diff --git a/tests/integration/targets/acme_account/meta/main.yml b/tests/integration/targets/acme_account/meta/main.yml index 81d1e7e7..1f28c47f 100644 --- a/tests/integration/targets/acme_account/meta/main.yml +++ b/tests/integration/targets/acme_account/meta/main.yml @@ -1,2 +1,3 @@ dependencies: - setup_acme + - setup_remote_tmp_dir diff --git a/tests/integration/targets/acme_account/tasks/impl.yml b/tests/integration/targets/acme_account/tasks/impl.yml index a50d53fd..bbb2136e 100644 --- a/tests/integration/targets/acme_account/tasks/impl.yml +++ b/tests/integration/targets/acme_account/tasks/impl.yml @@ -1,7 +1,7 @@ - block: - name: Generate account keys openssl_privatekey: - path: "{{ output_dir }}/{{ item.name }}.pem" + path: "{{ remote_tmp_dir }}/{{ item.name }}.pem" passphrase: "{{ item.pass | default(omit, true) }}" cipher: "{{ 'auto' if item.pass | default() else omit }}" type: ECC @@ -11,7 +11,7 @@ - name: Parse account keys (to ease debugging some test failures) openssl_privatekey_info: - path: "{{ output_dir }}/{{ item.name }}.pem" + path: "{{ remote_tmp_dir }}/{{ item.name }}.pem" passphrase: "{{ item.pass | default(omit, true) }}" return_private_key_data: true loop: "{{ account_keys }}" @@ -28,7 +28,7 @@ - name: Do not try to create account acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -40,7 +40,7 @@ - name: Create it now (check mode, diff) acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -56,7 +56,7 @@ - name: Create it now acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -70,7 +70,7 @@ - name: Create it now (idempotent) acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -81,10 +81,15 @@ - mailto:example@example.org register: account_created_idempotent +- name: Read account key + slurp: + src: '{{ remote_tmp_dir }}/accountkey.pem' + register: slurp + - name: Change email address (check mode, diff) acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_content: "{{ lookup('file', output_dir ~ '/accountkey.pem') }}" + account_key_content: "{{ slurp.content | b64decode }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -99,7 +104,7 @@ - name: Change email address acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_content: "{{ lookup('file', output_dir ~ '/accountkey.pem') }}" + account_key_content: "{{ slurp.content | b64decode }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -112,7 +117,7 @@ - name: Change email address (idempotent) acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_created.account_uri }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir @@ -126,7 +131,7 @@ - name: Cannot access account with wrong URI acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_created.account_uri ~ '12345thisdoesnotexist' }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir @@ -139,7 +144,7 @@ - name: Clear contact email addresses (check mode, diff) acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -153,7 +158,7 @@ - name: Clear contact email addresses acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -165,7 +170,7 @@ - name: Clear contact email addresses (idempotent) acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -177,11 +182,11 @@ - name: Change account key (check mode, diff) acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no - new_account_key_src: "{{ output_dir }}/accountkey2.pem" + new_account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" state: changed_key contact: @@ -193,11 +198,11 @@ - name: Change account key acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no - new_account_key_src: "{{ output_dir }}/accountkey2.pem" + new_account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" state: changed_key contact: @@ -207,7 +212,7 @@ - name: Deactivate account (check mode, diff) acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey2.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir @@ -220,7 +225,7 @@ - name: Deactivate account acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey2.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir @@ -231,7 +236,7 @@ - name: Deactivate account (idempotent) acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey2.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir @@ -242,7 +247,7 @@ - name: Do not try to create account II acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey2.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir @@ -255,7 +260,7 @@ - name: Do not try to create account III acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -267,7 +272,7 @@ - name: Create account with External Account Binding acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/{{ item.account }}.pem" + account_key_src: "{{ remote_tmp_dir }}/{{ item.account }}.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no diff --git a/tests/integration/targets/acme_account/tasks/main.yml b/tests/integration/targets/acme_account/tasks/main.yml index b7c7452a..227dde30 100644 --- a/tests/integration/targets/acme_account/tasks/main.yml +++ b/tests/integration/targets/acme_account/tasks/main.yml @@ -17,12 +17,12 @@ - name: Remove output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: directory - block: diff --git a/tests/integration/targets/acme_account_info/meta/main.yml b/tests/integration/targets/acme_account_info/meta/main.yml index 81d1e7e7..1f28c47f 100644 --- a/tests/integration/targets/acme_account_info/meta/main.yml +++ b/tests/integration/targets/acme_account_info/meta/main.yml @@ -1,2 +1,3 @@ dependencies: - setup_acme + - setup_remote_tmp_dir diff --git a/tests/integration/targets/acme_account_info/tasks/impl.yml b/tests/integration/targets/acme_account_info/tasks/impl.yml index 1caec95d..b0ba237a 100644 --- a/tests/integration/targets/acme_account_info/tasks/impl.yml +++ b/tests/integration/targets/acme_account_info/tasks/impl.yml @@ -2,7 +2,7 @@ - block: - name: Generate account keys openssl_privatekey: - path: "{{ output_dir }}/{{ item }}.pem" + path: "{{ remote_tmp_dir }}/{{ item }}.pem" type: ECC curve: secp256r1 force: true @@ -10,7 +10,7 @@ - name: Parse account keys (to ease debugging some test failures) openssl_privatekey_info: - path: "{{ output_dir }}/{{ item }}.pem" + path: "{{ remote_tmp_dir }}/{{ item }}.pem" return_private_key_data: true loop: "{{ account_keys }}" @@ -22,7 +22,7 @@ - name: Check that account does not exist acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -31,7 +31,7 @@ - name: Create it now acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -44,16 +44,21 @@ - name: Check that account exists acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no register: account_created +- name: Read account key + slurp: + src: '{{ remote_tmp_dir }}/accountkey.pem' + register: slurp + - name: Clear email address acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_content: "{{ lookup('file', output_dir ~ '/accountkey.pem') }}" + account_key_content: "{{ slurp.content | b64decode }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -64,7 +69,7 @@ - name: Check that account was modified acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -74,7 +79,7 @@ - name: Check with wrong account URI acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -84,7 +89,7 @@ - name: Check with wrong account key acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey2.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no diff --git a/tests/integration/targets/acme_account_info/tasks/main.yml b/tests/integration/targets/acme_account_info/tasks/main.yml index b7c7452a..227dde30 100644 --- a/tests/integration/targets/acme_account_info/tasks/main.yml +++ b/tests/integration/targets/acme_account_info/tasks/main.yml @@ -17,12 +17,12 @@ - name: Remove output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: directory - block: diff --git a/tests/integration/targets/acme_certificate/meta/main.yml b/tests/integration/targets/acme_certificate/meta/main.yml index 81d1e7e7..1f28c47f 100644 --- a/tests/integration/targets/acme_certificate/meta/main.yml +++ b/tests/integration/targets/acme_certificate/meta/main.yml @@ -1,2 +1,3 @@ dependencies: - setup_acme + - setup_remote_tmp_dir diff --git a/tests/integration/targets/acme_certificate/tasks/impl.yml b/tests/integration/targets/acme_certificate/tasks/impl.yml index 7faedb0e..c05cd832 100644 --- a/tests/integration/targets/acme_certificate/tasks/impl.yml +++ b/tests/integration/targets/acme_certificate/tasks/impl.yml @@ -3,7 +3,7 @@ - block: - name: Generate account keys openssl_privatekey: - path: "{{ output_dir }}/{{ item.name }}.pem" + path: "{{ remote_tmp_dir }}/{{ item.name }}.pem" type: "{{ item.type }}" size: "{{ item.size | default(omit) }}" curve: "{{ item.curve | default(omit) }}" @@ -28,15 +28,19 @@ acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no - account_key_src: "{{ output_dir }}/account-ec256.pem" + account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" state: absent +- name: Read account key (EC384) + slurp: + src: '{{ remote_tmp_dir }}/account-ec384.pem' + register: slurp - name: Create ECC384 account acme_account: select_crypto_backend: "{{ select_crypto_backend }}" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no - account_key_content: "{{ lookup('file', output_dir ~ '/account-ec384.pem') }}" + account_key_content: "{{ slurp.content | b64decode }}" state: present allow_creation: yes terms_agreed: yes @@ -49,7 +53,7 @@ acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no - account_key_src: "{{ output_dir }}/account-rsa.pem" + account_key_src: "{{ remote_tmp_dir }}/account-rsa.pem" state: present allow_creation: yes terms_agreed: yes @@ -115,6 +119,10 @@ set_fact: cert_2_obtain_results: "{{ certificate_obtain_result }}" cert_2_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}" +- name: Read account key (RSA) + slurp: + src: '{{ remote_tmp_dir }}/account-rsa.pem' + register: slurp_account_key - name: Obtain cert 3 include_tasks: obtain-cert.yml vars: @@ -123,7 +131,7 @@ key_type: ec384 subject_alt_name: "DNS:*.example.com,DNS:example.org,DNS:t1.example.com" subject_alt_name_critical: no - account_key_content: "{{ lookup('file', output_dir ~ '/account-rsa.pem') }}" + account_key_content: "{{ slurp_account_key.content | b64decode }}" challenge: dns-01 modify_account: no deactivate_authzs: no @@ -231,6 +239,10 @@ set_fact: cert_5_recreate_2: "{{ challenge_data is changed }}" cert_5c_obtain_results: "{{ certificate_obtain_result }}" +- name: Read account key (EC384) + slurp: + src: '{{ remote_tmp_dir }}/account-ec384.pem' + register: slurp_account_key - name: Obtain cert 5 (should again by force) include_tasks: obtain-cert.yml vars: @@ -239,7 +251,7 @@ key_type: ec521 subject_alt_name: "DNS:t2.example.com" subject_alt_name_critical: no - account_key_content: "{{ lookup('file', output_dir ~ '/account-ec384.pem') }}" + account_key_content: "{{ slurp_account_key.content | b64decode }}" challenge: http-01 modify_account: no deactivate_authzs: yes @@ -341,100 +353,100 @@ ## DISSECT CERTIFICATES ####################################################################### # Make sure certificates are valid. Root certificate for Pebble equals the chain certificate. - name: Verifying cert 1 - command: '{{ openssl_binary }} verify -CAfile "{{ output_dir }}/cert-1-root.pem" -untrusted "{{ output_dir }}/cert-1-chain.pem" "{{ output_dir }}/cert-1.pem"' + command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-1-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-1-chain.pem" "{{ remote_tmp_dir }}/cert-1.pem"' ignore_errors: yes register: cert_1_valid - name: Verifying cert 2 - command: '{{ openssl_binary }} verify -CAfile "{{ output_dir }}/cert-2-root.pem" -untrusted "{{ output_dir }}/cert-2-chain.pem" "{{ output_dir }}/cert-2.pem"' + command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-2-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-2-chain.pem" "{{ remote_tmp_dir }}/cert-2.pem"' ignore_errors: yes register: cert_2_valid - name: Verifying cert 3 - command: '{{ openssl_binary }} verify -CAfile "{{ output_dir }}/cert-3-root.pem" -untrusted "{{ output_dir }}/cert-3-chain.pem" "{{ output_dir }}/cert-3.pem"' + command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-3-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-3-chain.pem" "{{ remote_tmp_dir }}/cert-3.pem"' ignore_errors: yes register: cert_3_valid - name: Verifying cert 4 - command: '{{ openssl_binary }} verify -CAfile "{{ output_dir }}/cert-4-root.pem" -untrusted "{{ output_dir }}/cert-4-chain.pem" "{{ output_dir }}/cert-4.pem"' + command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-4-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-4-chain.pem" "{{ remote_tmp_dir }}/cert-4.pem"' ignore_errors: yes register: cert_4_valid - name: Verifying cert 5 - command: '{{ openssl_binary }} verify -CAfile "{{ output_dir }}/cert-5-root.pem" -untrusted "{{ output_dir }}/cert-5-chain.pem" "{{ output_dir }}/cert-5.pem"' + command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-5-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-5-chain.pem" "{{ remote_tmp_dir }}/cert-5.pem"' ignore_errors: yes register: cert_5_valid - name: Verifying cert 6 - command: '{{ openssl_binary }} verify -CAfile "{{ output_dir }}/cert-6-root.pem" -untrusted "{{ output_dir }}/cert-6-chain.pem" "{{ output_dir }}/cert-6.pem"' + command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-6-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-6-chain.pem" "{{ remote_tmp_dir }}/cert-6.pem"' ignore_errors: yes register: cert_6_valid - name: Verifying cert 7 - command: '{{ openssl_binary }} verify -CAfile "{{ output_dir }}/cert-7-root.pem" -untrusted "{{ output_dir }}/cert-7-chain.pem" "{{ output_dir }}/cert-7.pem"' + command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-7-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-7-chain.pem" "{{ remote_tmp_dir }}/cert-7.pem"' ignore_errors: yes register: cert_7_valid - name: Verifying cert 8 - command: '{{ openssl_binary }} verify -CAfile "{{ output_dir }}/cert-8-root.pem" -untrusted "{{ output_dir }}/cert-8-chain.pem" "{{ output_dir }}/cert-8.pem"' + command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-8-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-8-chain.pem" "{{ remote_tmp_dir }}/cert-8.pem"' ignore_errors: yes register: cert_8_valid # Dump certificate info - name: Dumping cert 1 - command: '{{ openssl_binary }} x509 -in "{{ output_dir }}/cert-1.pem" -noout -text' + command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-1.pem" -noout -text' register: cert_1_text - name: Dumping cert 2 - command: '{{ openssl_binary }} x509 -in "{{ output_dir }}/cert-2.pem" -noout -text' + command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-2.pem" -noout -text' register: cert_2_text - name: Dumping cert 3 - command: '{{ openssl_binary }} x509 -in "{{ output_dir }}/cert-3.pem" -noout -text' + command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-3.pem" -noout -text' register: cert_3_text - name: Dumping cert 4 - command: '{{ openssl_binary }} x509 -in "{{ output_dir }}/cert-4.pem" -noout -text' + command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-4.pem" -noout -text' register: cert_4_text - name: Dumping cert 5 - command: '{{ openssl_binary }} x509 -in "{{ output_dir }}/cert-5.pem" -noout -text' + command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-5.pem" -noout -text' register: cert_5_text - name: Dumping cert 6 - command: '{{ openssl_binary }} x509 -in "{{ output_dir }}/cert-6.pem" -noout -text' + command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-6.pem" -noout -text' register: cert_6_text - name: Dumping cert 7 - command: '{{ openssl_binary }} x509 -in "{{ output_dir }}/cert-7.pem" -noout -text' + command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-7.pem" -noout -text' register: cert_7_text - name: Dumping cert 8 - command: '{{ openssl_binary }} x509 -in "{{ output_dir }}/cert-8.pem" -noout -text' + command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-8.pem" -noout -text' register: cert_8_text # Dump certificate info - name: Dumping cert 1 x509_certificate_info: - path: "{{ output_dir }}/cert-1.pem" + path: "{{ remote_tmp_dir }}/cert-1.pem" register: cert_1_info - name: Dumping cert 2 x509_certificate_info: - path: "{{ output_dir }}/cert-2.pem" + path: "{{ remote_tmp_dir }}/cert-2.pem" register: cert_2_info - name: Dumping cert 3 x509_certificate_info: - path: "{{ output_dir }}/cert-3.pem" + path: "{{ remote_tmp_dir }}/cert-3.pem" register: cert_3_info - name: Dumping cert 4 x509_certificate_info: - path: "{{ output_dir }}/cert-4.pem" + path: "{{ remote_tmp_dir }}/cert-4.pem" register: cert_4_info - name: Dumping cert 5 x509_certificate_info: - path: "{{ output_dir }}/cert-5.pem" + path: "{{ remote_tmp_dir }}/cert-5.pem" register: cert_5_info - name: Dumping cert 6 x509_certificate_info: - path: "{{ output_dir }}/cert-6.pem" + path: "{{ remote_tmp_dir }}/cert-6.pem" register: cert_6_info - name: Dumping cert 7 x509_certificate_info: - path: "{{ output_dir }}/cert-7.pem" + path: "{{ remote_tmp_dir }}/cert-7.pem" register: cert_7_info - name: Dumping cert 8 x509_certificate_info: - path: "{{ output_dir }}/cert-8.pem" + path: "{{ remote_tmp_dir }}/cert-8.pem" register: cert_8_info ## GET ACCOUNT ORDERS ######################################################################### - name: Don't retrieve orders acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/account-ec256.pem" + account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -443,7 +455,7 @@ - name: Retrieve orders as URL list (1/2) acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/account-ec256.pem" + account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -452,7 +464,7 @@ - name: Retrieve orders as URL list (2/2) acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/account-ec384.pem" + account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -461,7 +473,7 @@ - name: Retrieve orders as object list (1/2) acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/account-ec256.pem" + account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -470,7 +482,7 @@ - name: Retrieve orders as object list (2/2) acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/account-ec384.pem" + account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no diff --git a/tests/integration/targets/acme_certificate/tasks/main.yml b/tests/integration/targets/acme_certificate/tasks/main.yml index 2e732466..d3dd9bfb 100644 --- a/tests/integration/targets/acme_certificate/tasks/main.yml +++ b/tests/integration/targets/acme_certificate/tasks/main.yml @@ -8,38 +8,48 @@ - name: Obtain root and intermediate certificates get_url: url: "http://{{ acme_host }}:5000/{{ item.0 }}-certificate-for-ca/{{ item.1 }}" - dest: "{{ output_dir }}/acme-{{ item.0 }}-{{ item.1 }}.pem" + dest: "{{ remote_tmp_dir }}/acme-{{ item.0 }}-{{ item.1 }}.pem" loop: "{{ query('nested', types, root_numbers) }}" - name: Analyze root certificates x509_certificate_info: - path: "{{ output_dir }}/acme-root-{{ item }}.pem" + path: "{{ remote_tmp_dir }}/acme-root-{{ item }}.pem" loop: "{{ root_numbers }}" register: acme_roots - name: Analyze intermediate certificates x509_certificate_info: - path: "{{ output_dir }}/acme-intermediate-{{ item }}.pem" + path: "{{ remote_tmp_dir }}/acme-intermediate-{{ item }}.pem" loop: "{{ root_numbers }}" register: acme_intermediates - - set_fact: - x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}" - y__: "{{ lookup('file', output_dir ~ '/acme-root-' ~ item.item ~ '.pem', rstrip=False) }}" - loop: "{{ acme_roots.results }}" - register: acme_roots_tmp + - name: Read root certificates + slurp: + src: "{{ remote_tmp_dir ~ '/acme-root-' ~ item ~ '.pem' }}" + loop: "{{ root_numbers }}" + register: slurp_roots + + - set_fact: + x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}" + loop: "{{ acme_roots.results }}" + register: acme_roots_tmp + + - name: Read intermediate certificates + slurp: + src: "{{ remote_tmp_dir ~ '/acme-intermediate-' ~ item ~ '.pem' }}" + loop: "{{ root_numbers }}" + register: slurp_intermediates - set_fact: x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}" - y__: "{{ lookup('file', output_dir ~ '/acme-intermediate-' ~ item.item ~ '.pem', rstrip=False) }}" loop: "{{ acme_intermediates.results }}" register: acme_intermediates_tmp - set_fact: acme_roots: "{{ acme_roots_tmp.results | map(attribute='ansible_facts.x__') | list }}" - acme_root_certs: "{{ acme_roots_tmp.results | map(attribute='ansible_facts.y__') | list }}" + acme_root_certs: "{{ slurp_roots.results | map(attribute='content') | map('b64decode') | list }}" acme_intermediates: "{{ acme_intermediates_tmp.results | map(attribute='ansible_facts.x__') | list }}" - acme_intermediate_certs: "{{ acme_intermediates_tmp.results | map(attribute='ansible_facts.y__') | list }}" + acme_intermediate_certs: "{{ slurp_intermediates.results | map(attribute='content') | map('b64decode') | list }}" vars: types: @@ -88,12 +98,12 @@ - name: Remove output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: directory - block: diff --git a/tests/integration/targets/acme_certificate/tests/validate.yml b/tests/integration/targets/acme_certificate/tests/validate.yml index 34ce3e7a..278b554a 100644 --- a/tests/integration/targets/acme_certificate/tests/validate.yml +++ b/tests/integration/targets/acme_certificate/tests/validate.yml @@ -7,6 +7,14 @@ assert: that: - "'DNS:example.com' in cert_1_text.stdout" +- name: Read certificate 1 files + slurp: + src: '{{ remote_tmp_dir }}/{{ item }}' + loop: + - cert-1.pem + - cert-1-chain.pem + - cert-1-fullchain.pem + register: slurp - name: Check that certificate 1 retrieval got all chains assert: that: @@ -15,9 +23,9 @@ - "'cert' in cert_1_obtain_results.all_chains[cert_1_alternate | int]" - "'chain' in cert_1_obtain_results.all_chains[cert_1_alternate | int]" - "'full_chain' in cert_1_obtain_results.all_chains[cert_1_alternate | int]" - - "lookup('file', output_dir ~ '/cert-1.pem', rstrip=False) == cert_1_obtain_results.all_chains[cert_1_alternate | int].cert" - - "lookup('file', output_dir ~ '/cert-1-chain.pem', rstrip=False) == cert_1_obtain_results.all_chains[cert_1_alternate | int].chain" - - "lookup('file', output_dir ~ '/cert-1-fullchain.pem', rstrip=False) == cert_1_obtain_results.all_chains[cert_1_alternate | int].full_chain" + - "(slurp.results[0].content | b64decode) == cert_1_obtain_results.all_chains[cert_1_alternate | int].cert" + - "(slurp.results[1].content | b64decode) == cert_1_obtain_results.all_chains[cert_1_alternate | int].chain" + - "(slurp.results[2].content | b64decode) == cert_1_obtain_results.all_chains[cert_1_alternate | int].full_chain" - name: Check that certificate 2 is valid assert: @@ -28,6 +36,14 @@ that: - "'DNS:*.example.com' in cert_2_text.stdout" - "'DNS:example.com' in cert_2_text.stdout" +- name: Read certificate 2 files + slurp: + src: '{{ remote_tmp_dir }}/{{ item }}' + loop: + - cert-2.pem + - cert-2-chain.pem + - cert-2-fullchain.pem + register: slurp - name: Check that certificate 1 retrieval got all chains assert: that: @@ -36,9 +52,9 @@ - "'cert' in cert_2_obtain_results.all_chains[cert_2_alternate | int]" - "'chain' in cert_2_obtain_results.all_chains[cert_2_alternate | int]" - "'full_chain' in cert_2_obtain_results.all_chains[cert_2_alternate | int]" - - "lookup('file', output_dir ~ '/cert-2.pem', rstrip=False) == cert_2_obtain_results.all_chains[cert_2_alternate | int].cert" - - "lookup('file', output_dir ~ '/cert-2-chain.pem', rstrip=False) == cert_2_obtain_results.all_chains[cert_2_alternate | int].chain" - - "lookup('file', output_dir ~ '/cert-2-fullchain.pem', rstrip=False) == cert_2_obtain_results.all_chains[cert_2_alternate | int].full_chain" + - "(slurp.results[0].content | b64decode) == cert_2_obtain_results.all_chains[cert_2_alternate | int].cert" + - "(slurp.results[1].content | b64decode) == cert_2_obtain_results.all_chains[cert_2_alternate | int].chain" + - "(slurp.results[2].content | b64decode) == cert_2_obtain_results.all_chains[cert_2_alternate | int].full_chain" - name: Check that certificate 3 is valid assert: @@ -50,6 +66,14 @@ - "'DNS:*.example.com' in cert_3_text.stdout" - "'DNS:example.org' in cert_3_text.stdout" - "'DNS:t1.example.com' in cert_3_text.stdout" +- name: Read certificate 3 files + slurp: + src: '{{ remote_tmp_dir }}/{{ item }}' + loop: + - cert-3.pem + - cert-3-chain.pem + - cert-3-fullchain.pem + register: slurp - name: Check that certificate 1 retrieval got all chains assert: that: @@ -58,9 +82,9 @@ - "'cert' in cert_3_obtain_results.all_chains[cert_3_alternate | int]" - "'chain' in cert_3_obtain_results.all_chains[cert_3_alternate | int]" - "'full_chain' in cert_3_obtain_results.all_chains[cert_3_alternate | int]" - - "lookup('file', output_dir ~ '/cert-3.pem', rstrip=False) == cert_3_obtain_results.all_chains[cert_3_alternate | int].cert" - - "lookup('file', output_dir ~ '/cert-3-chain.pem', rstrip=False) == cert_3_obtain_results.all_chains[cert_3_alternate | int].chain" - - "lookup('file', output_dir ~ '/cert-3-fullchain.pem', rstrip=False) == cert_3_obtain_results.all_chains[cert_3_alternate | int].full_chain" + - "(slurp.results[0].content | b64decode) == cert_3_obtain_results.all_chains[cert_3_alternate | int].cert" + - "(slurp.results[1].content | b64decode) == cert_3_obtain_results.all_chains[cert_3_alternate | int].chain" + - "(slurp.results[2].content | b64decode) == cert_3_obtain_results.all_chains[cert_3_alternate | int].full_chain" - name: Check that certificate 4 is valid assert: diff --git a/tests/integration/targets/acme_certificate_revoke/meta/main.yml b/tests/integration/targets/acme_certificate_revoke/meta/main.yml index 81d1e7e7..1f28c47f 100644 --- a/tests/integration/targets/acme_certificate_revoke/meta/main.yml +++ b/tests/integration/targets/acme_certificate_revoke/meta/main.yml @@ -1,2 +1,3 @@ dependencies: - setup_acme + - setup_remote_tmp_dir diff --git a/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml b/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml index 0aa1e53e..e262f360 100644 --- a/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml +++ b/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml @@ -3,7 +3,7 @@ - block: - name: Generate account keys openssl_privatekey: - path: "{{ output_dir }}/{{ item.name }}.pem" + path: "{{ remote_tmp_dir }}/{{ item.name }}.pem" type: "{{ item.type }}" size: "{{ item.size | default(omit) }}" curve: "{{ item.curve | default(omit) }}" @@ -22,6 +22,10 @@ type: RSA size: "{{ default_rsa_key_size }}" ## CREATE ACCOUNTS AND OBTAIN CERTIFICATES #################################################### +- name: Read account key (EC256) + slurp: + src: '{{ remote_tmp_dir }}/account-ec256.pem' + register: slurp_account_key - name: Obtain cert 1 include_tasks: obtain-cert.yml vars: @@ -31,7 +35,7 @@ rsa_bits: "{{ default_rsa_key_size }}" subject_alt_name: "DNS:example.com" subject_alt_name_critical: no - account_key_content: "{{ lookup('file', output_dir ~ '/account-ec256.pem') }}" + account_key_content: "{{ slurp_account_key.content | b64decode }}" challenge: http-01 modify_account: yes deactivate_authzs: no @@ -76,8 +80,8 @@ - name: Revoke certificate 1 via account key acme_certificate_revoke: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/account-ec256.pem" - certificate: "{{ output_dir }}/cert-1.pem" + account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" + certificate: "{{ remote_tmp_dir }}/cert-1.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -86,19 +90,23 @@ - name: Revoke certificate 2 via certificate private key acme_certificate_revoke: select_crypto_backend: "{{ select_crypto_backend }}" - private_key_src: "{{ output_dir }}/cert-2.key" + private_key_src: "{{ remote_tmp_dir }}/cert-2.key" private_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" - certificate: "{{ output_dir }}/cert-2.pem" + certificate: "{{ remote_tmp_dir }}/cert-2.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no ignore_errors: yes register: cert_2_revoke +- name: Read account key (RSA) + slurp: + src: '{{ remote_tmp_dir }}/account-rsa.pem' + register: slurp_account_key - name: Revoke certificate 3 via account key (fullchain) acme_certificate_revoke: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_content: "{{ lookup('file', output_dir ~ '/account-rsa.pem') }}" - certificate: "{{ output_dir }}/cert-3-fullchain.pem" + account_key_content: "{{ slurp_account_key.content | b64decode }}" + certificate: "{{ remote_tmp_dir }}/cert-3-fullchain.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no diff --git a/tests/integration/targets/acme_certificate_revoke/tasks/main.yml b/tests/integration/targets/acme_certificate_revoke/tasks/main.yml index b7c7452a..227dde30 100644 --- a/tests/integration/targets/acme_certificate_revoke/tasks/main.yml +++ b/tests/integration/targets/acme_certificate_revoke/tasks/main.yml @@ -17,12 +17,12 @@ - name: Remove output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: directory - block: diff --git a/tests/integration/targets/acme_challenge_cert_helper/meta/main.yml b/tests/integration/targets/acme_challenge_cert_helper/meta/main.yml index 81d1e7e7..1f28c47f 100644 --- a/tests/integration/targets/acme_challenge_cert_helper/meta/main.yml +++ b/tests/integration/targets/acme_challenge_cert_helper/meta/main.yml @@ -1,2 +1,3 @@ dependencies: - setup_acme + - setup_remote_tmp_dir diff --git a/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml b/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml index 81034fbc..441f4039 100644 --- a/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml +++ b/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml @@ -7,7 +7,7 @@ - block: - name: Generate ECC256 accoun keys openssl_privatekey: - path: "{{ output_dir }}/account-ec256.pem" + path: "{{ remote_tmp_dir }}/account-ec256.pem" type: ECC curve: secp256r1 force: true diff --git a/tests/integration/targets/acme_inspect/meta/main.yml b/tests/integration/targets/acme_inspect/meta/main.yml index 81d1e7e7..1f28c47f 100644 --- a/tests/integration/targets/acme_inspect/meta/main.yml +++ b/tests/integration/targets/acme_inspect/meta/main.yml @@ -1,2 +1,3 @@ dependencies: - setup_acme + - setup_remote_tmp_dir diff --git a/tests/integration/targets/acme_inspect/tasks/impl.yml b/tests/integration/targets/acme_inspect/tasks/impl.yml index 45b1ea95..e036ed76 100644 --- a/tests/integration/targets/acme_inspect/tasks/impl.yml +++ b/tests/integration/targets/acme_inspect/tasks/impl.yml @@ -2,7 +2,7 @@ - block: - name: Generate account keys openssl_privatekey: - path: "{{ output_dir }}/{{ item }}.pem" + path: "{{ remote_tmp_dir }}/{{ item }}.pem" type: ECC curve: secp256r1 force: true @@ -10,7 +10,7 @@ - name: Parse account keys (to ease debugging some test failures) openssl_privatekey_info: - path: "{{ output_dir }}/{{ item }}.pem" + path: "{{ remote_tmp_dir }}/{{ item }}.pem" return_private_key_data: true loop: "{{ account_keys }}" @@ -32,7 +32,7 @@ acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 validate_certs: no - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" url: "{{ directory.directory.newAccount}}" method: post content: '{"termsOfServiceAgreed":true}' @@ -46,7 +46,7 @@ acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 validate_certs: no - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_creation.headers.location }}" url: "{{ account_creation.headers.location }}" method: get @@ -58,7 +58,7 @@ acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 validate_certs: no - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_creation.headers.location }}" url: "{{ account_creation.headers.location }}" method: post @@ -77,7 +77,7 @@ acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 validate_certs: no - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_creation.headers.location }}" url: "{{ directory.directory.newOrder }}" method: post @@ -100,7 +100,7 @@ acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 validate_certs: no - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_creation.headers.location }}" url: "{{ new_order.headers.location }}" method: get @@ -112,7 +112,7 @@ acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 validate_certs: no - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_creation.headers.location }}" url: "{{ item }}" method: get @@ -125,7 +125,7 @@ acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 validate_certs: no - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_creation.headers.location }}" url: "{{ (item.challenges | selectattr('type', 'equalto', 'http-01') | list)[0].url }}" method: get @@ -138,7 +138,7 @@ acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 validate_certs: no - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_creation.headers.location }}" url: "{{ item.url }}" method: post @@ -152,7 +152,7 @@ acme_directory: https://{{ acme_host }}:14000/dir acme_version: 2 validate_certs: no - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_creation.headers.location }}" url: "{{ item.url }}" method: get diff --git a/tests/integration/targets/acme_inspect/tasks/main.yml b/tests/integration/targets/acme_inspect/tasks/main.yml index b7c7452a..227dde30 100644 --- a/tests/integration/targets/acme_inspect/tasks/main.yml +++ b/tests/integration/targets/acme_inspect/tasks/main.yml @@ -17,12 +17,12 @@ - name: Remove output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: directory - block: diff --git a/tests/integration/targets/certificate_complete_chain/tasks/main.yml b/tests/integration/targets/certificate_complete_chain/tasks/main.yml index a718349c..632e4194 100644 --- a/tests/integration/targets/certificate_complete_chain/tasks/main.yml +++ b/tests/integration/targets/certificate_complete_chain/tasks/main.yml @@ -4,7 +4,7 @@ #################################################################### - name: register cryptography version - command: '{{ ansible_python.executable }} -c ''import cryptography; print(cryptography.__version__)''' + command: '{{ ansible_python.executable }} -c "import cryptography; print(cryptography.