5 (ECC)
- name: "({{ select_crypto_backend }}) Generate privatekey 5 (ECC)"
openssl_privatekey:
path: '{{ output_dir }}/privatekey5.pem'
type: ECC
curve: secp256r1
- name: Generate publickey 5 - PEM format
- name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format"
openssl_publickey:
path: '{{ output_dir }}/publickey5.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
backup: yes
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey5_1
- name: Generate publickey 5 - PEM format (idempotent)
- name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (idempotent)"
openssl_publickey:
path: '{{ output_dir }}/publickey5.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
backup: yes
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey5_2
- name: Generate publickey 5 - PEM format (different private key)
- name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (different private key)"
openssl_publickey:
path: '{{ output_dir }}/publickey5.pub'
privatekey_path: '{{ output_dir }}/privatekey5.pem'
@ -119,14 +119,14 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey5_3
- name: Generate privatekey with password
- name: "({{ select_crypto_backend }}) Generate privatekey with password"
openssl_privatekey:
path: '{{ output_dir }}/privatekeypw.pem'
passphrase: hunter2
cipher: auto
select_crypto_backend: cryptography
- name: Generate publickey - PEM format (failed passphrase 1)
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 1)"
openssl_publickey:
path: '{{ output_dir }}/publickey_pw1.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
@ -135,7 +135,7 @@
ignore_errors: yes
register: passphrase_error_1
- name: Generate publickey - PEM format (failed passphrase 2)
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 2)"
openssl_publickey:
path: '{{ output_dir }}/publickey_pw2.pub'
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
@ -144,7 +144,7 @@
ignore_errors: yes
register: passphrase_error_2
- name: Generate publickey - PEM format (failed passphrase 3)
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 3)"
openssl_publickey:
path: '{{ output_dir }}/publickey_pw3.pub'
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
@ -152,23 +152,23 @@
ignore_errors: yes
register: passphrase_error_3
- name: Create broken key
- name: "({{ select_crypto_backend }}) Create broken key"
copy:
dest: "{{ output_dir }}/publickeybroken.pub"
content: "broken"
- name: Regenerate broken key
- name: "({{ select_crypto_backend }}) Regenerate broken key"
openssl_publickey:
path: '{{ output_dir }}/publickeybroken.pub'
privatekey_path: '{{ output_dir }}/privatekey5.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
register: output_broken
- name: Generate publickey - PEM format (for removal)
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (for removal)"
openssl_publickey:
path: '{{ output_dir }}/publickey_removal.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
- name: Generate publickey - PEM format (removal)
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (removal)"
openssl_publickey:
state: absent
path: '{{ output_dir }}/publickey_removal.pub'
@ -176,7 +176,7 @@
backup: yes
select_crypto_backend: '{{ select_crypto_backend }}'
register: remove_1
- name: Generate publickey - PEM format (removal, idempotent)
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (removal, idempotent)"
openssl_publickey:
state: absent
path: '{{ output_dir }}/publickey_removal.pub'

48
tests/integration/targets/openssl_publickey/tests/validate.yml
View File

@ -1,5 +1,5 @@
---
- name: Validate publickey 1 idempotence and result behavior
- name: "({{ select_crypto_backend }}) Validate publickey 1 idempotence and result behavior"
assert:
that:
- publickey is changed
@ -7,53 +7,53 @@
- publickey.publickey == lookup('file', output_dir ~ '/publickey.pub', rstrip=False)
- publickey.publickey == publickey_idempotence.publickey
- name: Validate public key (test - privatekey modulus)
- name: "({{ select_crypto_backend }}) Validate public key (test - privatekey modulus)"
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'
register: privatekey_modulus
- name: Validate public key (test - publickey modulus)
- name: "({{ select_crypto_backend }}) Validate public key (test - publickey modulus)"
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey.pub'
register: publickey_modulus
- name: Validate public key (assert)
- name: "({{ select_crypto_backend }}) Validate public key (assert)"
assert:
that:
- publickey_modulus.stdout == privatekey_modulus.stdout
- name: Validate public key - OpenSSH format (test - privatekey's publickey)
- name: "({{ select_crypto_backend }}) Validate public key - OpenSSH format (test - privatekey's publickey)"
shell: 'ssh-keygen -y -f {{ output_dir }}/privatekey.pem'
register: privatekey_publickey
