--- - name: Create CRL 1 (check mode) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z check_mode: true register: crl_1_check - name: Create CRL 1 x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z register: crl_1 - assert: that: - crl_1_check is changed - crl_1 is changed - name: Retrieve CRL 1 infos x509_crl_info: path: '{{ remote_tmp_dir }}/ca-crl1.crl' register: crl_1_info_1 - name: ({{select_crypto_backend}}) Read ca-crl1.crl slurp: src: '{{ remote_tmp_dir }}/ca-crl1.crl' register: slurp - name: Retrieve CRL 1 infos via file content x509_crl_info: content: '{{ slurp.content | b64decode }}' register: crl_1_info_2 - name: Retrieve CRL 1 infos via file content (Base64) x509_crl_info: content: '{{ slurp.content }}' register: crl_1_info_3 - name: Create CRL 1 (idempotent, check mode) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z check_mode: yes register: crl_1_idem_check - name: Create CRL 1 (idempotent) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z register: crl_1_idem - name: ({{select_crypto_backend}}) Read file slurp: src: '{{ remote_tmp_dir }}/{{ item }}' loop: - ca.key - cert-1.pem - cert-2.pem register: slurp - name: Create CRL 1 (idempotent with content, check mode) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_content: "{{ slurp.results[0].content | b64decode }}" issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - content: "{{ slurp.results[1].content | b64decode }}" revocation_date: 20191013000000Z - content: "{{ slurp.results[2].content | b64decode }}" revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z check_mode: yes register: crl_1_idem_content_check - name: Create CRL 1 (idempotent with content) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_content: "{{ slurp.results[0].content | b64decode }}" issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - content: "{{ slurp.results[1].content | b64decode }}" revocation_date: 20191013000000Z - content: "{{ slurp.results[2].content | b64decode }}" revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z register: crl_1_idem_content - name: Create CRL 1 (format, check mode) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' format: der issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z check_mode: yes register: crl_1_format_check - name: Create CRL 1 (format) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' format: der issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z register: crl_1_format - name: Create CRL 1 (format, idempotent, check mode) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' format: der issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z check_mode: yes register: crl_1_format_idem_check - name: Create CRL 1 (format, idempotent) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' format: der issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z return_content: yes register: crl_1_format_idem - name: Retrieve CRL 1 infos via file x509_crl_info: path: '{{ remote_tmp_dir }}/ca-crl1.crl' register: crl_1_info_4 - name: Read ca-crl1.crl slurp: src: "{{ remote_tmp_dir }}/ca-crl1.crl" register: content - name: Retrieve CRL 1 infos via file content (Base64) x509_crl_info: content: '{{ content.content }}' register: crl_1_info_5 - name: Create CRL 2 (check mode) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: - CN: Ansible - CN: CRL - countryName: US - CN: Test last_update: +0d next_update: +0d revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-1.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 check_mode: yes register: crl_2_check - name: Create CRL 2 x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: - CN: Ansible - CN: CRL - countryName: US - CN: Test last_update: +0d next_update: +0d revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-1.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 register: crl_2 - name: Create CRL 2 (idempotent, check mode) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: - CN: Ansible - CN: CRL - C: US - CN: Test last_update: +0d next_update: +0d revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-1.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 ignore_timestamps: yes check_mode: yes register: crl_2_idem_check - name: Create CRL 2 (idempotent) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: - CN: Ansible - CN: CRL - countryName: US - CN: Test last_update: +0d next_update: +0d revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-1.pem' - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 ignore_timestamps: yes register: crl_2_idem - name: Create CRL 2 (idempotent update, check mode) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: - CN: Ansible - CN: CRL - countryName: US - CN: Test last_update: +0d next_update: +0d revoked_certificates: - serial_number: 1235 ignore_timestamps: yes mode: update check_mode: yes register: crl_2_idem_update_change_check - name: Create CRL 2 (idempotent update) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: - CN: Ansible - CN: CRL - countryName: US - CN: Test last_update: +0d next_update: +0d revoked_certificates: - serial_number: 1235 ignore_timestamps: yes mode: update register: crl_2_idem_update_change - name: Create CRL 2 (idempotent update, check mode) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: - CN: Ansible - CN: CRL - countryName: US - CN: Test last_update: +0d next_update: +0d revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z ignore_timestamps: yes mode: update check_mode: yes register: crl_2_idem_update_check - name: Create CRL 2 (idempotent update) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: - CN: Ansible - CN: CRL - countryName: US - CN: Test last_update: +0d next_update: +0d revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z ignore_timestamps: yes mode: update register: crl_2_idem_update - name: Create CRL 2 (changed timestamps, check mode) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: - CN: Ansible - CN: CRL - countryName: US - CN: Test last_update: +0d next_update: +0d revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z ignore_timestamps: no mode: update check_mode: yes register: crl_2_change_check - name: Create CRL 2 (changed timestamps) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: - CN: Ansible - CN: CRL - countryName: US - CN: Test last_update: +0d next_update: +0d revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z ignore_timestamps: no mode: update return_content: yes register: crl_2_change - name: Read ca-crl2.crl slurp: src: '{{ remote_tmp_dir }}/ca-crl2.crl' register: slurp_crl2_1 - name: Retrieve CRL 2 infos x509_crl_info: path: '{{ remote_tmp_dir }}/ca-crl2.crl' list_revoked_certificates: false register: crl_2_info_1 - name: Create CRL 2 (changed order, should be ignored) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: countryName: US CN: - Ansible - CRL - Test last_update: +0d next_update: +0d revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z ignore_timestamps: true mode: update return_content: yes register: crl_2_change_order_ignore - name: Create CRL 2 (changed order) x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: - CN: Ansible - countryName: US - CN: CRL - CN: Test last_update: +0d next_update: +0d revoked_certificates: - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z ignore_timestamps: true mode: update return_content: yes register: crl_2_change_order - name: Read ca-crl2.crl slurp: src: '{{ remote_tmp_dir }}/ca-crl2.crl' register: slurp_crl2_2 - name: Retrieve CRL 2 infos again x509_crl_info: path: '{{ remote_tmp_dir }}/ca-crl2.crl' list_revoked_certificates: false register: crl_2_info_2 - name: Create CRL 3 x509_crl: path: '{{ remote_tmp_dir }}/ca-crl3.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - serial_number: 1234 revocation_date: 20191001000000Z issuer: - "DNS:ca.example.org" issuer_critical: true register: crl_3 - name: Retrieve CRL 3 infos x509_crl_info: path: '{{ remote_tmp_dir }}/ca-crl3.crl' list_revoked_certificates: true register: crl_3_info