__version__)"' register: cryptography_version - block: - name: Make sure testhost directory exists @@ -16,10 +16,9 @@ copy: src: '{{ role_path }}/files/' dest: '{{ remote_tmp_dir }}/files/' - remote_src: yes - name: Find root for cert 1 certificate_complete_chain: - input_chain: '{{ lookup(''file'', ''cert1-fullchain.pem'', rstrip=False) }}' + input_chain: '{{ lookup("file", "cert1-fullchain.pem", rstrip=False) }}' root_certificates: - '{{ remote_tmp_dir }}/files/roots/' register: cert1_root @@ -30,7 +29,7 @@ - cert1_root.root == lookup('file', 'cert1-root.pem', rstrip=False) - name: Find rootchain for cert 1 certificate_complete_chain: - input_chain: '{{ lookup(''file'', ''cert1.pem'', rstrip=False) }}' + input_chain: '{{ lookup("file", "cert1.pem", rstrip=False) }}' intermediate_certificates: - '{{ remote_tmp_dir }}/files/cert1-chain.pem' root_certificates: @@ -44,7 +43,7 @@ - cert1_rootchain.root == lookup('file', 'cert1-root.pem', rstrip=False) - name: Find root for cert 2 certificate_complete_chain: - input_chain: '{{ lookup(''file'', ''cert2-fullchain.pem'', rstrip=False) }}' + input_chain: '{{ lookup("file", "cert2-fullchain.pem", rstrip=False) }}' root_certificates: - '{{ remote_tmp_dir }}/files/roots/' register: cert2_root @@ -55,7 +54,7 @@ - cert2_root.root == lookup('file', 'cert2-root.pem', rstrip=False) - name: Find rootchain for cert 2 certificate_complete_chain: - input_chain: '{{ lookup(''file'', ''cert2.pem'', rstrip=False) }}' + input_chain: '{{ lookup("file", "cert2.pem", rstrip=False) }}' intermediate_certificates: - '{{ remote_tmp_dir }}/files/cert2-chain.pem' root_certificates: @@ -69,7 +68,7 @@ - cert2_rootchain.root == lookup('file', 'cert2-root.pem', rstrip=False) - name: Find alternate rootchain for cert 2 certificate_complete_chain: - input_chain: '{{ lookup(''file'', ''cert2.pem'', rstrip=True) }}' + input_chain: '{{ lookup("file", "cert2.pem", rstrip=True) }}' intermediate_certificates: - '{{ remote_tmp_dir }}/files/cert2-altchain.pem' root_certificates: diff --git a/tests/integration/targets/get_certificate/tasks/main.yml b/tests/integration/targets/get_certificate/tasks/main.yml index fae5ab7e..8d49ece8 100644 --- a/tests/integration/targets/get_certificate/tasks/main.yml +++ b/tests/integration/targets/get_certificate/tasks/main.yml @@ -23,16 +23,6 @@ when: pyopenssl_version.stdout is version('0.15', '>=') -- name: Remove output directory - file: - path: "{{ output_dir }}" - state: absent - -- name: Re-create output directory - file: - path: "{{ output_dir }}" - state: directory - - block: - include_tasks: ../tests/validate.yml diff --git a/tests/integration/targets/get_certificate/tests/validate.yml b/tests/integration/targets/get_certificate/tests/validate.yml index d77f0119..280d54e5 100644 --- a/tests/integration/targets/get_certificate/tests/validate.yml +++ b/tests/integration/targets/get_certificate/tests/validate.yml @@ -97,14 +97,19 @@ # We got the correct response from the module - "'ca_cert file does not exist' == result.msg" +- name: Get a temp directory + tempfile: + state: directory + register: my_temp_dir + - name: Download CA Cert as pem from server get_url: url: "http://ansible.http.tests/cacert.pem" - dest: "{{ output_dir }}/temp.pem" + dest: "{{ my_temp_dir.path }}/temp.pem" - name: Get servers certificate comparing it to its own ca_cert file get_certificate: - ca_cert: '{{ output_dir }}/temp.pem' + ca_cert: '{{ my_temp_dir.path }}/temp.pem' host: "{{ httpbin_host }}" port: 443 select_crypto_backend: "{{ select_crypto_backend }}" @@ -115,11 +120,6 @@ - result is not changed - result is not failed -- name: Get a temp directory - tempfile: - state: directory - register: my_temp_dir - - name: Deploy the bogus_ca.pem file copy: src: "bogus_ca.pem" diff --git a/tests/integration/targets/luks_device/meta/main.yml b/tests/integration/targets/luks_device/meta/main.yml new file mode 100644 index 00000000..1810d4be --- /dev/null +++ b/tests/integration/targets/luks_device/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - setup_remote_tmp_dir diff --git a/tests/integration/targets/luks_device/tasks/main.yml b/tests/integration/targets/luks_device/tasks/main.yml index 81862c8c..9aa4b7ce 100644 --- a/tests/integration/targets/luks_device/tasks/main.yml +++ b/tests/integration/targets/luks_device/tasks/main.yml @@ -4,18 +4,25 @@ # and should not be used as examples of how to write Ansible roles # #################################################################### +- name: Copy keyfiles + copy: + src: '{{ item }}' + dest: '{{ remote_tmp_dir }}/{{ item }}' + loop: + - keyfile1 + - keyfile2 - name: Make sure cryptsetup is installed package: name: cryptsetup state: present become: yes - name: Create cryptfile - command: dd if=/dev/zero of={{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile bs=1M count=32 + command: dd if=/dev/zero of={{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile bs=1M count=32 - name: Create lookback device - command: losetup -f {{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile + command: losetup -f {{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile become: yes - name: Determine loop device name - command: losetup -j {{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile --output name + command: losetup -j {{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile --output name become: yes register: cryptfile_device_output - set_fact: @@ -37,5 +44,5 @@ - command: losetup -d "{{ cryptfile_device }}" become: yes - file: - dest: "{{ output_dir }}/cryptfile" + dest: "{{ remote_tmp_dir }}/cryptfile" state: absent diff --git a/tests/integration/targets/luks_device/tasks/tests/create-destroy.yml b/tests/integration/targets/luks_device/tasks/tests/create-destroy.yml index 9e4e1f3f..dcc0efcf 100644 --- a/tests/integration/targets/luks_device/tasks/tests/create-destroy.yml +++ b/tests/integration/targets/luks_device/tasks/tests/create-destroy.yml @@ -3,7 +3,7 @@ luks_device: device: "{{ cryptfile_device }}" state: present - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 check_mode: yes @@ -13,7 +13,7 @@ luks_device: device: "{{ cryptfile_device }}" state: present - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 become: yes @@ -22,7 +22,7 @@ luks_device: device: "{{ cryptfile_device }}" state: present - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 become: yes @@ -31,7 +31,7 @@ luks_device: device: "{{ cryptfile_device }}" state: present - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 check_mode: yes @@ -48,7 +48,7 @@ luks_device: device: "{{ cryptfile_device }}" state: opened - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" check_mode: yes become: yes register: open_check @@ -56,21 +56,21 @@ luks_device: device: "{{ cryptfile_device }}" state: opened - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" become: yes register: open - name: Open (idempotent) luks_device: device: "{{ cryptfile_device }}" state: opened - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" become: yes register: open_idem - name: Open (idempotent, check) luks_device: device: "{{ cryptfile_device }}" state: opened - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" check_mode: yes become: yes register: open_idem_check @@ -118,7 +118,7 @@ luks_device: device: "{{ cryptfile_device }}" state: opened - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" become: yes - name: Closed (via device, check) @@ -158,7 +158,7 @@ luks_device: device: "{{ cryptfile_device }}" state: opened - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" become: yes - name: Absent (check) diff --git a/tests/integration/targets/luks_device/tasks/tests/device-check.yml b/tests/integration/targets/luks_device/tasks/tests/device-check.yml index 56797f91..d8e0939a 100644 --- a/tests/integration/targets/luks_device/tasks/tests/device-check.yml +++ b/tests/integration/targets/luks_device/tasks/tests/device-check.yml @@ -3,7 +3,7 @@ luks_device: device: /dev/asdfasdfasdf state: present - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 check_mode: yes @@ -14,7 +14,7 @@ luks_device: device: /dev/asdfasdfasdf state: present - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 ignore_errors: yes @@ -31,7 +31,7 @@ luks_device: device: /tmp/ state: present - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 check_mode: yes @@ -42,7 +42,7 @@ luks_device: device: /tmp/ state: present - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 ignore_errors: yes diff --git a/tests/integration/targets/luks_device/tasks/tests/key-management.yml b/tests/integration/targets/luks_device/tasks/tests/key-management.yml index cdf1d594..7df7ece2 100644 --- a/tests/integration/targets/luks_device/tasks/tests/key-management.yml +++ b/tests/integration/targets/luks_device/tasks/tests/key-management.yml @@ -3,7 +3,7 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 become: yes @@ -14,7 +14,7 @@ luks_device: device: "{{ cryptfile_device }}" state: opened - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" become: yes ignore_errors: yes register: open_try @@ -31,7 +31,7 @@ luks_device: device: "{{ cryptfile_device }}" state: opened - keyfile: "{{ role_path }}/files/keyfile2" + keyfile: "{{ remote_tmp_dir }}/keyfile2" become: yes ignore_errors: yes register: open_try @@ -43,8 +43,8 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - keyfile: "{{ role_path }}/files/keyfile1" - new_keyfile: "{{ role_path }}/files/keyfile2" + keyfile: "{{ remote_tmp_dir }}/keyfile1" + new_keyfile: "{{ remote_tmp_dir }}/keyfile2" pbkdf: iteration_time: 0.1 become: yes @@ -54,8 +54,8 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - keyfile: "{{ role_path }}/files/keyfile1" - new_keyfile: "{{ role_path }}/files/keyfile2" + keyfile: "{{ remote_tmp_dir }}/keyfile1" + new_keyfile: "{{ remote_tmp_dir }}/keyfile2" become: yes register: result_2 @@ -70,7 +70,7 @@ luks_device: device: "{{ cryptfile_device }}" state: opened - keyfile: "{{ role_path }}/files/keyfile2" + keyfile: "{{ remote_tmp_dir }}/keyfile2" become: yes ignore_errors: yes register: open_try @@ -91,8 +91,8 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - keyfile: "{{ role_path }}/files/keyfile1" - remove_keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" + remove_keyfile: "{{ remote_tmp_dir }}/keyfile1" become: yes register: result_1 @@ -100,8 +100,8 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - keyfile: "{{ role_path }}/files/keyfile1" - remove_keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" + remove_keyfile: "{{ remote_tmp_dir }}/keyfile1" become: yes register: result_2 @@ -116,7 +116,7 @@ luks_device: device: "{{ cryptfile_device }}" state: opened - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" become: yes ignore_errors: yes register: open_try @@ -128,7 +128,7 @@ luks_device: device: "{{ cryptfile_device }}" state: opened - keyfile: "{{ role_path }}/files/keyfile2" + keyfile: "{{ remote_tmp_dir }}/keyfile2" become: yes ignore_errors: yes register: open_try @@ -149,8 +149,8 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - keyfile: "{{ role_path }}/files/keyfile2" - remove_keyfile: "{{ role_path }}/files/keyfile2" + keyfile: "{{ remote_tmp_dir }}/keyfile2" + remove_keyfile: "{{ remote_tmp_dir }}/keyfile2" become: yes ignore_errors: yes register: remove_last_key @@ -165,7 +165,7 @@ luks_device: device: "{{ cryptfile_device }}" state: opened - keyfile: "{{ role_path }}/files/keyfile2" + keyfile: "{{ remote_tmp_dir }}/keyfile2" become: yes ignore_errors: yes register: open_try @@ -182,8 +182,8 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - keyfile: "{{ role_path }}/files/keyfile2" - remove_keyfile: "{{ role_path }}/files/keyfile2" + keyfile: "{{ remote_tmp_dir }}/keyfile2" + remove_keyfile: "{{ remote_tmp_dir }}/keyfile2" force_remove_last_key: yes become: yes @@ -193,7 +193,7 @@ luks_device: device: "{{ cryptfile_device }}" state: opened - keyfile: "{{ role_path }}/files/keyfile2" + keyfile: "{{ remote_tmp_dir }}/keyfile2" become: yes ignore_errors: yes register: open_try diff --git a/tests/integration/targets/luks_device/tasks/tests/options.yml b/tests/integration/targets/luks_device/tasks/tests/options.yml index 62ac3e9b..e3a4887b 100644 --- a/tests/integration/targets/luks_device/tasks/tests/options.yml +++ b/tests/integration/targets/luks_device/tasks/tests/options.yml @@ -3,7 +3,7 @@ luks_device: device: "{{ cryptfile_device }}" state: present - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" keysize: 256 pbkdf: iteration_count: 1000 @@ -13,7 +13,7 @@ luks_device: device: "{{ cryptfile_device }}" state: present - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" keysize: 256 pbkdf: iteration_count: 1000 @@ -23,7 +23,7 @@ luks_device: device: "{{ cryptfile_device }}" state: present - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" keysize: 512 pbkdf: iteration_count: 1000 @@ -33,7 +33,7 @@ luks_device: device: "{{ cryptfile_device }}" state: present - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" passphrase: "{{ cryptfile_passphrase1 }}" pbkdf: iteration_count: 1000 diff --git a/tests/integration/targets/luks_device/tasks/tests/passphrase.yml b/tests/integration/targets/luks_device/tasks/tests/passphrase.yml index f3b5e506..997de667 100644 --- a/tests/integration/targets/luks_device/tasks/tests/passphrase.yml +++ b/tests/integration/targets/luks_device/tasks/tests/passphrase.yml @@ -54,7 +54,7 @@ state: closed passphrase: "{{ cryptfile_passphrase1 }}" new_passphrase: "{{ cryptfile_passphrase2 }}" - new_keyfile: "{{ role_path }}/files/keyfile1" + new_keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 become: yes @@ -122,7 +122,7 @@ luks_device: device: "{{ cryptfile_device }}" state: opened - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" become: yes ignore_errors: yes register: open_try @@ -135,7 +135,7 @@ device: "{{ cryptfile_device }}" state: closed passphrase: "{{ cryptfile_passphrase1 }}" - new_keyfile: "{{ role_path }}/files/keyfile1" + new_keyfile: "{{ remote_tmp_dir }}/keyfile1" pbkdf: iteration_time: 0.1 become: yes @@ -144,7 +144,7 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - remove_keyfile: "{{ role_path }}/files/keyfile1" + remove_keyfile: "{{ remote_tmp_dir }}/keyfile1" remove_passphrase: "{{ cryptfile_passphrase1 }}" become: yes ignore_errors: yes @@ -157,7 +157,7 @@ luks_device: device: "{{ cryptfile_device }}" state: opened - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" become: yes ignore_errors: yes register: open_try @@ -219,7 +219,7 @@ luks_device: device: "{{ cryptfile_device }}" state: closed - keyfile: "{{ role_path }}/files/keyfile1" + keyfile: "{{ remote_tmp_dir }}/keyfile1" new_passphrase: "{{ cryptfile_passphrase3 }}" pbkdf: iteration_time: 0.1 diff --git a/tests/integration/targets/openssh_cert/meta/main.yml b/tests/integration/targets/openssh_cert/meta/main.yml index 476cfb39..f144b561 100644 --- a/tests/integration/targets/openssh_cert/meta/main.yml +++ b/tests/integration/targets/openssh_cert/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - setup_ssh_keygen - setup_ssh_agent + - setup_remote_tmp_dir diff --git a/tests/integration/targets/openssh_cert/tasks/main.yml b/tests/integration/targets/openssh_cert/tasks/main.yml index c257a42c..c06e2332 100644 --- a/tests/integration/targets/openssh_cert/tasks/main.yml +++ b/tests/integration/targets/openssh_cert/tasks/main.yml @@ -5,9 +5,9 @@ - name: Declare global variables set_fact: - signing_key: '{{ output_dir }}/id_key' - public_key: '{{ output_dir }}/id_key.pub' - certificate_path: '{{ output_dir }}/id_cert' + signing_key: '{{ remote_tmp_dir }}/id_key' + public_key: '{{ remote_tmp_dir }}/id_key.pub' + certificate_path: '{{ remote_tmp_dir }}/id_cert' - name: Generate keypair openssh_keypair: diff --git a/tests/integration/targets/openssh_cert/tests/key_idempotency.yml b/tests/integration/targets/openssh_cert/tests/key_idempotency.yml index b8e36434..814dd203 100644 --- a/tests/integration/targets/openssh_cert/tests/key_idempotency.yml +++ b/tests/integration/targets/openssh_cert/tests/key_idempotency.yml @@ -4,8 +4,8 @@ #################################################################### - set_fact: - new_signing_key: "{{ output_dir }}/new_key" - new_public_key: "{{ output_dir }}/new_key.pub" + new_signing_key: "{{ remote_tmp_dir }}/new_key" + new_public_key: "{{ remote_tmp_dir }}/new_key.pub" - name: Generate new test key openssh_keypair: diff --git a/tests/integration/targets/openssh_cert/tests/ssh-agent.yml b/tests/integration/targets/openssh_cert/tests/ssh-agent.yml index 8dbbbc63..bd57cfc2 100644 --- a/tests/integration/targets/openssh_cert/tests/ssh-agent.yml +++ b/tests/integration/targets/openssh_cert/tests/ssh-agent.yml @@ -12,7 +12,7 @@ type: user signing_key: "{{ signing_key }}" public_key: "{{ public_key }}" - path: '{{ output_dir }}/id_cert_with_agent' + path: '{{ remote_tmp_dir }}/id_cert_with_agent' use_agent: true valid_from: always valid_to: forever @@ -33,7 +33,7 @@ type: user signing_key: "{{ signing_key }}" public_key: "{{ public_key }}" - path: '{{ output_dir }}/id_cert_with_agent' + path: '{{ remote_tmp_dir }}/id_cert_with_agent' use_agent: true valid_from: always valid_to: forever @@ -44,7 +44,7 @@ type: user signing_key: "{{ signing_key }}" public_key: "{{ public_key }}" - path: '{{ output_dir }}/id_cert_with_agent' + path: '{{ remote_tmp_dir }}/id_cert_with_agent' use_agent: true valid_from: always valid_to: forever @@ -54,7 +54,7 @@ type: user signing_key: "{{ signing_key }}" public_key: "{{ public_key }}" - path: '{{ output_dir }}/id_cert_with_agent' + path: '{{ remote_tmp_dir }}/id_cert_with_agent' use_agent: true valid_from: always valid_to: forever @@ -71,7 +71,7 @@ type: user signing_key: "{{ signing_key }}" public_key: "{{ public_key }}" - path: '{{ output_dir }}/id_cert_with_agent' + path: '{{ remote_tmp_dir }}/id_cert_with_agent' use_agent: true valid_from: always valid_to: forever @@ -80,4 +80,4 @@ - name: Remove certificate openssh_cert: state: absent - path: '{{ output_dir }}/id_cert_with_agent' + path: '{{ remote_tmp_dir }}/id_cert_with_agent' diff --git a/tests/integration/targets/openssh_keypair/meta/main.yml b/tests/integration/targets/openssh_keypair/meta/main.yml index e7f863ef..4e832bc2 100644 --- a/tests/integration/targets/openssh_keypair/meta/main.yml +++ b/tests/integration/targets/openssh_keypair/meta/main.yml @@ -1,4 +1,5 @@ dependencies: - setup_ssh_keygen - setup_openssl - - setup_bcrypt \ No newline at end of file + - setup_bcrypt + - setup_remote_tmp_dir diff --git a/tests/integration/targets/openssh_keypair/tasks/main.yml b/tests/integration/targets/openssh_keypair/tasks/main.yml index fb467cfa..5b3cd998 100644 --- a/tests/integration/targets/openssh_keypair/tasks/main.yml +++ b/tests/integration/targets/openssh_keypair/tasks/main.yml @@ -6,7 +6,7 @@ - name: Backend auto-detection test openssh_keypair: - path: '{{ output_dir }}/auto_backend_key' + path: '{{ remote_tmp_dir }}/auto_backend_key' state: "{{ item }}" loop: ['present', 'absent'] diff --git a/tests/integration/targets/openssh_keypair/tests/core.yml b/tests/integration/targets/openssh_keypair/tests/core.yml index 353412d4..cbb1447b 100644 --- a/tests/integration/targets/openssh_keypair/tests/core.yml +++ b/tests/integration/targets/openssh_keypair/tests/core.yml @@ -6,7 +6,7 @@ - name: "({{ backend }}) Generate key (check mode)" openssh_keypair: - path: "{{ output_dir }}/core" + path: "{{ remote_tmp_dir }}/core" size: 2048 backend: "{{ backend }}" register: check_core_output @@ -14,14 +14,14 @@ - name: "({{ backend }}) Generate key" openssh_keypair: - path: "{{ output_dir }}/core" + path: "{{ remote_tmp_dir }}/core" size: 2048 backend: "{{ backend }}" register: core_output - name: "({{ backend }}) Generate key (check mode idempotent)" openssh_keypair: - path: "{{ output_dir }}/core" + path: "{{ remote_tmp_dir }}/core" size: 2048 backend: "{{ backend }}" register: idempotency_check_core_output @@ -29,7 +29,7 @@ - name: "({{ backend }}) Generate key (idempotent)" openssh_keypair: - path: '{{ output_dir }}/core' + path: '{{ remote_tmp_dir }}/core' size: 2048 backend: "{{ backend }}" register: idempotency_core_output @@ -74,7 +74,7 @@ - core_output['type'] == 'rsa' - name: "({{ backend }}) Retrieve key size from 'ssh-keygen'" - shell: "ssh-keygen -lf {{ output_dir }}/core | grep -o -E '^[0-9]+'" + shell: "ssh-keygen -lf {{ remote_tmp_dir }}/core | grep -o -E '^[0-9]+'" register: core_size_ssh_keygen - name: "({{ backend }}) Assert key size matches 'ssh-keygen' output" @@ -82,13 +82,18 @@ that: - core_size_ssh_keygen.stdout == '2048' +- name: "({{ backend }}) Read core.pub" + slurp: + src: '{{ remote_tmp_dir }}/core.pub' + register: slurp + - name: "({{ backend }}) Assert public key module return equal to the public key content" assert: that: - - "core_output.public_key == lookup('file', output_dir ~ '/core.pub').strip('\n')" + - "core_output.public_key == (slurp.content | b64decode).strip('\n ')" - name: "({{ backend }}) Remove key" openssh_keypair: - path: '{{ output_dir }}/core' + path: '{{ remote_tmp_dir }}/core' backend: "{{ backend }}" state: absent diff --git a/tests/integration/targets/openssh_keypair/tests/cryptography_backend.yml b/tests/integration/targets/openssh_keypair/tests/cryptography_backend.yml index a0bd2f4a..7c3b46f9 100644 --- a/tests/integration/targets/openssh_keypair/tests/cryptography_backend.yml +++ b/tests/integration/targets/openssh_keypair/tests/cryptography_backend.yml @@ -1,10 +1,10 @@ --- - name: Generate a password protected key - command: 'ssh-keygen -f {{ output_dir }}/password_protected -N {{ passphrase }}' + command: 'ssh-keygen -f {{ remote_tmp_dir }}/password_protected -N {{ passphrase }}' - name: Modify the password protected key with passphrase openssh_keypair: - path: '{{ output_dir }}/password_protected' + path: '{{ remote_tmp_dir }}/password_protected' size: 1024 passphrase: "{{ passphrase }}" backend: cryptography @@ -12,14 +12,14 @@ - name: Check password protected key idempotency openssh_keypair: - path: '{{ output_dir }}/password_protected' + path: '{{ remote_tmp_dir }}/password_protected' size: 1024 passphrase: "{{ passphrase }}" backend: cryptography register: password_protected_idempotency_output - name: Ensure that ssh-keygen can read keys generated with passphrase - command: 'ssh-keygen -yf {{ output_dir }}/password_protected -P {{ passphrase }}' + command: 'ssh-keygen -yf {{ remote_tmp_dir }}/password_protected -P {{ passphrase }}' register: password_protected_ssh_keygen_output - name: Check that password protected key with passphrase was regenerated @@ -31,18 +31,18 @@ - name: Remove password protected key openssh_keypair: - path: '{{ output_dir }}/password_protected' + path: '{{ remote_tmp_dir }}/password_protected' backend: cryptography state: absent - name: Generate an unprotected key openssh_keypair: - path: '{{ output_dir }}/unprotected' + path: '{{ remote_tmp_dir }}/unprotected' backend: cryptography - name: Modify unprotected key with passphrase openssh_keypair: - path: '{{ output_dir }}/unprotected' + path: '{{ remote_tmp_dir }}/unprotected' size: 2048 passphrase: "{{ passphrase }}" backend: cryptography @@ -51,7 +51,7 @@ - name: Modify unprotected key with passphrase (force) openssh_keypair: - path: '{{ output_dir }}/unprotected' + path: '{{ remote_tmp_dir }}/unprotected' size: 2048 passphrase: "{{ passphrase }}" force: true @@ -66,16 +66,16 @@ - name: Remove unprotected key openssh_keypair: - path: '{{ output_dir }}/unprotected' + path: '{{ remote_tmp_dir }}/unprotected' backend: cryptography state: absent - name: Generate PEM encoded key with passphrase - command: 'ssh-keygen -b 4096 -f {{ output_dir }}/pem_encoded -N {{ passphrase }} -m PEM' + command: 'ssh-keygen -b 4096 -f {{ remote_tmp_dir }}/pem_encoded -N {{ passphrase }} -m PEM' - name: Try to verify a PEM encoded key openssh_keypair: - path: '{{ output_dir }}/pem_encoded' + path: '{{ remote_tmp_dir }}/pem_encoded' passphrase: "{{ passphrase }}" backend: cryptography register: pem_encoded_output @@ -87,6 +87,6 @@ - name: Remove PEM encoded key openssh_keypair: - path: '{{ output_dir }}/pem_encoded' + path: '{{ remote_tmp_dir }}/pem_encoded' backend: cryptography state: absent diff --git a/tests/integration/targets/openssh_keypair/tests/invalid.yml b/tests/integration/targets/openssh_keypair/tests/invalid.yml index 43ff7b04..8cecd33c 100644 --- a/tests/integration/targets/openssh_keypair/tests/invalid.yml +++ b/tests/integration/targets/openssh_keypair/tests/invalid.yml @@ -10,12 +10,12 @@ content: '' mode: '0700' loop: - - "{{ output_dir }}/broken" - - "{{ output_dir }}/broken.pub" + - "{{ remote_tmp_dir }}/broken" + - "{{ remote_tmp_dir }}/broken.pub" - name: "({{ backend }}) Regenerate key - broken" openssh_keypair: - path: "{{ output_dir }}/broken" + path: "{{ remote_tmp_dir }}/broken" backend: "{{ backend }}" register: broken_output ignore_errors: true @@ -28,7 +28,7 @@ - name: "({{ backend }}) Regenerate key with force - broken" openssh_keypair: - path: "{{ output_dir }}/broken" + path: "{{ remote_tmp_dir }}/broken" backend: "{{ backend }}" force: true register: force_broken_output @@ -40,24 +40,24 @@ - name: "({{ backend }}) Remove key - broken" openssh_keypair: - path: "{{ output_dir }}/broken" + path: "{{ remote_tmp_dir }}/broken" backend: "{{ backend }}" state: absent - name: "({{ backend }}) Generate key - write-only" openssh_keypair: - path: "{{ output_dir }}/write-only" + path: "{{ remote_tmp_dir }}/write-only" mode: "0200" backend: "{{ backend }}" - name: "({{ backend }}) Check private key status - write-only" stat: - path: '{{ output_dir }}/write-only' + path: '{{ remote_tmp_dir }}/write-only' register: write_only_private_key - name: "({{ backend }}) Check public key status - write-only" stat: - path: '{{ output_dir }}/write-only.pub' + path: '{{ remote_tmp_dir }}/write-only.pub' register: write_only_public_key - name: "({{ backend }}) Assert that private and public keys match permissions - write-only" @@ -68,14 +68,14 @@ - name: "({{ backend }}) Regenerate key with force - write-only" openssh_keypair: - path: "{{ output_dir }}/write-only" + path: "{{ remote_tmp_dir }}/write-only" backend: "{{ backend }}" force: true register: write_only_output - name: "({{ backend }}) Check private key status after regeneration - write-only" stat: - path: '{{ output_dir }}/write-only' + path: '{{ remote_tmp_dir }}/write-only' register: write_only_private_key_after - name: "({{ backend }}) Assert key is regenerated - write-only" @@ -90,16 +90,16 @@ - name: "({{ backend }}) Remove key - write-only" openssh_keypair: - path: "{{ output_dir }}/write-only" + path: "{{ remote_tmp_dir }}/write-only" backend: "{{ backend }}" state: absent - name: "({{ backend }}) Generate key with ssh-keygen - password_protected" - command: "ssh-keygen -f {{ output_dir }}/password_protected -N {{ passphrase }}" + command: "ssh-keygen -f {{ remote_tmp_dir }}/password_protected -N {{ passphrase }}" - name: "({{ backend }}) Modify key - password_protected" openssh_keypair: - path: "{{ output_dir }}/password_protected" + path: "{{ remote_tmp_dir }}/password_protected" size: 2048 backend: "{{ backend }}" register: password_protected_output @@ -113,7 +113,7 @@ - name: "({{ backend }}) Modify key with 'force=true' - password_protected" openssh_keypair: - path: "{{ output_dir }}/password_protected" + path: "{{ remote_tmp_dir }}/password_protected" size: 2048 backend: "{{ backend }}" force: true @@ -126,6 +126,6 @@ - name: "({{ backend }}) Remove key - password_protected" openssh_keypair: - path: "{{ output_dir }}/password_protected" + path: "{{ remote_tmp_dir }}/password_protected" backend: "{{ backend }}" state: absent diff --git a/tests/integration/targets/openssh_keypair/tests/options.yml b/tests/integration/targets/openssh_keypair/tests/options.yml index 6cab8e28..42d06889 100644 --- a/tests/integration/targets/openssh_keypair/tests/options.yml +++ b/tests/integration/targets/openssh_keypair/tests/options.yml @@ -12,13 +12,13 @@ - name: "({{ backend }}) Generate keys with default size - size" openssh_keypair: - path: "{{ output_dir }}/default_size_{{ item }}" + path: "{{ remote_tmp_dir }}/default_size_{{ item }}" type: "{{ item }}" backend: "{{ backend }}" loop: "{{ key_types }}" - name: "({{ backend }}) Retrieve key size from 'ssh-keygen' - size" - shell: "ssh-keygen -lf {{ output_dir }}/default_size_{{ item }} | grep -o -E '^[0-9]+'" + shell: "ssh-keygen -lf {{ remote_tmp_dir }}/default_size_{{ item }} | grep -o -E '^[0-9]+'" loop: "{{ key_types }}" register: key_size_output @@ -31,19 +31,19 @@ - name: "({{ backend }}) Remove keys - size" openssh_keypair: - path: "{{ output_dir }}/default_size_{{ item }}" + path: "{{ remote_tmp_dir }}/default_size_{{ item }}" state: absent loop: "{{ key_types }}" - block: - name: "({{ backend }}) Generate ed25519 key with default size - size" openssh_keypair: - path: "{{ output_dir }}/default_size_ed25519" + path: "{{ remote_tmp_dir }}/default_size_ed25519" type: ed25519 backend: "{{ backend }}" - name: "({{ backend }}) Retrieve ed25519 key size from 'ssh-keygen' - size" - shell: "ssh-keygen -lf {{ output_dir }}/default_size_ed25519 | grep -o -E '^[0-9]+'" + shell: "ssh-keygen -lf {{ remote_tmp_dir }}/default_size_ed25519 | grep -o -E '^[0-9]+'" register: ed25519_key_size_output - name: "({{ backend }}) Assert ed25519 key size matches default size - size" @@ -53,20 +53,20 @@ - name: "({{ backend }}) Remove ed25519 key - size" openssh_keypair: - path: "{{ output_dir }}/default_size_ed25519" + path: "{{ remote_tmp_dir }}/default_size_ed25519" state: absent # Support for ed25519 keys was added in OpenSSH 6.5 when: not (backend == 'opensshbin' and openssh_version is version('6.5', '<')) - name: "({{ backend }}) Generate key - force" openssh_keypair: - path: "{{ output_dir }}/force" + path: "{{ remote_tmp_dir }}/force" type: rsa backend: "{{ backend }}" - name: "({{ backend }}) Regenerate key - force" openssh_keypair: - path: "{{ output_dir }}/force" + path: "{{ remote_tmp_dir }}/force" type: rsa force: true backend: "{{ backend }}" @@ -79,20 +79,20 @@ - name: "({{ backend }}) Remove key - force" openssh_keypair: - path: "{{ output_dir }}/force" + path: "{{ remote_tmp_dir }}/force" state: absent backend: "{{ backend }}" - name: "({{ backend }}) Generate key - comment" openssh_keypair: - path: "{{ output_dir }}/comment" + path: "{{ remote_tmp_dir }}/comment" comment: "test@comment" backend: "{{ backend }}" register: comment_output - name: "({{ backend }}) Modify comment - comment" openssh_keypair: - path: "{{ output_dir }}/comment" + path: "{{ remote_tmp_dir }}/comment" comment: "test_modified@comment" backend: "{{ backend }}" register: modified_comment_output @@ -112,6 +112,6 @@ - name: "({{ backend }}) Remove key - comment" openssh_keypair: - path: "{{ output_dir }}/comment" + path: "{{ remote_tmp_dir }}/comment" state: absent backend: "{{ backend }}" diff --git a/tests/integration/targets/openssh_keypair/tests/regenerate.yml b/tests/integration/targets/openssh_keypair/tests/regenerate.yml index 6f7b4681..fb2927f1 100644 --- a/tests/integration/targets/openssh_keypair/tests/regenerate.yml +++ b/tests/integration/targets/openssh_keypair/tests/regenerate.yml @@ -10,22 +10,22 @@ path: "{{ item }}" state: absent with_fileglob: - - "{{ output_dir }}/regenerate*" + - "{{ remote_tmp_dir }}/regenerate*" - name: "({{ backend }}) Regenerate - setup simple keys" openssh_keypair: - path: '{{ output_dir }}/regenerate-a-{{ item }}' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: rsa size: 1024 backend: "{{ backend }}" loop: "{{ regenerate_values }}" - name: "({{ backend }}) Regenerate - setup password protected keys" - command: 'ssh-keygen -f {{ output_dir }}/regenerate-b-{{ item }} -N {{ passphrase }}' + command: 'ssh-keygen -f {{ remote_tmp_dir }}/regenerate-b-{{ item }} -N {{ passphrase }}' loop: "{{ regenerate_values }}" - name: "({{ backend }}) Regenerate - setup broken keys" copy: - dest: '{{ output_dir }}/regenerate-c-{{ item.0 }}{{ item.1 }}' + dest: '{{ remote_tmp_dir }}/regenerate-c-{{ item.0 }}{{ item.1 }}' content: 'broken key' mode: '0700' with_nested: @@ -33,12 +33,12 @@ - [ '', '.pub' ] - name: "({{ backend }}) Regenerate - setup password protected keys for passphrse test" - command: 'ssh-keygen -f {{ output_dir }}/regenerate-d-{{ item }} -N {{ passphrase }}' + command: 'ssh-keygen -f {{ remote_tmp_dir }}/regenerate-d-{{ item }} -N {{ passphrase }}' loop: "{{ regenerate_values }}" - name: "({{ backend }}) Regenerate - modify broken keys (check mode)" openssh_keypair: - path: '{{ output_dir }}/regenerate-c-{{ item }}' + path: '{{ remote_tmp_dir }}/regenerate-c-{{ item }}' type: rsa size: 1024 regenerate: '{{ item }}' @@ -60,7 +60,7 @@ - name: "({{ backend }}) Regenerate - modify broken keys" openssh_keypair: - path: '{{ output_dir }}/regenerate-c-{{ item }}' + path: '{{ remote_tmp_dir }}/regenerate-c-{{ item }}' type: rsa size: 1024 regenerate: '{{ item }}' @@ -81,7 +81,7 @@ - name: "({{ backend }}) Regenerate - modify password protected keys (check mode)" openssh_keypair: - path: '{{ output_dir }}/regenerate-b-{{ item }}' + path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}' type: rsa size: 1024 regenerate: '{{ item }}' @@ -103,7 +103,7 @@ - name: "({{ backend }}) Regenerate - modify password protected keys with passphrase (check mode)" openssh_keypair: - path: '{{ output_dir }}/regenerate-b-{{ item }}' + path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}' type: rsa size: 1024 passphrase: "{{ passphrase }}" @@ -127,7 +127,7 @@ - name: "({{ backend }}) Regenerate - modify password protected keys" openssh_keypair: - path: '{{ output_dir }}/regenerate-b-{{ item }}' + path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}' type: rsa size: 1024 regenerate: '{{ item }}' @@ -148,7 +148,7 @@ - name: "({{ backend }}) Regenerate - modify password protected keys with passphrase" openssh_keypair: - path: '{{ output_dir }}/regenerate-d-{{ item }}' + path: '{{ remote_tmp_dir }}/regenerate-d-{{ item }}' type: rsa size: 1024 passphrase: "{{ passphrase }}" @@ -171,7 +171,7 @@ - name: "({{ backend }}) Regenerate - not modify regular keys (check mode)" openssh_keypair: - path: '{{ output_dir }}/regenerate-a-{{ item }}' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: rsa size: 1024 regenerate: '{{ item }}' @@ -189,7 +189,7 @@ - name: "({{ backend }}) Regenerate - not modify regular keys" openssh_keypair: - path: '{{ output_dir }}/regenerate-a-{{ item }}' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: rsa size: 1024 regenerate: '{{ item }}' @@ -206,7 +206,7 @@ - name: "({{ backend }}) Regenerate - adjust key size (check mode)" openssh_keypair: - path: '{{ output_dir }}/regenerate-a-{{ item }}' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: rsa size: 1048 regenerate: '{{ item }}' @@ -226,7 +226,7 @@ - name: "({{ backend }}) Regenerate - adjust key size" openssh_keypair: - path: '{{ output_dir }}/regenerate-a-{{ item }}' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: rsa size: 1048 regenerate: '{{ item }}' @@ -245,8 +245,8 @@ - name: "({{ backend }}) Regenerate - redistribute keys" copy: - src: '{{ output_dir }}/regenerate-a-always{{ item.1 }}' - dest: '{{ output_dir }}/regenerate-a-{{ item.0 }}{{ item.1 }}' + src: '{{ remote_tmp_dir }}/regenerate-a-always{{ item.1 }}' + dest: '{{ remote_tmp_dir }}/regenerate-a-{{ item.0 }}{{ item.1 }}' remote_src: true with_nested: - "{{ regenerate_values }}" @@ -255,7 +255,7 @@ - name: "({{ backend }}) Regenerate - adjust key type (check mode)" openssh_keypair: - path: '{{ output_dir }}/regenerate-a-{{ item }}' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: dsa size: 1024 regenerate: '{{ item }}' @@ -275,7 +275,7 @@ - name: "({{ backend }}) Regenerate - adjust key type" openssh_keypair: - path: '{{ output_dir }}/regenerate-a-{{ item }}' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: dsa size: 1024 regenerate: '{{ item }}' @@ -294,8 +294,8 @@ - name: "({{ backend }}) Regenerate - redistribute keys" copy: - src: '{{ output_dir }}/regenerate-a-always{{ item.1 }}' - dest: '{{ output_dir }}/regenerate-a-{{ item.0 }}{{ item.1 }}' + src: '{{ remote_tmp_dir }}/regenerate-a-always{{ item.1 }}' + dest: '{{ remote_tmp_dir }}/regenerate-a-{{ item.0 }}{{ item.1 }}' remote_src: true with_nested: - "{{ regenerate_values }}" @@ -304,7 +304,7 @@ - name: "({{ backend }}) Regenerate - adjust comment (check mode)" openssh_keypair: - path: '{{ output_dir }}/regenerate-a-{{ item }}' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: dsa size: 1024 comment: test comment @@ -320,7 +320,7 @@ - name: "({{ backend }}) Regenerate - adjust comment" openssh_keypair: - path: '{{ output_dir }}/regenerate-a-{{ item }}' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: dsa size: 1024 comment: test comment diff --git a/tests/integration/targets/openssh_keypair/tests/state.yml b/tests/integration/targets/openssh_keypair/tests/state.yml index c984dbef..e79facbb 100644 --- a/tests/integration/targets/openssh_keypair/tests/state.yml +++ b/tests/integration/targets/openssh_keypair/tests/state.yml @@ -6,36 +6,36 @@ - name: "({{ backend }}) Generate key" openssh_keypair: - path: '{{ output_dir }}/removed' + path: '{{ remote_tmp_dir }}/removed' backend: "{{ backend }}" state: present - name: "({{ backend }}) Generate key (idempotency)" openssh_keypair: - path: '{{ output_dir }}/removed' + path: '{{ remote_tmp_dir }}/removed' backend: "{{ backend }}" state: present - name: "({{ backend }}) Remove key" openssh_keypair: state: absent - path: '{{ output_dir }}/removed' + path: '{{ remote_tmp_dir }}/removed' backend: "{{ backend }}" - name: "({{ backend }}) Remove key (idempotency)" openssh_keypair: state: absent - path: '{{ output_dir }}/removed' + path: '{{ remote_tmp_dir }}/removed' backend: "{{ backend }}" - name: "({{ backend }}) Check private key status" stat: - path: '{{ output_dir }}/removed' + path: '{{ remote_tmp_dir }}/removed' register: removed_private_key - name: "({{ backend }}) Check public key status" stat: - path: '{{ output_dir }}/removed.pub' + path: '{{ remote_tmp_dir }}/removed.pub' register: removed_public_key - name: "({{ backend }}) Assert key pair files are removed" diff --git a/tests/integration/targets/openssl_csr/meta/main.yml b/tests/integration/targets/openssl_csr/meta/main.yml index d1a318db..ff8af08d 100644 --- a/tests/integration/targets/openssl_csr/meta/main.yml +++ b/tests/integration/targets/openssl_csr/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - setup_openssl - setup_pyopenssl + - setup_remote_tmp_dir diff --git a/tests/integration/targets/openssl_csr/tasks/impl.yml b/tests/integration/targets/openssl_csr/tasks/impl.yml index 20227ce9..51a459a8 100644 --- a/tests/integration/targets/openssl_csr/tasks/impl.yml +++ b/tests/integration/targets/openssl_csr/tasks/impl.yml @@ -1,13 +1,13 @@ --- - name: "({{ select_crypto_backend }}) Generate privatekey" openssl_privatekey: - path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate CSR (check mode)" openssl_csr: - path: '{{ output_dir }}/csr.