--- - name: Create CRL 1 (check mode) x509_crl: path: '{{ output_dir }}/ca-crl1.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ output_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z check_mode: yes register: crl_1_check - name: Create CRL 1 x509_crl: path: '{{ output_dir }}/ca-crl1.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ output_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z register: crl_1 - name: Retrieve CRL 1 infos x509_crl_info: path: '{{ output_dir }}/ca-crl1.crl' register: crl_1_info_1 - name: Retrieve CRL 1 infos via file content x509_crl_info: content: '{{ lookup("file", output_dir ~ "/ca-crl1.crl") }}' register: crl_1_info_2 - name: Retrieve CRL 1 infos via file content (Base64) x509_crl_info: content: '{{ lookup("file", output_dir ~ "/ca-crl1.crl") | b64encode }}' register: crl_1_info_3 - name: Create CRL 1 (idempotent, check mode) x509_crl: path: '{{ output_dir }}/ca-crl1.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ output_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z check_mode: yes register: crl_1_idem_check - name: Create CRL 1 (idempotent) x509_crl: path: '{{ output_dir }}/ca-crl1.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ output_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z register: crl_1_idem - name: Create CRL 1 (idempotent with content, check mode) x509_crl: path: '{{ output_dir }}/ca-crl1.crl' privatekey_content: "{{ lookup('file', output_dir ~ '/ca.key') }}" issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - content: "{{ lookup('file', output_dir ~ '/cert-1.pem') }}" revocation_date: 20191013000000Z - content: "{{ lookup('file', output_dir ~ '/cert-2.pem') }}" revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z check_mode: yes register: crl_1_idem_content_check - name: Create CRL 1 (idempotent with content) x509_crl: path: '{{ output_dir }}/ca-crl1.crl' privatekey_content: "{{ lookup('file', output_dir ~ '/ca.key') }}" issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - content: "{{ lookup('file', output_dir ~ '/cert-1.pem') }}" revocation_date: 20191013000000Z - content: "{{ lookup('file', output_dir ~ '/cert-2.pem') }}" revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z register: crl_1_idem_content - name: Create CRL 1 (format, check mode) x509_crl: path: '{{ output_dir }}/ca-crl1.crl' privatekey_path: '{{ output_dir }}/ca.key' format: der issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ output_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z check_mode: yes register: crl_1_format_check - name: Create CRL 1 (format) x509_crl: path: '{{ output_dir }}/ca-crl1.crl' privatekey_path: '{{ output_dir }}/ca.key' format: der issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ output_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z register: crl_1_format - name: Create CRL 1 (format, idempotent, check mode) x509_crl: path: '{{ output_dir }}/ca-crl1.crl' privatekey_path: '{{ output_dir }}/ca.key' format: der issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ output_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z check_mode: yes register: crl_1_format_idem_check - name: Create CRL 1 (format, idempotent) x509_crl: path: '{{ output_dir }}/ca-crl1.crl' privatekey_path: '{{ output_dir }}/ca.key' format: der issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ output_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z return_content: yes register: crl_1_format_idem - name: Retrieve CRL 1 infos via file x509_crl_info: path: '{{ output_dir }}/ca-crl1.crl' register: crl_1_info_4 - name: Read ca-crl1.crl slurp: src: "{{ output_dir }}/ca-crl1.crl" register: content - name: Retrieve CRL 1 infos via file content (Base64) x509_crl_info: content: '{{ content.content }}' register: crl_1_info_5 - name: Create CRL 2 (check mode) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' - path: '{{ output_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 check_mode: yes register: crl_2_check - name: Create CRL 2 x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' - path: '{{ output_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 register: crl_2 - name: Create CRL 2 (idempotent, check mode) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' - path: '{{ output_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 ignore_timestamps: yes check_mode: yes register: crl_2_idem_check - name: Create CRL 2 (idempotent) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' - path: '{{ output_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 ignore_timestamps: yes register: crl_2_idem - name: Create CRL 2 (idempotent update, check mode) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - serial_number: 1235 ignore_timestamps: yes mode: update check_mode: yes register: crl_2_idem_update_change_check - name: Create CRL 2 (idempotent update) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - serial_number: 1235 ignore_timestamps: yes mode: update register: crl_2_idem_update_change - name: Create CRL 2 (idempotent update, check mode) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - path: '{{ output_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z ignore_timestamps: yes mode: update check_mode: yes register: crl_2_idem_update_check - name: Create CRL 2 (idempotent update) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - path: '{{ output_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z ignore_timestamps: yes mode: update register: crl_2_idem_update - name: Create CRL 2 (changed timestamps, check mode) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - path: '{{ output_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z ignore_timestamps: no mode: update check_mode: yes register: crl_2_change_check - name: Create CRL 2 (changed timestamps) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - path: '{{ output_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z ignore_timestamps: no mode: update return_content: yes register: crl_2_change