a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
community.crypto/tests/integration/targets/openssh_keypair/tests/invalid.yml

132 lines
4.0 KiB
YAML
Raw Blame History

---
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
- name: "({{ backend }}) Generate key - broken"
copy:
dest: '{{ item }}'
content: ''
mode: '0700'
loop:
- "{{ output_dir }}/broken"
- "{{ output_dir }}/broken.pub"
- name: "({{ backend }}) Regenerate key - broken"
openssh_keypair:
path: "{{ output_dir }}/broken"
backend: "{{ backend }}"
register: broken_output
ignore_errors: true
- name: "({{ backend }}) Assert broken key causes failure - broken"
assert:
that:
- broken_output is failed
- "'Unable to read the key. The key is protected with a passphrase or broken.' in broken_output.msg"
- name: "({{ backend }}) Regenerate key with force - broken"
openssh_keypair:
path: "{{ output_dir }}/broken"
backend: "{{ backend }}"
force: true
register: force_broken_output
- name: "({{ backend }}) Assert broken key regenerated when 'force=true' - broken"
assert:
that:
- force_broken_output is changed
- name: "({{ backend }}) Remove key - broken"
openssh_keypair:
path: "{{ output_dir }}/broken"
backend: "{{ backend }}"
state: absent
- name: "({{ backend }}) Generate key - write-only"
openssh_keypair:
path: "{{ output_dir }}/write-only"
mode: "0200"
backend: "{{ backend }}"
- name: "({{ backend }}) Check private key status - write-only"
stat:
path: '{{ output_dir }}/write-only'
register: write_only_private_key
- name: "({{ backend }}) Check public key status - write-only"
stat:
path: '{{ output_dir }}/write-only.pub'
register: write_only_public_key
- name: "({{ backend }}) Assert that private and public keys match permissions - write-only"
assert:
that:
- write_only_private_key.stat.mode == '0200'
- write_only_public_key.stat.mode == '0200'
- name: "({{ backend }}) Regenerate key with force - write-only"
openssh_keypair:
path: "{{ output_dir }}/write-only"
backend: "{{ backend }}"
force: true
register: write_only_output
- name: "({{ backend }}) Check private key status after regeneration - write-only"
stat:
path: '{{ output_dir }}/write-only'
register: write_only_private_key_after
- name: "({{ backend }}) Assert key is regenerated - write-only"
assert:
that:
- write_only_output is changed
- name: "({{ backend }}) Assert key permissions are preserved with 'opensshbin'"
assert:
that:
- write_only_private_key_after.stat.mode == '0200'
- name: "({{ backend }}) Remove key - write-only"
openssh_keypair:
path: "{{ output_dir }}/write-only"
backend: "{{ backend }}"
state: absent
- name: "({{ backend }}) Generate key with ssh-keygen - password_protected"
command: "ssh-keygen -f {{ output_dir }}/password_protected -N {{ passphrase }}"
- name: "({{ backend }}) Modify key - password_protected"
openssh_keypair:
path: "{{ output_dir }}/password_protected"
size: 2048
backend: "{{ backend }}"
register: password_protected_output
ignore_errors: true
- name: "({{ backend }}) Assert key cannot be read - password_protected"
assert:
that:
- password_protected_output is failed
- "'Unable to read the key. The key is protected with a passphrase or broken.' in password_protected_output.msg"
- name: "({{ backend }}) Modify key with 'force=true' - password_protected"
openssh_keypair:
path: "{{ output_dir }}/password_protected"
size: 2048
backend: "{{ backend }}"
force: true
register: force_password_protected_output
- name: "({{ backend }}) Assert key regenerated with 'force=true' - password_protected"
assert:
that:
- force_password_protected_output is changed
- name: "({{ backend }}) Remove key - password_protected"
openssh_keypair:
path: "{{ output_dir }}/password_protected"
backend: "{{ backend }}"
state: absent
Reference in New Issue View Git Blame Copy Permalink