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -17,8 +17,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR" openssl_csr: - path: '{{ output_dir }}/csr.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -27,8 +27,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" openssl_csr: - path: '{{ output_dir }}/csr.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -37,8 +37,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)" openssl_csr: - path: '{{ output_dir }}/csr.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -48,8 +48,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR without SAN (check mode)" openssl_csr: - path: '{{ output_dir }}/csr-nosan.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr-nosan.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com useCommonNameForSAN: no @@ -59,8 +59,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR without SAN" openssl_csr: - path: '{{ output_dir }}/csr-nosan.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr-nosan.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com useCommonNameForSAN: no @@ -69,8 +69,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR without SAN (idempotent)" openssl_csr: - path: '{{ output_dir }}/csr-nosan.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr-nosan.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com useCommonNameForSAN: no @@ -79,8 +79,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR without SAN (idempotent, check mode)" openssl_csr: - path: '{{ output_dir }}/csr-nosan.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr-nosan.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com useCommonNameForSAN: no @@ -94,8 +94,8 @@ # and vice-versa for biometricInfo - name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU" openssl_csr: - path: '{{ output_dir }}/csr_ku_xku.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_ku_xku.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: CN: www.ansible.com keyUsage: @@ -110,8 +110,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test idempotency)" openssl_csr: - path: '{{ output_dir }}/csr_ku_xku.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_ku_xku.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: 'www.ansible.com' keyUsage: @@ -127,8 +127,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test XKU change)" openssl_csr: - path: '{{ output_dir }}/csr_ku_xku.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_ku_xku.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: 'www.ansible.com' keyUsage: @@ -143,8 +143,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test KU change)" openssl_csr: - path: '{{ output_dir }}/csr_ku_xku.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_ku_xku.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: 'www.ansible.com' keyUsage: @@ -158,15 +158,15 @@ - name: "({{ select_crypto_backend }}) Generate CSR with old API" openssl_csr: - path: '{{ output_dir }}/csr_oldapi.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_oldapi.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (1/2)" openssl_csr: - path: '{{ output_dir }}/csrinvsan.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csrinvsan.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject_alt_name: invalid-san.example.com select_crypto_backend: '{{ select_crypto_backend }}' register: generate_csr_invalid_san @@ -174,8 +174,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (2/2)" openssl_csr: - path: '{{ output_dir }}/csrinvsan2.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csrinvsan2.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject_alt_name: "DNS:system:kube-controller-manager" select_crypto_backend: '{{ select_crypto_backend }}' register: generate_csr_invalid_san_2 @@ -183,16 +183,16 @@ - name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple" openssl_csr: - path: '{{ output_dir }}/csr_ocsp.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_ocsp.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject_alt_name: "DNS:www.ansible.com" ocsp_must_staple: true select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple (test idempotency)" openssl_csr: - path: '{{ output_dir }}/csr_ocsp.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_ocsp.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject_alt_name: "DNS:www.ansible.com" ocsp_must_staple: true select_crypto_backend: '{{ select_crypto_backend }}' @@ -200,22 +200,22 @@ - name: "({{ select_crypto_backend }}) Generate ECC privatekey" openssl_privatekey: - path: '{{ output_dir }}/privatekey2.pem' + path: '{{ remote_tmp_dir }}/privatekey2.pem' type: ECC curve: secp384r1 - name: "({{ select_crypto_backend }}) Generate CSR with ECC privatekey" openssl_csr: - path: '{{ output_dir }}/csr2.csr' - privatekey_path: '{{ output_dir }}/privatekey2.pem' + path: '{{ remote_tmp_dir }}/csr2.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate CSR with text common name" openssl_csr: - path: '{{ output_dir }}/csr3.csr' - privatekey_path: '{{ output_dir }}/privatekey2.pem' + path: '{{ remote_tmp_dir }}/csr3.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' subject: commonName: This is for Ansible useCommonNameForSAN: no @@ -223,24 +223,24 @@ - name: "({{ select_crypto_backend }}) Generate CSR with country name" openssl_csr: - path: '{{ output_dir }}/csr4.csr' - privatekey_path: '{{ output_dir }}/privatekey2.pem' + path: '{{ remote_tmp_dir }}/csr4.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' country_name: de select_crypto_backend: '{{ select_crypto_backend }}' register: country_idempotent_1 - name: "({{ select_crypto_backend }}) Generate CSR with country name (idempotent)" openssl_csr: - path: '{{ output_dir }}/csr4.csr' - privatekey_path: '{{ output_dir }}/privatekey2.pem' + path: '{{ remote_tmp_dir }}/csr4.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' country_name: de select_crypto_backend: '{{ select_crypto_backend }}' register: country_idempotent_2 - name: "({{ select_crypto_backend }}) Generate CSR with country name (idempotent 2)" openssl_csr: - path: '{{ output_dir }}/csr4.csr' - privatekey_path: '{{ output_dir }}/privatekey2.pem' + path: '{{ remote_tmp_dir }}/csr4.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' subject: C: de select_crypto_backend: '{{ select_crypto_backend }}' @@ -248,8 +248,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with country name (bad country name)" openssl_csr: - path: '{{ output_dir }}/csr4.csr' - privatekey_path: '{{ output_dir }}/privatekey2.pem' + path: '{{ remote_tmp_dir }}/csr4.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' subject: C: dex select_crypto_backend: '{{ select_crypto_backend }}' @@ -258,7 +258,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey with password" openssl_privatekey: - path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: auto select_crypto_backend: cryptography @@ -266,16 +266,16 @@ - name: "({{ select_crypto_backend }}) Generate CSR with privatekey passphrase" openssl_csr: - path: '{{ output_dir }}/csr_pw.csr' - privatekey_path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/csr_pw.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: hunter2 select_crypto_backend: '{{ select_crypto_backend }}' register: passphrase_1 - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 1)" openssl_csr: - path: '{{ output_dir }}/csr_pw1.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_pw1.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_passphrase: hunter2 select_crypto_backend: '{{ select_crypto_backend }}' ignore_errors: yes @@ -283,8 +283,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 2)" openssl_csr: - path: '{{ output_dir }}/csr_pw2.csr' - privatekey_path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/csr_pw2.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: wrong_password select_crypto_backend: '{{ select_crypto_backend }}' ignore_errors: yes @@ -292,20 +292,20 @@ - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 3)" openssl_csr: - path: '{{ output_dir }}/csr_pw3.csr' - privatekey_path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/csr_pw3.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' select_crypto_backend: '{{ select_crypto_backend }}' ignore_errors: yes register: passphrase_error_3 - name: "({{ select_crypto_backend }}) Create broken CSR" copy: - dest: "{{ output_dir }}/csrbroken.csr" + dest: "{{ remote_tmp_dir }}/csrbroken.csr" content: "broken" - name: "({{ select_crypto_backend }}) Regenerate broken CSR" openssl_csr: - path: '{{ output_dir }}/csrbroken.csr' - privatekey_path: '{{ output_dir }}/privatekey2.pem' + path: '{{ remote_tmp_dir }}/csrbroken.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' subject: commonName: This is for Ansible useCommonNameForSAN: no @@ -314,8 +314,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR" openssl_csr: - path: '{{ output_dir }}/csr_backup.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_backup.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com backup: yes @@ -323,8 +323,8 @@ register: csr_backup_1 - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" openssl_csr: - path: '{{ output_dir }}/csr_backup.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_backup.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com backup: yes @@ -332,8 +332,8 @@ register: csr_backup_2 - name: "({{ select_crypto_backend }}) Generate CSR (change)" openssl_csr: - path: '{{ output_dir }}/csr_backup.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_backup.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: ansible.com backup: yes @@ -341,7 +341,7 @@ register: csr_backup_3 - name: "({{ select_crypto_backend }}) Generate CSR (remove)" openssl_csr: - path: '{{ output_dir }}/csr_backup.csr' + path: '{{ remote_tmp_dir }}/csr_backup.csr' state: absent backup: yes select_crypto_backend: '{{ select_crypto_backend }}' @@ -349,7 +349,7 @@ register: csr_backup_4 - name: "({{ select_crypto_backend }}) Generate CSR (remove, idempotent)" openssl_csr: - path: '{{ output_dir }}/csr_backup.csr' + path: '{{ remote_tmp_dir }}/csr_backup.csr' state: absent backup: yes select_crypto_backend: '{{ select_crypto_backend }}' @@ -357,8 +357,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier" openssl_csr: - path: '{{ output_dir }}/csr_ski.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_ski.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com subject_key_identifier: "00:11:22:33" @@ -368,8 +368,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (idempotency)" openssl_csr: - path: '{{ output_dir }}/csr_ski.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_ski.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com subject_key_identifier: "00:11:22:33" @@ -379,8 +379,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (change)" openssl_csr: - path: '{{ output_dir }}/csr_ski.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_ski.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com subject_key_identifier: "44:55:66:77:88" @@ -390,8 +390,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (auto-create)" openssl_csr: - path: '{{ output_dir }}/csr_ski.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_ski.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com create_subject_key_identifier: yes @@ -401,8 +401,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (auto-create idempotency)" openssl_csr: - path: '{{ output_dir }}/csr_ski.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_ski.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com create_subject_key_identifier: yes @@ -412,8 +412,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (remove)" openssl_csr: - path: '{{ output_dir }}/csr_ski.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_ski.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -422,8 +422,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier" openssl_csr: - path: '{{ output_dir }}/csr_aki.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_aki.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com authority_key_identifier: "00:11:22:33" @@ -433,8 +433,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (idempotency)" openssl_csr: - path: '{{ output_dir }}/csr_aki.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_aki.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com authority_key_identifier: "00:11:22:33" @@ -444,8 +444,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (change)" openssl_csr: - path: '{{ output_dir }}/csr_aki.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_aki.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com authority_key_identifier: "44:55:66:77:88" @@ -455,8 +455,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (remove)" openssl_csr: - path: '{{ output_dir }}/csr_aki.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_aki.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -465,8 +465,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number" openssl_csr: - path: '{{ output_dir }}/csr_acisn.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_acisn.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com authority_cert_issuer: @@ -479,8 +479,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (idempotency)" openssl_csr: - path: '{{ output_dir }}/csr_acisn.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_acisn.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com authority_cert_issuer: @@ -493,8 +493,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (change issuer)" openssl_csr: - path: '{{ output_dir }}/csr_acisn.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_acisn.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com authority_cert_issuer: @@ -507,8 +507,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (change serial number)" openssl_csr: - path: '{{ output_dir }}/csr_acisn.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_acisn.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com authority_cert_issuer: @@ -521,8 +521,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (remove)" openssl_csr: - path: '{{ output_dir }}/csr_acisn.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_acisn.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com when: select_crypto_backend != 'pyopenssl' @@ -530,8 +530,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with everything" openssl_csr: - path: '{{ output_dir }}/csr_everything.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_everything.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.example.com C: de @@ -638,8 +638,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent, check mode)" openssl_csr: - path: '{{ output_dir }}/csr_everything.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_everything.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.example.com C: de @@ -747,8 +747,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent)" openssl_csr: - path: '{{ output_dir }}/csr_everything.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_everything.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.example.com C: de @@ -855,7 +855,7 @@ - name: "({{ select_crypto_backend }}) Get info from CSR with everything" community.crypto.openssl_csr_info: - path: '{{ output_dir }}/csr_everything.csr' + path: '{{ remote_tmp_dir }}/csr_everything.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: everything_info @@ -863,7 +863,7 @@ block: - name: "({{ select_crypto_backend }}) Generate privatekeys" openssl_privatekey: - path: '{{ output_dir }}/privatekey_{{ item }}.pem' + path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' type: '{{ item }}' loop: - Ed25519 @@ -877,8 +877,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR" openssl_csr: - path: '{{ output_dir }}/csr_{{ item }}.csr' - privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem' + path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -890,8 +890,8 @@ - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" openssl_csr: - path: '{{ output_dir }}/csr_{{ item }}.csr' - privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem' + path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -907,8 +907,8 @@ block: - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints" openssl_csr: - path: '{{ output_dir }}/csr_crl_d_e.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com crl_distribution_points: @@ -930,8 +930,8 @@ - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints (idempotence)" openssl_csr: - path: '{{ output_dir }}/csr_crl_d_e.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com crl_distribution_points: @@ -953,8 +953,8 @@ - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints (change)" openssl_csr: - path: '{{ output_dir }}/csr_crl_d_e.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com crl_distribution_points: @@ -975,8 +975,8 @@ - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints (no endpoints)" openssl_csr: - path: '{{ output_dir }}/csr_crl_d_e.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -984,8 +984,8 @@ - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints" openssl_csr: - path: '{{ output_dir }}/csr_crl_d_e.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com crl_distribution_points: diff --git a/tests/integration/targets/openssl_csr/tasks/main.yml b/tests/integration/targets/openssl_csr/tasks/main.yml index 575bc79d..21006c7e 100644 --- a/tests/integration/targets/openssl_csr/tasks/main.yml +++ b/tests/integration/targets/openssl_csr/tasks/main.yml @@ -6,12 +6,12 @@ - name: Prepare private key for backend autodetection test openssl_privatekey: - path: '{{ output_dir }}/privatekey_backend_selection.pem' + path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem' size: '{{ default_rsa_key_size }}' - name: Run module with backend autodetection openssl_csr: - path: '{{ output_dir }}/csr_backend_selection.csr' - privatekey_path: '{{ output_dir }}/privatekey_backend_selection.pem' + path: '{{ remote_tmp_dir }}/csr_backend_selection.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem' subject: commonName: www.ansible.com @@ -29,12 +29,12 @@ - name: Remove output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: directory - block: diff --git a/tests/integration/targets/openssl_csr/tests/validate.yml b/tests/integration/targets/openssl_csr/tests/validate.yml index 8958a7ae..5b2eb49a 100644 --- a/tests/integration/targets/openssl_csr/tests/validate.yml +++ b/tests/integration/targets/openssl_csr/tests/validate.yml @@ -1,14 +1,14 @@ --- - name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)" - shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ output_dir }}/privatekey.pem' + shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' register: privatekey_modulus - name: "({{ select_crypto_backend }}) Validate CSR (test - Common Name)" - shell: "{{ openssl_binary }} req -noout -subject -in {{ output_dir }}/csr.csr -nameopt oneline,-space_eq" + shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr.csr -nameopt oneline,-space_eq" register: csr_cn - name: "({{ select_crypto_backend }}) Validate CSR (test - csr modulus)" - shell: '{{ openssl_binary }} req -noout -modulus -in {{ output_dir }}/csr.csr' + shell: '{{ openssl_binary }} req -noout -modulus -in {{ remote_tmp_dir }}/csr.csr' register: csr_modulus - name: "({{ select_crypto_backend }}) Validate CSR (assert)" @@ -25,11 +25,16 @@ - generate_csr_idempotent is not changed - generate_csr_idempotent_check is not changed +- name: "({{ select_crypto_backend }}) Read CSR" + slurp: + src: '{{ remote_tmp_dir }}/csr.csr' + register: slurp + - name: "({{ select_crypto_backend }}) Validate CSR (data retrieval)" assert: that: - generate_csr_check.csr is none - - generate_csr.csr == lookup('file', output_dir ~ '/csr.csr', rstrip=False) + - generate_csr.csr == (slurp.content | b64decode) - generate_csr.csr == generate_csr_idempotent.csr - generate_csr.csr == generate_csr_idempotent_check.csr @@ -49,11 +54,11 @@ - csr_ku_xku_change_2 is changed - name: "({{ select_crypto_backend }}) Validate old_API CSR (test - Common Name)" - shell: "{{ openssl_binary }} req -noout -subject -in {{ output_dir }}/csr_oldapi.csr -nameopt oneline,-space_eq" + shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr_oldapi.csr -nameopt oneline,-space_eq" register: csr_oldapi_cn - name: "({{ select_crypto_backend }}) Validate old_API CSR (test - csr modulus)" - shell: '{{ openssl_binary }} req -noout -modulus -in {{ output_dir }}/csr_oldapi.csr' + shell: '{{ openssl_binary }} req -noout -modulus -in {{ remote_tmp_dir }}/csr_oldapi.csr' register: csr_oldapi_modulus - name: "({{ select_crypto_backend }}) Validate old_API CSR (assert)" @@ -78,7 +83,7 @@ when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.0', '<') - name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (test - everything)" - shell: "{{ openssl_binary }} req -noout -in {{ output_dir }}/csr_ocsp.csr -text" + shell: "{{ openssl_binary }} req -noout -in {{ remote_tmp_dir }}/csr_ocsp.csr -text" register: csr_ocsp - name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (assert)" @@ -93,15 +98,15 @@ - csr_ocsp_idempotency is not changed - name: "({{ select_crypto_backend }}) Validate ECC CSR (test - privatekey's public key)" - shell: '{{ openssl_binary }} ec -pubout -in {{ output_dir }}/privatekey2.pem' + shell: '{{ openssl_binary }} ec -pubout -in {{ remote_tmp_dir }}/privatekey2.pem' register: privatekey_ecc_key - name: "({{ select_crypto_backend }}) Validate ECC CSR (test - Common Name)" - shell: "{{ openssl_binary }} req -noout -subject -in {{ output_dir }}/csr2.csr -nameopt oneline,-space_eq" + shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr2.csr -nameopt oneline,-space_eq" register: csr_ecc_cn - name: "({{ select_crypto_backend }}) Validate ECC CSR (test - CSR pubkey)" - shell: '{{ openssl_binary }} req -noout -pubkey -in {{ output_dir }}/csr2.csr' + shell: '{{ openssl_binary }} req -noout -pubkey -in {{ remote_tmp_dir }}/csr2.csr' register: csr_ecc_pubkey - name: "({{ select_crypto_backend }}) Validate ECC CSR (assert)" @@ -111,7 +116,7 @@ - csr_ecc_pubkey.stdout == privatekey_ecc_key.stdout - name: "({{ select_crypto_backend }}) Validate CSR (text common name - Common Name)" - shell: "{{ openssl_binary }} req -noout -subject -in {{ output_dir }}/csr3.csr -nameopt oneline,-space_eq" + shell: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr3.csr -nameopt oneline,-space_eq" register: csr3_cn - name: "({{ select_crypto_backend }}) Validate CSR (assert)" diff --git a/tests/integration/targets/openssl_csr_info/meta/main.yml b/tests/integration/targets/openssl_csr_info/meta/main.yml index d1a318db..ff8af08d 100644 --- a/tests/integration/targets/openssl_csr_info/meta/main.yml +++ b/tests/integration/targets/openssl_csr_info/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - setup_openssl - setup_pyopenssl + - setup_remote_tmp_dir diff --git a/tests/integration/targets/openssl_csr_info/tasks/impl.yml b/tests/integration/targets/openssl_csr_info/tasks/impl.yml index dc8d694e..b26bf16c 100644 --- a/tests/integration/targets/openssl_csr_info/tasks/impl.yml +++ b/tests/integration/targets/openssl_csr_info/tasks/impl.yml @@ -4,7 +4,7 @@ - name: "({{ select_crypto_backend }}) Get CSR info" openssl_csr_info: - path: '{{ output_dir }}/csr_1.csr' + path: '{{ remote_tmp_dir }}/csr_1.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: result @@ -34,9 +34,14 @@ set_fact: info_results: "{{ info_results + [result] }}" +- name: "({{ select_crypto_backend }}) Read CSR" + slurp: + src: '{{ remote_tmp_dir }}/csr_1.csr' + register: slurp + - name: "({{ select_crypto_backend }}) Get CSR info directly" openssl_csr_info: - content: '{{ lookup("file", output_dir ~ "/csr_1.csr") }}' + content: '{{ slurp.content | b64decode }}' select_crypto_backend: '{{ select_crypto_backend }}' register: result_direct @@ -47,7 +52,7 @@ - name: "({{ select_crypto_backend }}) Get CSR info" openssl_csr_info: - path: '{{ output_dir }}/csr_2.csr' + path: '{{ remote_tmp_dir }}/csr_2.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: result @@ -57,7 +62,7 @@ - name: "({{ select_crypto_backend }}) Get CSR info" openssl_csr_info: - path: '{{ output_dir }}/csr_3.csr' + path: '{{ remote_tmp_dir }}/csr_3.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: result @@ -79,7 +84,7 @@ - name: "({{ select_crypto_backend }}) Get CSR info" openssl_csr_info: - path: '{{ output_dir }}/csr_4.csr' + path: '{{ remote_tmp_dir }}/csr_4.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: result diff --git a/tests/integration/targets/openssl_csr_info/tasks/main.yml b/tests/integration/targets/openssl_csr_info/tasks/main.yml index e55ffa44..7cc1fcb3 100644 --- a/tests/integration/targets/openssl_csr_info/tasks/main.yml +++ b/tests/integration/targets/openssl_csr_info/tasks/main.yml @@ -6,12 +6,12 @@ - name: Generate privatekey openssl_privatekey: - path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size }}' - name: Generate privatekey with password openssl_privatekey: - path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: auto select_crypto_backend: cryptography @@ -19,8 +19,8 @@ - name: Generate CSR 1 openssl_csr: - path: '{{ output_dir }}/csr_1.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_1.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.example.com C: de @@ -87,8 +87,8 @@ - name: Generate CSR 2 openssl_csr: - path: '{{ output_dir }}/csr_2.csr' - privatekey_path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/csr_2.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: hunter2 useCommonNameForSAN: no basic_constraints: @@ -96,8 +96,8 @@ - name: Generate CSR 3 openssl_csr: - path: '{{ output_dir }}/csr_3.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_3.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' useCommonNameForSAN: no subject_alt_name: - "DNS:*.ansible.com" @@ -114,8 +114,8 @@ - name: Generate CSR 4 openssl_csr: - path: '{{ output_dir }}/csr_4.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_4.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' useCommonNameForSAN: no authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' diff --git a/tests/integration/targets/openssl_csr_pipe/meta/main.yml b/tests/integration/targets/openssl_csr_pipe/meta/main.yml index d1a318db..ff8af08d 100644 --- a/tests/integration/targets/openssl_csr_pipe/meta/main.yml +++ b/tests/integration/targets/openssl_csr_pipe/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - setup_openssl - setup_pyopenssl + - setup_remote_tmp_dir diff --git a/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml b/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml index 844ed77e..14879be4 100644 --- a/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml +++ b/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml @@ -1,12 +1,12 @@ --- - name: "({{ select_crypto_backend }}) Generate privatekey" openssl_privatekey: - path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate CSR (check mode)" openssl_csr_pipe: - privatekey_path: '{{ output_dir }}/privatekey.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -15,7 +15,7 @@ - name: "({{ select_crypto_backend }}) Generate CSR" openssl_csr_pipe: - privatekey_path: '{{ output_dir }}/privatekey.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -24,7 +24,7 @@ - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" openssl_csr_pipe: content: "{{ generate_csr.csr }}" - privatekey_path: '{{ output_dir }}/privatekey.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -33,7 +33,7 @@ - name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)" openssl_csr_pipe: content: "{{ generate_csr.csr }}" - privatekey_path: '{{ output_dir }}/privatekey.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -43,7 +43,7 @@ - name: "({{ select_crypto_backend }}) Generate CSR (changed)" openssl_csr_pipe: content: "{{ generate_csr.csr }}" - privatekey_path: '{{ output_dir }}/privatekey.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -52,7 +52,7 @@ - name: "({{ select_crypto_backend }}) Generate CSR (changed, check mode)" openssl_csr_pipe: content: "{{ generate_csr.csr }}" - privatekey_path: '{{ output_dir }}/privatekey.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -60,7 +60,7 @@ register: generate_csr_changed_check - name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)" - shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ output_dir }}/privatekey.pem' + shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' register: privatekey_modulus - name: "({{ select_crypto_backend }}) Validate CSR (test - Common Name)" diff --git a/tests/integration/targets/openssl_csr_pipe/tasks/main.yml b/tests/integration/targets/openssl_csr_pipe/tasks/main.yml index 8f3d9c59..d0a687b2 100644 --- a/tests/integration/targets/openssl_csr_pipe/tasks/main.yml +++ b/tests/integration/targets/openssl_csr_pipe/tasks/main.yml @@ -6,11 +6,11 @@ - name: Prepare private key for backend autodetection test openssl_privatekey: - path: '{{ output_dir }}/privatekey_backend_selection.pem' + path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem' size: '{{ default_rsa_key_size }}' - name: Run module with backend autodetection openssl_csr_pipe: - privatekey_path: '{{ output_dir }}/privatekey_backend_selection.