a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add tests for acme_certificate_deactivate_authz module. (#744)

pull/745/head
Felix Fontein 2024-05-01 11:30:07 +02:00 committed by GitHub
parent d906914737
commit 9501a28a93
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 229 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
tests/integration/targets/acme_certificate_deactivate_authz/aliases Normal file
View File

@ -0,0 +1,10 @@
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
azp/generic/1
azp/posix/1
cloud/acme
# For some reason connecting to helper containers does not work on the Alpine VMs
skip/alpine

8
tests/integration/targets/acme_certificate_deactivate_authz/meta/main.yml Normal file
View File

@ -0,0 +1,8 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
dependencies:
- setup_acme
- setup_remote_tmp_dir

154
tests/integration/targets/acme_certificate_deactivate_authz/tasks/impl.yml Normal file
View File

@ -0,0 +1,154 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- vars:
certificate_name: cert-1
subject_alt_name: DNS:example.com
account_email: example@example.org
block:
- name: Generate account key
openssl_privatekey:
path: "{{ remote_tmp_dir }}/account-ec256.pem"
type: ECC
curve: secp256r1
force: true
- name: Create cert private key
openssl_privatekey:
path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key"
type: ECC
curve: secp256r1
force: true
- name: Create cert CSR
openssl_csr:
path: "{{ remote_tmp_dir }}/{{ certificate_name }}.csr"
privatekey_path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key"
subject_alt_name: "{{ subject_alt_name }}"
- name: Start process of obtaining certificate
acme_certificate:
select_crypto_backend: "{{ select_crypto_backend }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
modify_account: true
csr: "{{ remote_tmp_dir }}/{{ certificate_name }}.csr"
dest: "{{ remote_tmp_dir }}/{{ certificate_name }}.pem"
challenge: http-01
force: true
terms_agreed: true
account_email: "{{ account_email }}"
register: certificate_data
- name: Inspect order
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
account_uri: "{{ certificate_data.account_uri }}"
url: "{{ certificate_data.order_uri }}"
method: get
register: order_1
- name: Show order
debug:
var: order_1.output_json
- name: Deactivate order (check mode)
acme_certificate_deactivate_authz:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
account_uri: "{{ certificate_data.account_uri }}"
order_uri: "{{ certificate_data.order_uri }}"
check_mode: true
register: deactivate_1
- name: Inspect order again
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
account_uri: "{{ certificate_data.account_uri }}"
url: "{{ certificate_data.order_uri }}"
method: get
register: order_2
- name: Show order
debug:
var: order_2.output_json
- name: Deactivate order
acme_certificate_deactivate_authz:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
account_uri: "{{ certificate_data.account_uri }}"
order_uri: "{{ certificate_data.order_uri }}"
register: deactivate_2
- name: Inspect order again
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
account_uri: "{{ certificate_data.account_uri }}"
url: "{{ certificate_data.order_uri }}"
method: get
register: order_3
- name: Show order
debug:
var: order_3.output_json
- name: Deactivate order (check mode, idempotent)
acme_certificate_deactivate_authz:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
account_uri: "{{ certificate_data.account_uri }}"
order_uri: "{{ certificate_data.order_uri }}"
check_mode: true
register: deactivate_3
- name: Inspect order again
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
account_uri: "{{ certificate_data.account_uri }}"
url: "{{ certificate_data.order_uri }}"
method: get
register: order_4
- name: Show order
debug:
var: order_4.output_json
- name: Deactivate order (idempotent)
acme_certificate_deactivate_authz:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
account_uri: "{{ certificate_data.account_uri }}"
order_uri: "{{ certificate_data.order_uri }}"
register: deactivate_4
- name: Inspect order again
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
account_uri: "{{ certificate_data.account_uri }}"
url: "{{ certificate_data.order_uri }}"
method: get
register: order_5
- name: Show order
debug:
var: order_5.output_json

40
tests/integration/targets/acme_certificate_deactivate_authz/tasks/main.yml Normal file
View File

@ -0,0 +1,40 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
- block:
- name: Running tests with OpenSSL backend
include_tasks: impl.yml
vars:
select_crypto_backend: openssl
- import_tasks: ../tests/validate.yml
# Old 0.9.8 versions have insufficient CLI support for signing with EC keys
when: openssl_version.stdout is version('1.0.0', '>=')
- name: Remove output directory
file:
path: "{{ remote_tmp_dir }}"
state: absent
- name: Re-create output directory
file:
path: "{{ remote_tmp_dir }}"
state: directory
- block:
- name: Running tests with cryptography backend
include_tasks: impl.yml
vars:
select_crypto_backend: cryptography
- import_tasks: ../tests/validate.yml
when: cryptography_version.stdout is version('1.5', '>=')

17
tests/integration/targets/acme_certificate_deactivate_authz/tests/validate.yml Normal file
View File

@ -0,0 +1,17 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: Checks
assert:
that:
- order_1.output_json.status == 'pending'
- deactivate_1 is changed
- order_2.output_json.status == 'pending'
- deactivate_2 is changed
- order_3.output_json.status == 'deactivated'
- deactivate_3 is not changed
- order_4.output_json.status == 'deactivated'
- deactivate_4 is not changed
- order_5.output_json.status == 'deactivated'