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=')
- name: Validate public key - OpenSSH format (test - publickey)
- name: "({{ select_crypto_backend }}) Validate public key - OpenSSH format (test - publickey)"
slurp:
src: '{{ output_dir }}/publickey-ssh.pub'
register: publickey
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=')
- name: Validate public key - OpenSSH format (assert)
- name: "({{ select_crypto_backend }}) Validate public key - OpenSSH format (assert)"
assert:
that:
- privatekey_publickey.stdout == '{{ publickey.content|b64decode }}'
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=')
- name: Validate public key - OpenSSH format - test idempotence (issue 33256)
- name: "({{ select_crypto_backend }}) Validate public key - OpenSSH format - test idempotence (issue 33256)"
assert:
that:
- publickey_ssh_idempotence is not changed
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=')
- name: Validate publickey2 (test - Ensure key has been removed)
- name: "({{ select_crypto_backend }}) Validate publickey2 (test - Ensure key has been removed)"
stat:
path: '{{ output_dir }}/publickey2.pub'
register: publickey2
- name: Validate publickey2 (assert - Ensure key has been removed)
- name: "({{ select_crypto_backend }}) Validate publickey2 (assert - Ensure key has been removed)"
assert:
that:
- publickey2.stat.exists == False
- name: Validate publickey2 removal behavior
- name: "({{ select_crypto_backend }}) Validate publickey2 removal behavior"
assert:
that:
- publickey2_absent is changed
@ -61,44 +61,44 @@
- publickey2_absent.publickey is none
- name: Validate publickey3 (test - privatekey modulus)
- name: "({{ select_crypto_backend }}) Validate publickey3 (test - privatekey modulus)"
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey3.pem -passin pass:ansible'
register: privatekey3_modulus
when: openssl_version.stdout is version('0.9.8zh', '>=')
- name: Validate publickey3 (test - publickey modulus)
- name: "({{ select_crypto_backend }}) Validate publickey3 (test - publickey modulus)"
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey3.pub'
register: publickey3_modulus
when: openssl_version.stdout is version('0.9.8zh', '>=')
- name: Validate publickey3 (assert)
- name: "({{ select_crypto_backend }}) Validate publickey3 (assert)"
assert:
that:
- publickey3_modulus.stdout == privatekey3_modulus.stdout
when: openssl_version.stdout is version('0.9.8zh', '>=')
- name: Validate publickey3 idempotence (assert)
- name: "({{ select_crypto_backend }}) Validate publickey3 idempotence (assert)"
assert:
that:
- publickey3_idempotence is not changed
- name: Validate publickey4 (test - privatekey modulus)
- name: "({{ select_crypto_backend }}) Validate publickey4 (test - privatekey modulus)"
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'
register: privatekey4_modulus
when: openssl_version.stdout is version('0.9.8zh', '>=')
- name: Validate publickey4 (test - publickey modulus)
- name: "({{ select_crypto_backend }}) Validate publickey4 (test - publickey modulus)"
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey4.pub'
register: publickey4_modulus
when: openssl_version.stdout is version('0.9.8zh', '>=')
- name: Validate publickey4 (assert)
- name: "({{ select_crypto_backend }}) Validate publickey4 (assert)"
assert:
that:
- publickey4_modulus.stdout == privatekey4_modulus.stdout
when: openssl_version.stdout is version('0.9.8zh', '>=')
- name: Validate idempotency and backup
- name: "({{ select_crypto_backend }}) Validate idempotency and backup"
assert:
that:
- privatekey5_1 is changed
@ -108,16 +108,16 @@
- privatekey5_3 is changed
- privatekey5_3.backup_file is string
- name: Validate public key 5 (test - privatekey's pubkey)
- name: "({{ select_crypto_backend }}) Validate public key 5 (test - privatekey's pubkey)"
command: 'openssl ec -in {{ output_dir }}/privatekey5.pem -pubout'
register: privatekey5_pubkey
- name: Validate public key 5 (test - publickey pubkey)
- name: "({{ select_crypto_backend }}) Validate public key 5 (test - publickey pubkey)"
# Fancy way of writing "cat {{ output_dir }}/publickey5.pub"
command: 'openssl ec -pubin -in {{ output_dir }}/publickey5.pub -pubout'
register: publickey5_pubkey
- name: Validate public key 5 (assert)
- name: "({{ select_crypto_backend }}) Validate public key 5 (assert)"
assert:
that:
- publickey5_pubkey.stdout == privatekey5_pubkey.stdout
@ -132,12 +132,12 @@
- passphrase_error_3 is failed
- "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg"
- name: Verify that broken key will be regenerated
- name: "({{ select_crypto_backend }}) Verify that broken key will be regenerated"
assert:
that:
- output_broken is changed
- name: Validate remove
- name: "({{ select_crypto_backend }}) Validate remove"
assert:
that:
- remove_1 is changed