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem' subject: commonName: www.ansible.com @@ -24,12 +24,12 @@ - name: Remove output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: directory - block: diff --git a/tests/integration/targets/openssl_dhparam/meta/main.yml b/tests/integration/targets/openssl_dhparam/meta/main.yml index 800aff64..7f98a190 100644 --- a/tests/integration/targets/openssl_dhparam/meta/main.yml +++ b/tests/integration/targets/openssl_dhparam/meta/main.yml @@ -1,2 +1,3 @@ dependencies: - setup_openssl + - setup_remote_tmp_dir diff --git a/tests/integration/targets/openssl_dhparam/tasks/impl.yml b/tests/integration/targets/openssl_dhparam/tasks/impl.yml index fcc26df5..2afce951 100644 --- a/tests/integration/targets/openssl_dhparam/tasks/impl.yml +++ b/tests/integration/targets/openssl_dhparam/tasks/impl.yml @@ -4,7 +4,7 @@ - name: "[{{ select_crypto_backend }}] Generate parameter (check mode)" openssl_dhparam: size: 768 - path: '{{ output_dir }}/dh768.pem' + path: '{{ remote_tmp_dir }}/dh768.pem' select_crypto_backend: "{{ select_crypto_backend }}" return_content: yes check_mode: true @@ -13,7 +13,7 @@ - name: "[{{ select_crypto_backend }}] Generate parameter" openssl_dhparam: size: 768 - path: '{{ output_dir }}/dh768.pem' + path: '{{ remote_tmp_dir }}/dh768.pem' select_crypto_backend: "{{ select_crypto_backend }}" return_content: yes register: dhparam @@ -21,7 +21,7 @@ - name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change (check mode)" openssl_dhparam: size: 768 - path: '{{ output_dir }}/dh768.pem' + path: '{{ remote_tmp_dir }}/dh768.pem' select_crypto_backend: "{{ select_crypto_backend }}" return_content: yes check_mode: true @@ -30,39 +30,39 @@ - name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change" openssl_dhparam: size: 768 - path: '{{ output_dir }}/dh768.pem' + path: '{{ remote_tmp_dir }}/dh768.pem' select_crypto_backend: "{{ select_crypto_backend }}" return_content: yes register: dhparam_changed - name: "[{{ select_crypto_backend }}] Generate parameters with size option" openssl_dhparam: - path: '{{ output_dir }}/dh512.pem' + path: '{{ remote_tmp_dir }}/dh512.pem' size: 512 select_crypto_backend: "{{ select_crypto_backend }}" - name: "[{{ select_crypto_backend }}] Don't regenerate parameters with size option and no change" openssl_dhparam: - path: '{{ output_dir }}/dh512.pem' + path: '{{ remote_tmp_dir }}/dh512.pem' size: 512 select_crypto_backend: "{{ select_crypto_backend }}" register: dhparam_changed_512 - copy: - src: '{{ output_dir }}/dh768.pem' + src: '{{ remote_tmp_dir }}/dh768.pem' remote_src: yes - dest: '{{ output_dir }}/dh512.pem' + dest: '{{ remote_tmp_dir }}/dh512.pem' - name: "[{{ select_crypto_backend }}] Re-generate if size is different" openssl_dhparam: - path: '{{ output_dir }}/dh512.pem' + path: '{{ remote_tmp_dir }}/dh512.pem' size: 512 select_crypto_backend: "{{ select_crypto_backend }}" register: dhparam_changed_to_512 - name: "[{{ select_crypto_backend }}] Force re-generate parameters with size option" openssl_dhparam: - path: '{{ output_dir }}/dh512.pem' + path: '{{ remote_tmp_dir }}/dh512.pem' size: 512 force: yes select_crypto_backend: "{{ select_crypto_backend }}" @@ -70,11 +70,11 @@ - name: "[{{ select_crypto_backend }}] Create broken params" copy: - dest: "{{ output_dir }}/dhbroken.pem" + dest: "{{ remote_tmp_dir }}/dhbroken.pem" content: "broken" - name: "[{{ select_crypto_backend }}] Regenerate broken params" openssl_dhparam: - path: '{{ output_dir }}/dhbroken.pem' + path: '{{ remote_tmp_dir }}/dhbroken.pem' size: 512 force: yes select_crypto_backend: "{{ select_crypto_backend }}" @@ -82,21 +82,21 @@ - name: "[{{ select_crypto_backend }}] Generate params" openssl_dhparam: - path: '{{ output_dir }}/dh_backup.pem' + path: '{{ remote_tmp_dir }}/dh_backup.pem' size: 512 backup: yes select_crypto_backend: "{{ select_crypto_backend }}" register: dhparam_backup_1 - name: "[{{ select_crypto_backend }}] Generate params (idempotent)" openssl_dhparam: - path: '{{ output_dir }}/dh_backup.pem' + path: '{{ remote_tmp_dir }}/dh_backup.pem' size: 512 backup: yes select_crypto_backend: "{{ select_crypto_backend }}" register: dhparam_backup_2 - name: "[{{ select_crypto_backend }}] Generate params (change)" openssl_dhparam: - path: '{{ output_dir }}/dh_backup.pem' + path: '{{ remote_tmp_dir }}/dh_backup.pem' size: 512 force: yes backup: yes @@ -104,7 +104,7 @@ register: dhparam_backup_3 - name: "[{{ select_crypto_backend }}] Generate params (remove)" openssl_dhparam: - path: '{{ output_dir }}/dh_backup.pem' + path: '{{ remote_tmp_dir }}/dh_backup.pem' state: absent backup: yes select_crypto_backend: "{{ select_crypto_backend }}" @@ -112,7 +112,7 @@ register: dhparam_backup_4 - name: "[{{ select_crypto_backend }}] Generate params (remove, idempotent)" openssl_dhparam: - path: '{{ output_dir }}/dh_backup.pem' + path: '{{ remote_tmp_dir }}/dh_backup.pem' state: absent backup: yes select_crypto_backend: "{{ select_crypto_backend }}" diff --git a/tests/integration/targets/openssl_dhparam/tasks/main.yml b/tests/integration/targets/openssl_dhparam/tasks/main.yml index b0339dfa..f67f688d 100644 --- a/tests/integration/targets/openssl_dhparam/tasks/main.yml +++ b/tests/integration/targets/openssl_dhparam/tasks/main.yml @@ -9,7 +9,7 @@ - name: Run module with backend autodetection openssl_dhparam: - path: '{{ output_dir }}/dh_backend_selection.pem' + path: '{{ remote_tmp_dir }}/dh_backend_selection.pem' size: 512 - block: @@ -24,12 +24,12 @@ - name: Remove output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: directory - block: diff --git a/tests/integration/targets/openssl_dhparam/tests/validate.yml b/tests/integration/targets/openssl_dhparam/tests/validate.yml index 9e717614..7ed53f53 100644 --- a/tests/integration/targets/openssl_dhparam/tests/validate.yml +++ b/tests/integration/targets/openssl_dhparam/tests/validate.yml @@ -1,12 +1,12 @@ --- - name: "[{{ select_crypto_backend }}] Validate generated params" - shell: '{{ openssl_binary }} dhparam -in {{ output_dir }}/{{ item }}.pem -noout -check' + shell: '{{ openssl_binary }} dhparam -in {{ remote_tmp_dir }}/{{ item }}.pem -noout -check' with_items: - dh768 - dh512 - name: "[{{ select_crypto_backend }}] Get bit size of 768" - shell: '{{ openssl_binary }} dhparam -noout -in {{ output_dir }}/dh768.pem -text | head -n1 | sed -ne "s@.*(\\([[:digit:]]\{1,\}\\) bit).*@\\1@p"' + shell: '{{ openssl_binary }} dhparam -noout -in {{ remote_tmp_dir }}/dh768.pem -text | head -n1 | sed -ne "s@.*(\\([[:digit:]]\{1,\}\\) bit).*@\\1@p"' register: bit_size_dhparam - name: "[{{ select_crypto_backend }}] Check bit size of default" @@ -15,7 +15,7 @@ - bit_size_dhparam.stdout == "768" - name: "[{{ select_crypto_backend }}] Get bit size of 512" - shell: '{{ openssl_binary }} dhparam -noout -in {{ output_dir }}/dh512.pem -text | head -n1 | sed -ne "s@.*(\\([[:digit:]]\{1,\}\\) bit).*@\\1@p"' + shell: '{{ openssl_binary }} dhparam -noout -in {{ remote_tmp_dir }}/dh512.pem -text | head -n1 | sed -ne "s@.*(\\([[:digit:]]\{1,\}\\) bit).*@\\1@p"' register: bit_size_dhparam_512 - name: "[{{ select_crypto_backend }}] Check bit size of default" @@ -34,10 +34,15 @@ - dhparam_changed_to_512 is changed - dhparam_changed_force is changed +- name: "[{{ select_crypto_backend }}] Read result" + slurp: + src: '{{ remote_tmp_dir }}/dh768.pem' + register: slurp + - name: "[{{ select_crypto_backend }}] Make sure correct values are returned" assert: that: - - dhparam.dhparams == lookup('file', output_dir ~ '/dh768.pem', rstrip=False) + - dhparam.dhparams == (slurp.content | b64decode) - dhparam.dhparams == dhparam_changed.dhparams - name: "[{{ select_crypto_backend }}] Verify that broken params will be regenerated" diff --git a/tests/integration/targets/openssl_pkcs12/meta/main.yml b/tests/integration/targets/openssl_pkcs12/meta/main.yml index d1a318db..ff8af08d 100644 --- a/tests/integration/targets/openssl_pkcs12/meta/main.yml +++ b/tests/integration/targets/openssl_pkcs12/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - setup_openssl - setup_pyopenssl + - setup_remote_tmp_dir diff --git a/tests/integration/targets/openssl_pkcs12/tasks/impl.yml b/tests/integration/targets/openssl_pkcs12/tasks/impl.yml index eaeda763..ec4c2590 100644 --- a/tests/integration/targets/openssl_pkcs12/tasks/impl.yml +++ b/tests/integration/targets/openssl_pkcs12/tasks/impl.yml @@ -2,10 +2,10 @@ - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (check mode)" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible.p12' + path: '{{ remote_tmp_dir }}/ansible.p12' friendly_name: abracadabra - privatekey_path: '{{ output_dir }}/ansible_pkey1.pem' - certificate_path: '{{ output_dir }}/ansible1.crt' + privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' state: present return_content: true check_mode: true @@ -14,10 +14,10 @@ - name: "({{ select_crypto_backend }}) Generate PKCS#12 file" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible.p12' + path: '{{ remote_tmp_dir }}/ansible.p12' friendly_name: abracadabra - privatekey_path: '{{ output_dir }}/ansible_pkey1.pem' - certificate_path: '{{ output_dir }}/ansible1.crt' + privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' state: present return_content: true register: p12_standard @@ -25,10 +25,10 @@ - name: "({{ select_crypto_backend }}) Generate PKCS#12 file again, idempotency (check mode)" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible.p12' + path: '{{ remote_tmp_dir }}/ansible.p12' friendly_name: abracadabra - privatekey_path: '{{ output_dir }}/ansible_pkey1.pem' - certificate_path: '{{ output_dir }}/ansible1.crt' + privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' state: present return_content: true check_mode: true @@ -37,17 +37,17 @@ - name: "({{ select_crypto_backend }}) Generate PKCS#12 file again, idempotency" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible.p12' + path: '{{ remote_tmp_dir }}/ansible.p12' friendly_name: abracadabra - privatekey_path: '{{ output_dir }}/ansible_pkey1.pem' - certificate_path: '{{ output_dir }}/ansible1.crt' + privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' state: present return_content: true register: p12_standard_idempotency - name: "({{ select_crypto_backend }}) Read ansible.p12" slurp: - src: '{{ output_dir }}/ansible.p12' + src: '{{ remote_tmp_dir }}/ansible.p12' register: ansible_p12_content - name: "({{ select_crypto_backend }}) Validate PKCS#12" @@ -59,10 +59,10 @@ - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (force)" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible.p12' + path: '{{ remote_tmp_dir }}/ansible.p12' friendly_name: abracadabra - privatekey_path: '{{ output_dir }}/ansible_pkey1.pem' - certificate_path: '{{ output_dir }}/ansible1.crt' + privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' state: present force: true register: p12_force @@ -70,10 +70,10 @@ - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (force + change mode)" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible.p12' + path: '{{ remote_tmp_dir }}/ansible.p12' friendly_name: abracadabra - privatekey_path: '{{ output_dir }}/ansible_pkey1.pem' - certificate_path: '{{ output_dir }}/ansible1.crt' + privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' state: present force: true mode: '0644' @@ -82,8 +82,8 @@ - name: "({{ select_crypto_backend }}) Dump PKCS#12" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - src: '{{ output_dir }}/ansible.p12' - path: '{{ output_dir }}/ansible_parse.pem' + src: '{{ remote_tmp_dir }}/ansible.p12' + path: '{{ remote_tmp_dir }}/ansible_parse.pem' action: parse state: present register: p12_dumped @@ -91,8 +91,8 @@ - name: "({{ select_crypto_backend }}) Dump PKCS#12 file again, idempotency" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - src: '{{ output_dir }}/ansible.p12' - path: '{{ output_dir }}/ansible_parse.pem' + src: '{{ remote_tmp_dir }}/ansible.p12' + path: '{{ remote_tmp_dir }}/ansible_parse.pem' action: parse state: present register: p12_dumped_idempotency @@ -100,8 +100,8 @@ - name: "({{ select_crypto_backend }}) Dump PKCS#12, check mode" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - src: '{{ output_dir }}/ansible.p12' - path: '{{ output_dir }}/ansible_parse.pem' + src: '{{ remote_tmp_dir }}/ansible.p12' + path: '{{ remote_tmp_dir }}/ansible_parse.pem' action: parse state: present check_mode: true @@ -110,36 +110,36 @@ - name: "({{ select_crypto_backend }}) Generate PKCS#12 file with multiple certs and passphrase" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible_multi_certs.p12' + path: '{{ remote_tmp_dir }}/ansible_multi_certs.p12' friendly_name: abracadabra passphrase: hunter3 - privatekey_path: '{{ output_dir }}/ansible_pkey1.pem' - certificate_path: '{{ output_dir }}/ansible1.crt' + privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' other_certificates: - - '{{ output_dir }}/ansible2.crt' - - '{{ output_dir }}/ansible3.crt' + - '{{ remote_tmp_dir }}/ansible2.crt' + - '{{ remote_tmp_dir }}/ansible3.crt' state: present register: p12_multiple_certs - name: "({{ select_crypto_backend }}) Generate PKCS#12 file with multiple certs and passphrase, again (idempotency)" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible_multi_certs.p12' + path: '{{ remote_tmp_dir }}/ansible_multi_certs.p12' friendly_name: abracadabra passphrase: hunter3 - privatekey_path: '{{ output_dir }}/ansible_pkey1.pem' - certificate_path: '{{ output_dir }}/ansible1.crt' + privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' other_certificates: - - '{{ output_dir }}/ansible2.crt' - - '{{ output_dir }}/ansible3.crt' + - '{{ remote_tmp_dir }}/ansible2.crt' + - '{{ remote_tmp_dir }}/ansible3.crt' state: present register: p12_multiple_certs_idempotency - name: "({{ select_crypto_backend }}) Dump PKCS#12 with multiple certs and passphrase" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - src: '{{ output_dir }}/ansible_multi_certs.p12' - path: '{{ output_dir }}/ansible_parse_multi_certs.pem' + src: '{{ remote_tmp_dir }}/ansible_multi_certs.p12' + path: '{{ remote_tmp_dir }}/ansible_parse_multi_certs.pem' passphrase: hunter3 action: parse state: present @@ -147,11 +147,11 @@ - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (password fail 1)" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible_pw1.p12' + path: '{{ remote_tmp_dir }}/ansible_pw1.p12' friendly_name: abracadabra - privatekey_path: '{{ output_dir }}/ansible_pkey1.pem' + privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem' privatekey_passphrase: hunter2 - certificate_path: '{{ output_dir }}/ansible1.crt' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' state: present ignore_errors: true register: passphrase_error_1 @@ -159,11 +159,11 @@ - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (password fail 2)" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible_pw2.p12' + path: '{{ remote_tmp_dir }}/ansible_pw2.p12' friendly_name: abracadabra - privatekey_path: '{{ output_dir }}/privatekeypw.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: wrong_password - certificate_path: '{{ output_dir }}/ansible1.crt' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' state: present ignore_errors: true register: passphrase_error_2 @@ -171,10 +171,10 @@ - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (password fail 3)" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible_pw3.p12' + path: '{{ remote_tmp_dir }}/ansible_pw3.p12' friendly_name: abracadabra - privatekey_path: '{{ output_dir }}/privatekeypw.pem' - certificate_path: '{{ output_dir }}/ansible1.crt' + privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' state: present ignore_errors: true register: passphrase_error_3 @@ -182,24 +182,24 @@ - name: "({{ select_crypto_backend }}) Generate PKCS#12 file, no privatekey" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible_no_pkey.p12' + path: '{{ remote_tmp_dir }}/ansible_no_pkey.p12' friendly_name: abracadabra - certificate_path: '{{ output_dir }}/ansible1.crt' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' state: present register: p12_no_pkey - name: "({{ select_crypto_backend }}) Create broken PKCS#12" copy: - dest: '{{ output_dir }}/broken.p12' + dest: '{{ remote_tmp_dir }}/broken.p12' content: broken - name: "({{ select_crypto_backend }}) Regenerate broken PKCS#12" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/broken.p12' + path: '{{ remote_tmp_dir }}/broken.p12' friendly_name: abracadabra - privatekey_path: '{{ output_dir }}/ansible_pkey1.pem' - certificate_path: '{{ output_dir }}/ansible1.crt' + privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' state: present force: true mode: '0644' @@ -208,10 +208,10 @@ - name: "({{ select_crypto_backend }}) Generate PKCS#12 file" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible_backup.p12' + path: '{{ remote_tmp_dir }}/ansible_backup.p12' friendly_name: abracadabra - privatekey_path: '{{ output_dir }}/ansible_pkey1.pem' - certificate_path: '{{ output_dir }}/ansible1.crt' + privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' state: present backup: true register: p12_backup_1 @@ -219,10 +219,10 @@ - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (idempotent)" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible_backup.p12' + path: '{{ remote_tmp_dir }}/ansible_backup.p12' friendly_name: abracadabra - privatekey_path: '{{ output_dir }}/ansible_pkey1.pem' - certificate_path: '{{ output_dir }}/ansible1.crt' + privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' state: present backup: true register: p12_backup_2 @@ -230,10 +230,10 @@ - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (change)" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible_backup.p12' + path: '{{ remote_tmp_dir }}/ansible_backup.p12' friendly_name: abra - privatekey_path: '{{ output_dir }}/ansible_pkey1.pem' - certificate_path: '{{ output_dir }}/ansible1.crt' + privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' state: present force: true backup: true @@ -242,7 +242,7 @@ - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (remove)" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible_backup.p12' + path: '{{ remote_tmp_dir }}/ansible_backup.p12' state: absent backup: true return_content: true @@ -251,7 +251,7 @@ - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (remove, idempotent)" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible_backup.p12' + path: '{{ remote_tmp_dir }}/ansible_backup.p12' state: absent backup: true register: p12_backup_5 @@ -259,11 +259,11 @@ - name: "({{ select_crypto_backend }}) Generate 'empty' PKCS#12 file" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible_empty.p12' + path: '{{ remote_tmp_dir }}/ansible_empty.p12' friendly_name: abracadabra other_certificates: - - '{{ output_dir }}/ansible2.crt' - - '{{ output_dir }}/ansible3.crt' + - '{{ remote_tmp_dir }}/ansible2.crt' + - '{{ remote_tmp_dir }}/ansible3.crt' state: present register: p12_empty @@ -271,21 +271,21 @@ - name: "({{ select_crypto_backend }}) Generate 'empty' PKCS#12 file (idempotent)" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible_empty.p12' + path: '{{ remote_tmp_dir }}/ansible_empty.p12' friendly_name: abracadabra other_certificates: - - '{{ output_dir }}/ansible3.crt' - - '{{ output_dir }}/ansible2.crt' + - '{{ remote_tmp_dir }}/ansible3.crt' + - '{{ remote_tmp_dir }}/ansible2.crt' state: present register: p12_empty_idem - name: "({{ select_crypto_backend }}) Generate 'empty' PKCS#12 file (idempotent, concatenated other certificates)" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - path: '{{ output_dir }}/ansible_empty.p12' + path: '{{ remote_tmp_dir }}/ansible_empty.p12' friendly_name: abracadabra other_certificates: - - '{{ output_dir }}/ansible23.crt' + - '{{ remote_tmp_dir }}/ansible23.crt' other_certificates_parse_all: true state: present register: p12_empty_concat_idem @@ -293,8 +293,8 @@ - name: "({{ select_crypto_backend }}) Generate 'empty' PKCS#12 file (parse)" openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' - src: '{{ output_dir }}/ansible_empty.p12' - path: '{{ output_dir }}/ansible_empty.pem' + src: '{{ remote_tmp_dir }}/ansible_empty.p12' + path: '{{ remote_tmp_dir }}/ansible_empty.pem' action: parse - import_tasks: ../tests/validate.yml @@ -303,7 +303,7 @@ - name: "({{ select_crypto_backend }}) Delete PKCS#12 file" openssl_pkcs12: state: absent - path: '{{ output_dir }}/{{ item }}.p12' + path: '{{ remote_tmp_dir }}/{{ item }}.p12' loop: - ansible - ansible_no_pkey diff --git a/tests/integration/targets/openssl_pkcs12/tasks/main.yml b/tests/integration/targets/openssl_pkcs12/tasks/main.yml index 8ae05042..b9878c37 100644 --- a/tests/integration/targets/openssl_pkcs12/tasks/main.yml +++ b/tests/integration/targets/openssl_pkcs12/tasks/main.yml @@ -7,50 +7,56 @@ - block: - name: Generate private keys openssl_privatekey: - path: '{{ output_dir }}/ansible_pkey{{ item }}.pem' + path: '{{ remote_tmp_dir }}/ansible_pkey{{ item }}.pem' size: '{{ default_rsa_key_size_certifiates }}' loop: "{{ range(1, 4) | list }}" - name: Generate privatekey with password openssl_privatekey: - path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: auto size: '{{ default_rsa_key_size }}' - name: Generate CSRs openssl_csr: - path: '{{ output_dir }}/ansible{{ item }}.csr' - privatekey_path: '{{ output_dir }}/ansible_pkey{{ item }}.pem' + path: '{{ remote_tmp_dir }}/ansible{{ item }}.csr' + privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey{{ item }}.pem' commonName: www{{ item }}.ansible.com loop: "{{ range(1, 4) | list }}" - name: Generate certificate x509_certificate: - path: '{{ output_dir }}/ansible{{ item }}.crt' - privatekey_path: '{{ output_dir }}/ansible_pkey{{ item }}.pem' - csr_path: '{{ output_dir }}/ansible{{ item }}.csr' + path: '{{ remote_tmp_dir }}/ansible{{ item }}.crt' + privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey{{ item }}.pem' + csr_path: '{{ remote_tmp_dir }}/ansible{{ item }}.csr' provider: selfsigned loop: "{{ range(1, 4) | list }}" + - name: Read files + slurp: + src: '{{ item }}' + loop: + - "{{ remote_tmp_dir ~ '/ansible2.crt' }}" + - "{{ remote_tmp_dir ~ '/ansible3.crt' }}" + register: slurp + - name: Generate concatenated PEM file copy: - dest: '{{ output_dir }}/ansible23.crt' - content: | - {{ lookup("file", output_dir ~ "/ansible2.crt") }} - {{ lookup("file", output_dir ~ "/ansible3.crt") }} + dest: '{{ remote_tmp_dir }}/ansible23.crt' + content: '{{ slurp.results[0].content | b64decode }}{{ slurp.results[1].content | b64decode }}' - name: Generate PKCS#12 file with backend autodetection openssl_pkcs12: - path: '{{ output_dir }}/ansible.p12' + path: '{{ remote_tmp_dir }}/ansible.p12' friendly_name: abracadabra - privatekey_path: '{{ output_dir }}/ansible_pkey1.pem' - certificate_path: '{{ output_dir }}/ansible1.crt' + privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem' + certificate_path: '{{ remote_tmp_dir }}/ansible1.crt' state: present - name: Delete result file: - path: '{{ output_dir }}/ansible.p12' + path: '{{ remote_tmp_dir }}/ansible.p12' state: absent - block: diff --git a/tests/integration/targets/openssl_pkcs12/tests/validate.yml b/tests/integration/targets/openssl_pkcs12/tests/validate.yml index d6d7a83b..740070e3 100644 --- a/tests/integration/targets/openssl_pkcs12/tests/validate.yml +++ b/tests/integration/targets/openssl_pkcs12/tests/validate.yml @@ -1,14 +1,14 @@ --- - name: '({{ select_crypto_backend }}) Validate PKCS#12' - command: "{{ openssl_binary }} pkcs12 -info -in {{ output_dir }}/ansible.p12 -nodes -passin pass:''" + command: "{{ openssl_binary }} pkcs12 -info -in {{ remote_tmp_dir }}/ansible.p12 -nodes -passin pass:''" register: p12 - name: '({{ select_crypto_backend }}) Validate PKCS#12 with no private key' - command: "{{ openssl_binary }} pkcs12 -info -in {{ output_dir }}/ansible_no_pkey.p12 -nodes -passin pass:''" + command: "{{ openssl_binary }} pkcs12 -info -in {{ remote_tmp_dir }}/ansible_no_pkey.p12 -nodes -passin pass:''" register: p12_validate_no_pkey - name: '({{ select_crypto_backend }}) Validate PKCS#12 with multiple certs' - shell: "{{ openssl_binary }} pkcs12 -info -in {{ output_dir }}/ansible_multi_certs.p12 -nodes -passin pass:'hunter3' | grep subject" + shell: "{{ openssl_binary }} pkcs12 -info -in {{ remote_tmp_dir }}/ansible_multi_certs.p12 -nodes -passin pass:'hunter3' | grep subject" register: p12_validate_multi_certs - name: '({{ select_crypto_backend }}) Validate PKCS#12 (assert)' @@ -62,11 +62,20 @@ - p12_backup_5.backup_file is undefined - p12_backup_4.pkcs12 is none +- name: '({{ select_crypto_backend }}) Read files' + slurp: + src: '{{ item }}' + loop: + - "{{ remote_tmp_dir ~ '/ansible_empty.pem' }}" + - "{{ remote_tmp_dir ~ '/ansible2.crt' }}" + - "{{ remote_tmp_dir ~ '/ansible3.crt' }}" + register: slurp + - name: '({{ select_crypto_backend }}) Load "empty" file' set_fact: - empty_contents: "{{ lookup('file', output_dir ~ '/ansible_empty.pem') }}" - empty_expected_pyopenssl: "{{ lookup('file', output_dir ~ '/ansible3.crt') ~ '\n' ~ lookup('file', output_dir ~ '/ansible2.crt') }}" - empty_expected_cryptography: "{{ lookup('file', output_dir ~ '/ansible2.crt') ~ '\n' ~ lookup('file', output_dir ~ '/ansible3.crt') }}" + empty_contents: "{{ slurp.results[0].content | b64decode }}" + empty_expected_pyopenssl: "{{ (slurp.results[2].content | b64decode) ~ (slurp.results[1].content | b64decode) }}" + empty_expected_cryptography: "{{ (slurp.results[1].content | b64decode) ~ (slurp.results[2].content | b64decode) }}" - name: '({{ select_crypto_backend }}) Check "empty" file' assert: diff --git a/tests/integration/targets/openssl_privatekey/meta/main.yml b/tests/integration/targets/openssl_privatekey/meta/main.yml index d1a318db..ff8af08d 100644 --- a/tests/integration/targets/openssl_privatekey/meta/main.yml +++ b/tests/integration/targets/openssl_privatekey/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - setup_openssl - setup_pyopenssl + - setup_remote_tmp_dir diff --git a/tests/integration/targets/openssl_privatekey/tasks/impl.yml b/tests/integration/targets/openssl_privatekey/tasks/impl.yml index 8608935b..e55322e0 100644 --- a/tests/integration/targets/openssl_privatekey/tasks/impl.yml +++ b/tests/integration/targets/openssl_privatekey/tasks/impl.yml @@ -1,7 +1,7 @@ --- - name: "({{ select_crypto_backend }}) Generate privatekey1 - standard (check mode)" openssl_privatekey: - path: '{{ output_dir }}/privatekey1.pem' + path: '{{ remote_tmp_dir }}/privatekey1.pem' select_crypto_backend: '{{ select_crypto_backend }}' return_content: yes check_mode: true @@ -9,14 +9,14 @@ - name: "({{ select_crypto_backend }}) Generate privatekey1 - standard" openssl_privatekey: - path: '{{ output_dir }}/privatekey1.pem' + path: '{{ remote_tmp_dir }}/privatekey1.pem' select_crypto_backend: '{{ select_crypto_backend }}' return_content: yes register: privatekey1 - name: "({{ select_crypto_backend }}) Generate privatekey1 - standard (idempotence, check mode)" openssl_privatekey: - path: '{{ output_dir }}/privatekey1.pem' + path: '{{ remote_tmp_dir }}/privatekey1.pem' select_crypto_backend: '{{ select_crypto_backend }}' return_content: yes check_mode: true @@ -24,34 +24,34 @@ - name: "({{ select_crypto_backend }}) Generate privatekey1 - standard (idempotence)" openssl_privatekey: - path: '{{ output_dir }}/privatekey1.pem' + path: '{{ remote_tmp_dir }}/privatekey1.pem' select_crypto_backend: '{{ select_crypto_backend }}' return_content: yes register: privatekey1_idempotence - name: "({{ select_crypto_backend }}) Generate privatekey2 - size 2048" openssl_privatekey: - path: '{{ output_dir }}/privatekey2.pem' + path: '{{ remote_tmp_dir }}/privatekey2.pem' size: 2048 select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate privatekey3 - type DSA" openssl_privatekey: - path: '{{ output_dir }}/privatekey3.pem' + path: '{{ remote_tmp_dir }}/privatekey3.pem' type: DSA size: 3072 select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate privatekey4 - standard" openssl_privatekey: - path: '{{ output_dir }}/privatekey4.pem' + path: '{{ remote_tmp_dir }}/privatekey4.pem' size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Delete privatekey4 - standard" openssl_privatekey: state: absent - path: '{{ output_dir }}/privatekey4.pem' + path: '{{ remote_tmp_dir }}/privatekey4.pem' select_crypto_backend: '{{ select_crypto_backend }}' return_content: yes register: privatekey4_delete @@ -59,13 +59,13 @@ - name: "({{ select_crypto_backend }}) Delete privatekey4 - standard (idempotence)" openssl_privatekey: state: absent - path: '{{ output_dir }}/privatekey4.pem' + path: '{{ remote_tmp_dir }}/privatekey4.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey4_delete_idempotence - name: "({{ select_crypto_backend }}) Generate privatekey5 - standard - with passphrase" openssl_privatekey: - path: '{{ output_dir }}/privatekey5.pem' + path: '{{ remote_tmp_dir }}/privatekey5.pem' passphrase: ansible cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" size: '{{ default_rsa_key_size }}' @@ -73,7 +73,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey5 - standard - idempotence" openssl_privatekey: - path: '{{ output_dir }}/privatekey5.pem' + path: '{{ remote_tmp_dir }}/privatekey5.pem' passphrase: ansible cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" size: '{{ default_rsa_key_size }}' @@ -82,7 +82,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey6 - standard - with non-ASCII passphrase" openssl_privatekey: - path: '{{ output_dir }}/privatekey6.pem' + path: '{{ remote_tmp_dir }}/privatekey6.pem' passphrase: ànsïblé cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" size: '{{ default_rsa_key_size }}' @@ -154,7 +154,7 @@ - name: "({{ select_crypto_backend }}) Test ECC key generation" openssl_privatekey: - path: '{{ output_dir }}/privatekey-{{ item.curve }}.pem' + path: '{{ remote_tmp_dir }}/privatekey-{{ item.curve }}.pem' type: ECC curve: "{{ item.curve }}" select_crypto_backend: '{{ select_crypto_backend }}' @@ -168,7 +168,7 @@ - name: "({{ select_crypto_backend }}) Test ECC key generation (idempotency)" openssl_privatekey: - path: '{{ output_dir }}/privatekey-{{ item.curve }}.pem' + path: '{{ remote_tmp_dir }}/privatekey-{{ item.curve }}.pem' type: ECC curve: "{{ item.curve }}" select_crypto_backend: '{{ select_crypto_backend }}' @@ -183,7 +183,7 @@ - block: - name: "({{ select_crypto_backend }}) Test other type generation" openssl_privatekey: - path: '{{ output_dir }}/privatekey-{{ item.type }}.pem' + path: '{{ remote_tmp_dir }}/privatekey-{{ item.type }}.pem' type: "{{ item.type }}" select_crypto_backend: '{{ select_crypto_backend }}' when: cryptography_version.stdout is version(item.min_version, '>=') @@ -195,7 +195,7 @@ - name: "({{ select_crypto_backend }}) Test other type generation (idempotency)" openssl_privatekey: - path: '{{ output_dir }}/privatekey-{{ item.type }}.pem' + path: '{{ remote_tmp_dir }}/privatekey-{{ item.type }}.pem' type: "{{ item.type }}" select_crypto_backend: '{{ select_crypto_backend }}' when: cryptography_version.stdout is version(item.min_version, '>=') @@ -219,7 +219,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey with passphrase" openssl_privatekey: - path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" size: '{{ default_rsa_key_size }}' @@ -229,7 +229,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey with passphrase (idempotent)" openssl_privatekey: - path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" size: '{{ default_rsa_key_size }}' @@ -239,7 +239,7 @@ - name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase" openssl_privatekey: - path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/privatekeypw.pem' size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' backup: yes @@ -247,7 +247,7 @@ - name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase (idempotent)" openssl_privatekey: - path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/privatekeypw.pem' size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' backup: yes @@ -255,7 +255,7 @@ - name: "({{ select_crypto_backend }}) Regenerate privatekey with passphrase" openssl_privatekey: - path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" size: '{{ default_rsa_key_size }}' @@ -265,18 +265,18 @@ - name: "({{ select_crypto_backend }}) Create broken key" copy: - dest: "{{ output_dir }}/broken" + dest: "{{ remote_tmp_dir }}/broken" content: "broken" - name: "({{ select_crypto_backend }}) Regenerate broken key" openssl_privatekey: - path: '{{ output_dir }}/broken.pem' + path: '{{ remote_tmp_dir }}/broken.pem' size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: output_broken - name: "({{ select_crypto_backend }}) Remove module" openssl_privatekey: - path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" size: '{{ default_rsa_key_size }}' @@ -287,7 +287,7 @@ - name: "({{ select_crypto_backend }}) Remove module (idempotent)" openssl_privatekey: - path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}" size: '{{ default_rsa_key_size }}' @@ -298,19 +298,19 @@ - name: "({{ select_crypto_backend }}) Generate privatekey_mode (mode 0400)" openssl_privatekey: - path: '{{ output_dir }}/privatekey_mode.pem' + path: '{{ remote_tmp_dir }}/privatekey_mode.pem' mode: '0400' size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_mode_1 - name: "({{ select_crypto_backend }}) Stat for privatekey_mode" stat: - path: '{{ output_dir }}/privatekey_mode.pem' + path: '{{ remote_tmp_dir }}/privatekey_mode.pem' register: privatekey_mode_1_stat - name: "({{ select_crypto_backend }}) Generate privatekey_mode (mode 0400, idempotency)" openssl_privatekey: - path: '{{ output_dir }}/privatekey_mode.pem' + path: '{{ remote_tmp_dir }}/privatekey_mode.pem' mode: '0400' size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' @@ -325,7 +325,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey_mode (mode 0400, force)" openssl_privatekey: - path: '{{ output_dir }}/privatekey_mode.pem' + path: '{{ remote_tmp_dir }}/privatekey_mode.pem' mode: '0400' force: yes size: '{{ default_rsa_key_size }}' @@ -333,13 +333,13 @@ register: privatekey_mode_3 - name: "({{ select_crypto_backend }}) Stat for privatekey_mode" stat: - path: '{{ output_dir }}/privatekey_mode.pem' + path: '{{ remote_tmp_dir }}/privatekey_mode.pem' register: privatekey_mode_3_stat - block: - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - auto format" openssl_privatekey: - path: '{{ output_dir }}/privatekey_fmt_1.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: auto size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' @@ -347,7 +347,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - auto format (idempotent)" openssl_privatekey: - path: '{{ output_dir }}/privatekey_fmt_1.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: auto size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' @@ -355,7 +355,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS1 format" openssl_privatekey: - path: '{{ output_dir }}/privatekey_fmt_1.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: pkcs1 size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' @@ -363,7 +363,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format" openssl_privatekey: - path: '{{ output_dir }}/privatekey_fmt_1.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: pkcs8 size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' @@ -371,7 +371,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (idempotent)" openssl_privatekey: - path: '{{ output_dir }}/privatekey_fmt_1.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: pkcs8 size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' @@ -379,7 +379,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - auto format (ignore)" openssl_privatekey: - path: '{{ output_dir }}/privatekey_fmt_1.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: auto_ignore size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' @@ -387,7 +387,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - auto format (no ignore)" openssl_privatekey: - path: '{{ output_dir }}/privatekey_fmt_1.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: auto size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' @@ -395,7 +395,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - raw format (fail)" openssl_privatekey: - path: '{{ output_dir }}/privatekey_fmt_1.