community.crypto/tests/integration/targets/certificate_complete_chain/tasks/main.yml

####################################################################
# WARNING: These are designed specifically for Ansible tests       #
# and should not be used as examples of how to write Ansible roles #
####################################################################

- name: register cryptography version
  command: '{{ ansible_python.executable }} -c ''import cryptography; print(cryptography.__version__)'''
  register: cryptography_version
- block:
  - name: Make sure testhost directory exists
    file:
      path: '{{ remote_tmp_dir }}/files/'
      state: directory
    when: ansible_version.string is version('2.10', '<')
  - name: Copy test files to testhost
    copy:
      src: '{{ role_path }}/files/'
      dest: '{{ remote_tmp_dir }}/files/'
      remote_src: yes
  - name: Find root for cert 1
    certificate_complete_chain:
      input_chain: '{{ lookup(''file'', ''cert1-fullchain.pem'', rstrip=False) }}'
      root_certificates:
      - '{{ remote_tmp_dir }}/files/roots/'
    register: cert1_root
  - name: Verify root for cert 1
    assert:
      that:
      - cert1_root.complete_chain | join('') == (lookup('file', 'cert1.pem', rstrip=False) ~ lookup('file', 'cert1-chain.pem', rstrip=False) ~ lookup('file', 'cert1-root.pem', rstrip=False))
      - cert1_root.root == lookup('file', 'cert1-root.pem', rstrip=False)
  - name: Find rootchain for cert 1
    certificate_complete_chain:
      input_chain: '{{ lookup(''file'', ''cert1.pem'', rstrip=False) }}'
      intermediate_certificates:
      - '{{ remote_tmp_dir }}/files/cert1-chain.pem'
      root_certificates:
      - '{{ remote_tmp_dir }}/files/roots.pem'
    register: cert1_rootchain
  - name: Verify rootchain for cert 1
    assert:
      that:
      - cert1_rootchain.complete_chain | join('') == (lookup('file', 'cert1.pem', rstrip=False) ~ lookup('file', 'cert1-chain.pem', rstrip=False) ~ lookup('file', 'cert1-root.pem', rstrip=False))
      - cert1_rootchain.chain[:-1] | join('') == lookup('file', 'cert1-chain.pem', rstrip=False)
      - cert1_rootchain.root == lookup('file', 'cert1-root.pem', rstrip=False)
  - name: Find root for cert 2
    certificate_complete_chain:
      input_chain: '{{ lookup(''file'', ''cert2-fullchain.pem'', rstrip=False) }}'
      root_certificates:
      - '{{ remote_tmp_dir }}/files/roots/'
    register: cert2_root
  - name: Verify root for cert 2
    assert:
      that:
      - cert2_root.complete_chain | join('') == (lookup('file', 'cert2.pem', rstrip=False) ~ lookup('file', 'cert2-chain.pem', rstrip=False) ~ lookup('file', 'cert2-root.pem', rstrip=False))
      - cert2_root.root == lookup('file', 'cert2-root.pem', rstrip=False)
  - name: Find rootchain for cert 2
    certificate_complete_chain:
      input_chain: '{{ lookup(''file'', ''cert2.pem'', rstrip=False) }}'
      intermediate_certificates:
      - '{{ remote_tmp_dir }}/files/cert2-chain.pem'
      root_certificates:
      - '{{ remote_tmp_dir }}/files/roots.pem'
    register: cert2_rootchain
  - name: Verify rootchain for cert 2
    assert:
      that:
      - cert2_rootchain.complete_chain | join('') == (lookup('file', 'cert2.pem', rstrip=False) ~ lookup('file', 'cert2-chain.pem', rstrip=False) ~ lookup('file', 'cert2-root.pem', rstrip=False))
      - cert2_rootchain.chain[:-1] | join('') == lookup('file', 'cert2-chain.pem', rstrip=False)
      - cert2_rootchain.root == lookup('file', 'cert2-root.pem', rstrip=False)
  - name: Find alternate rootchain for cert 2
    certificate_complete_chain:
      input_chain: '{{ lookup(''file'', ''cert2.pem'', rstrip=True) }}'
      intermediate_certificates:
      - '{{ remote_tmp_dir }}/files/cert2-altchain.pem'
      root_certificates:
      - '{{ remote_tmp_dir }}/files/roots.pem'
    register: cert2_rootchain_alt
  - name: Verify rootchain for cert 2
    assert:
      that:
      - cert2_rootchain_alt.complete_chain | join('') == (lookup('file', 'cert2.pem', rstrip=False) ~ lookup('file', 'cert2-altchain.pem', rstrip=False) ~ lookup('file', 'cert2-altroot.pem', rstrip=False))
      - cert2_rootchain_alt.chain[:-1] | join('') == lookup('file', 'cert2-altchain.pem', rstrip=False)
      - cert2_rootchain_alt.root == lookup('file', 'cert2-altroot.pem', rstrip=False)
  when: cryptography_version.stdout is version('1.5', '>=')