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: raw size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' @@ -404,13 +404,13 @@ - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)" openssl_privatekey_info: - path: '{{ output_dir }}/privatekey_fmt_1.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_9_before - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)" openssl_privatekey: - path: '{{ output_dir }}/privatekey_fmt_1.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: pkcs8 format_mismatch: convert size: '{{ default_rsa_key_size }}' @@ -419,7 +419,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)" openssl_privatekey_info: - path: '{{ output_dir }}/privatekey_fmt_1.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_9_after @@ -428,7 +428,7 @@ - block: - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - PKCS8 format" openssl_privatekey: - path: '{{ output_dir }}/privatekey_fmt_2.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_2.pem' type: X448 format: pkcs8 select_crypto_backend: '{{ select_crypto_backend }}' @@ -437,7 +437,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - PKCS8 format (idempotent)" openssl_privatekey: - path: '{{ output_dir }}/privatekey_fmt_2.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_2.pem' type: X448 format: pkcs8 select_crypto_backend: '{{ select_crypto_backend }}' @@ -446,7 +446,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - raw format" openssl_privatekey: - path: '{{ output_dir }}/privatekey_fmt_2.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_2.pem' type: X448 format: raw select_crypto_backend: '{{ select_crypto_backend }}' @@ -456,7 +456,7 @@ - name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem" slurp: - src: "{{ output_dir }}/privatekey_fmt_2.pem" + src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem" ignore_errors: yes register: content @@ -468,7 +468,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - raw format (idempotent)" openssl_privatekey: - path: '{{ output_dir }}/privatekey_fmt_2.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_2.pem' type: X448 format: raw select_crypto_backend: '{{ select_crypto_backend }}' @@ -478,7 +478,7 @@ - name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem" slurp: - src: "{{ output_dir }}/privatekey_fmt_2.pem" + src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem" ignore_errors: yes register: content @@ -490,7 +490,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - auto format (ignore)" openssl_privatekey: - path: '{{ output_dir }}/privatekey_fmt_2.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_2.pem' type: X448 format: auto_ignore select_crypto_backend: '{{ select_crypto_backend }}' @@ -500,7 +500,7 @@ - name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem" slurp: - src: "{{ output_dir }}/privatekey_fmt_2.pem" + src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem" ignore_errors: yes register: content @@ -512,7 +512,7 @@ - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - auto format (no ignore)" openssl_privatekey: - path: '{{ output_dir }}/privatekey_fmt_2.pem' + path: '{{ remote_tmp_dir }}/privatekey_fmt_2.pem' type: X448 format: auto select_crypto_backend: '{{ select_crypto_backend }}' @@ -520,10 +520,16 @@ ignore_errors: yes register: privatekey_fmt_2_step_6 + - name: "({{ select_crypto_backend }}) Read private key" + slurp: + src: '{{ remote_tmp_dir }}/privatekey_fmt_2.pem' + register: slurp + when: privatekey_fmt_2_step_1 is not failed + - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is not base64 encoded" assert: that: - - privatekey_fmt_2_step_6.privatekey == lookup('file', output_dir ~ '/privatekey_fmt_2.pem', rstrip=False) + - privatekey_fmt_2_step_6.privatekey == (slurp.content | b64decode) when: privatekey_fmt_2_step_1 is not failed when: 'select_crypto_backend == "cryptography" and cryptography_version.stdout is version("2.6", ">=")' @@ -534,14 +540,14 @@ - name: "({{ select_crypto_backend }}) Regenerate - setup simple keys" openssl_privatekey: - path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" - name: "({{ select_crypto_backend }}) Regenerate - setup password protected keys" openssl_privatekey: - path: '{{ output_dir }}/regenerate-b-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size }}' passphrase: hunter2 @@ -550,14 +556,14 @@ loop: "{{ regenerate_values }}" - name: "({{ select_crypto_backend }}) Regenerate - setup broken keys" copy: - dest: '{{ output_dir }}/regenerate-c-{{ item }}.pem' + dest: '{{ remote_tmp_dir }}/regenerate-c-{{ item }}.pem' content: 'broken key' mode: '0700' loop: "{{ regenerate_values }}" - name: "({{ select_crypto_backend }}) Regenerate - modify broken keys (check mode)" openssl_privatekey: - path: '{{ output_dir }}/regenerate-c-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/regenerate-c-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' @@ -579,7 +585,7 @@ - name: "({{ select_crypto_backend }}) Regenerate - modify broken keys" openssl_privatekey: - path: '{{ output_dir }}/regenerate-c-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/regenerate-c-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' @@ -600,7 +606,7 @@ - name: "({{ select_crypto_backend }}) Regenerate - modify password protected keys (check mode)" openssl_privatekey: - path: '{{ output_dir }}/regenerate-b-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' @@ -622,7 +628,7 @@ - name: "({{ select_crypto_backend }}) Regenerate - modify password protected keys" openssl_privatekey: - path: '{{ output_dir }}/regenerate-b-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' @@ -643,7 +649,7 @@ - name: "({{ select_crypto_backend }}) Regenerate - not modify regular keys (check mode)" openssl_privatekey: - path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' @@ -661,7 +667,7 @@ - name: "({{ select_crypto_backend }}) Regenerate - not modify regular keys" openssl_privatekey: - path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' @@ -678,7 +684,7 @@ - name: "({{ select_crypto_backend }}) Regenerate - adjust key size (check mode)" openssl_privatekey: - path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size + 20 }}' regenerate: '{{ item }}' @@ -698,7 +704,7 @@ - name: "({{ select_crypto_backend }}) Regenerate - adjust key size" openssl_privatekey: - path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size + 20 }}' regenerate: '{{ item }}' @@ -717,15 +723,15 @@ - name: "({{ select_crypto_backend }}) Regenerate - redistribute keys" copy: - src: '{{ output_dir }}/regenerate-a-always.pem' - dest: '{{ output_dir }}/regenerate-a-{{ item }}.pem' + src: '{{ remote_tmp_dir }}/regenerate-a-always.pem' + dest: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' remote_src: true loop: "{{ regenerate_values }}" when: "item != 'always'" - name: "({{ select_crypto_backend }}) Regenerate - adjust key type (check mode)" openssl_privatekey: - path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: DSA size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' @@ -745,7 +751,7 @@ - name: "({{ select_crypto_backend }}) Regenerate - adjust key type" openssl_privatekey: - path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: DSA size: '{{ default_rsa_key_size }}' regenerate: '{{ item }}' @@ -765,15 +771,15 @@ - block: - name: "({{ select_crypto_backend }}) Regenerate - redistribute keys" copy: - src: '{{ output_dir }}/regenerate-a-always.pem' - dest: '{{ output_dir }}/regenerate-a-{{ item }}.pem' + src: '{{ remote_tmp_dir }}/regenerate-a-always.pem' + dest: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' remote_src: true loop: "{{ regenerate_values }}" when: "item != 'always'" - name: "({{ select_crypto_backend }}) Regenerate - format mismatch (check mode)" openssl_privatekey: - path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: DSA size: '{{ default_rsa_key_size }}' format: pkcs8 @@ -794,7 +800,7 @@ - name: "({{ select_crypto_backend }}) Regenerate - format mismatch" openssl_privatekey: - path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: DSA size: '{{ default_rsa_key_size }}' format: pkcs8 @@ -814,15 +820,15 @@ - name: "({{ select_crypto_backend }}) Regenerate - redistribute keys" copy: - src: '{{ output_dir }}/regenerate-a-always.pem' - dest: '{{ output_dir }}/regenerate-a-{{ item }}.pem' + src: '{{ remote_tmp_dir }}/regenerate-a-always.pem' + dest: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' remote_src: true loop: "{{ regenerate_values }}" when: "item != 'always'" - name: "({{ select_crypto_backend }}) Regenerate - convert format (check mode)" openssl_privatekey: - path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: DSA size: '{{ default_rsa_key_size }}' format: pkcs1 @@ -842,7 +848,7 @@ - name: "({{ select_crypto_backend }}) Regenerate - convert format" openssl_privatekey: - path: '{{ output_dir }}/regenerate-a-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: DSA size: '{{ default_rsa_key_size }}' format: pkcs1 diff --git a/tests/integration/targets/openssl_privatekey/tasks/main.yml b/tests/integration/targets/openssl_privatekey/tasks/main.yml index 057a7b9a..1a4350ff 100644 --- a/tests/integration/targets/openssl_privatekey/tasks/main.yml +++ b/tests/integration/targets/openssl_privatekey/tasks/main.yml @@ -33,7 +33,7 @@ - name: Run module with backend autodetection openssl_privatekey: - path: '{{ output_dir }}/privatekey_backend_selection.pem' + path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem' size: '{{ default_rsa_key_size }}' - block: @@ -51,12 +51,12 @@ - name: Remove output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: directory - block: @@ -75,7 +75,7 @@ block: - name: "Fingerprint comparison: pyOpenSSL" openssl_privatekey: - path: '{{ output_dir }}/fingerprint-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/fingerprint-{{ item }}.pem' type: "{{ item }}" size: '{{ default_rsa_key_size }}' select_crypto_backend: pyopenssl @@ -86,7 +86,7 @@ - name: "Fingerprint comparison: cryptography" openssl_privatekey: - path: '{{ output_dir }}/fingerprint-{{ item }}.pem' + path: '{{ remote_tmp_dir }}/fingerprint-{{ item }}.pem' type: "{{ item }}" size: '{{ default_rsa_key_size }}' select_crypto_backend: cryptography diff --git a/tests/integration/targets/openssl_privatekey/tests/validate.yml b/tests/integration/targets/openssl_privatekey/tests/validate.yml index bac06554..7cbb2d2d 100644 --- a/tests/integration/targets/openssl_privatekey/tests/validate.yml +++ b/tests/integration/targets/openssl_privatekey/tests/validate.yml @@ -2,6 +2,11 @@ - set_fact: system_potentially_has_no_algorithm_support: "{{ ansible_os_family == 'FreeBSD' }}" +- name: "({{ select_crypto_backend }}) Read private key" + slurp: + src: '{{ remote_tmp_dir }}/privatekey1.pem' + register: slurp + - name: "({{ select_crypto_backend }}) Validate privatekey1 idempotency and content returned" assert: that: @@ -9,12 +14,12 @@ - privatekey1 is changed - privatekey1_idempotence_check is not changed - privatekey1_idempotence is not changed - - privatekey1.privatekey == lookup('file', output_dir ~ '/privatekey1.pem', rstrip=False) + - privatekey1.privatekey == (slurp.content | b64decode) - privatekey1.privatekey == privatekey1_idempotence.privatekey - name: "({{ select_crypto_backend }}) Validate privatekey1 (test - RSA key with size 4096 bits)" - shell: "{{ openssl_binary }} rsa -noout -text -in {{ output_dir }}/privatekey1.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" + shell: "{{ openssl_binary }} rsa -noout -text -in {{ remote_tmp_dir }}/privatekey1.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" register: privatekey1 - name: "({{ select_crypto_backend }}) Validate privatekey1 (assert - RSA key with size 4096 bits)" @@ -24,7 +29,7 @@ - name: "({{ select_crypto_backend }}) Validate privatekey2 (test - RSA key with size 2048 bits)" - shell: "{{ openssl_binary }} rsa -noout -text -in {{ output_dir }}/privatekey2.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" + shell: "{{ openssl_binary }} rsa -noout -text -in {{ remote_tmp_dir }}/privatekey2.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" register: privatekey2 - name: "({{ select_crypto_backend }}) Validate privatekey2 (assert - RSA key with size 2048 bits)" @@ -34,7 +39,7 @@ - name: "({{ select_crypto_backend }}) Validate privatekey3 (test - DSA key with size 3072 bits)" - shell: "{{ openssl_binary }} dsa -noout -text -in {{ output_dir }}/privatekey3.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" + shell: "{{ openssl_binary }} dsa -noout -text -in {{ remote_tmp_dir }}/privatekey3.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" register: privatekey3 - name: Validate privatekey3 (assert - DSA key with size 3072 bits) @@ -45,7 +50,7 @@ - name: "({{ select_crypto_backend }}) Validate privatekey4 (test - Ensure key has been removed)" stat: - path: '{{ output_dir }}/privatekey4.pem' + path: '{{ remote_tmp_dir }}/privatekey4.pem' register: privatekey4 - name: "({{ select_crypto_backend }}) Validate privatekey4 (assert - Ensure key has been removed)" @@ -62,7 +67,7 @@ - name: "({{ select_crypto_backend }}) Validate privatekey5 (test - Passphrase protected key + idempotence)" - shell: "{{ openssl_binary }} rsa -noout -text -in {{ output_dir }}/privatekey5.pem -passin pass:ansible | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" + shell: "{{ openssl_binary }} rsa -noout -text -in {{ remote_tmp_dir }}/privatekey5.pem -passin pass:ansible | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" register: privatekey5 # Current version of OS/X that runs in the CI (10.11) does not have an up to date version of the OpenSSL library # leading to this test to fail when run in the CI. However, this test has been run for 10.12 and has returned succesfully. @@ -81,7 +86,7 @@ - name: "({{ select_crypto_backend }}) Validate privatekey6 (test - Passphrase protected key with non ascii character)" - shell: "{{ openssl_binary }} rsa -noout -text -in {{ output_dir }}/privatekey6.pem -passin pass:ànsïblé | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" + shell: "{{ openssl_binary }} rsa -noout -text -in {{ remote_tmp_dir }}/privatekey6.pem -passin pass:ànsïblé | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" register: privatekey6 when: openssl_version.stdout is version('0.9.8zh', '>=') @@ -92,7 +97,7 @@ when: openssl_version.stdout is version('0.9.8zh', '>=') - name: "({{ select_crypto_backend }}) Validate ECC generation (dump with OpenSSL)" - shell: "{{ openssl_binary }} ec -in {{ output_dir }}/privatekey-{{ item.item.curve }}.pem -noout -text | grep 'ASN1 OID: ' | sed 's/ASN1 OID: \\([^ ]*\\)/\\1/'" + shell: "{{ openssl_binary }} ec -in {{ remote_tmp_dir }}/privatekey-{{ item.item.curve }}.pem -noout -text | grep 'ASN1 OID: ' | sed 's/ASN1 OID: \\([^ ]*\\)/\\1/'" loop: "{{ privatekey_ecc_generate.results }}" register: privatekey_ecc_dump when: openssl_version.stdout is version('0.9.8zh', '>=') and 'skip_reason' not in item diff --git a/tests/integration/targets/openssl_privatekey_info/meta/main.yml b/tests/integration/targets/openssl_privatekey_info/meta/main.yml index d1a318db..ff8af08d 100644 --- a/tests/integration/targets/openssl_privatekey_info/meta/main.yml +++ b/tests/integration/targets/openssl_privatekey_info/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - setup_openssl - setup_pyopenssl + - setup_remote_tmp_dir diff --git a/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml b/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml index 2ecbb48a..099a7c06 100644 --- a/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml +++ b/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml @@ -4,7 +4,7 @@ - name: ({{select_crypto_backend}}) Get key 1 info openssl_privatekey_info: - path: '{{ output_dir }}/privatekey_1.pem' + path: '{{ remote_tmp_dir }}/privatekey_1.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result @@ -24,9 +24,14 @@ set_fact: info_results: "{{ info_results | combine({'key1': result}) }}" +- name: ({{select_crypto_backend}}) Read private key + slurp: + src: '{{ remote_tmp_dir }}/privatekey_1.pem' + register: slurp + - name: ({{select_crypto_backend}}) Get key 1 info directly openssl_privatekey_info: - content: '{{ lookup("file", output_dir ~ "/privatekey_1.pem") }}' + content: '{{ slurp.content | b64decode }}' select_crypto_backend: '{{ select_crypto_backend }}' register: result_direct @@ -37,7 +42,7 @@ - name: ({{select_crypto_backend}}) Get key 2 info openssl_privatekey_info: - path: '{{ output_dir }}/privatekey_2.pem' + path: '{{ remote_tmp_dir }}/privatekey_2.pem' return_private_key_data: yes select_crypto_backend: '{{ select_crypto_backend }}' register: result @@ -63,7 +68,7 @@ - name: ({{select_crypto_backend}}) Get key 3 info (without passphrase) openssl_privatekey_info: - path: '{{ output_dir }}/privatekey_3.pem' + path: '{{ remote_tmp_dir }}/privatekey_3.pem' return_private_key_data: yes select_crypto_backend: '{{ select_crypto_backend }}' ignore_errors: yes @@ -88,7 +93,7 @@ - name: ({{select_crypto_backend}}) Get key 3 info (with passphrase) openssl_privatekey_info: - path: '{{ output_dir }}/privatekey_3.pem' + path: '{{ remote_tmp_dir }}/privatekey_3.pem' passphrase: hunter2 return_private_key_data: yes select_crypto_backend: '{{ select_crypto_backend }}' @@ -114,7 +119,7 @@ - name: ({{select_crypto_backend}}) Get key 4 info openssl_privatekey_info: - path: '{{ output_dir }}/privatekey_4.pem' + path: '{{ remote_tmp_dir }}/privatekey_4.pem' return_private_key_data: yes select_crypto_backend: '{{ select_crypto_backend }}' register: result @@ -153,7 +158,7 @@ - name: ({{select_crypto_backend}}) Get key 5 info openssl_privatekey_info: - path: '{{ output_dir }}/privatekey_5.pem' + path: '{{ remote_tmp_dir }}/privatekey_5.pem' return_private_key_data: yes select_crypto_backend: '{{ select_crypto_backend }}' register: result diff --git a/tests/integration/targets/openssl_privatekey_info/tasks/main.yml b/tests/integration/targets/openssl_privatekey_info/tasks/main.yml index c477d194..f4e79666 100644 --- a/tests/integration/targets/openssl_privatekey_info/tasks/main.yml +++ b/tests/integration/targets/openssl_privatekey_info/tasks/main.yml @@ -6,17 +6,17 @@ - name: Generate privatekey 1 openssl_privatekey: - path: '{{ output_dir }}/privatekey_1.pem' + path: '{{ remote_tmp_dir }}/privatekey_1.pem' - name: Generate privatekey 2 (less bits) openssl_privatekey: - path: '{{ output_dir }}/privatekey_2.pem' + path: '{{ remote_tmp_dir }}/privatekey_2.pem' type: RSA size: '{{ default_rsa_key_size }}' - name: Generate privatekey 3 (with password) openssl_privatekey: - path: '{{ output_dir }}/privatekey_3.pem' + path: '{{ remote_tmp_dir }}/privatekey_3.pem' passphrase: hunter2 cipher: auto size: '{{ default_rsa_key_size }}' @@ -24,7 +24,7 @@ - name: Generate privatekey 4 (ECC) openssl_privatekey: - path: '{{ output_dir }}/privatekey_4.pem' + path: '{{ remote_tmp_dir }}/privatekey_4.pem' type: ECC curve: "{{ (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') | ternary('secp521r1', 'secp256k1') }}" # ^ cryptography on CentOS6 doesn't support secp256k1, so we use secp521r1 instead @@ -32,7 +32,7 @@ - name: Generate privatekey 5 (DSA) openssl_privatekey: - path: '{{ output_dir }}/privatekey_5.pem' + path: '{{ remote_tmp_dir }}/privatekey_5.pem' type: DSA size: 1024 diff --git a/tests/integration/targets/openssl_privatekey_pipe/meta/main.yml b/tests/integration/targets/openssl_privatekey_pipe/meta/main.yml index d1a318db..ff8af08d 100644 --- a/tests/integration/targets/openssl_privatekey_pipe/meta/main.yml +++ b/tests/integration/targets/openssl_privatekey_pipe/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - setup_openssl - setup_pyopenssl + - setup_remote_tmp_dir diff --git a/tests/integration/targets/openssl_privatekey_pipe/tasks/main.yml b/tests/integration/targets/openssl_privatekey_pipe/tasks/main.yml index c8205aeb..d6305557 100644 --- a/tests/integration/targets/openssl_privatekey_pipe/tasks/main.yml +++ b/tests/integration/targets/openssl_privatekey_pipe/tasks/main.yml @@ -19,12 +19,12 @@ - name: Remove output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: directory - block: diff --git a/tests/integration/targets/openssl_publickey/meta/main.yml b/tests/integration/targets/openssl_publickey/meta/main.yml index d1a318db..ff8af08d 100644 --- a/tests/integration/targets/openssl_publickey/meta/main.yml +++ b/tests/integration/targets/openssl_publickey/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - setup_openssl - setup_pyopenssl + - setup_remote_tmp_dir diff --git a/tests/integration/targets/openssl_publickey/tasks/impl.yml b/tests/integration/targets/openssl_publickey/tasks/impl.yml index 51091075..9713e5e4 100644 --- a/tests/integration/targets/openssl_publickey/tasks/impl.yml +++ b/tests/integration/targets/openssl_publickey/tasks/impl.yml @@ -1,13 +1,13 @@ --- - name: "({{ select_crypto_backend }}) Generate privatekey" openssl_privatekey: - path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (check mode)" openssl_publickey: - path: '{{ output_dir }}/publickey.pub' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/publickey.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' return_content: yes check_mode: true @@ -15,16 +15,16 @@ - name: "({{ select_crypto_backend }}) Generate publickey - PEM format" openssl_publickey: - path: '{{ output_dir }}/publickey.pub' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/publickey.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' return_content: yes register: publickey - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (check mode, idempotence)" openssl_publickey: - path: '{{ output_dir }}/publickey.pub' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/publickey.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' return_content: yes check_mode: true @@ -32,8 +32,8 @@ - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (idempotence)" openssl_publickey: - path: '{{ output_dir }}/publickey.pub' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/publickey.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' return_content: yes register: publickey_idempotence @@ -48,16 +48,16 @@ - name: "({{ select_crypto_backend }}) Generate publickey - OpenSSH format" openssl_publickey: - path: '{{ output_dir }}/publickey-ssh.pub' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/publickey-ssh.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' format: OpenSSH select_crypto_backend: '{{ select_crypto_backend }}' when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=') - name: "({{ select_crypto_backend }}) Generate publickey - OpenSSH format - test idempotence (issue 33256)" openssl_publickey: - path: '{{ output_dir }}/publickey-ssh.pub' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/publickey-ssh.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' format: OpenSSH select_crypto_backend: '{{ select_crypto_backend }}' when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=') @@ -65,15 +65,15 @@ - name: "({{ select_crypto_backend }}) Generate publickey2 - standard" openssl_publickey: - path: '{{ output_dir }}/publickey2.pub' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/publickey2.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Delete publickey2 - standard" openssl_publickey: state: absent - path: '{{ output_dir }}/publickey2.pub' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/publickey2.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' return_content: yes register: publickey2_absent @@ -81,76 +81,76 @@ - name: "({{ select_crypto_backend }}) Delete publickey2 - standard (idempotence)" openssl_publickey: state: absent - path: '{{ output_dir }}/publickey2.pub' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/publickey2.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: publickey2_absent_idempotence - name: "({{ select_crypto_backend }}) Generate privatekey3 - with passphrase" openssl_privatekey: - path: '{{ output_dir }}/privatekey3.pem' + path: '{{ remote_tmp_dir }}/privatekey3.pem' passphrase: ansible cipher: aes256 size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate publickey3 - with passphrase protected privatekey" openssl_publickey: - path: '{{ output_dir }}/publickey3.pub' - privatekey_path: '{{ output_dir }}/privatekey3.pem' + path: '{{ remote_tmp_dir }}/publickey3.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey3.pem' privatekey_passphrase: ansible select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate publickey3 - with passphrase protected privatekey - idempotence" openssl_publickey: - path: '{{ output_dir }}/publickey3.pub' - privatekey_path: '{{ output_dir }}/privatekey3.pem' + path: '{{ remote_tmp_dir }}/publickey3.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey3.pem' privatekey_passphrase: ansible select_crypto_backend: '{{ select_crypto_backend }}' register: publickey3_idempotence - name: "({{ select_crypto_backend }}) Generate empty file that will hold a public key (issue 33072)" file: - path: '{{ output_dir }}/publickey4.pub' + path: '{{ remote_tmp_dir }}/publickey4.pub' state: touch - name: "({{ select_crypto_backend }}) Generate publickey in empty existing file (issue 33072)" openssl_publickey: - path: '{{ output_dir }}/publickey4.pub' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/publickey4.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate privatekey 5 (ECC)" openssl_privatekey: - path: '{{ output_dir }}/privatekey5.pem' + path: '{{ remote_tmp_dir }}/privatekey5.pem' type: ECC curve: secp256r1 size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format" openssl_publickey: - path: '{{ output_dir }}/publickey5.pub' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/publickey5.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' backup: yes select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey5_1 - name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (idempotent)" openssl_publickey: - path: '{{ output_dir }}/publickey5.pub' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/publickey5.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' backup: yes select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey5_2 - name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (different private key)" openssl_publickey: - path: '{{ output_dir }}/publickey5.pub' - privatekey_path: '{{ output_dir }}/privatekey5.pem' + path: '{{ remote_tmp_dir }}/publickey5.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey5.pem' backup: yes select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey5_3 - name: "({{ select_crypto_backend }}) Generate privatekey with password" openssl_privatekey: - path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: auto select_crypto_backend: cryptography @@ -158,8 +158,8 @@ - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 1)" openssl_publickey: - path: '{{ output_dir }}/publickey_pw1.pub' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/publickey_pw1.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_passphrase: hunter2 select_crypto_backend: '{{ select_crypto_backend }}' ignore_errors: yes @@ -167,8 +167,8 @@ - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 2)" openssl_publickey: - path: '{{ output_dir }}/publickey_pw2.pub' - privatekey_path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/publickey_pw2.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: wrong_password select_crypto_backend: '{{ select_crypto_backend }}' ignore_errors: yes @@ -176,41 +176,41 @@ - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 3)" openssl_publickey: - path: '{{ output_dir }}/publickey_pw3.pub' - privatekey_path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/publickey_pw3.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' select_crypto_backend: '{{ select_crypto_backend }}' ignore_errors: yes register: passphrase_error_3 - name: "({{ select_crypto_backend }}) Create broken key" copy: - dest: "{{ output_dir }}/publickeybroken.pub" + dest: "{{ remote_tmp_dir }}/publickeybroken.pub" content: "broken" - name: "({{ select_crypto_backend }}) Regenerate broken key" openssl_publickey: - path: '{{ output_dir }}/publickeybroken.pub' - privatekey_path: '{{ output_dir }}/privatekey5.pem' + path: '{{ remote_tmp_dir }}/publickeybroken.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey5.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: output_broken - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (for removal)" openssl_publickey: - path: '{{ output_dir }}/publickey_removal.pub' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/publickey_removal.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (removal)" openssl_publickey: state: absent - path: '{{ output_dir }}/publickey_removal.pub' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/publickey_removal.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' backup: yes select_crypto_backend: '{{ select_crypto_backend }}' register: remove_1 - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (removal, idempotent)" openssl_publickey: state: absent - path: '{{ output_dir }}/publickey_removal.pub' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/publickey_removal.pub' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' backup: yes select_crypto_backend: '{{ select_crypto_backend }}' register: remove_2 diff --git a/tests/integration/targets/openssl_publickey/tasks/main.yml b/tests/integration/targets/openssl_publickey/tasks/main.yml index eb423054..1a0f3d91 100644 --- a/tests/integration/targets/openssl_publickey/tasks/main.yml +++ b/tests/integration/targets/openssl_publickey/tasks/main.yml @@ -7,13 +7,13 @@ - block: - name: Generate privatekey1 - standard openssl_privatekey: - path: '{{ output_dir }}/privatekey_autodetect.pem' + path: '{{ remote_tmp_dir }}/privatekey_autodetect.pem' size: '{{ default_rsa_key_size }}' - name: Run module with backend autodetection openssl_publickey: - path: '{{ output_dir }}/privatekey_autodetect_public.pem' - privatekey_path: '{{ output_dir }}/privatekey_autodetect.pem' + path: '{{ remote_tmp_dir }}/privatekey_autodetect_public.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_autodetect.pem' when: | pyopenssl_version.stdout is version('16.0.0', '>=') or @@ -33,12 +33,12 @@ - name: Remove output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: directory - block: diff --git a/tests/integration/targets/openssl_publickey/tests/validate.yml b/tests/integration/targets/openssl_publickey/tests/validate.yml index 34e67b54..378fdd79 100644 --- a/tests/integration/targets/openssl_publickey/tests/validate.yml +++ b/tests/integration/targets/openssl_publickey/tests/validate.yml @@ -1,18 +1,23 @@ --- +- name: "({{ select_crypto_backend }}) Read publickey 1" + slurp: + src: '{{ remote_tmp_dir }}/publickey.pub' + register: slurp + - name: "({{ select_crypto_backend }}) Validate publickey 1 idempotence and result behavior" assert: that: - publickey is changed - publickey_idempotence is not changed - - publickey.publickey == lookup('file', output_dir ~ '/publickey.pub', rstrip=False) + - publickey.publickey == (slurp.content | b64decode) - publickey.publickey == publickey_idempotence.publickey - name: "({{ select_crypto_backend }}) Validate public key (test - privatekey modulus)" - shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ output_dir }}/privatekey.pem' + shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' register: privatekey_modulus - name: "({{ select_crypto_backend }}) Validate public key (test - publickey modulus)" - shell: '{{ openssl_binary }} rsa -pubin -noout -modulus < {{ output_dir }}/publickey.pub' + shell: '{{ openssl_binary }} rsa -pubin -noout -modulus < {{ remote_tmp_dir }}/publickey.pub' register: publickey_modulus - name: "({{ select_crypto_backend }}) Validate public key (assert)" @@ -21,13 +26,13 @@ - publickey_modulus.stdout == privatekey_modulus.stdout - name: "({{ select_crypto_backend }}) Validate public key - OpenSSH format (test - privatekey's publickey)" - shell: 'ssh-keygen -y -f {{ output_dir }}/privatekey.pem' + shell: 'ssh-keygen -y -f {{ remote_tmp_dir }}/privatekey.pem' register: privatekey_publickey when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=') - name: "({{ select_crypto_backend }}) Validate public key - OpenSSH format (test - publickey)" slurp: - src: '{{ output_dir }}/publickey-ssh.pub' + src: '{{ remote_tmp_dir }}/publickey-ssh.pub' register: publickey when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=') @@ -45,7 +50,7 @@ - name: "({{ select_crypto_backend }}) Validate publickey2 (test - Ensure key has been removed)" stat: - path: '{{ output_dir }}/publickey2.pub' + path: '{{ remote_tmp_dir }}/publickey2.pub' register: publickey2 - name: "({{ select_crypto_backend }}) Validate publickey2 (assert - Ensure key has been removed)" @@ -62,12 +67,12 @@ - name: "({{ select_crypto_backend }}) Validate publickey3 (test - privatekey modulus)" - shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ output_dir }}/privatekey3.pem -passin pass:ansible' + shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey3.pem -passin pass:ansible' register: privatekey3_modulus when: openssl_version.stdout is version('0.9.8zh', '>=') - name: "({{ select_crypto_backend }}) Validate publickey3 (test - publickey modulus)" - shell: '{{ openssl_binary }} rsa -pubin -noout -modulus < {{ output_dir }}/publickey3.pub' + shell: '{{ openssl_binary }} rsa -pubin -noout -modulus < {{ remote_tmp_dir }}/publickey3.pub' register: publickey3_modulus when: openssl_version.stdout is version('0.9.8zh', '>=') @@ -83,12 +88,12 @@ - publickey3_idempotence is not changed - name: "({{ select_crypto_backend }}) Validate publickey4 (test - privatekey modulus)" - shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ output_dir }}/privatekey.pem' + shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' register: privatekey4_modulus when: openssl_version.stdout is version('0.9.8zh', '>=') - name: "({{ select_crypto_backend }}) Validate publickey4 (test - publickey modulus)" - shell: '{{ openssl_binary }} rsa -pubin -noout -modulus < {{ output_dir }}/publickey4.pub' + shell: '{{ openssl_binary }} rsa -pubin -noout -modulus < {{ remote_tmp_dir }}/publickey4.pub' register: publickey4_modulus when: openssl_version.stdout is version('0.9.8zh', '>=') @@ -109,12 +114,12 @@ - privatekey5_3.backup_file is string - name: "({{ select_crypto_backend }}) Validate public key 5 (test - privatekey's pubkey)" - command: '{{ openssl_binary }} ec -in {{ output_dir }}/privatekey5.pem -pubout' + command: '{{ openssl_binary }} ec -in {{ remote_tmp_dir }}/privatekey5.pem -pubout' register: privatekey5_pubkey - name: "({{ select_crypto_backend }}) Validate public key 5 (test - publickey pubkey)" - # Fancy way of writing "cat {{ output_dir }}/publickey5.pub" - command: '{{ openssl_binary }} ec -pubin -in {{ output_dir }}/publickey5.pub -pubout' + # Fancy way of writing "cat {{ remote_tmp_dir }}/publickey5.pub" + command: '{{ openssl_binary }} ec -pubin -in {{ remote_tmp_dir }}/publickey5.pub -pubout' register: publickey5_pubkey - name: "({{ select_crypto_backend }}) Validate public key 5 (assert)" diff --git a/tests/integration/targets/openssl_publickey_info/meta/main.yml b/tests/integration/targets/openssl_publickey_info/meta/main.yml index d1a318db..ff8af08d 100644 --- a/tests/integration/targets/openssl_publickey_info/meta/main.yml +++ b/tests/integration/targets/openssl_publickey_info/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - setup_openssl - setup_pyopenssl + - setup_remote_tmp_dir diff --git a/tests/integration/targets/openssl_publickey_info/tasks/impl.yml b/tests/integration/targets/openssl_publickey_info/tasks/impl.yml index 07b3bd2e..c4ba7b4c 100644 --- a/tests/integration/targets/openssl_publickey_info/tasks/impl.yml +++ b/tests/integration/targets/openssl_publickey_info/tasks/impl.yml @@ -4,7 +4,7 @@ - name: ({{select_crypto_backend}}) Get key 1 info openssl_publickey_info: - path: '{{ output_dir }}/publickey_1.pem' + path: '{{ remote_tmp_dir }}/publickey_1.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result @@ -22,9 +22,14 @@ set_fact: info_results: "{{ info_results | combine({'key1': result}) }}" +- name: ({{select_crypto_backend}}) Read file + slurp: + src: '{{ remote_tmp_dir }}/publickey_1.pem' + register: slurp + - name: ({{select_crypto_backend}}) Get key 1 info directly openssl_publickey_info: - content: '{{ lookup("file", output_dir ~ "/publickey_1.pem") }}' + content: '{{ slurp.content | b64decode }}' select_crypto_backend: '{{ select_crypto_backend }}' register: result_direct @@ -35,7 +40,7 @@ - name: ({{select_crypto_backend}}) Get key 2 info openssl_publickey_info: - path: '{{ output_dir }}/publickey_2.pem' + path: '{{ remote_tmp_dir }}/publickey_2.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result @@ -56,7 +61,7 @@ - name: ({{select_crypto_backend}}) Get key 3 info openssl_publickey_info: - path: '{{ output_dir }}/publickey_3.pem' + path: '{{ remote_tmp_dir }}/publickey_3.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result @@ -89,7 +94,7 @@ - name: ({{select_crypto_backend}}) Get key 4 info openssl_publickey_info: - path: '{{ output_dir }}/publickey_4.pem' + path: '{{ remote_tmp_dir }}/publickey_4.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result diff --git a/tests/integration/targets/openssl_publickey_info/tasks/main.yml b/tests/integration/targets/openssl_publickey_info/tasks/main.yml index 08586899..7234b925 100644 --- a/tests/integration/targets/openssl_publickey_info/tasks/main.yml +++ b/tests/integration/targets/openssl_publickey_info/tasks/main.yml @@ -6,17 +6,17 @@ - name: Generate privatekey 1 openssl_privatekey: - path: '{{ output_dir }}/privatekey_1.pem' + path: '{{ remote_tmp_dir }}/privatekey_1.pem' - name: Generate privatekey 2 (less bits) openssl_privatekey: - path: '{{ output_dir }}/privatekey_2.pem' + path: '{{ remote_tmp_dir }}/privatekey_2.pem' type: RSA size: '{{ default_rsa_key_size }}' - name: Generate privatekey 3 (ECC) openssl_privatekey: - path: '{{ output_dir }}/privatekey_3.pem' + path: '{{ remote_tmp_dir }}/privatekey_3.pem' type: ECC curve: "{{ (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') | ternary('secp521r1', 'secp256k1') }}" # ^ cryptography on CentOS6 doesn't support secp256k1, so we use secp521r1 instead @@ -24,14 +24,14 @@ - name: Generate privatekey 4 (DSA) openssl_privatekey: - path: '{{ output_dir }}/privatekey_4.pem' + path: '{{ remote_tmp_dir }}/privatekey_4.pem' type: DSA size: 1024 - name: Generate public keys openssl_publickey: - privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem' - path: '{{ output_dir }}/publickey_{{ item }}.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' + path: '{{ remote_tmp_dir }}/publickey_{{ item }}.pem' loop: - 1 - 2 diff --git a/tests/integration/targets/openssl_signature/meta/main.yml b/tests/integration/targets/openssl_signature/meta/main.yml index d1a318db..ff8af08d 100644 --- a/tests/integration/targets/openssl_signature/meta/main.yml +++ b/tests/integration/targets/openssl_signature/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - setup_openssl - setup_pyopenssl + - setup_remote_tmp_dir diff --git a/tests/integration/targets/openssl_signature/tasks/loop.yml b/tests/integration/targets/openssl_signature/tasks/loop.yml index c33a6091..e62c7905 100644 --- a/tests/integration/targets/openssl_signature/tasks/loop.yml +++ b/tests/integration/targets/openssl_signature/tasks/loop.yml @@ -2,9 +2,9 @@ # This file is intended to be included in a loop statement - name: Sign statement with {{ item.type }} key - {{ item.passwd }} using {{ item.backend }} openssl_signature: - privatekey_path: '{{ output_dir }}/{{item.backend}}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' + privatekey_path: '{{ remote_tmp_dir }}/{{item.backend}}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' privatekey_passphrase: '{{ item.privatekey_passphrase | default(omit) }}' - path: '{{ output_dir }}/statement.txt' + path: '{{ remote_tmp_dir }}/statement.txt' select_crypto_backend: '{{ item.backend }}' register: sign_result @@ -13,8 +13,8 @@ - name: Verify {{ item.type }} signature - {{ item.passwd }} using {{ item.backend }} openssl_signature_info: - certificate_path: '{{ output_dir }}/{{item.backend}}_certificate_{{ item.type }}_{{ item.passwd }}.pem' - path: '{{ output_dir }}/statement.txt' + certificate_path: '{{ remote_tmp_dir }}/{{item.backend}}_certificate_{{ item.type }}_{{ item.passwd }}.pem' + path: '{{ remote_tmp_dir }}/statement.txt' signature: '{{ sign_result.signature }}' select_crypto_backend: '{{ item.backend }}' register: verify_result diff --git a/tests/integration/targets/openssl_signature/tasks/main.yml b/tests/integration/targets/openssl_signature/tasks/main.yml index b0b97c89..9b9999ad 100644 --- a/tests/integration/targets/openssl_signature/tasks/main.yml +++ b/tests/integration/targets/openssl_signature/tasks/main.yml @@ -71,7 +71,7 @@ - name: Generate private keys openssl_privatekey: - path: '{{ output_dir }}/{{item.backend}}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' + path: '{{ remote_tmp_dir }}/{{item.backend}}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' type: '{{ item.type }}' curve: '{{ item.curve | default(omit) }}' size: '{{ item.size | default(omit) }}' @@ -82,31 +82,31 @@ - name: Generate public keys openssl_publickey: - path: '{{ output_dir }}/{{item.backend}}_publickey_{{ item.type }}_{{ item.passwd }}.pem' - privatekey_path: '{{ output_dir }}/{{item.backend}}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' + path: '{{ remote_tmp_dir }}/{{item.backend}}_publickey_{{ item.type }}_{{ item.passwd }}.pem' + privatekey_path: '{{ remote_tmp_dir }}/{{item.backend}}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' privatekey_passphrase: '{{ item.privatekey_passphrase | default(omit) }}' loop: '{{ all_tests }}' - name: Generate CSRs openssl_csr: - path: '{{ output_dir }}/{{item.backend}}_{{ item.type }}_{{ item.passwd }}.csr' - privatekey_path: '{{ output_dir }}/{{item.backend}}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' + path: '{{ remote_tmp_dir }}/{{item.backend}}_{{ item.type }}_{{ item.passwd }}.csr' + privatekey_path: '{{ remote_tmp_dir }}/{{item.backend}}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' privatekey_passphrase: '{{ item.privatekey_passphrase | default(omit) }}' loop: '{{ all_tests }}' - name: Generate selfsigned certificates x509_certificate: provider: selfsigned - path: '{{ output_dir }}/{{item.backend}}_certificate_{{ item.type }}_{{ item.passwd }}.pem' - privatekey_path: '{{ output_dir }}/{{item.backend}}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' + path: '{{ remote_tmp_dir }}/{{item.backend}}_certificate_{{ item.type }}_{{ item.passwd }}.pem' + privatekey_path: '{{ remote_tmp_dir }}/{{item.backend}}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' privatekey_passphrase: '{{ item.privatekey_passphrase | default(omit) }}' - csr_path: '{{ output_dir }}/{{item.backend}}_{{ item.type }}_{{ item.passwd }}.csr' + csr_path: '{{ remote_tmp_dir }}/{{item.backend}}_{{ item.type }}_{{ item.passwd }}.csr' loop: '{{ all_tests }}' - name: Create statement to be signed copy: content: "Erst wenn der Subwoofer die Katze inhaliert, fickt der Bass richtig übel. -- W.A. Mozart" - dest: '{{ output_dir }}/statement.txt' + dest: '{{ remote_tmp_dir }}/statement.txt' - name: Loop over all variants include_tasks: loop.yml diff --git a/tests/integration/targets/prepare_http_tests/tasks/default.yml b/tests/integration/targets/prepare_http_tests/tasks/default.yml index bff90350..71419243 100644 --- a/tests/integration/targets/prepare_http_tests/tasks/default.yml +++ b/tests/integration/targets/prepare_http_tests/tasks/default.yml @@ -42,10 +42,16 @@ dest: "/tmp/ansible.pem" when: ansible_os_family == 'FreeBSD' +- name: FreeBSD - Read test cacert + slurp: + src: "/tmp/ansible.pem" + register: slurp + when: ansible_os_family == 'FreeBSD' + - name: FreeBSD - Add cacert to root certificate store blockinfile: path: "/etc/ssl/cert.pem" - block: "{{ lookup('file', '/tmp/ansible.pem') }}" + block: "{{ slurp.content | b64decode }}" when: ansible_os_family == 'FreeBSD' - name: MacOS - Retrieve test cacert diff --git a/tests/integration/targets/setup_acme/meta/main.yml b/tests/integration/targets/setup_acme/meta/main.yml index 96d5b2b8..ea94bf36 100644 --- a/tests/integration/targets/setup_acme/meta/main.yml +++ b/tests/integration/targets/setup_acme/meta/main.yml @@ -1,2 +1,3 @@ -dependencies: [] +dependencies: # - setup_openssl + - setup_remote_tmp_dir diff --git a/tests/integration/targets/setup_acme/tasks/obtain-cert.yml b/tests/integration/targets/setup_acme/tasks/obtain-cert.yml index 74cf1482..2dc8eb13 100644 --- a/tests/integration/targets/setup_acme/tasks/obtain-cert.yml +++ b/tests/integration/targets/setup_acme/tasks/obtain-cert.yml @@ -2,7 +2,7 @@ ## PRIVATE KEY ################################################################################ - name: ({{ certgen_title }}) Create cert private key openssl_privatekey: - path: "{{ output_dir }}/{{ certificate_name }}.key" + path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key" type: "{{ 'RSA' if key_type == 'rsa' else 'ECC' }}" size: "{{ rsa_bits if key_type == 'rsa' else omit }}" curve: >- @@ -17,8 +17,8 @@ ## CSR ######################################################################################## - name: ({{ certgen_title }}) Create cert CSR openssl_csr: - path: "{{ output_dir }}/{{ certificate_name }}.csr" - privatekey_path: "{{ output_dir }}/{{ certificate_name }}.key" + path: "{{ remote_tmp_dir }}/{{ certificate_name }}.csr" + privatekey_path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key" privatekey_passphrase: "{{ certificate_passphrase | default(omit, true) }}" subject_alt_name: "{{ subject_alt_name }}" subject_alt_name_critical: "{{ subject_alt_name_critical }}" @@ -31,15 +31,15 @@ acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no - account_key: "{{ (output_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}" + account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}" account_key_content: "{{ account_key_content | default(omit) }}" account_key_passphrase: "{{ account_key_passphrase | default(omit, true) }}" modify_account: "{{ modify_account }}" - csr: "{{ omit if use_csr_content | default(false) else output_dir ~ '/' ~ certificate_name ~ '.csr' }}" + csr: "{{ omit if use_csr_content | default(false) else remote_tmp_dir ~ '/' ~ certificate_name ~ '.csr' }}" csr_content: "{{ csr_result.csr if use_csr_content | default(false) else omit }}" - dest: "{{ output_dir }}/{{ certificate_name }}.pem" - fullchain_dest: "{{ output_dir }}/{{ certificate_name }}-fullchain.pem" - chain_dest: "{{ output_dir }}/{{ certificate_name }}-chain.pem" + dest: "{{ remote_tmp_dir }}/{{ certificate_name }}.pem" + fullchain_dest: "{{ remote_tmp_dir }}/{{ certificate_name }}-fullchain.pem" + chain_dest: "{{ remote_tmp_dir }}/{{ certificate_name }}-chain.pem" challenge: "{{ challenge }}" deactivate_authzs: "{{ deactivate_authzs }}" force: "{{ force }}" @@ -72,20 +72,25 @@ acme_challenge_cert_helper: challenge: tls-alpn-01 challenge_data: "{{ item.value['tls-alpn-01'] }}" - private_key_src: "{{ output_dir }}/{{ certificate_name }}.key" + private_key_src: "{{ remote_tmp_dir }}/{{ certificate_name }}.key" private_key_passphrase: "{{ certificate_passphrase | default(omit, true) }}" - with_dict: "{{ challenge_data.challenge_data }}" + with_dict: "{{ challenge_data.challenge_data if challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls is defined and challenge_alpn_tls == 'acme_challenge_cert_helper') else {} }}" register: tls_alpn_challenges when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls is defined and challenge_alpn_tls == 'acme_challenge_cert_helper')" +- name: ({{ certgen_title }}) Read private key + slurp: + src: '{{ remote_tmp_dir }}/{{ certificate_name }}.key' + register: slurp + when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls is defined and challenge_alpn_tls == 'acme_challenge_cert_helper')" - name: ({{ certgen_title }}) Set TLS ALPN challenges (acm_challenge_cert_helper) uri: url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.domain }}/{{ item.identifier }}/certificate-and-key" method: PUT body_format: raw - body: "{{ item.challenge_certificate }}\n{{ lookup('file', output_dir ~ '/' ~ certificate_name ~ '.key') }}" + body: "{{ item.challenge_certificate }}\n{{ slurp.content | b64decode }}" headers: content-type: "application/pem-certificate-chain" - with_items: "{{ tls_alpn_challenges.results }}" + with_items: "{{ tls_alpn_challenges.results if challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls is defined and challenge_alpn_tls == 'acme_challenge_cert_helper') else [] }}" when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls is defined and challenge_alpn_tls == 'acme_challenge_cert_helper')" - name: ({{ certgen_title }}) Create TLS ALPN challenges (der-value-b64) uri: @@ -95,7 +100,7 @@ body: "{{ item.value['tls-alpn-01'].resource_value }}" headers: content-type: "application/octet-stream" - with_dict: "{{ challenge_data.challenge_data }}" + with_dict: "{{ challenge_data.challenge_data if challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls is not defined or challenge_alpn_tls == 'der-value-b64') else [] }}" when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls is not defined or challenge_alpn_tls == 'der-value-b64')" ## ACME STEP 2 ################################################################################ - name: ({{ certgen_title }}) Obtain cert, step 2 @@ -104,16 +109,16 @@ acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no - account_key: "{{ (output_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}" + account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}" account_key_content: "{{ account_key_content | default(omit) }}" account_key_passphrase: "{{ account_key_passphrase | default(omit, true) }}" account_uri: "{{ challenge_data.account_uri }}" modify_account: "{{ modify_account }}" - csr: "{{ omit if use_csr_content | default(false) else output_dir ~ '/' ~ certificate_name ~ '.csr' }}" + csr: "{{ omit if use_csr_content | default(false) else remote_tmp_dir ~ '/' ~ certificate_name ~ '.csr' }}" csr_content: "{{ csr_result.csr if use_csr_content | default(false) else omit }}" - dest: "{{ output_dir }}/{{ certificate_name }}.pem" - fullchain_dest: "{{ output_dir }}/{{ certificate_name }}-fullchain.pem" - chain_dest: "{{ output_dir }}/{{ certificate_name }}-chain.pem" + dest: "{{ remote_tmp_dir }}/{{ certificate_name }}.pem" + fullchain_dest: "{{ remote_tmp_dir }}/{{ certificate_name }}-fullchain.pem" + chain_dest: "{{ remote_tmp_dir }}/{{ certificate_name }}-chain.pem" challenge: "{{ challenge }}" deactivate_authzs: "{{ deactivate_authzs }}" force: "{{ force }}" @@ -146,5 +151,5 @@ - name: ({{ certgen_title }}) Get root certificate get_url: url: "http://{{ acme_host }}:5000/root-certificate-for-ca/{{ acme_expected_root_number | default(0) if select_crypto_backend == 'cryptography' else 0 }}" - dest: "{{ output_dir }}/{{ certificate_name }}-root.pem" + dest: "{{ remote_tmp_dir }}/{{ certificate_name }}-root.pem" ############################################################################################### diff --git a/tests/integration/targets/x509_certificate-acme/meta/main.yml b/tests/integration/targets/x509_certificate-acme/meta/main.yml index 81d1e7e7..1f28c47f 100644 --- a/tests/integration/targets/x509_certificate-acme/meta/main.yml +++ b/tests/integration/targets/x509_certificate-acme/meta/main.yml @@ -1,2 +1,3 @@ dependencies: - setup_acme + - setup_remote_tmp_dir diff --git a/tests/integration/targets/x509_certificate-acme/tasks/impl.yml b/tests/integration/targets/x509_certificate-acme/tasks/impl.yml index 7de7da68..bb6d42e5 100644 --- a/tests/integration/targets/x509_certificate-acme/tasks/impl.yml +++ b/tests/integration/targets/x509_certificate-acme/tasks/impl.yml @@ -1,18 +1,18 @@ --- - name: Generate account key openssl_privatekey: - path: '{{ output_dir }}/account.key' + path: '{{ remote_tmp_dir }}/account.key' size: '{{ default_rsa_key_size }}' - name: Generate privatekey openssl_privatekey: - path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size }}' - name: Generate CSRs openssl_csr: - privatekey_path: '{{ output_dir }}/privatekey.pem' - path: '{{ output_dir }}/{{ item.name }}.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/{{ item.name }}.csr' subject_alt_name: '{{ item.sans }}' loop: - name: cert-1 @@ -26,17 +26,17 @@ - name: Retrieve certificate 1 x509_certificate: provider: acme - path: '{{ output_dir }}/cert-1.pem' - csr_path: '{{ output_dir }}/cert-1.csr' - acme_accountkey_path: '{{ output_dir }}/account.key' - acme_challenge_path: '{{ output_dir }}/challenges/' + path: '{{ remote_tmp_dir }}/cert-1.pem' + csr_path: '{{ remote_tmp_dir }}/cert-1.csr' + acme_accountkey_path: '{{ remote_tmp_dir }}/account.key' + acme_challenge_path: '{{ remote_tmp_dir }}/challenges/' acme_directory: https://{{ acme_host }}:14000/dir environment: - PATH: '{{ lookup("env", "PATH") }}:{{ output_dir }}' + PATH: '{{ lookup("env", "PATH") }}:{{ remote_tmp_dir }}' - name: Get certificate information x509_certificate_info: - path: '{{ output_dir }}/cert-1.pem' + path: '{{ remote_tmp_dir }}/cert-1.pem' register: result - name: Validate certificate information @@ -48,17 +48,17 @@ - name: Retrieve certificate 2 x509_certificate: provider: acme - path: '{{ output_dir }}/cert-2.pem' - csr_path: '{{ output_dir }}/cert-2.csr' - acme_accountkey_path: '{{ output_dir }}/account.key' - acme_challenge_path: '{{ output_dir }}/challenges/' + path: '{{ remote_tmp_dir }}/cert-2.pem' + csr_path: '{{ remote_tmp_dir }}/cert-2.csr' + acme_accountkey_path: '{{ remote_tmp_dir }}/account.key' + acme_challenge_path: '{{ remote_tmp_dir }}/challenges/' acme_directory: https://{{ acme_host }}:14000/dir environment: - PATH: '{{ lookup("env", "PATH") }}:{{ output_dir }}' + PATH: '{{ lookup("env", "PATH") }}:{{ remote_tmp_dir }}' - name: Get certificate information x509_certificate_info: - path: '{{ output_dir }}/cert-2.pem' + path: '{{ remote_tmp_dir }}/cert-2.pem' register: result - name: Validate certificate information diff --git a/tests/integration/targets/x509_certificate-acme/tasks/main.yml b/tests/integration/targets/x509_certificate-acme/tasks/main.yml index 23e06bd3..91f04ef9 100644 --- a/tests/integration/targets/x509_certificate-acme/tasks/main.yml +++ b/tests/integration/targets/x509_certificate-acme/tasks/main.yml @@ -8,38 +8,48 @@ - name: Obtain root and intermediate certificates get_url: url: "http://{{ acme_host }}:5000/{{ item.0 }}-certificate-for-ca/{{ item.1 }}" - dest: "{{ output_dir }}/acme-{{ item.0 }}-{{ item.1 }}.pem" + dest: "{{ remote_tmp_dir }}/acme-{{ item.0 }}-{{ item.1 }}.pem" loop: "{{ query('nested', types, root_numbers) }}" - name: Analyze root certificates x509_certificate_info: - path: "{{ output_dir }}/acme-root-{{ item }}.pem" + path: "{{ remote_tmp_dir }}/acme-root-{{ item }}.pem" loop: "{{ root_numbers }}" register: acme_roots - name: Analyze intermediate certificates x509_certificate_info: - path: "{{ output_dir }}/acme-intermediate-{{ item }}.pem" + path: "{{ remote_tmp_dir }}/acme-intermediate-{{ item }}.pem" loop: "{{ root_numbers }}" register: acme_intermediates - - set_fact: - x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}" - y__: "{{ lookup('file', output_dir ~ '/acme-root-' ~ item.item ~ '.pem', rstrip=False) }}" - loop: "{{ acme_roots.results }}" - register: acme_roots_tmp + - name: Read root certificates + slurp: + src: "{{ remote_tmp_dir ~ '/acme-root-' ~ item ~ '.pem' }}" + loop: "{{ root_numbers }}" + register: slurp_roots + + - set_fact: + x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}" + loop: "{{ acme_roots.results }}" + register: acme_roots_tmp + + - name: Read intermediate certificates + slurp: + src: "{{ remote_tmp_dir ~ '/acme-intermediate-' ~ item ~ '.pem' }}" + loop: "{{ root_numbers }}" + register: slurp_intermediates - set_fact: x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}" - y__: "{{ lookup('file', output_dir ~ '/acme-intermediate-' ~ item.item ~ '.pem', rstrip=False) }}" loop: "{{ acme_intermediates.results }}" register: acme_intermediates_tmp - set_fact: acme_roots: "{{ acme_roots_tmp.results | map(attribute='ansible_facts.x__') | list }}" - acme_root_certs: "{{ acme_roots_tmp.results | map(attribute='ansible_facts.y__') | list }}" + acme_root_certs: "{{ slurp_roots.results | map(attribute='content') | map('b64decode') | list }}" acme_intermediates: "{{ acme_intermediates_tmp.results | map(attribute='ansible_facts.x__') | list }}" - acme_intermediate_certs: "{{ acme_intermediates_tmp.results | map(attribute='ansible_facts.y__') | list }}" + acme_intermediate_certs: "{{ slurp_intermediates.results | map(attribute='content') | map('b64decode') | list }}" vars: types: @@ -56,16 +66,16 @@ - name: Get hold of acme-tiny executable get_url: url: https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py - dest: "{{ output_dir }}/acme-tiny" + dest: "{{ remote_tmp_dir }}/acme-tiny" - name: Make sure acme-tiny is executable file: - path: "{{ output_dir }}/acme-tiny" + path: "{{ remote_tmp_dir }}/acme-tiny" mode: "0755" - name: "Monkey-patch acme-tiny: Disable certificate validation" blockinfile: - path: "{{ output_dir }}/acme-tiny" + path: "{{ remote_tmp_dir }}/acme-tiny" marker: "# {mark} ANSIBLE MANAGED BLOCK: DISABLE CERTIFICATE VALIDATION FOR HTTPS REQUESTS" insertafter: '^#!.*' block: | @@ -83,25 +93,25 @@ - name: "Monkey-patch acme-tiny: Disable check that challenge file is reachable via HTTP" replace: - path: "{{ output_dir }}/acme-tiny" + path: "{{ remote_tmp_dir }}/acme-tiny" regexp: 'parser\.add_argument\("--disable-check", default=False,' replace: 'parser.add_argument("--disable-check", default=True,' - name: "Monkey-patch acme-tiny: Instead of writing challenge files to disk, post them to challenge server" replace: - path: "{{ output_dir }}/acme-tiny" + path: "{{ remote_tmp_dir }}/acme-tiny" regexp: 'with open\(wellknown_path, "w"\) as [^:]+:\n\s+[^. ]+\.write\(([^)]+)\)' replace: 'r = Request(url="http://{{ acme_host }}:5000/http/" + domain + "/" + token, data=\1.encode("utf8"), headers={"content-type": "application/octet-stream"}) ; r.get_method = lambda: "PUT" ; urlopen(r).close()' - name: "Monkey-patch acme-tiny: Remove file cleanup" replace: - path: "{{ output_dir }}/acme-tiny" + path: "{{ remote_tmp_dir }}/acme-tiny" regexp: 'os\.remove\(wellknown_path\)' replace: 'pass' - name: Create challenges directory file: - path: '{{ output_dir }}/challenges' + path: '{{ remote_tmp_dir }}/challenges' state: directory - name: Running tests diff --git a/tests/integration/targets/x509_certificate/meta/main.yml b/tests/integration/targets/x509_certificate/meta/main.yml index d1a318db..ff8af08d 100644 --- a/tests/integration/targets/x509_certificate/meta/main.yml +++ b/tests/integration/targets/x509_certificate/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - setup_openssl - setup_pyopenssl + - setup_remote_tmp_dir diff --git a/tests/integration/targets/x509_certificate/tasks/assertonly.yml b/tests/integration/targets/x509_certificate/tasks/assertonly.yml index 2416f1e7..9dca76e0 100644 --- a/tests/integration/targets/x509_certificate/tasks/assertonly.yml +++ b/tests/integration/targets/x509_certificate/tasks/assertonly.yml @@ -1,12 +1,12 @@ --- - name: (Assertonly, {{select_crypto_backend}}) - Generate privatekey openssl_privatekey: - path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size_certifiates }}' - name: (Assertonly, {{select_crypto_backend}}) - Generate privatekey with password openssl_privatekey: - path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: auto select_crypto_backend: cryptography @@ -14,16 +14,16 @@ - name: (Assertonly, {{select_crypto_backend}}) - Generate CSR (no extensions) openssl_csr: - path: '{{ output_dir }}/csr_noext.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_noext.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.example.com useCommonNameForSAN: no - name: (Assertonly, {{select_crypto_backend}}) - Generate CSR (with SANs) openssl_csr: - path: '{{ output_dir }}/csr_sans.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_sans.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.example.com subject_alt_name: @@ -34,25 +34,25 @@ - name: (Assertonly, {{select_crypto_backend}}) - Generate selfsigned certificate (no extensions) x509_certificate: - path: '{{ output_dir }}/cert_noext.pem' - csr_path: '{{ output_dir }}/csr_noext.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/cert_noext.pem' + csr_path: '{{ remote_tmp_dir }}/csr_noext.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - name: (Assertonly, {{select_crypto_backend}}) - Generate selfsigned certificate (with SANs) x509_certificate: - path: '{{ output_dir }}/cert_sans.pem' - csr_path: '{{ output_dir }}/csr_sans.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/cert_sans.pem' + csr_path: '{{ remote_tmp_dir }}/csr_sans.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - name: (Assertonly, {{select_crypto_backend}}) - Assert that subject_alt_name is there (should fail) x509_certificate: - path: '{{ output_dir }}/cert_noext.pem' + path: '{{ remote_tmp_dir }}/cert_noext.pem' provider: assertonly subject_alt_name: - "DNS:example.com" @@ -62,7 +62,7 @@ - name: (Assertonly, {{select_crypto_backend}}) - Assert that subject_alt_name is there x509_certificate: - path: '{{ output_dir }}/cert_sans.pem' + path: '{{ remote_tmp_dir }}/cert_sans.pem' provider: assertonly subject_alt_name: - "DNS:ansible.com" @@ -73,7 +73,7 @@ - name: (Assertonly, {{select_crypto_backend}}) - Assert that subject_alt_name is there (strict) x509_certificate: - path: '{{ output_dir }}/cert_sans.pem' + path: '{{ remote_tmp_dir }}/cert_sans.pem' provider: assertonly subject_alt_name: - "DNS:ansible.com" @@ -85,7 +85,7 @@ - name: (Assertonly, {{select_crypto_backend}}) - Assert that key_usage is there (should fail) x509_certificate: - path: '{{ output_dir }}/cert_noext.pem' + path: '{{ remote_tmp_dir }}/cert_noext.pem' provider: assertonly key_usage: - digitalSignature @@ -95,7 +95,7 @@ - name: (Assertonly, {{select_crypto_backend}}) - Assert that extended_key_usage is there (should fail) x509_certificate: - path: '{{ output_dir }}/cert_noext.pem' + path: '{{ remote_tmp_dir }}/cert_noext.pem' provider: assertonly extended_key_usage: - biometricInfo @@ -116,8 +116,8 @@ - name: (Assertonly, {{select_crypto_backend}}) - Check wrong key fail x509_certificate: - path: '{{ output_dir }}/cert_noext.pem' - privatekey_path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/cert_noext.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: hunter2 provider: assertonly select_crypto_backend: '{{ select_crypto_backend }}' @@ -126,8 +126,8 @@ - name: (Assertonly, {{select_crypto_backend}}) - Check private key passphrase fail 1 x509_certificate: - path: '{{ output_dir }}/cert_noext.pem' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/cert_noext.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_passphrase: hunter2 provider: assertonly select_crypto_backend: '{{ select_crypto_backend }}' @@ -136,8 +136,8 @@ - name: (Assertonly, {{select_crypto_backend}}) - Check private key passphrase fail 2 x509_certificate: - path: '{{ output_dir }}/cert_noext.pem' - privatekey_path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/cert_noext.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: wrong_password provider: assertonly select_crypto_backend: '{{ select_crypto_backend }}' @@ -146,8 +146,8 @@ - name: (Assertonly, {{select_crypto_backend}}) - Check private key passphrase fail 3 x509_certificate: - path: '{{ output_dir }}/cert_noext.pem' - privatekey_path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/cert_noext.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' provider: assertonly select_crypto_backend: '{{ select_crypto_backend }}' ignore_errors: yes diff --git a/tests/integration/targets/x509_certificate/tasks/expired.yml b/tests/integration/targets/x509_certificate/tasks/expired.yml index 76e21c83..1812828a 100644 --- a/tests/integration/targets/x509_certificate/tasks/expired.yml +++ b/tests/integration/targets/x509_certificate/tasks/expired.yml @@ -1,21 +1,21 @@ --- - name: (Expired, {{select_crypto_backend}}) Generate privatekey openssl_privatekey: - path: '{{ output_dir }}/has_expired_privatekey.pem' + path: '{{ remote_tmp_dir }}/has_expired_privatekey.pem' size: '{{ default_rsa_key_size_certifiates }}' - name: (Expired, {{select_crypto_backend}}) Generate CSR openssl_csr: - path: '{{ output_dir }}/has_expired_csr.csr' - privatekey_path: '{{ output_dir }}/has_expired_privatekey.pem' + path: '{{ remote_tmp_dir }}/has_expired_csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/has_expired_privatekey.pem' subject: commonName: www.example.com - name: (Expired, {{select_crypto_backend}}) Generate expired selfsigned certificate x509_certificate: - path: '{{ output_dir }}/has_expired_cert.pem' - csr_path: '{{ output_dir }}/has_expired_csr.csr' - privatekey_path: '{{ output_dir }}/has_expired_privatekey.pem' + path: '{{ remote_tmp_dir }}/has_expired_cert.pem' + csr_path: '{{ remote_tmp_dir }}/has_expired_csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/has_expired_privatekey.pem' provider: selfsigned selfsigned_digest: sha256 selfsigned_not_after: "-1s" @@ -24,13 +24,13 @@ when: select_crypto_backend == 'pyopenssl' # cryptography won't allow creating expired certificates - name: (Expired, {{select_crypto_backend}}) Generate expired selfsigned certificate - command: "{{ openssl_binary }} x509 -req -days -1 -in {{ output_dir }}/has_expired_csr.csr -signkey {{ output_dir }}/has_expired_privatekey.pem -out {{ output_dir }}/has_expired_cert.pem" + command: "{{ openssl_binary }} x509 -req -days -1 -in {{ remote_tmp_dir }}/has_expired_csr.csr -signkey {{ remote_tmp_dir }}/has_expired_privatekey.pem -out {{ remote_tmp_dir }}/has_expired_cert.pem" when: select_crypto_backend == 'cryptography' # So we create it with 'command' - name: "(Expired) Check task fails because cert is expired (has_expired: false)" x509_certificate: provider: assertonly - path: "{{ output_dir }}/has_expired_cert.pem" + path: "{{ remote_tmp_dir }}/has_expired_cert.pem" has_expired: false select_crypto_backend: '{{ select_crypto_backend }}' ignore_errors: true @@ -43,7 +43,7 @@ - name: "(Expired) Check expired cert check is ignored (has_expired: true)" x509_certificate: provider: assertonly - path: "{{ output_dir }}/has_expired_cert.pem" + path: "{{ remote_tmp_dir }}/has_expired_cert.pem" has_expired: true select_crypto_backend: '{{ select_crypto_backend }}' register: expired_cert_skip diff --git a/tests/integration/targets/x509_certificate/tasks/main.yml b/tests/integration/targets/x509_certificate/tasks/main.yml index 36b5c280..8000af78 100644 --- a/tests/integration/targets/x509_certificate/tasks/main.yml +++ b/tests/integration/targets/x509_certificate/tasks/main.yml @@ -12,12 +12,12 @@ - name: Remove output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: directory - name: Running tests with cryptography backend diff --git a/tests/integration/targets/x509_certificate/tasks/ownca.yml b/tests/integration/targets/x509_certificate/tasks/ownca.yml index 7657caa9..5776425e 100644 --- a/tests/integration/targets/x509_certificate/tasks/ownca.yml +++ b/tests/integration/targets/x509_certificate/tasks/ownca.yml @@ -1,12 +1,12 @@ --- - name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey openssl_privatekey: - path: '{{ output_dir }}/ca_privatekey.pem' + path: '{{ remote_tmp_dir }}/ca_privatekey.pem' size: '{{ default_rsa_key_size_certifiates }}' - name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey with passphrase openssl_privatekey: - path: '{{ output_dir }}/ca_privatekey_pw.pem' + path: '{{ remote_tmp_dir }}/ca_privatekey_pw.pem' passphrase: hunter2 cipher: auto select_crypto_backend: cryptography @@ -14,8 +14,8 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR openssl_csr: - path: '{{ output_dir }}/ca_csr.csr' - privatekey_path: '{{ output_dir }}/ca_privatekey.pem' + path: '{{ remote_tmp_dir }}/ca_csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' subject: commonName: Example CA useCommonNameForSAN: no @@ -25,8 +25,8 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR (privatekey passphrase) openssl_csr: - path: '{{ output_dir }}/ca_csr_pw.csr' - privatekey_path: '{{ output_dir }}/ca_privatekey_pw.pem' + path: '{{ remote_tmp_dir }}/ca_csr_pw.csr' + privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey_pw.pem' privatekey_passphrase: hunter2 subject: commonName: Example CA @@ -37,9 +37,9 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate (check mode) x509_certificate: - path: '{{ output_dir }}/ca_cert.pem' - csr_path: '{{ output_dir }}/ca_csr.csr' - privatekey_path: '{{ output_dir }}/ca_privatekey.pem' + path: '{{ remote_tmp_dir }}/ca_cert.pem' + csr_path: '{{ remote_tmp_dir }}/ca_csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -48,9 +48,9 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate x509_certificate: - path: '{{ output_dir }}/ca_cert.pem' - csr_path: '{{ output_dir }}/ca_csr.csr' - privatekey_path: '{{ output_dir }}/ca_privatekey.pem' + path: '{{ remote_tmp_dir }}/ca_cert.pem' + csr_path: '{{ remote_tmp_dir }}/ca_csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -64,9 +64,9 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate (privatekey passphrase) x509_certificate: - path: '{{ output_dir }}/ca_cert_pw.pem' - csr_path: '{{ output_dir }}/ca_csr_pw.csr' - privatekey_path: '{{ output_dir }}/ca_privatekey_pw.pem' + path: '{{ remote_tmp_dir }}/ca_cert_pw.pem' + csr_path: '{{ remote_tmp_dir }}/ca_csr_pw.csr' + privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey_pw.pem' privatekey_passphrase: hunter2 provider: selfsigned selfsigned_digest: sha256 @@ -74,11 +74,11 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate x509_certificate: - path: '{{ output_dir }}/ownca_cert.pem' - csr_path: '{{ output_dir }}/csr.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert.pem' + csr_path: '{{ remote_tmp_dir }}/csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -87,11 +87,11 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent) x509_certificate: - path: '{{ output_dir }}/ownca_cert.pem' - csr_path: '{{ output_dir }}/csr.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert.pem' + csr_path: '{{ remote_tmp_dir }}/csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -100,11 +100,11 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (check mode) x509_certificate: - path: '{{ output_dir }}/ownca_cert.pem' - csr_path: '{{ output_dir }}/csr.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert.pem' + csr_path: '{{ remote_tmp_dir }}/csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -112,8 +112,8 @@ - name: (OwnCA, {{select_crypto_backend}}) Check ownca certificate x509_certificate: - path: '{{ output_dir }}/ownca_cert.pem' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: assertonly has_expired: False version: 3 @@ -128,11 +128,11 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate ownca v2 certificate x509_certificate: - path: '{{ output_dir }}/ownca_cert_v2.pem' - csr_path: '{{ output_dir }}/csr.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_v2.pem' + csr_path: '{{ remote_tmp_dir }}/csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 ownca_version: 2 @@ -142,19 +142,19 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate2 x509_certificate: - path: '{{ output_dir }}/ownca_cert2.pem' - csr_path: '{{ output_dir }}/csr2.csr' - privatekey_path: '{{ output_dir }}/privatekey2.pem' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert2.pem' + csr_path: '{{ remote_tmp_dir }}/csr2.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - name: (OwnCA, {{select_crypto_backend}}) Check ownca certificate2 x509_certificate: - path: '{{ output_dir }}/ownca_cert2.pem' - privatekey_path: '{{ output_dir }}/privatekey2.pem' + path: '{{ remote_tmp_dir }}/ownca_cert2.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' provider: assertonly has_expired: False version: 3 @@ -184,11 +184,11 @@ provider: ownca ownca_not_before: 20181023133742Z ownca_not_after: 20191023133742Z - path: "{{ output_dir }}/ownca_cert3.pem" - csr_path: "{{ output_dir }}/csr.csr" - privatekey_path: "{{ output_dir }}/privatekey3.pem" - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' + path: "{{ remote_tmp_dir }}/ownca_cert3.pem" + csr_path: "{{ remote_tmp_dir }}/csr.csr" + privatekey_path: "{{ remote_tmp_dir }}/privatekey3.pem" + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' - name: (OwnCA, {{select_crypto_backend}}) Create ownca certificate with relative notBefore and notAfter @@ -196,20 +196,20 @@ provider: ownca ownca_not_before: +1s ownca_not_after: +52w - path: "{{ output_dir }}/ownca_cert4.pem" - csr_path: "{{ output_dir }}/csr.csr" - privatekey_path: "{{ output_dir }}/privatekey3.pem" - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' + path: "{{ remote_tmp_dir }}/ownca_cert4.pem" + csr_path: "{{ remote_tmp_dir }}/csr.csr" + privatekey_path: "{{ remote_tmp_dir }}/privatekey3.pem" + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' - name: (OwnCA, {{select_crypto_backend}}) Generate ownca ECC certificate x509_certificate: - path: '{{ output_dir }}/ownca_cert_ecc.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - privatekey_path: '{{ output_dir }}/privatekey_ecc.pem' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_ecc.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -217,10 +217,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned certificate (privatekey passphrase) x509_certificate: - path: '{{ output_dir }}/ownca_cert_ecc_2.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - ownca_path: '{{ output_dir }}/ca_cert_pw.pem' - ownca_privatekey_path: '{{ output_dir }}/ca_privatekey_pw.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_ecc_2.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert_pw.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey_pw.pem' ownca_privatekey_passphrase: hunter2 provider: ownca ownca_digest: sha256 @@ -229,10 +229,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 1) x509_certificate: - path: '{{ output_dir }}/ownca_cert_pw1.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_pw1.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' ownca_privatekey_passphrase: hunter2 provider: ownca ownca_digest: sha256 @@ -242,10 +242,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 2) x509_certificate: - path: '{{ output_dir }}/ownca_cert_pw2.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_pw2.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' ownca_privatekey_passphrase: wrong_password provider: ownca ownca_digest: sha256 @@ -255,10 +255,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 3) x509_certificate: - path: '{{ output_dir }}/ownca_cert_pw3.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_pw3.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' provider: ownca ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -267,25 +267,25 @@ - name: (OwnCA, {{select_crypto_backend}}) Create broken certificate copy: - dest: "{{ output_dir }}/ownca_broken.pem" + dest: "{{ remote_tmp_dir }}/ownca_broken.pem" content: "broken" - name: (OwnCA, {{select_crypto_backend}}) Regenerate broken cert x509_certificate: - path: '{{ output_dir }}/ownca_broken.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - privatekey_path: '{{ output_dir }}/privatekey_ecc.pem' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_broken.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 register: ownca_broken - name: (OwnCA, {{select_crypto_backend}}) Backup test x509_certificate: - path: '{{ output_dir }}/ownca_cert_backup.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: ownca ownca_digest: sha256 backup: yes @@ -293,10 +293,10 @@ register: ownca_backup_1 - name: (OwnCA, {{select_crypto_backend}}) Backup test (idempotent) x509_certificate: - path: '{{ output_dir }}/ownca_cert_backup.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: ownca ownca_digest: sha256 backup: yes @@ -304,10 +304,10 @@ register: ownca_backup_2 - name: (OwnCA, {{select_crypto_backend}}) Backup test (change) x509_certificate: - path: '{{ output_dir }}/ownca_cert_backup.pem' - csr_path: '{{ output_dir }}/csr.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem' + csr_path: '{{ remote_tmp_dir }}/csr.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: ownca ownca_digest: sha256 backup: yes @@ -315,7 +315,7 @@ register: ownca_backup_3 - name: (OwnCA, {{select_crypto_backend}}) Backup test (remove) x509_certificate: - path: '{{ output_dir }}/ownca_cert_backup.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem' state: absent provider: ownca backup: yes @@ -323,7 +323,7 @@ register: ownca_backup_4 - name: (OwnCA, {{select_crypto_backend}}) Backup test (remove, idempotent) x509_certificate: - path: '{{ output_dir }}/ownca_cert_backup.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem' state: absent provider: ownca backup: yes @@ -332,10 +332,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Create subject key identifier x509_certificate: - path: '{{ output_dir }}/ownca_cert_ski.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_ski.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: ownca ownca_digest: sha256 ownca_create_subject_key_identifier: always_create @@ -345,10 +345,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Create subject key identifier (idempotency) x509_certificate: - path: '{{ output_dir }}/ownca_cert_ski.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_ski.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: ownca ownca_digest: sha256 ownca_create_subject_key_identifier: always_create @@ -358,10 +358,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Create subject key identifier (remove) x509_certificate: - path: '{{ output_dir }}/ownca_cert_ski.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_ski.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: ownca ownca_digest: sha256 ownca_create_subject_key_identifier: never_create @@ -371,10 +371,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Create subject key identifier (remove idempotency) x509_certificate: - path: '{{ output_dir }}/ownca_cert_ski.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_ski.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: ownca ownca_digest: sha256 ownca_create_subject_key_identifier: never_create @@ -384,10 +384,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Create subject key identifier (re-enable) x509_certificate: - path: '{{ output_dir }}/ownca_cert_ski.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_ski.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: ownca ownca_digest: sha256 ownca_create_subject_key_identifier: always_create @@ -397,10 +397,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Create authority key identifier x509_certificate: - path: '{{ output_dir }}/ownca_cert_aki.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_aki.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: ownca ownca_digest: sha256 ownca_create_authority_key_identifier: yes @@ -410,10 +410,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Create authority key identifier (idempotency) x509_certificate: - path: '{{ output_dir }}/ownca_cert_aki.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_aki.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: ownca ownca_digest: sha256 ownca_create_authority_key_identifier: yes @@ -423,10 +423,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Create authority key identifier (remove) x509_certificate: - path: '{{ output_dir }}/ownca_cert_aki.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_aki.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: ownca ownca_digest: sha256 ownca_create_authority_key_identifier: no @@ -436,10 +436,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Create authority key identifier (remove idempotency) x509_certificate: - path: '{{ output_dir }}/ownca_cert_aki.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_aki.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: ownca ownca_digest: sha256 ownca_create_authority_key_identifier: no @@ -449,10 +449,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Create authority key identifier (re-add) x509_certificate: - path: '{{ output_dir }}/ownca_cert_aki.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_aki.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: ownca ownca_digest: sha256 ownca_create_authority_key_identifier: yes @@ -464,7 +464,7 @@ block: - name: (OwnCA, {{select_crypto_backend}}) Generate privatekeys openssl_privatekey: - path: '{{ output_dir }}/privatekey_{{ item }}.pem' + path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' type: '{{ item }}' loop: - Ed25519 @@ -478,8 +478,8 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate CSR openssl_csr: - path: '{{ output_dir }}/csr_{{ item }}.csr' - privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem' + path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -490,10 +490,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate x509_certificate: - path: '{{ output_dir }}/ownca_cert_{{ item }}.pem' - csr_path: '{{ output_dir }}/csr_{{ item }}.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_{{ item }}.pem' + csr_path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -505,10 +505,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent) x509_certificate: - path: '{{ output_dir }}/ownca_cert_{{ item }}.pem' - csr_path: '{{ output_dir }}/csr_{{ item }}.csr' - ownca_path: '{{ output_dir }}/ca_cert.pem' - ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_{{ item }}.pem' + csr_path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' provider: ownca ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -520,7 +520,7 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey openssl_privatekey: - path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem' + path: '{{ remote_tmp_dir }}/ca_privatekey_{{ item }}.pem' type: '{{ item }}' cipher: auto passphrase: Test123 @@ -531,8 +531,8 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR openssl_csr: - path: '{{ output_dir }}/ca_csr_{{ item }}.csr' - privatekey_path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem' + path: '{{ remote_tmp_dir }}/ca_csr_{{ item }}.csr' + privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey_{{ item }}.pem' privatekey_passphrase: Test123 subject: commonName: Example CA @@ -550,9 +550,9 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate x509_certificate: - path: '{{ output_dir }}/ca_cert_{{ item }}.pem' - csr_path: '{{ output_dir }}/ca_csr_{{ item }}.csr' - privatekey_path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem' + path: '{{ remote_tmp_dir }}/ca_cert_{{ item }}.pem' + csr_path: '{{ remote_tmp_dir }}/ca_csr_{{ item }}.csr' + privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey_{{ item }}.pem' privatekey_passphrase: Test123 provider: selfsigned select_crypto_backend: '{{ select_crypto_backend }}' @@ -563,10 +563,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate x509_certificate: - path: '{{ output_dir }}/ownca_cert_{{ item }}_2.pem' - csr_path: '{{ output_dir }}/csr.csr' - ownca_path: '{{ output_dir }}/ca_cert_{{ item }}.pem' - ownca_privatekey_path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_{{ item }}_2.pem' + csr_path: '{{ remote_tmp_dir }}/csr.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert_{{ item }}.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey_{{ item }}.pem' ownca_privatekey_passphrase: Test123 provider: ownca ownca_digest: sha256 @@ -579,10 +579,10 @@ - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent) x509_certificate: - path: '{{ output_dir }}/ownca_cert_{{ item }}_2.pem' - csr_path: '{{ output_dir }}/csr.csr' - ownca_path: '{{ output_dir }}/ca_cert_{{ item }}.pem' - ownca_privatekey_path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem' + path: '{{ remote_tmp_dir }}/ownca_cert_{{ item }}_2.pem' + csr_path: '{{ remote_tmp_dir }}/csr.csr' + ownca_path: '{{ remote_tmp_dir }}/ca_cert_{{ item }}.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey_{{ item }}.pem' ownca_privatekey_passphrase: Test123 provider: ownca ownca_digest: sha256 diff --git a/tests/integration/targets/x509_certificate/tasks/removal.yml b/tests/integration/targets/x509_certificate/tasks/removal.yml index 581021c4..901cad8b 100644 --- a/tests/integration/targets/x509_certificate/tasks/removal.yml +++ b/tests/integration/targets/x509_certificate/tasks/removal.yml @@ -1,31 +1,31 @@ --- - name: (Removal, {{select_crypto_backend}}) Generate privatekey openssl_privatekey: - path: '{{ output_dir }}/removal_privatekey.pem' + path: '{{ remote_tmp_dir }}/removal_privatekey.pem' size: '{{ default_rsa_key_size_certifiates }}' - name: (Removal, {{select_crypto_backend}}) Generate CSR openssl_csr: - path: '{{ output_dir }}/removal_csr.csr' - privatekey_path: '{{ output_dir }}/removal_privatekey.pem' + path: '{{ remote_tmp_dir }}/removal_csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/removal_privatekey.pem' - name: (Removal, {{select_crypto_backend}}) Generate selfsigned certificate x509_certificate: - path: '{{ output_dir }}/removal_cert.pem' - csr_path: '{{ output_dir }}/removal_csr.csr' - privatekey_path: '{{ output_dir }}/removal_privatekey.pem' + path: '{{ remote_tmp_dir }}/removal_cert.pem' + csr_path: '{{ remote_tmp_dir }}/removal_csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/removal_privatekey.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - name: "(Removal, {{select_crypto_backend}}) Check that file is not gone" stat: - path: "{{ output_dir }}/removal_cert.pem" + path: "{{ remote_tmp_dir }}/removal_cert.pem" register: removal_1_prestat - name: "(Removal, {{select_crypto_backend}}) Remove certificate" x509_certificate: - path: "{{ output_dir }}/removal_cert.pem" + path: "{{ remote_tmp_dir }}/removal_cert.pem" state: absent select_crypto_backend: '{{ select_crypto_backend }}' return_content: yes @@ -33,12 +33,12 @@ - name: "(Removal, {{select_crypto_backend}}) Check that file is gone" stat: - path: "{{ output_dir }}/removal_cert.pem" + path: "{{ remote_tmp_dir }}/removal_cert.pem" register: removal_1_poststat - name: "(Removal, {{select_crypto_backend}}) Remove certificate (idempotent)" x509_certificate: - path: "{{ output_dir }}/removal_cert.pem" + path: "{{ remote_tmp_dir }}/removal_cert.pem" state: absent select_crypto_backend: '{{ select_crypto_backend }}' register: removal_2 diff --git a/tests/integration/targets/x509_certificate/tasks/selfsigned.yml b/tests/integration/targets/x509_certificate/tasks/selfsigned.yml index 03c197aa..5e7d9257 100644 --- a/tests/integration/targets/x509_certificate/tasks/selfsigned.yml +++ b/tests/integration/targets/x509_certificate/tasks/selfsigned.yml @@ -1,12 +1,12 @@ --- - name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey openssl_privatekey: - path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size_certifiates }}' - name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey with password openssl_privatekey: - path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: auto select_crypto_backend: cryptography @@ -14,8 +14,8 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR x509_certificate: - path: '{{ output_dir }}/cert_no_csr.pem' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/cert_no_csr.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -24,8 +24,8 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR - idempotency x509_certificate: - path: '{{ output_dir }}/cert_no_csr.pem' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/cert_no_csr.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -34,8 +34,8 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR (check mode) x509_certificate: - path: '{{ output_dir }}/cert_no_csr.pem' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/cert_no_csr.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -44,23 +44,23 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate CSR openssl_csr: - path: '{{ output_dir }}/csr.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.example.com - name: (Selfsigned, {{select_crypto_backend}}) Generate CSR openssl_csr: - path: '{{ output_dir }}/csr_minimal_change.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_minimal_change.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.example.org - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate x509_certificate: - path: '{{ output_dir }}/cert.pem' - csr_path: '{{ output_dir }}/csr.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/cert.pem' + csr_path: '{{ remote_tmp_dir }}/csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -69,9 +69,9 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - idempotency x509_certificate: - path: '{{ output_dir }}/cert.pem' - csr_path: '{{ output_dir }}/csr.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/cert.pem' + csr_path: '{{ remote_tmp_dir }}/csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -80,9 +80,9 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (check mode) x509_certificate: - path: '{{ output_dir }}/cert.pem' - csr_path: '{{ output_dir }}/csr.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/cert.pem' + csr_path: '{{ remote_tmp_dir }}/csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -90,9 +90,9 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (check mode, other CSR) x509_certificate: - path: '{{ output_dir }}/cert.pem' - csr_path: '{{ output_dir }}/csr_minimal_change.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/cert.pem' + csr_path: '{{ remote_tmp_dir }}/csr_minimal_change.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -101,8 +101,8 @@ - name: (Selfsigned, {{select_crypto_backend}}) Check selfsigned certificate x509_certificate: - path: '{{ output_dir }}/cert.pem' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/cert.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: assertonly has_expired: False version: 3 @@ -115,9 +115,9 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned v2 certificate x509_certificate: - path: '{{ output_dir }}/cert_v2.pem' - csr_path: '{{ output_dir }}/csr.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/cert_v2.pem' + csr_path: '{{ remote_tmp_dir }}/csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: selfsigned selfsigned_digest: sha256 selfsigned_version: 2 @@ -127,7 +127,7 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey2 openssl_privatekey: - path: '{{ output_dir }}/privatekey2.pem' + path: '{{ remote_tmp_dir }}/privatekey2.pem' size: '{{ default_rsa_key_size_certifiates }}' - name: (Selfsigned, {{select_crypto_backend}}) Generate CSR2 @@ -141,8 +141,8 @@ OU: - Roadrunner pest control - Pyrotechnics - path: '{{ output_dir }}/csr2.csr' - privatekey_path: '{{ output_dir }}/privatekey2.pem' + path: '{{ remote_tmp_dir }}/csr2.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' keyUsage: - digitalSignature extendedKeyUsage: @@ -151,17 +151,17 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate2 x509_certificate: - path: '{{ output_dir }}/cert2.pem' - csr_path: '{{ output_dir }}/csr2.csr' - privatekey_path: '{{ output_dir }}/privatekey2.pem' + path: '{{ remote_tmp_dir }}/cert2.pem' + csr_path: '{{ remote_tmp_dir }}/csr2.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' - name: (Selfsigned, {{select_crypto_backend}}) Check selfsigned certificate2 x509_certificate: - path: '{{ output_dir }}/cert2.pem' - privatekey_path: '{{ output_dir }}/privatekey2.pem' + path: '{{ remote_tmp_dir }}/cert2.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' provider: assertonly has_expired: False version: 3 @@ -186,45 +186,45 @@ - name: (Selfsigned, {{select_crypto_backend}}) Create private key 3 openssl_privatekey: - path: "{{ output_dir }}/privatekey3.pem" + path: "{{ remote_tmp_dir }}/privatekey3.pem" size: '{{ default_rsa_key_size_certifiates }}' - name: (Selfsigned, {{select_crypto_backend}}) Create CSR 3 openssl_csr: subject: CN: www.example.com - privatekey_path: "{{ output_dir }}/privatekey3.pem" - path: "{{ output_dir }}/csr3.pem" + privatekey_path: "{{ remote_tmp_dir }}/privatekey3.pem" + path: "{{ remote_tmp_dir }}/csr3.pem" - name: (Selfsigned, {{select_crypto_backend}}) Create certificate3 with notBefore and notAfter x509_certificate: provider: selfsigned selfsigned_not_before: 20181023133742Z selfsigned_not_after: 20191023133742Z - path: "{{ output_dir }}/cert3.pem" - csr_path: "{{ output_dir }}/csr3.pem" - privatekey_path: "{{ output_dir }}/privatekey3.pem" + path: "{{ remote_tmp_dir }}/cert3.pem" + csr_path: "{{ remote_tmp_dir }}/csr3.pem" + privatekey_path: "{{ remote_tmp_dir }}/privatekey3.pem" select_crypto_backend: '{{ select_crypto_backend }}' - name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey openssl_privatekey: - path: '{{ output_dir }}/privatekey_ecc.pem' + path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' type: ECC curve: "{{ (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') | ternary('secp521r1', 'secp256k1') }}" # ^ cryptography on CentOS6 doesn't support secp256k1, so we use secp521r1 instead - name: (Selfsigned, {{select_crypto_backend}}) Generate CSR openssl_csr: - path: '{{ output_dir }}/csr_ecc.csr' - privatekey_path: '{{ output_dir }}/privatekey_ecc.pem' + path: '{{ remote_tmp_dir }}/csr_ecc.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' subject: commonName: www.example.com - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate x509_certificate: - path: '{{ output_dir }}/cert_ecc.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - privatekey_path: '{{ output_dir }}/privatekey_ecc.pem' + path: '{{ remote_tmp_dir }}/cert_ecc.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -232,17 +232,17 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate CSR (privatekey passphrase) openssl_csr: - path: '{{ output_dir }}/csr_pass.csr' - privatekey_path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/csr_pass.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: hunter2 subject: commonName: www.example.com - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (privatekey passphrase) x509_certificate: - path: '{{ output_dir }}/cert_pass.pem' - csr_path: '{{ output_dir }}/csr_pass.csr' - privatekey_path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/cert_pass.pem' + csr_path: '{{ remote_tmp_dir }}/csr_pass.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: hunter2 provider: selfsigned selfsigned_digest: sha256 @@ -251,9 +251,9 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 1) x509_certificate: - path: '{{ output_dir }}/cert_pw1.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/cert_pw1.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_passphrase: hunter2 provider: selfsigned selfsigned_digest: sha256 @@ -263,9 +263,9 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 2) x509_certificate: - path: '{{ output_dir }}/cert_pw2.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - privatekey_path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/cert_pw2.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: wrong_password provider: selfsigned selfsigned_digest: sha256 @@ -275,9 +275,9 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 3) x509_certificate: - path: '{{ output_dir }}/cert_pw3.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - privatekey_path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/cert_pw3.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -286,22 +286,22 @@ - name: (Selfsigned, {{select_crypto_backend}}) Create broken certificate copy: - dest: "{{ output_dir }}/cert_broken.pem" + dest: "{{ remote_tmp_dir }}/cert_broken.pem" content: "broken" - name: (Selfsigned, {{select_crypto_backend}}) Regenerate broken cert x509_certificate: - path: '{{ output_dir }}/cert_broken.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - privatekey_path: '{{ output_dir }}/privatekey_ecc.pem' + path: '{{ remote_tmp_dir }}/cert_broken.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' provider: selfsigned selfsigned_digest: sha256 register: selfsigned_broken - name: (Selfsigned, {{select_crypto_backend}}) Backup test x509_certificate: - path: '{{ output_dir }}/selfsigned_cert_backup.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - privatekey_path: '{{ output_dir }}/privatekey_ecc.pem' + path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' provider: selfsigned selfsigned_digest: sha256 backup: yes @@ -309,9 +309,9 @@ register: selfsigned_backup_1 - name: (Selfsigned, {{select_crypto_backend}}) Backup test (idempotent) x509_certificate: - path: '{{ output_dir }}/selfsigned_cert_backup.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - privatekey_path: '{{ output_dir }}/privatekey_ecc.pem' + path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' provider: selfsigned selfsigned_digest: sha256 backup: yes @@ -319,9 +319,9 @@ register: selfsigned_backup_2 - name: (Selfsigned, {{select_crypto_backend}}) Backup test (change) x509_certificate: - path: '{{ output_dir }}/selfsigned_cert_backup.pem' - csr_path: '{{ output_dir }}/csr.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem' + csr_path: '{{ remote_tmp_dir }}/csr.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: selfsigned selfsigned_digest: sha256 backup: yes @@ -329,7 +329,7 @@ register: selfsigned_backup_3 - name: (Selfsigned, {{select_crypto_backend}}) Backup test (remove) x509_certificate: - path: '{{ output_dir }}/selfsigned_cert_backup.pem' + path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem' state: absent provider: selfsigned backup: yes @@ -337,7 +337,7 @@ register: selfsigned_backup_4 - name: (Selfsigned, {{select_crypto_backend}}) Backup test (remove, idempotent) x509_certificate: - path: '{{ output_dir }}/selfsigned_cert_backup.pem' + path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem' state: absent provider: selfsigned backup: yes @@ -346,9 +346,9 @@ - name: (Selfsigned, {{select_crypto_backend}}) Create subject key identifier test x509_certificate: - path: '{{ output_dir }}/selfsigned_cert_ski.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - privatekey_path: '{{ output_dir }}/privatekey_ecc.pem' + path: '{{ remote_tmp_dir }}/selfsigned_cert_ski.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' provider: selfsigned selfsigned_digest: sha256 selfsigned_create_subject_key_identifier: always_create @@ -358,9 +358,9 @@ - name: (Selfsigned, {{select_crypto_backend}}) Create subject key identifier test (idempotency) x509_certificate: - path: '{{ output_dir }}/selfsigned_cert_ski.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - privatekey_path: '{{ output_dir }}/privatekey_ecc.pem' + path: '{{ remote_tmp_dir }}/selfsigned_cert_ski.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' provider: selfsigned selfsigned_digest: sha256 selfsigned_create_subject_key_identifier: always_create @@ -370,9 +370,9 @@ - name: (Selfsigned, {{select_crypto_backend}}) Create subject key identifier test (remove) x509_certificate: - path: '{{ output_dir }}/selfsigned_cert_ski.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - privatekey_path: '{{ output_dir }}/privatekey_ecc.pem' + path: '{{ remote_tmp_dir }}/selfsigned_cert_ski.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' provider: selfsigned selfsigned_digest: sha256 selfsigned_create_subject_key_identifier: never_create @@ -382,9 +382,9 @@ - name: (Selfsigned, {{select_crypto_backend}}) Create subject key identifier test (remove idempotency) x509_certificate: - path: '{{ output_dir }}/selfsigned_cert_ski.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - privatekey_path: '{{ output_dir }}/privatekey_ecc.pem' + path: '{{ remote_tmp_dir }}/selfsigned_cert_ski.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' provider: selfsigned selfsigned_digest: sha256 selfsigned_create_subject_key_identifier: never_create @@ -394,9 +394,9 @@ - name: (Selfsigned, {{select_crypto_backend}}) Create subject key identifier test (re-enable) x509_certificate: - path: '{{ output_dir }}/selfsigned_cert_ski.pem' - csr_path: '{{ output_dir }}/csr_ecc.csr' - privatekey_path: '{{ output_dir }}/privatekey_ecc.pem' + path: '{{ remote_tmp_dir }}/selfsigned_cert_ski.pem' + csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' provider: selfsigned selfsigned_digest: sha256 selfsigned_create_subject_key_identifier: always_create @@ -408,7 +408,7 @@ block: - name: (Selfsigned, {{select_crypto_backend}}) Generate privatekeys openssl_privatekey: - path: '{{ output_dir }}/privatekey_{{ item }}.pem' + path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' type: '{{ item }}' loop: - Ed25519 @@ -422,8 +422,8 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate CSR openssl_csr: - path: '{{ output_dir }}/csr_{{ item }}.csr' - privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem' + path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' subject: commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' @@ -434,9 +434,9 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate x509_certificate: - path: '{{ output_dir }}/cert_{{ item }}.pem' - csr_path: '{{ output_dir }}/csr_{{ item }}.csr' - privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem' + path: '{{ remote_tmp_dir }}/cert_{{ item }}.pem' + csr_path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' @@ -448,9 +448,9 @@ - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - idempotency x509_certificate: - path: '{{ output_dir }}/cert_{{ item }}.pem' - csr_path: '{{ output_dir }}/csr_{{ item }}.csr' - privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem' + path: '{{ remote_tmp_dir }}/cert_{{ item }}.pem' + csr_path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' provider: selfsigned selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' diff --git a/tests/integration/targets/x509_certificate/tests/validate_ownca.yml b/tests/integration/targets/x509_certificate/tests/validate_ownca.yml index e8d23f46..6cd3e069 100644 --- a/tests/integration/targets/x509_certificate/tests/validate_ownca.yml +++ b/tests/integration/targets/x509_certificate/tests/validate_ownca.yml @@ -1,18 +1,18 @@ --- - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate (test - verify CA) - shell: '{{ openssl_binary }} verify -CAfile {{ output_dir }}/ca_cert.pem {{ output_dir }}/ownca_cert.pem | sed "s/.*: \(.*\)/\1/g"' + shell: '{{ openssl_binary }} verify -CAfile {{ remote_tmp_dir }}/ca_cert.pem {{ remote_tmp_dir }}/ownca_cert.pem | sed "s/.*: \(.*\)/\1/g"' register: ownca_verify_ca - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate (test - ownca certificate modulus) - shell: '{{ openssl_binary }} x509 -noout -modulus -in {{ output_dir }}/ownca_cert.pem' + shell: '{{ openssl_binary }} x509 -noout -modulus -in {{ remote_tmp_dir }}/ownca_cert.pem' register: ownca_cert_modulus - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate (test - ownca issuer value) - shell: '{{ openssl_binary }} x509 -noout -in {{ output_dir}}/ownca_cert.pem -text | grep "Issuer" | sed "s/.*: \(.*\)/\1/g"' + shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir}}/ownca_cert.pem -text | grep "Issuer" | sed "s/.*: \(.*\)/\1/g"' register: ownca_cert_issuer - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate (test - ownca certficate version == default == 3) - shell: '{{ openssl_binary }} x509 -noout -in {{ output_dir}}/ownca_cert.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' + shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir}}/ownca_cert.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' register: ownca_cert_version - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate (assert) @@ -31,15 +31,20 @@ - ownca_certificate.notBefore == ownca_certificate_idempotence.notBefore - ownca_certificate.notAfter == ownca_certificate_idempotence.notAfter +- name: (OwnCA validation, {{select_crypto_backend}}) Read certificate + slurp: + src: '{{ remote_tmp_dir }}/ownca_cert.pem' + register: slurp + - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca data return assert: that: - - ownca_certificate.certificate == lookup('file', output_dir ~ '/ownca_cert.pem', rstrip=False) + - ownca_certificate.certificate == (slurp.content | b64decode) - ownca_certificate.certificate == ownca_certificate_idempotence.certificate - block: - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate v2 (test - ownca certificate version == 2) - shell: '{{ openssl_binary }} x509 -noout -in {{ output_dir}}/ownca_cert_v2.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' + shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir}}/ownca_cert_v2.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' register: ownca_cert_v2_version - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate version 2 (assert) @@ -57,7 +62,7 @@ - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate2 (test - ownca certificate modulus) - shell: '{{ openssl_binary }} x509 -noout -modulus -in {{ output_dir }}/ownca_cert2.pem' + shell: '{{ openssl_binary }} x509 -noout -modulus -in {{ remote_tmp_dir }}/ownca_cert2.pem' register: ownca_cert2_modulus - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate2 (assert) @@ -66,11 +71,11 @@ - ownca_cert2_modulus.stdout == privatekey2_modulus.stdout - name: (OwnCA validation, {{select_crypto_backend}}) Validate owncal certificate3 (test - notBefore) - shell: '{{ openssl_binary }} x509 -noout -in {{ output_dir }}/ownca_cert3.pem -text | grep "Not Before" | sed "s/.*: \(.*\) .*/\1/g"' + shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/ownca_cert3.pem -text | grep "Not Before" | sed "s/.*: \(.*\) .*/\1/g"' register: ownca_cert3_notBefore - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate3 (test - notAfter) - shell: '{{ openssl_binary }} x509 -noout -in {{ output_dir }}/ownca_cert3.pem -text | grep "Not After" | sed "s/.*: \(.*\) .*/\1/g"' + shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/ownca_cert3.pem -text | grep "Not After" | sed "s/.*: \(.*\) .*/\1/g"' register: ownca_cert3_notAfter - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate3 (assert - notBefore) @@ -84,11 +89,11 @@ - ownca_cert3_notAfter.stdout == 'Oct 23 13:37:42 2019' - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca ECC certificate (test - ownca certificate pubkey) - shell: '{{ openssl_binary }} x509 -noout -pubkey -in {{ output_dir }}/ownca_cert_ecc.pem' + shell: '{{ openssl_binary }} x509 -noout -pubkey -in {{ remote_tmp_dir }}/ownca_cert_ecc.pem' register: ownca_cert_ecc_pubkey - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca ECC certificate (test - ownca issuer value) - shell: '{{ openssl_binary }} x509 -noout -in {{ output_dir}}/ownca_cert_ecc.pem -text | grep "Issuer" | sed "s/.*: \(.*\)/\1/g"' + shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir}}/ownca_cert_ecc.pem -text | grep "Issuer" | sed "s/.*: \(.*\)/\1/g"' register: ownca_cert_ecc_issuer - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca ECC certificate (assert) diff --git a/tests/integration/targets/x509_certificate/tests/validate_selfsigned.yml b/tests/integration/targets/x509_certificate/tests/validate_selfsigned.yml index 03da84e6..9c43ff25 100644 --- a/tests/integration/targets/x509_certificate/tests/validate_selfsigned.yml +++ b/tests/integration/targets/x509_certificate/tests/validate_selfsigned.yml @@ -1,6 +1,6 @@ --- - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - privatekey modulus) - shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ output_dir }}/privatekey.pem' + shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' register: privatekey_modulus - name: (Selfsigned validation, {{select_crypto_backend}}) Validate behavior for no CSR @@ -11,11 +11,11 @@ - selfsigned_certificate_no_csr_idempotence_check is not changed - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate with no CSR (test - certificate modulus) - shell: '{{ openssl_binary }} x509 -noout -modulus -in {{ output_dir }}/cert_no_csr.pem' + shell: '{{ openssl_binary }} x509 -noout -modulus -in {{ remote_tmp_dir }}/cert_no_csr.pem' register: cert_modulus - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate with no CSR (test - certficate version == default == 3) - shell: '{{ openssl_binary }} x509 -noout -in {{ output_dir}}/cert_no_csr.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' + shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir}}/cert_no_csr.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' register: cert_version - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate with no CSR (assert) @@ -31,23 +31,28 @@ - selfsigned_certificate_no_csr.notBefore == selfsigned_certificate_no_csr_idempotence.notBefore - selfsigned_certificate_no_csr.notAfter == selfsigned_certificate_no_csr_idempotence.notAfter +- name: (Selfsigned validation, {{select_crypto_backend}}) Read certificate with no CSR + slurp: + src: '{{ remote_tmp_dir }}/cert_no_csr.pem' + register: slurp + - name: (Selfsigned validation, {{select_crypto_backend}}) Validate data retrieval with no CSR assert: that: - - selfsigned_certificate_no_csr.certificate == lookup('file', output_dir ~ '/cert_no_csr.pem', rstrip=False) + - selfsigned_certificate_no_csr.certificate == (slurp.content | b64decode) - selfsigned_certificate_no_csr.certificate == selfsigned_certificate_no_csr_idempotence.certificate - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - certificate modulus) - shell: '{{ openssl_binary }} x509 -noout -modulus -in {{ output_dir }}/cert.pem' + shell: '{{ openssl_binary }} x509 -noout -modulus -in {{ remote_tmp_dir }}/cert.pem' register: cert_modulus - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - issuer value) - shell: '{{ openssl_binary }} x509 -noout -in {{ output_dir}}/cert.pem -text | grep "Issuer" | sed "s/.*: \(.*\)/\1/g; s/ //g;"' + shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir}}/cert.pem -text | grep "Issuer" | sed "s/.*: \(.*\)/\1/g; s/ //g;"' register: cert_issuer - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - certficate version == default == 3) - shell: '{{ openssl_binary }} x509 -noout -in {{ output_dir}}/cert.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' + shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir}}/cert.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' register: cert_version - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (assert) @@ -64,10 +69,15 @@ - selfsigned_certificate.notBefore == selfsigned_certificate_idempotence.notBefore - selfsigned_certificate.notAfter == selfsigned_certificate_idempotence.notAfter +- name: (Selfsigned validation, {{select_crypto_backend}}) Read certificate + slurp: + src: '{{ remote_tmp_dir }}/cert.pem' + register: slurp + - name: (Selfsigned validation, {{select_crypto_backend}}) Validate data retrieval assert: that: - - selfsigned_certificate.certificate == lookup('file', output_dir ~ '/cert.pem', rstrip=False) + - selfsigned_certificate.certificate == (slurp.content | b64decode) - selfsigned_certificate.certificate == selfsigned_certificate_idempotence.certificate - name: Make sure that changes in CSR are detected even if private key is specified @@ -77,7 +87,7 @@ - block: - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate v2 (test - certificate version == 2) - shell: '{{ openssl_binary }} x509 -noout -in {{ output_dir}}/cert_v2.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' + shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir}}/cert_v2.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' register: cert_v2_version - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate version 2 (assert) @@ -95,11 +105,11 @@ when: select_crypto_backend == 'cryptography' - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate2 (test - privatekey modulus) - shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ output_dir }}/privatekey2.pem' + shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey2.pem' register: privatekey2_modulus - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate2 (test - certificate modulus) - shell: '{{ openssl_binary }} x509 -noout -modulus -in {{ output_dir }}/cert2.pem' + shell: '{{ openssl_binary }} x509 -noout -modulus -in {{ remote_tmp_dir }}/cert2.pem' register: cert2_modulus - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate2 (assert) @@ -108,11 +118,11 @@ - cert2_modulus.stdout == privatekey2_modulus.stdout - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate3 (test - notBefore) - shell: '{{ openssl_binary }} x509 -noout -in {{ output_dir }}/cert3.pem -text | grep "Not Before" | sed "s/.*: \(.*\) .*/\1/g"' + shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/cert3.pem -text | grep "Not Before" | sed "s/.*: \(.*\) .*/\1/g"' register: cert3_notBefore - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate3 (test - notAfter) - shell: '{{ openssl_binary }} x509 -noout -in {{ output_dir }}/cert3.pem -text | grep "Not After" | sed "s/.*: \(.*\) .*/\1/g"' + shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/cert3.pem -text | grep "Not After" | sed "s/.*: \(.*\) .*/\1/g"' register: cert3_notAfter - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate3 (assert - notBefore) @@ -126,11 +136,11 @@ - cert3_notAfter.stdout == 'Oct 23 13:37:42 2019' - name: (Selfsigned validation, {{select_crypto_backend}}) Validate ECC certificate (test - privatekey's pubkey) - shell: '{{ openssl_binary }} ec -pubout -in {{ output_dir }}/privatekey_ecc.pem' + shell: '{{ openssl_binary }} ec -pubout -in {{ remote_tmp_dir }}/privatekey_ecc.pem' register: privatekey_ecc_pubkey - name: (Selfsigned validation, {{select_crypto_backend}}) Validate ECC certificate (test - certificate pubkey) - shell: '{{ openssl_binary }} x509 -noout -pubkey -in {{ output_dir }}/cert_ecc.pem' + shell: '{{ openssl_binary }} x509 -noout -pubkey -in {{ remote_tmp_dir }}/cert_ecc.pem' register: cert_ecc_pubkey - name: (Selfsigned validation, {{select_crypto_backend}}) Validate ECC certificate (assert) diff --git a/tests/integration/targets/x509_certificate_info/meta/main.yml b/tests/integration/targets/x509_certificate_info/meta/main.yml index d1a318db..ff8af08d 100644 --- a/tests/integration/targets/x509_certificate_info/meta/main.yml +++ b/tests/integration/targets/x509_certificate_info/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - setup_openssl - setup_pyopenssl + - setup_remote_tmp_dir diff --git a/tests/integration/targets/x509_certificate_info/tasks/impl.yml b/tests/integration/targets/x509_certificate_info/tasks/impl.yml index 90f8e70f..ae783213 100644 --- a/tests/integration/targets/x509_certificate_info/tasks/impl.yml +++ b/tests/integration/targets/x509_certificate_info/tasks/impl.yml @@ -4,7 +4,7 @@ - name: ({{select_crypto_backend}}) Get certificate info x509_certificate_info: - path: '{{ output_dir }}/cert_1.pem' + path: '{{ remote_tmp_dir }}/cert_1.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result @@ -37,9 +37,14 @@ set_fact: info_results: "{{ info_results + [result] }}" +- name: ({{select_crypto_backend}}) Read file + slurp: + src: '{{ remote_tmp_dir }}/cert_1.pem' + register: slurp + - name: ({{select_crypto_backend}}) Get certificate info directly x509_certificate_info: - content: '{{ lookup("file", output_dir ~ "/cert_1.pem") }}' + content: '{{ slurp.content | b64decode }}' select_crypto_backend: '{{ select_crypto_backend }}' register: result_direct @@ -50,7 +55,7 @@ - name: ({{select_crypto_backend}}) Get certificate info x509_certificate_info: - path: '{{ output_dir }}/cert_2.pem' + path: '{{ remote_tmp_dir }}/cert_2.pem' select_crypto_backend: '{{ select_crypto_backend }}' valid_at: today: "+0d" @@ -69,7 +74,7 @@ - name: ({{select_crypto_backend}}) Get certificate info x509_certificate_info: - path: '{{ output_dir }}/cert_3.pem' + path: '{{ remote_tmp_dir }}/cert_3.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result @@ -91,7 +96,7 @@ - name: ({{select_crypto_backend}}) Get certificate info x509_certificate_info: - path: '{{ output_dir }}/cert_4.pem' + path: '{{ remote_tmp_dir }}/cert_4.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result @@ -107,9 +112,14 @@ set_fact: info_results: "{{ info_results + [result] }}" +- name: Copy packed cert 1 to remote + copy: + src: cert1.pem + dest: '{{ remote_tmp_dir }}/packed-cert-1.pem' + - name: ({{select_crypto_backend}}) Get certificate info for packaged cert 1 x509_certificate_info: - path: '{{ role_path }}/files/cert1.pem' + path: '{{ remote_tmp_dir }}/packed-cert-1.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result - assert: diff --git a/tests/integration/targets/x509_certificate_info/tasks/main.yml b/tests/integration/targets/x509_certificate_info/tasks/main.yml index 44da12e2..d2a34992 100644 --- a/tests/integration/targets/x509_certificate_info/tasks/main.yml +++ b/tests/integration/targets/x509_certificate_info/tasks/main.yml @@ -6,12 +6,12 @@ - name: Generate privatekey openssl_privatekey: - path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size_certifiates }}' - name: Generate privatekey with password openssl_privatekey: - path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: auto select_crypto_backend: cryptography @@ -19,8 +19,8 @@ - name: Generate CSR 1 openssl_csr: - path: '{{ output_dir }}/csr_1.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_1.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.example.com C: de @@ -87,8 +87,8 @@ - name: Generate CSR 2 openssl_csr: - path: '{{ output_dir }}/csr_2.csr' - privatekey_path: '{{ output_dir }}/privatekeypw.pem' + path: '{{ remote_tmp_dir }}/csr_2.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: hunter2 useCommonNameForSAN: no basic_constraints: @@ -96,8 +96,8 @@ - name: Generate CSR 3 openssl_csr: - path: '{{ output_dir }}/csr_3.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_3.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' useCommonNameForSAN: no subject_alt_name: - "DNS:*.ansible.com" @@ -114,16 +114,16 @@ - name: Generate CSR 4 openssl_csr: - path: '{{ output_dir }}/csr_4.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/csr_4.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' useCommonNameForSAN: no authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}' - name: Generate selfsigned certificates x509_certificate: - path: '{{ output_dir }}/cert_{{ item }}.pem' - csr_path: '{{ output_dir }}/csr_{{ item }}.csr' - privatekey_path: '{{ output_dir }}/privatekey.pem' + path: '{{ remote_tmp_dir }}/cert_{{ item }}.pem' + csr_path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: selfsigned selfsigned_digest: sha256 selfsigned_not_after: "+10d" diff --git a/tests/integration/targets/x509_certificate_pipe/meta/main.yml b/tests/integration/targets/x509_certificate_pipe/meta/main.yml index d1a318db..ff8af08d 100644 --- a/tests/integration/targets/x509_certificate_pipe/meta/main.yml +++ b/tests/integration/targets/x509_certificate_pipe/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - setup_openssl - setup_pyopenssl + - setup_remote_tmp_dir diff --git a/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml b/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml index 854ae5d6..1ce8550f 100644 --- a/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml +++ b/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml @@ -1,7 +1,7 @@ --- - name: "({{ select_crypto_backend }}) Generate privatekey" openssl_privatekey: - path: '{{ output_dir }}/{{ item }}.pem' + path: '{{ remote_tmp_dir }}/{{ item }}.pem' size: '{{ default_rsa_key_size_certifiates }}' loop: - privatekey @@ -9,8 +9,8 @@ - name: "({{ select_crypto_backend }}) Generate CSRs" openssl_csr: - privatekey_path: '{{ output_dir }}/{{ item.key }}.pem' - path: '{{ output_dir }}/{{ item.name }}.csr' + privatekey_path: '{{ remote_tmp_dir }}/{{ item.key }}.pem' + path: '{{ remote_tmp_dir }}/{{ item.name }}.csr' subject: commonName: '{{ item.cn }}' select_crypto_backend: '{{ select_crypto_backend }}' @@ -33,10 +33,10 @@ - name: "({{ select_crypto_backend }}) Generate self-signed certificate (check mode)" x509_certificate_pipe: provider: selfsigned - privatekey_path: '{{ output_dir }}/privatekey.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' selfsigned_not_before: 20181023133742Z selfsigned_not_after: 20191023133742Z - csr_path: '{{ output_dir }}/cert.csr' + csr_path: '{{ remote_tmp_dir }}/cert.csr' select_crypto_backend: '{{ select_crypto_backend }}' check_mode: yes register: generate_certificate_check @@ -44,10 +44,10 @@ - name: "({{ select_crypto_backend }}) Generate self-signed certificate" x509_certificate_pipe: provider: selfsigned - privatekey_path: '{{ output_dir }}/privatekey.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' selfsigned_not_before: 20181023133742Z selfsigned_not_after: 20191023133742Z - csr_path: '{{ output_dir }}/cert.csr' + csr_path: '{{ remote_tmp_dir }}/cert.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: generate_certificate @@ -55,10 +55,10 @@ x509_certificate_pipe: provider: selfsigned content: "{{ generate_certificate.certificate }}" - privatekey_path: '{{ output_dir }}/privatekey.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' selfsigned_not_before: 20181023133742Z selfsigned_not_after: 20191023133742Z - csr_path: '{{ output_dir }}/cert.csr' + csr_path: '{{ remote_tmp_dir }}/cert.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: generate_certificate_idempotent @@ -66,10 +66,10 @@ x509_certificate_pipe: provider: selfsigned content: "{{ generate_certificate.certificate }}" - privatekey_path: '{{ output_dir }}/privatekey.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' selfsigned_not_before: 20181023133742Z selfsigned_not_after: 20191023133742Z - csr_path: '{{ output_dir }}/cert.csr' + csr_path: '{{ remote_tmp_dir }}/cert.csr' select_crypto_backend: '{{ select_crypto_backend }}' check_mode: yes register: generate_certificate_idempotent_check @@ -78,10 +78,10 @@ x509_certificate_pipe: provider: selfsigned content: "{{ generate_certificate.certificate }}" - privatekey_path: '{{ output_dir }}/privatekey.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' selfsigned_not_before: 20181023133742Z selfsigned_not_after: 20191023133742Z - csr_path: '{{ output_dir }}/cert-2.csr' + csr_path: '{{ remote_tmp_dir }}/cert-2.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: generate_certificate_changed @@ -89,16 +89,16 @@ x509_certificate_pipe: provider: selfsigned content: "{{ generate_certificate.certificate }}" - privatekey_path: '{{ output_dir }}/privatekey.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' selfsigned_not_before: 20181023133742Z selfsigned_not_after: 20191023133742Z - csr_path: '{{ output_dir }}/cert-2.csr' + csr_path: '{{ remote_tmp_dir }}/cert-2.csr' select_crypto_backend: '{{ select_crypto_backend }}' check_mode: yes register: generate_certificate_changed_check - name: "({{ select_crypto_backend }}) Validate certificate (test - privatekey modulus)" - shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ output_dir }}/privatekey.pem' + shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' register: privatekey_modulus - name: "({{ select_crypto_backend }}) Validate certificate (test - Common Name)" @@ -135,10 +135,10 @@ x509_certificate_pipe: provider: ownca ownca_content: '{{ generate_certificate.certificate }}' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' ownca_not_before: 20181023133742Z ownca_not_after: 20191023133742Z - csr_path: '{{ output_dir }}/cert-3.csr' + csr_path: '{{ remote_tmp_dir }}/cert-3.csr' select_crypto_backend: '{{ select_crypto_backend }}' check_mode: yes register: ownca_generate_certificate_check @@ -147,10 +147,10 @@ x509_certificate_pipe: provider: ownca ownca_content: '{{ generate_certificate.certificate }}' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' ownca_not_before: 20181023133742Z ownca_not_after: 20191023133742Z - csr_path: '{{ output_dir }}/cert-3.csr' + csr_path: '{{ remote_tmp_dir }}/cert-3.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_generate_certificate @@ -159,10 +159,10 @@ provider: ownca content: "{{ ownca_generate_certificate.certificate }}" ownca_content: '{{ generate_certificate.certificate }}' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' ownca_not_before: 20181023133742Z ownca_not_after: 20191023133742Z - csr_path: '{{ output_dir }}/cert-3.csr' + csr_path: '{{ remote_tmp_dir }}/cert-3.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_generate_certificate_idempotent @@ -171,10 +171,10 @@ provider: ownca content: "{{ ownca_generate_certificate.certificate }}" ownca_content: '{{ generate_certificate.certificate }}' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' ownca_not_before: 20181023133742Z ownca_not_after: 20191023133742Z - csr_path: '{{ output_dir }}/cert-3.csr' + csr_path: '{{ remote_tmp_dir }}/cert-3.csr' select_crypto_backend: '{{ select_crypto_backend }}' check_mode: yes register: ownca_generate_certificate_idempotent_check @@ -184,10 +184,10 @@ provider: ownca content: "{{ ownca_generate_certificate.certificate }}" ownca_content: '{{ generate_certificate.certificate }}' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' ownca_not_before: 20181023133742Z ownca_not_after: 20191023133742Z - csr_path: '{{ output_dir }}/cert-4.csr' + csr_path: '{{ remote_tmp_dir }}/cert-4.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_generate_certificate_changed @@ -196,16 +196,16 @@ provider: ownca content: "{{ ownca_generate_certificate.certificate }}" ownca_content: '{{ generate_certificate.certificate }}' - ownca_privatekey_path: '{{ output_dir }}/privatekey.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' ownca_not_before: 20181023133742Z ownca_not_after: 20191023133742Z - csr_path: '{{ output_dir }}/cert-4.csr' + csr_path: '{{ remote_tmp_dir }}/cert-4.csr' select_crypto_backend: '{{ select_crypto_backend }}' check_mode: yes register: ownca_generate_certificate_changed_check - name: "({{ select_crypto_backend }}) Validate certificate (test - privatekey modulus)" - shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ output_dir }}/privatekey2.pem' + shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey2.pem' register: privatekey_modulus - name: "({{ select_crypto_backend }}) Validate certificate (test - Common Name)" diff --git a/tests/integration/targets/x509_certificate_pipe/tasks/main.yml b/tests/integration/targets/x509_certificate_pipe/tasks/main.yml index 6cb76213..891cbb0f 100644 --- a/tests/integration/targets/x509_certificate_pipe/tasks/main.yml +++ b/tests/integration/targets/x509_certificate_pipe/tasks/main.yml @@ -6,12 +6,12 @@ - name: Prepare private key for backend autodetection test openssl_privatekey: - path: '{{ output_dir }}/privatekey_backend_selection.pem' + path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem' size: '{{ default_rsa_key_size_certifiates }}' - name: Run module with backend autodetection x509_certificate_pipe: provider: selfsigned - privatekey_path: '{{ output_dir }}/privatekey_backend_selection.pem' + privatekey_path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem' - block: - name: Running tests with pyOpenSSL backend @@ -23,12 +23,12 @@ - name: Remove output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory file: - path: "{{ output_dir }}" + path: "{{ remote_tmp_dir }}" state: directory - block: diff --git a/tests/integration/targets/x509_crl/meta/main.yml b/tests/integration/targets/x509_crl/meta/main.yml index 50a66bb6..f4801bca 100644 --- a/tests/integration/targets/x509_crl/meta/main.yml +++ b/tests/integration/targets/x509_crl/meta/main.yml @@ -1,3 +1,4 @@ dependencies: - setup_openssl - setup_pyopenssl # the x509_crl* modules don't need this, but the other modules using during the tests do in some situations + - setup_remote_tmp_dir diff --git a/tests/integration/targets/x509_crl/tasks/impl.yml b/tests/integration/targets/x509_crl/tasks/impl.yml index a4fd262e..4fa6bbd3 100644 --- a/tests/integration/targets/x509_crl/tasks/impl.yml +++ b/tests/integration/targets/x509_crl/tasks/impl.yml @@ -1,16 +1,16 @@ --- - name: Create CRL 1 (check mode) x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl1.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' + - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes @@ -22,16 +22,16 @@ - name: Create CRL 1 (check mode) x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl1.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' + - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes @@ -43,16 +43,16 @@ - name: Create CRL 1 x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl1.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' + - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes @@ -68,31 +68,36 @@ - name: Retrieve CRL 1 infos x509_crl_info: - path: '{{ output_dir }}/ca-crl1.crl' + path: '{{ remote_tmp_dir }}/ca-crl1.crl' register: crl_1_info_1 +- name: ({{select_crypto_backend}}) Read ca-crl1.crl + slurp: + src: '{{ remote_tmp_dir }}/ca-crl1.crl' + register: slurp + - name: Retrieve CRL 1 infos via file content x509_crl_info: - content: '{{ lookup("file", output_dir ~ "/ca-crl1.crl") }}' + content: '{{ slurp.content | b64decode }}' register: crl_1_info_2 - name: Retrieve CRL 1 infos via file content (Base64) x509_crl_info: - content: '{{ lookup("file", output_dir ~ "/ca-crl1.crl") | b64encode }}' + content: '{{ slurp.content }}' register: crl_1_info_3 - name: Create CRL 1 (idempotent, check mode) x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl1.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' + - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes @@ -104,16 +109,16 @@ - name: Create CRL 1 (idempotent) x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl1.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' + - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes @@ -122,18 +127,27 @@ revocation_date: 20191001000000Z register: crl_1_idem +- name: ({{select_crypto_backend}}) Read file + slurp: + src: '{{ remote_tmp_dir }}/{{ item }}' + loop: + - ca.key + - cert-1.pem + - cert-2.pem + register: slurp + - name: Create CRL 1 (idempotent with content, check mode) x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_content: "{{ lookup('file', output_dir ~ '/ca.key') }}" + path: '{{ remote_tmp_dir }}/ca-crl1.crl' + privatekey_content: "{{ slurp.results[0].content | b64decode }}" issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - - content: "{{ lookup('file', output_dir ~ '/cert-1.pem') }}" + - content: "{{ slurp.results[1].content | b64decode }}" revocation_date: 20191013000000Z - - content: "{{ lookup('file', output_dir ~ '/cert-2.pem') }}" + - content: "{{ slurp.results[2].content | b64decode }}" revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes @@ -145,16 +159,16 @@ - name: Create CRL 1 (idempotent with content) x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_content: "{{ lookup('file', output_dir ~ '/ca.key') }}" + path: '{{ remote_tmp_dir }}/ca-crl1.crl' + privatekey_content: "{{ slurp.results[0].content | b64decode }}" issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - - content: "{{ lookup('file', output_dir ~ '/cert-1.pem') }}" + - content: "{{ slurp.results[1].content | b64decode }}" revocation_date: 20191013000000Z - - content: "{{ lookup('file', output_dir ~ '/cert-2.pem') }}" + - content: "{{ slurp.results[2].content | b64decode }}" revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes @@ -165,17 +179,17 @@ - name: Create CRL 1 (format, check mode) x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl1.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' format: der issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' + - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes @@ -187,17 +201,17 @@ - name: Create CRL 1 (format) x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl1.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' format: der issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' + - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes @@ -208,17 +222,17 @@ - name: Create CRL 1 (format, idempotent, check mode) x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl1.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' format: der issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' + - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes @@ -230,17 +244,17 @@ - name: Create CRL 1 (format, idempotent) x509_crl: - path: '{{ output_dir }}/ca-crl1.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl1.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' format: der issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' + - path: '{{ remote_tmp_dir }}/cert-1.pem' revocation_date: 20191013000000Z - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes @@ -252,12 +266,12 @@ - name: Retrieve CRL 1 infos via file x509_crl_info: - path: '{{ output_dir }}/ca-crl1.crl' + path: '{{ remote_tmp_dir }}/ca-crl1.crl' register: crl_1_info_4 - name: Read ca-crl1.crl slurp: - src: "{{ output_dir }}/ca-crl1.crl" + src: "{{ remote_tmp_dir }}/ca-crl1.crl" register: content - name: Retrieve CRL 1 infos via file content (Base64) @@ -267,15 +281,15 @@ - name: Create CRL 2 (check mode) x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl2.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-1.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z @@ -285,15 +299,15 @@ - name: Create CRL 2 x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl2.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-1.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z @@ -302,15 +316,15 @@ - name: Create CRL 2 (idempotent, check mode) x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl2.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-1.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z @@ -321,15 +335,15 @@ - name: Create CRL 2 (idempotent) x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl2.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - - path: '{{ output_dir }}/cert-1.pem' - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-1.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z @@ -339,8 +353,8 @@ - name: Create CRL 2 (idempotent update, check mode) x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl2.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: +0d @@ -354,8 +368,8 @@ - name: Create CRL 2 (idempotent update) x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl2.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: +0d @@ -368,14 +382,14 @@ - name: Create CRL 2 (idempotent update, check mode) x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl2.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z @@ -386,14 +400,14 @@ - name: Create CRL 2 (idempotent update) x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl2.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z @@ -403,14 +417,14 @@ - name: Create CRL 2 (changed timestamps, check mode) x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl2.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z @@ -421,14 +435,14 @@ - name: Create CRL 2 (changed timestamps) x509_crl: - path: '{{ output_dir }}/ca-crl2.crl' - privatekey_path: '{{ output_dir }}/ca.key' + path: '{{ remote_tmp_dir }}/ca-crl2.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - - path: '{{ output_dir }}/cert-2.pem' + - path: '{{ remote_tmp_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z @@ -439,6 +453,6 @@ - name: Retrieve CRL 2 infos x509_crl_info: - path: '{{ output_dir }}/ca-crl2.crl' + path: '{{ remote_tmp_dir }}/ca-crl2.crl' list_revoked_certificates: false register: crl_2_info_1 diff --git a/tests/integration/targets/x509_crl/tasks/main.yml b/tests/integration/targets/x509_crl/tasks/main.yml index c2467213..baf2ff6c 100644 --- a/tests/integration/targets/x509_crl/tasks/main.yml +++ b/tests/integration/targets/x509_crl/tasks/main.yml @@ -31,15 +31,15 @@ - name: Generate private keys openssl_privatekey: - path: '{{ output_dir }}/{{ item.name }}.key' + path: '{{ remote_tmp_dir }}/{{ item.name }}.key' type: ECC curve: secp256r1 loop: "{{ certificates }}" - name: Generate CSRs openssl_csr: - path: '{{ output_dir }}/{{ item.name }}.csr' - privatekey_path: '{{ output_dir }}/{{ item.name }}.key' + path: '{{ remote_tmp_dir }}/{{ item.name }}.csr' + privatekey_path: '{{ remote_tmp_dir }}/{{ item.name }}.key' subject: "{{ item.subject | default(omit) }}" subject_alt_name: "{{ item.subject_alt_name | default(omit) }}" basic_constraints: "{{ 'CA:TRUE' if item.is_ca | default(false) else omit }}" @@ -48,26 +48,26 @@ - name: Generate CA certificates x509_certificate: - path: '{{ output_dir }}/{{ item.name }}.pem' - csr_path: '{{ output_dir }}/{{ item.name }}.csr' - privatekey_path: '{{ output_dir }}/{{ item.name }}.key' + path: '{{ remote_tmp_dir }}/{{ item.name }}.pem' + csr_path: '{{ remote_tmp_dir }}/{{ item.name }}.csr' + privatekey_path: '{{ remote_tmp_dir }}/{{ item.name }}.key' provider: selfsigned loop: "{{ certificates }}" when: item.is_ca | default(false) - name: Generate other certificates x509_certificate: - path: '{{ output_dir }}/{{ item.name }}.pem' - csr_path: '{{ output_dir }}/{{ item.name }}.csr' + path: '{{ remote_tmp_dir }}/{{ item.name }}.pem' + csr_path: '{{ remote_tmp_dir }}/{{ item.name }}.csr' provider: ownca - ownca_path: '{{ output_dir }}/ca.pem' - ownca_privatekey_path: '{{ output_dir }}/ca.key' + ownca_path: '{{ remote_tmp_dir }}/ca.pem' + ownca_privatekey_path: '{{ remote_tmp_dir }}/ca.key' loop: "{{ certificates }}" when: not (item.is_ca | default(false)) - name: Get certificate infos x509_certificate_info: - path: '{{ output_dir }}/{{ item }}.pem' + path: '{{ remote_tmp_dir }}/{{ item }}.pem' loop: - cert-1 - cert-2 diff --git a/tests/integration/targets/x509_crl/tests/validate.yml b/tests/integration/targets/x509_crl/tests/validate.yml index 7dddc237..b495f26e 100644 --- a/tests/integration/targets/x509_crl/tests/validate.yml +++ b/tests/integration/targets/x509_crl/tests/validate.yml @@ -59,13 +59,18 @@ - name: Read ca-crl1.crl slurp: - src: "{{ output_dir }}/ca-crl1.crl" + src: "{{ remote_tmp_dir }}/ca-crl1.crl" register: content - name: Validate CRL 1 Base64 content assert: that: - crl_1_format_idem.crl | b64decode == content.content | b64decode +- name: Read ca-crl2.crl + slurp: + src: '{{ remote_tmp_dir }}/ca-crl2.crl' + register: slurp + - name: Validate CRL 2 assert: that: @@ -79,7 +84,7 @@ - crl_2_idem_update is not changed - crl_2_change_check is changed - crl_2_change is changed - - crl_2_change.crl == lookup('file', output_dir ~ '/ca-crl2.crl', rstrip=False) + - crl_2_change.crl == (slurp.content | b64decode) - name: Validate CRL 2 info assert: