internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-03-26 21:33:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Normalize bools in tests. (#577)

Browse Source
This commit is contained in:
Felix Fontein
2023-02-15 22:23:36 +01:00
committed by GitHub
parent b08f6eefe8
commit 2fb543b144
40 changed files with 590 additions and 590 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
tests/integration/targets/acme_account/tasks/impl.yml
View File

@@ -36,10 +36,10 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: no
ignore_errors: yes
allow_creation: false
ignore_errors: true
register: account_not_created
- name: Create it now (check mode, diff)
@@ -48,14 +48,14 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: yes
terms_agreed: yes
allow_creation: true
terms_agreed: true
contact:
- mailto:example@example.org
check_mode: yes
diff: yes
check_mode: true
diff: true
register: account_created_check
- name: Create it now
@@ -64,10 +64,10 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: yes
terms_agreed: yes
allow_creation: true
terms_agreed: true
contact:
- mailto:example@example.org
register: account_created
@@ -78,10 +78,10 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: yes
terms_agreed: yes
allow_creation: true
terms_agreed: true
contact:
- mailto:example@example.org
register: account_created_idempotent
@@ -97,13 +97,13 @@
account_key_content: "{{ slurp.content | b64decode }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
# allow_creation: no
# allow_creation: false
contact:
- mailto:example@example.com
check_mode: yes
diff: yes
check_mode: true
diff: true
register: account_modified_check
- name: Change email address
@@ -112,9 +112,9 @@
account_key_content: "{{ slurp.content | b64decode }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
# allow_creation: no
# allow_creation: false
contact:
- mailto:example@example.com
register: account_modified
@@ -126,9 +126,9 @@
account_uri: "{{ account_created.account_uri }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
# allow_creation: no
# allow_creation: false
contact:
- mailto:example@example.com
register: account_modified_idempotent
@@ -140,10 +140,10 @@
account_uri: "{{ account_created.account_uri ~ '12345thisdoesnotexist' }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
contact: []
ignore_errors: yes
ignore_errors: true
register: account_modified_wrong_uri
- name: Clear contact email addresses (check mode, diff)
@@ -152,12 +152,12 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
# allow_creation: no
# allow_creation: false
contact: []
check_mode: yes
diff: yes
check_mode: true
diff: true
register: account_modified_2_check
- name: Clear contact email addresses
@@ -166,9 +166,9 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
# allow_creation: no
# allow_creation: false
contact: []
register: account_modified_2
@@ -178,9 +178,9 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
# allow_creation: no
# allow_creation: false
contact: []
register: account_modified_2_idempotent
@@ -190,14 +190,14 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
new_account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
state: changed_key
contact:
- mailto:example@example.com
check_mode: yes
diff: yes
check_mode: true
diff: true
register: account_change_key_check
- name: Change account key
@@ -206,7 +206,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
new_account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
state: changed_key
@@ -221,10 +221,10 @@
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: absent
check_mode: yes
diff: yes
check_mode: true
diff: true
register: account_deactivate_check
- name: Deactivate account
@@ -234,7 +234,7 @@
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: absent
register: account_deactivate
@@ -245,7 +245,7 @@
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: absent
register: account_deactivate_idempotent
@@ -256,10 +256,10 @@
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: no
ignore_errors: yes
allow_creation: false
ignore_errors: true
register: account_not_created_2
- name: Do not try to create account III
@@ -268,10 +268,10 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: no
ignore_errors: yes
allow_creation: false
ignore_errors: true
register: account_not_created_3
- name: Create account with External Account Binding
@@ -280,10 +280,10 @@
account_key_src: "{{ remote_tmp_dir }}/{{ item.account }}.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: yes
terms_agreed: yes
allow_creation: true
terms_agreed: true
contact:
- mailto:example@example.org
external_account_binding:
@@ -291,7 +291,7 @@
alg: "{{ item.alg }}"
key: "{{ item.key }}"
register: account_created_eab
ignore_errors: yes
ignore_errors: true
loop:
- account: accountkey3
kid: kid-1

22
tests/integration/targets/acme_account_info/tasks/impl.yml
View File

@@ -29,7 +29,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
register: account_not_created
- name: Create it now
@@ -38,10 +38,10 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: yes
terms_agreed: yes
allow_creation: true
terms_agreed: true
contact:
- mailto:example@example.org
@@ -51,7 +51,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
register: account_created
- name: Read account key
@@ -65,9 +65,9 @@
account_key_content: "{{ slurp.content | b64decode }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
state: present
allow_creation: no
allow_creation: false
contact: []
- name: Check that account was modified
@@ -76,7 +76,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
account_uri: "{{ account_created.account_uri }}"
register: account_modified
@@ -86,7 +86,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
account_uri: "{{ account_created.account_uri }}test1234doesnotexists"
register: account_not_exist
@@ -96,7 +96,7 @@
account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
account_uri: "{{ account_created.account_uri }}"
ignore_errors: yes
ignore_errors: true
register: account_wrong_key

156
tests/integration/targets/acme_certificate/tasks/impl.yml
View File

@@ -31,7 +31,7 @@
select_crypto_backend: "{{ select_crypto_backend }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
state: absent
- name: Read account key (EC384)
@@ -43,11 +43,11 @@
select_crypto_backend: "{{ select_crypto_backend }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
account_key_content: "{{ slurp.content | b64decode }}"
state: present
allow_creation: yes
terms_agreed: yes
allow_creation: true
terms_agreed: true
contact:
- mailto:example@example.org
- mailto:example@example.com
@@ -56,11 +56,11 @@
select_crypto_backend: "{{ select_crypto_backend }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/account-rsa.pem"
state: present
allow_creation: yes
terms_agreed: yes
allow_creation: true
terms_agreed: true
contact: []
## OBTAIN CERTIFICATES ########################################################################
- name: Obtain cert 1
@@ -71,16 +71,16 @@
key_type: rsa
rsa_bits: "{{ default_rsa_key_size }}"
subject_alt_name: "DNS:example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-ec256
challenge: http-01
modify_account: yes
deactivate_authzs: no
force: no
modify_account: true
deactivate_authzs: false
force: false
remaining_days: 10
terms_agreed: yes
terms_agreed: true
account_email: "example@example.org"
retrieve_all_alternates: yes
retrieve_all_alternates: true
acme_expected_root_number: 1
select_chain:
- test_certificates: last
@@ -98,17 +98,17 @@
certificate_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else '' }}"
key_type: ec256
subject_alt_name: "DNS:*.example.com,DNS:example.com"
subject_alt_name_critical: yes
subject_alt_name_critical: true
account_key: account-ec384
challenge: dns-01
modify_account: no
deactivate_authzs: yes
force: no
modify_account: false
deactivate_authzs: true
force: false
remaining_days: 10
terms_agreed: no
terms_agreed: false
account_email: ""
acme_expected_root_number: 0
retrieve_all_alternates: yes
retrieve_all_alternates: true
select_chain:
# All intermediates have the same subject, so always the first
# chain will be found, and we need a second condition to make sure
@@ -134,17 +134,17 @@
certificate_name: cert-3
key_type: ec384
subject_alt_name: "DNS:*.example.com,DNS:example.org,DNS:t1.example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key_content: "{{ slurp_account_key.content | b64decode }}"
challenge: dns-01
modify_account: no
deactivate_authzs: no
force: no
modify_account: false
deactivate_authzs: false
force: false
remaining_days: 10
terms_agreed: no
terms_agreed: false
account_email: ""
acme_expected_root_number: 0
retrieve_all_alternates: yes
retrieve_all_alternates: true
select_chain:
- test_certificates: last
subject: "{{ acme_roots[1].subject }}"
@@ -161,14 +161,14 @@
key_type: rsa
rsa_bits: "{{ default_rsa_key_size }}"
subject_alt_name: "DNS:example.com,DNS:t1.example.com,DNS:test.t2.example.com,DNS:example.org,DNS:test.example.org"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-rsa
challenge: http-01
modify_account: no
deactivate_authzs: yes
force: yes
modify_account: false
deactivate_authzs: true
force: true
remaining_days: 10
terms_agreed: no
terms_agreed: false
account_email: ""
acme_expected_root_number: 2
select_chain:
@@ -188,14 +188,14 @@
certificate_name: cert-5
key_type: ec521
subject_alt_name: "DNS:t2.example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-ec384
challenge: http-01
modify_account: no
deactivate_authzs: yes
force: yes
modify_account: false
deactivate_authzs: true
force: true
remaining_days: 10
terms_agreed: no
terms_agreed: false
account_email: ""
use_csr_content: true
- name: Store obtain results for cert 5a
@@ -209,14 +209,14 @@
certificate_name: cert-5
key_type: ec521
subject_alt_name: "DNS:t2.example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-ec384
challenge: http-01
modify_account: no
deactivate_authzs: yes
force: no
modify_account: false
deactivate_authzs: true
force: false
remaining_days: 10
terms_agreed: no
terms_agreed: false
account_email: ""
use_csr_content: false
- name: Store obtain results for cert 5b
@@ -229,14 +229,14 @@
certificate_name: cert-5
key_type: ec521
subject_alt_name: "DNS:t2.example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-ec384
challenge: http-01
modify_account: no
deactivate_authzs: yes
force: yes
modify_account: false
deactivate_authzs: true
force: true
remaining_days: 1000
terms_agreed: no
terms_agreed: false
account_email: ""
use_csr_content: true
- name: Store obtain results for cert 5c
@@ -254,14 +254,14 @@
certificate_name: cert-5
key_type: ec521
subject_alt_name: "DNS:t2.example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key_content: "{{ slurp_account_key.content | b64decode }}"
challenge: http-01
modify_account: no
deactivate_authzs: yes
force: yes
modify_account: false
deactivate_authzs: true
force: true
remaining_days: 10
terms_agreed: no
terms_agreed: false
account_email: ""
use_csr_content: false
- name: Store obtain results for cert 5d
@@ -277,14 +277,14 @@
key_type: rsa
rsa_bits: "{{ default_rsa_key_size }}"
subject_alt_name: "DNS:example.org"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-ec256
challenge: tls-alpn-01
modify_account: yes
deactivate_authzs: no
force: no
modify_account: true
deactivate_authzs: false
force: false
remaining_days: 10
terms_agreed: yes
terms_agreed: true
account_email: "example@example.org"
acme_expected_root_number: 0
select_chain:
@@ -313,14 +313,14 @@
subject_alt_name:
- "IP:127.0.0.1"
# - "IP:::1"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-ec256
challenge: http-01
modify_account: yes
deactivate_authzs: no
force: no
modify_account: true
deactivate_authzs: false
force: false
remaining_days: 10
terms_agreed: yes
terms_agreed: true
account_email: "example@example.org"
acme_expected_root_number: 2
select_chain:
@@ -344,15 +344,15 @@
- "IP:127.0.0.1"
# IPv4 only since our test validation server doesn't work
# with IPv6 (thanks to Python's socketserver).
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-ec256
challenge: tls-alpn-01
challenge_alpn_tls: acme_challenge_cert_helper
modify_account: yes
deactivate_authzs: no
force: no
modify_account: true
deactivate_authzs: false
force: false
remaining_days: 10
terms_agreed: yes
terms_agreed: true
account_email: "example@example.org"
use_csr_content: true
- name: Store obtain results for cert 8
@@ -364,37 +364,37 @@
# Make sure certificates are valid. Root certificate for Pebble equals the chain certificate.
- name: Verifying cert 1
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-1-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-1-chain.pem" "{{ remote_tmp_dir }}/cert-1.pem"'
ignore_errors: yes
ignore_errors: true
register: cert_1_valid
- name: Verifying cert 2
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-2-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-2-chain.pem" "{{ remote_tmp_dir }}/cert-2.pem"'
ignore_errors: yes
ignore_errors: true
register: cert_2_valid
- name: Verifying cert 3
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-3-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-3-chain.pem" "{{ remote_tmp_dir }}/cert-3.pem"'
ignore_errors: yes
ignore_errors: true
register: cert_3_valid
- name: Verifying cert 4
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-4-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-4-chain.pem" "{{ remote_tmp_dir }}/cert-4.pem"'
ignore_errors: yes
ignore_errors: true
register: cert_4_valid
- name: Verifying cert 5
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-5-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-5-chain.pem" "{{ remote_tmp_dir }}/cert-5.pem"'
ignore_errors: yes
ignore_errors: true
register: cert_5_valid
- name: Verifying cert 6
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-6-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-6-chain.pem" "{{ remote_tmp_dir }}/cert-6.pem"'
ignore_errors: yes
ignore_errors: true
register: cert_6_valid
when: acme_intermediates[0].subject_key_identifier is defined
- name: Verifying cert 7
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-7-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-7-chain.pem" "{{ remote_tmp_dir }}/cert-7.pem"'
ignore_errors: yes
ignore_errors: true
register: cert_7_valid
when: acme_roots[2].subject_key_identifier is defined
- name: Verifying cert 8
command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-8-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-8-chain.pem" "{{ remote_tmp_dir }}/cert-8.pem"'
ignore_errors: yes
ignore_errors: true
register: cert_8_valid
when: cryptography_version.stdout is version('1.3', '>=')
# Dump certificate info
@@ -468,7 +468,7 @@
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
retrieve_orders: ignore
register: account_orders_not
- name: Retrieve orders as URL list (1/2)
@@ -477,7 +477,7 @@
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
retrieve_orders: url_list
register: account_orders_urls
- name: Retrieve orders as URL list (2/2)
@@ -486,7 +486,7 @@
account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
retrieve_orders: url_list
register: account_orders_urls2
- name: Retrieve orders as object list (1/2)
@@ -495,7 +495,7 @@
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
retrieve_orders: object_list
register: account_orders_full
- name: Retrieve orders as object list (2/2)
@@ -504,6 +504,6 @@
account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
retrieve_orders: object_list
register: account_orders_full2

42
tests/integration/targets/acme_certificate_revoke/tasks/impl.yml
View File

@@ -38,14 +38,14 @@
key_type: rsa
rsa_bits: "{{ default_rsa_key_size }}"
subject_alt_name: "DNS:example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key_content: "{{ slurp_account_key.content | b64decode }}"
challenge: http-01
modify_account: yes
deactivate_authzs: no
force: no
modify_account: true
deactivate_authzs: false
force: false
remaining_days: 10
terms_agreed: yes
terms_agreed: true
account_email: "example@example.org"
- name: Obtain cert 2
include_tasks: obtain-cert.yml
@@ -55,14 +55,14 @@
certificate_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else '' }}"
key_type: ec256
subject_alt_name: "DNS:*.example.com"
subject_alt_name_critical: yes
subject_alt_name_critical: true
account_key: account-ec384
challenge: dns-01
modify_account: yes
deactivate_authzs: yes
force: no
modify_account: true
deactivate_authzs: true
force: false
remaining_days: 10
terms_agreed: yes
terms_agreed: true
account_email: "example@example.org"
- name: Obtain cert 3
include_tasks: obtain-cert.yml
@@ -71,14 +71,14 @@
certificate_name: cert-3
key_type: ec384
subject_alt_name: "DNS:t1.example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-rsa
challenge: dns-01
modify_account: yes
deactivate_authzs: no
force: no
modify_account: true
deactivate_authzs: false
force: false
remaining_days: 10
terms_agreed: yes
terms_agreed: true
account_email: "example@example.org"
## REVOKE CERTIFICATES ########################################################################
- name: Revoke certificate 1 via account key
@@ -88,8 +88,8 @@
certificate: "{{ remote_tmp_dir }}/cert-1.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
ignore_errors: yes
validate_certs: false
ignore_errors: true
register: cert_1_revoke
- name: Revoke certificate 2 via certificate private key
acme_certificate_revoke:
@@ -99,8 +99,8 @@
certificate: "{{ remote_tmp_dir }}/cert-2.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
ignore_errors: yes
validate_certs: false
ignore_errors: true
register: cert_2_revoke
- name: Read account key (RSA)
slurp:
@@ -113,6 +113,6 @@
certificate: "{{ remote_tmp_dir }}/cert-3-fullchain.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
ignore_errors: yes
validate_certs: false
ignore_errors: true
register: cert_3_revoke

10
tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml
View File

@@ -24,15 +24,15 @@
key_type: rsa
rsa_bits: "{{ default_rsa_key_size }}"
subject_alt_name: "DNS:example.com"
subject_alt_name_critical: no
subject_alt_name_critical: false
account_key: account-ec256
challenge: tls-alpn-01
challenge_alpn_tls: acme_challenge_cert_helper
modify_account: yes
deactivate_authzs: no
force: no
modify_account: true
deactivate_authzs: false
force: false
remaining_days: 10
terms_agreed: yes
terms_agreed: true
account_email: "example@example.org"
when: cryptography_version.stdout is version('1.5', '>=')

20
tests/integration/targets/acme_inspect/tasks/impl.yml
View File

@@ -26,7 +26,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
method: directory-only
register: directory
- debug: var=directory
@@ -35,7 +35,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
url: "{{ directory.directory.newAccount}}"
method: post
@@ -49,7 +49,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ account_creation.headers.location }}"
@@ -61,7 +61,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ account_creation.headers.location }}"
@@ -80,7 +80,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ directory.directory.newOrder }}"
@@ -103,7 +103,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ new_order.headers.location }}"
@@ -115,7 +115,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ item }}"
@@ -128,7 +128,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ (item.challenges | selectattr('type', 'equalto', 'http-01') | list)[0].url }}"
@@ -141,7 +141,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ item.url }}"
@@ -155,7 +155,7 @@
acme_inspect:
acme_directory: https://{{ acme_host }}:14000/dir
acme_version: 2
validate_certs: no
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ item.url }}"

2
tests/integration/targets/certificate_complete_chain/tasks/created.yml
View File

@@ -17,7 +17,7 @@
- '{{ remote_tmp_dir }}/a-root.pem'
- name: Case B => doesn't work, but this is expected
failed_when: no
failed_when: false
register: caseb
certificate_complete_chain:
input_chain: "{{ read_certificates['d-leaf'] }}"

14
tests/integration/targets/filter_openssl_csr_info/tasks/main.yml
View File

@@ -48,7 +48,7 @@
emailAddress: test@example.com
postalAddress: 1234 Somewhere
postalCode: "1234"
useCommonNameForSAN: no
useCommonNameForSAN: false
key_usage:
- digitalSignature
- keyAgreement
@@ -59,7 +59,7 @@
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
key_usage_critical: true
extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
@@ -83,8 +83,8 @@
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
ocsp_must_staple: yes
basic_constraints_critical: true
ocsp_must_staple: true
subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}'
@@ -99,7 +99,7 @@
path: '{{ remote_tmp_dir }}/csr_2.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: hunter2
useCommonNameForSAN: no
useCommonNameForSAN: false
basic_constraints:
- "CA:TRUE"
@@ -107,7 +107,7 @@
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_3.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no
useCommonNameForSAN: false
subject_alt_name:
- "DNS:*.ansible.com"
- "DNS:*.example.org"
@@ -125,7 +125,7 @@
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_4.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no
useCommonNameForSAN: false
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
- name: Running tests

2
tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml
View File

@@ -44,7 +44,7 @@
set_fact:
result_: >-
{{ lookup('file', remote_tmp_dir ~ '/privatekey_3.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }}
ignore_errors: yes
ignore_errors: true
register: result
- name: Check that loading passphrase protected key without passphrase failed

14
tests/integration/targets/filter_x509_certificate_info/tasks/main.yml
View File

@@ -49,7 +49,7 @@
emailAddress: test@example.com
postalAddress: 1234 Somewhere
postalCode: "1234"
useCommonNameForSAN: no
useCommonNameForSAN: false
key_usage:
- digitalSignature
- keyAgreement
@@ -60,7 +60,7 @@
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
key_usage_critical: true
extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
@@ -86,8 +86,8 @@
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
ocsp_must_staple: yes
basic_constraints_critical: true
ocsp_must_staple: true
subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}'
@@ -102,7 +102,7 @@
path: '{{ remote_tmp_dir }}/csr_2.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: hunter2
useCommonNameForSAN: no
useCommonNameForSAN: false
basic_constraints:
- "CA:TRUE"
@@ -110,7 +110,7 @@
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_3.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no
useCommonNameForSAN: false
subject_alt_name:
- "DNS:*.ansible.com"
- "DNS:*.example.org"
@@ -128,7 +128,7 @@
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_4.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no
useCommonNameForSAN: false
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
- name: Generate selfsigned certificates

14
tests/integration/targets/filter_x509_crl_info/tasks/impl.yml
View File

@@ -17,7 +17,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@@ -84,7 +84,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@@ -127,11 +127,11 @@
revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
ignore_timestamps: no
ignore_timestamps: false
mode: update
return_content: yes
return_content: true
register: crl_2_change
- name: Retrieve CRL 2 infos
@@ -153,11 +153,11 @@
revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
ignore_timestamps: true
mode: update
return_content: yes
return_content: true
register: crl_2_change_order
- name: Retrieve CRL 2 infos again

6
tests/integration/targets/filter_x509_crl_info/tasks/main.yml
View File

@@ -18,11 +18,11 @@
- name: ca
subject:
commonName: Ansible
is_ca: yes
is_ca: true
- name: ca-2
subject:
commonName: Ansible Other CA
is_ca: yes
is_ca: true
- name: cert-1
subject_alt_name:
- DNS:ansible.com
@@ -52,7 +52,7 @@
subject: "{{ item.subject | default(omit) }}"
subject_alt_name: "{{ item.subject_alt_name | default(omit) }}"
basic_constraints: "{{ 'CA:TRUE' if item.is_ca | default(false) else omit }}"
use_common_name_for_san: no
use_common_name_for_san: false
loop: "{{ certificates }}"
- name: Generate CA certificates

4
tests/integration/targets/get_certificate/tests/validate.yml
View File

@@ -131,10 +131,10 @@
privatekey_path: '{{ remote_tmp_dir }}/bogus_ca.key'
subject:
commonName: Bogus CA
useCommonNameForSAN: no
useCommonNameForSAN: false
basic_constraints:
- 'CA:TRUE'
basic_constraints_critical: yes
basic_constraints_critical: true
- name: Generate selfsigned bogus CA certificate
x509_certificate:

6
tests/integration/targets/luks_device/tasks/main.yml
View File

@@ -80,11 +80,11 @@
luks_device:
device: "{{ cryptfile_device }}"
state: absent
become: yes
ignore_errors: yes
become: true
ignore_errors: true
- command: losetup -d "{{ cryptfile_device }}"
become: yes
become: true
- file:
dest: "{{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile"

2
tests/integration/targets/luks_device/tasks/run-test.yml
View File

@@ -7,6 +7,6 @@
luks_device:
device: "{{ cryptfile_device }}"
state: absent
become: yes
become: true
- name: "Loading tasks from {{ item }}"
include_tasks: "{{ item }}"

64
tests/integration/targets/luks_device/tasks/tests/create-destroy.yml
View File

@@ -10,8 +10,8 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
check_mode: yes
become: yes
check_mode: true
become: true
register: create_check
- name: Create
luks_device:
@@ -20,7 +20,7 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
become: yes
become: true
register: create
- name: Create (idempotent)
luks_device:
@@ -29,7 +29,7 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
become: yes
become: true
register: create_idem
- name: Create (idempotent, check)
luks_device:
@@ -38,8 +38,8 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
check_mode: yes
become: yes
check_mode: true
become: true
register: create_idem_check
- assert:
that:
@@ -53,30 +53,30 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
check_mode: yes
become: yes
check_mode: true
become: true
register: open_check
- name: Open
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
become: true
register: open
- name: Open (idempotent)
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
become: true
register: open_idem
- name: Open (idempotent, check)
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
check_mode: yes
become: yes
check_mode: true
become: true
register: open_idem_check
- assert:
that:
@@ -89,27 +89,27 @@
luks_device:
name: "{{ open.name }}"
state: closed
check_mode: yes
become: yes
check_mode: true
become: true
register: close_check
- name: Closed (via name)
luks_device:
name: "{{ open.name }}"
state: closed
become: yes
become: true
register: close
- name: Closed (via name, idempotent)
luks_device:
name: "{{ open.name }}"
state: closed
become: yes
become: true
register: close_idem
- name: Closed (via name, idempotent, check)
luks_device:
name: "{{ open.name }}"
state: closed
check_mode: yes
become: yes
check_mode: true
become: true
register: close_idem_check
- assert:
that:
@@ -123,33 +123,33 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
become: true
- name: Closed (via device, check)
luks_device:
device: "{{ cryptfile_device }}"
state: closed
check_mode: yes
become: yes
check_mode: true
become: true
register: close_check
- name: Closed (via device)
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
register: close
- name: Closed (via device, idempotent)
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
register: close_idem
- name: Closed (via device, idempotent, check)
luks_device:
device: "{{ cryptfile_device }}"
state: closed
check_mode: yes
become: yes
check_mode: true
become: true
register: close_idem_check
- assert:
that:
@@ -163,33 +163,33 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
become: true
- name: Absent (check)
luks_device:
device: "{{ cryptfile_device }}"
state: absent
check_mode: yes
become: yes
check_mode: true
become: true
register: absent_check
- name: Absent
luks_device:
device: "{{ cryptfile_device }}"
state: absent
become: yes
become: true
register: absent
- name: Absent (idempotence)
luks_device:
device: "{{ cryptfile_device }}"
state: absent
become: yes
become: true
register: absent_idem
- name: Absent (idempotence, check)
luks_device:
device: "{{ cryptfile_device }}"
state: absent
check_mode: yes
become: yes
check_mode: true
become: true
register: absent_idem_check
- assert:
that:

20
tests/integration/targets/luks_device/tasks/tests/device-check.yml
View File

@@ -10,9 +10,9 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
check_mode: yes
ignore_errors: yes
become: yes
check_mode: true
ignore_errors: true
become: true
register: create_check
- name: Create with invalid device name
luks_device:
@@ -21,8 +21,8 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
ignore_errors: yes
become: yes
ignore_errors: true
become: true
register: create
- assert:
that:
@@ -38,9 +38,9 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
check_mode: yes
ignore_errors: yes
become: yes
check_mode: true
ignore_errors: true
become: true
register: create_check
- name: Create with something which is not a device
luks_device:
@@ -49,8 +49,8 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
ignore_errors: yes
become: yes
ignore_errors: true
become: true
register: create
- assert:
that:

58
tests/integration/targets/luks_device/tasks/tests/key-management.yml
View File

@@ -10,7 +10,7 @@
keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
become: yes
become: true
# Access: keyfile1
@@ -19,8 +19,8 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@@ -29,15 +29,15 @@
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
- name: Try to open with keyfile2
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@@ -51,7 +51,7 @@
new_keyfile: "{{ remote_tmp_dir }}/keyfile2"
pbkdf:
iteration_time: 0.1
become: yes
become: true
register: result_1
- name: Give access to keyfile2 (idempotent)
@@ -60,7 +60,7 @@
state: closed
keyfile: "{{ remote_tmp_dir }}/keyfile1"
new_keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes
become: true
register: result_2
- assert:
@@ -75,8 +75,8 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@@ -85,11 +85,11 @@
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
- name: Dump LUKS header
command: "cryptsetup luksDump {{ cryptfile_device }}"
become: yes
become: true
- name: Remove access from keyfile1
luks_device:
@@ -97,7 +97,7 @@
state: closed
keyfile: "{{ remote_tmp_dir }}/keyfile1"
remove_keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
become: true
register: result_1
- name: Remove access from keyfile1 (idempotent)
@@ -106,7 +106,7 @@
state: closed
keyfile: "{{ remote_tmp_dir }}/keyfile1"
remove_keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
become: true
register: result_2
- assert:
@@ -121,8 +121,8 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@@ -133,8 +133,8 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@@ -143,11 +143,11 @@
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
- name: Dump LUKS header
command: "cryptsetup luksDump {{ cryptfile_device }}"
become: yes
become: true
- name: Remove access from keyfile2
luks_device:
@@ -155,8 +155,8 @@
state: closed
keyfile: "{{ remote_tmp_dir }}/keyfile2"
remove_keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: remove_last_key
- assert:
that:
@@ -170,8 +170,8 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@@ -180,7 +180,7 @@
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
- name: Remove access from keyfile2
luks_device:
@@ -188,8 +188,8 @@
state: closed
keyfile: "{{ remote_tmp_dir }}/keyfile2"
remove_keyfile: "{{ remote_tmp_dir }}/keyfile2"
force_remove_last_key: yes
become: yes
force_remove_last_key: true
become: true
# Access: none
@@ -198,8 +198,8 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile2"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:

10
tests/integration/targets/luks_device/tasks/tests/options.yml
View File

@@ -12,7 +12,7 @@
pbkdf:
algorithm: pbkdf2
iteration_count: 1000
become: yes
become: true
register: create_with_keysize
- name: Create with keysize (idempotent)
luks_device:
@@ -23,7 +23,7 @@
pbkdf:
algorithm: pbkdf2
iteration_count: 1000
become: yes
become: true
register: create_idem_with_keysize
- name: Create with different keysize (idempotent since we do not update keysize)
luks_device:
@@ -34,7 +34,7 @@
pbkdf:
algorithm: pbkdf2
iteration_count: 1000
become: yes
become: true
register: create_idem_with_diff_keysize
- name: Create with ambiguous arguments
luks_device:
@@ -45,8 +45,8 @@
pbkdf:
algorithm: pbkdf2
iteration_count: 1000
ignore_errors: yes
become: yes
ignore_errors: true
become: true
register: create_with_ambiguous
- assert:

66
tests/integration/targets/luks_device/tasks/tests/passphrase.yml
View File

@@ -15,8 +15,8 @@
memory: 1000
parallel: 1
sector_size: 1024
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: create_passphrase_1
- name: Make sure that the previous task only fails if LUKS2 is not supported
@@ -32,7 +32,7 @@
passphrase: "{{ cryptfile_passphrase1 }}"
pbkdf:
iteration_time: 0.1
become: yes
become: true
when: create_passphrase_1 is failed
- name: Open with passphrase1
@@ -40,8 +40,8 @@
device: "{{ cryptfile_device }}"
state: opened
passphrase: "{{ cryptfile_passphrase1 }}"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@@ -50,7 +50,7 @@
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
- name: Give access with ambiguous new_ arguments
luks_device:
@@ -61,8 +61,8 @@
new_keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: new_try
- assert:
that:
@@ -73,8 +73,8 @@
device: "{{ cryptfile_device }}"
state: opened
passphrase: "{{ cryptfile_passphrase2 }}"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@@ -88,7 +88,7 @@
new_passphrase: "{{ cryptfile_passphrase2 }}"
pbkdf:
iteration_time: 0.1
become: yes
become: true
register: result_1
- name: Give access to passphrase2 (idempotent)
@@ -97,7 +97,7 @@
state: closed
passphrase: "{{ cryptfile_passphrase1 }}"
new_passphrase: "{{ cryptfile_passphrase2 }}"
become: yes
become: true
register: result_2
- assert:
@@ -110,8 +110,8 @@
device: "{{ cryptfile_device }}"
state: opened
passphrase: "{{ cryptfile_passphrase2 }}"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@@ -120,15 +120,15 @@
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
- name: Try to open with keyfile1
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@@ -142,7 +142,7 @@
new_keyfile: "{{ remote_tmp_dir }}/keyfile1"
pbkdf:
iteration_time: 0.1
become: yes
become: true
- name: Remove access with ambiguous remove_ arguments
luks_device:
@@ -150,8 +150,8 @@
state: closed
remove_keyfile: "{{ remote_tmp_dir }}/keyfile1"
remove_passphrase: "{{ cryptfile_passphrase1 }}"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: remove_try
- assert:
that:
@@ -162,8 +162,8 @@
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ remote_tmp_dir }}/keyfile1"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@@ -172,14 +172,14 @@
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true
- name: Remove access for passphrase1
luks_device:
device: "{{ cryptfile_device }}"
state: closed
remove_passphrase: "{{ cryptfile_passphrase1 }}"
become: yes
become: true
register: result_1
- name: Remove access for passphrase1 (idempotent)
@@ -187,7 +187,7 @@
device: "{{ cryptfile_device }}"
state: closed
remove_passphrase: "{{ cryptfile_passphrase1 }}"
become: yes
become: true
register: result_2
- assert:
@@ -200,8 +200,8 @@
device: "{{ cryptfile_device }}"
state: opened
passphrase: "{{ cryptfile_passphrase1 }}"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@@ -212,8 +212,8 @@
device: "{{ cryptfile_device }}"
state: opened
passphrase: "{{ cryptfile_passphrase3 }}"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@@ -227,15 +227,15 @@
new_passphrase: "{{ cryptfile_passphrase3 }}"
pbkdf:
iteration_time: 0.1
become: yes
become: true
- name: Open with passphrase3
luks_device:
device: "{{ cryptfile_device }}"
state: opened
passphrase: "{{ cryptfile_passphrase3 }}"
become: yes
ignore_errors: yes
become: true
ignore_errors: true
register: open_try
- assert:
that:
@@ -244,4 +244,4 @@
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
become: true

18
tests/integration/targets/luks_device/tasks/tests/performance.yml
View File

@@ -17,8 +17,8 @@
persistent: true
pbkdf:
iteration_time: 0.1
check_mode: yes
become: yes
check_mode: true
become: true
register: create_open_check
- name: Create and open
luks_device:
@@ -32,7 +32,7 @@
perf_no_read_workqueue: true
perf_no_write_workqueue: true
persistent: true
become: yes
become: true
register: create_open
- name: Create and open (idempotent)
luks_device:
@@ -46,7 +46,7 @@
perf_no_read_workqueue: true
perf_no_write_workqueue: true
persistent: true
become: yes
become: true
register: create_open_idem
- name: Create and open (idempotent, check)
luks_device:
@@ -60,8 +60,8 @@
perf_no_read_workqueue: true
perf_no_write_workqueue: true
persistent: true
check_mode: yes
become: yes
check_mode: true
become: true
register: create_open_idem_check
- assert:
that:
@@ -72,7 +72,7 @@
- name: Dump LUKS Header
command: "cryptsetup luksDump {{ cryptfile_device }}"
become: yes
become: true
register: luks_header
- assert:
that:
@@ -83,7 +83,7 @@
- name: Dump device mapper table
command: "dmsetup table {{ create_open.name }}"
become: yes
become: true
register: dm_table
- assert:
that:
@@ -96,7 +96,7 @@
luks_device:
name: "{{ cryptfile_device }}"
state: absent
become: yes
become: true
when:
- ansible_facts.kernel is version('5.9.0', '>=')

104
tests/integration/targets/openssl_csr/tasks/impl.yml
View File

@@ -20,8 +20,8 @@
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
check_mode: yes
return_content: true
check_mode: true
register: generate_csr_check
- name: "({{ select_crypto_backend }}) Generate CSR"
@@ -31,7 +31,7 @@
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: generate_csr
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
@@ -41,7 +41,7 @@
subject_ordered:
- commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: generate_csr_idempotent
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)"
@@ -51,8 +51,8 @@
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
check_mode: yes
return_content: true
check_mode: true
register: generate_csr_idempotent_check
- name: "({{ select_crypto_backend }}) Generate CSR without SAN (check mode)"
@@ -61,9 +61,9 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
useCommonNameForSAN: no
useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: generate_csr_nosan_check
- name: "({{ select_crypto_backend }}) Generate CSR without SAN"
@@ -72,7 +72,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
useCommonNameForSAN: no
useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_nosan
@@ -82,7 +82,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
useCommonNameForSAN: no
useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_nosan_check_idempotent
@@ -92,9 +92,9 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
useCommonNameForSAN: no
useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: generate_csr_nosan_check_idempotent_check
# keyUsage longname and shortname should be able to be used
@@ -179,7 +179,7 @@
subject_alt_name: invalid-san.example.com
select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_invalid_san
ignore_errors: yes
ignore_errors: true
- name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (2/2)"
openssl_csr:
@@ -188,7 +188,7 @@
subject_alt_name: "DNS:system:kube-controller-manager"
select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_invalid_san_2
ignore_errors: yes
ignore_errors: true
- name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple"
openssl_csr:
@@ -227,7 +227,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
subject:
commonName: This is for Ansible
useCommonNameForSAN: no
useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}'
- name: "({{ select_crypto_backend }}) Generate CSR with country name"
@@ -263,7 +263,7 @@
C: dex
select_crypto_backend: '{{ select_crypto_backend }}'
register: country_fail_4
ignore_errors: yes
ignore_errors: true
- name: "({{ select_crypto_backend }}) Generate privatekey with password"
openssl_privatekey:
@@ -300,7 +300,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
privatekey_passphrase: hunter2
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_1
- name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 2)"
@@ -309,7 +309,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: wrong_password
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_2
- name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 3)"
@@ -317,7 +317,7 @@
path: '{{ remote_tmp_dir }}/csr_pw3.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_3
- name: "({{ select_crypto_backend }}) Create broken CSR"
@@ -330,7 +330,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem'
subject:
commonName: This is for Ansible
useCommonNameForSAN: no
useCommonNameForSAN: false
select_crypto_backend: '{{ select_crypto_backend }}'
register: output_broken
@@ -340,7 +340,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_1
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
@@ -349,7 +349,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_2
- name: "({{ select_crypto_backend }}) Generate CSR (change)"
@@ -358,22 +358,22 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: ansible.com
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_3
- name: "({{ select_crypto_backend }}) Generate CSR (remove)"
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_backup.csr'
state: absent
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: csr_backup_4
- name: "({{ select_crypto_backend }}) Generate CSR (remove, idempotent)"
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_backup.csr'
state: absent
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_5
@@ -413,7 +413,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
create_subject_key_identifier: yes
create_subject_key_identifier: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: subject_key_identifier_4
@@ -423,7 +423,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
create_subject_key_identifier: yes
create_subject_key_identifier: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: subject_key_identifier_5
@@ -556,7 +556,7 @@
- emailAddress: test@example.com
- postalAddress: 1234 Somewhere
- postalCode: "1234"
useCommonNameForSAN: no
useCommonNameForSAN: false
key_usage:
- digitalSignature
- keyAgreement
@@ -567,19 +567,19 @@
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
key_usage_critical: true
extended_key_usage: '{{ value_for_extended_key_usage }}'
subject_alt_name: '{{ value_for_san }}'
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
basic_constraints_critical: true
name_constraints_permitted: '{{ value_for_name_constraints_permitted }}'
name_constraints_excluded:
- "DNS:.example.com"
- "DNS:.org"
name_constraints_critical: yes
ocsp_must_staple: yes
name_constraints_critical: true
ocsp_must_staple: true
subject_key_identifier: 00:11:22:33
authority_key_identifier: 44:55:66:77
authority_cert_issuer: '{{ value_for_authority_cert_issuer }}'
@@ -641,7 +641,7 @@
- emailAddress: test@example.com
- postalAddress: 1234 Somewhere
- postalCode: "1234"
useCommonNameForSAN: no
useCommonNameForSAN: false
key_usage:
- digitalSignature
- keyAgreement
@@ -652,19 +652,19 @@
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
key_usage_critical: true
extended_key_usage: '{{ value_for_extended_key_usage }}'
subject_alt_name: '{{ value_for_san }}'
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
basic_constraints_critical: true
name_constraints_permitted: '{{ value_for_name_constraints_permitted }}'
name_constraints_excluded:
- "DNS:.org"
- "DNS:.example.com"
name_constraints_critical: yes
ocsp_must_staple: yes
name_constraints_critical: true
ocsp_must_staple: true
subject_key_identifier: 00:11:22:33
authority_key_identifier: 44:55:66:77
authority_cert_issuer: '{{ value_for_authority_cert_issuer }}'
@@ -703,7 +703,7 @@
- "DNS:www.example.com"
- "IP:1.2.3.0/255.255.255.0"
- "IP:0::0:1:0:0/112"
check_mode: yes
check_mode: true
register: everything_2
- name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent)"
@@ -728,7 +728,7 @@
emailAddress: test@example.com
postalAddress: 1234 Somewhere
postalCode: "1234"
useCommonNameForSAN: no
useCommonNameForSAN: false
key_usage:
- digitalSignature
- keyAgreement
@@ -739,19 +739,19 @@
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
key_usage_critical: true
extended_key_usage: '{{ value_for_extended_key_usage }}'
subject_alt_name: '{{ value_for_san }}'
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
basic_constraints_critical: true
name_constraints_permitted: '{{ value_for_name_constraints_permitted }}'
name_constraints_excluded:
- "DNS:.org"
- "DNS:.example.com"
name_constraints_critical: yes
ocsp_must_staple: yes
name_constraints_critical: true
ocsp_must_staple: true
subject_key_identifier: 00:11:22:33
authority_key_identifier: 44:55:66:77
authority_cert_issuer: '{{ value_for_authority_cert_issuer }}'
@@ -814,7 +814,7 @@
- emailAddress: test@example.com
- postalAddress: 1234 Somewhere
- postalCode: "1234"
useCommonNameForSAN: no
useCommonNameForSAN: false
key_usage:
- digitalSignature
- keyAgreement
@@ -825,19 +825,19 @@
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
key_usage_critical: true
extended_key_usage: '{{ value_for_extended_key_usage }}'
subject_alt_name: '{{ value_for_san }}'
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
basic_constraints_critical: true
name_constraints_permitted: '{{ value_for_name_constraints_permitted }}'
name_constraints_excluded:
- "DNS:.org"
- "DNS:.example.com"
name_constraints_critical: yes
ocsp_must_staple: yes
name_constraints_critical: true
ocsp_must_staple: true
subject_key_identifier: 00:11:22:33
authority_key_identifier: 44:55:66:77
authority_cert_issuer: '{{ value_for_authority_cert_issuer }}'
@@ -895,7 +895,7 @@
- Ed25519
- Ed448
register: generate_csr_ed25519_ed448_privatekey
ignore_errors: yes
ignore_errors: true
- name: "({{ select_crypto_backend }}) Generate CSR if private key generation succeeded"
when: generate_csr_ed25519_ed448_privatekey is not failed
@@ -912,7 +912,7 @@
- Ed25519
- Ed448
register: generate_csr_ed25519_ed448
ignore_errors: yes
ignore_errors: true
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
openssl_csr:
@@ -925,7 +925,7 @@
- Ed25519
- Ed448
register: generate_csr_ed25519_ed448_idempotent
ignore_errors: yes
ignore_errors: true
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=')

14
tests/integration/targets/openssl_csr_info/tasks/main.yml
View File

@@ -49,7 +49,7 @@
emailAddress: test@example.com
postalAddress: 1234 Somewhere
postalCode: "1234"
useCommonNameForSAN: no
useCommonNameForSAN: false
key_usage:
- digitalSignature
- keyAgreement
@@ -60,7 +60,7 @@
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
key_usage_critical: true
extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
@@ -84,8 +84,8 @@
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
ocsp_must_staple: yes
basic_constraints_critical: true
ocsp_must_staple: true
subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}'
@@ -100,7 +100,7 @@
path: '{{ remote_tmp_dir }}/csr_2.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: hunter2
useCommonNameForSAN: no
useCommonNameForSAN: false
basic_constraints:
- "CA:TRUE"
@@ -108,7 +108,7 @@
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_3.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no
useCommonNameForSAN: false
subject_alt_name:
- "DNS:*.ansible.com"
- "DNS:*.example.org"
@@ -126,7 +126,7 @@
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_4.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no
useCommonNameForSAN: false
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
- name: Running tests with cryptography backend

6
tests/integration/targets/openssl_csr_pipe/tasks/impl.yml
View File

@@ -14,7 +14,7 @@
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: generate_csr_check
- name: "({{ select_crypto_backend }}) Generate CSR"
@@ -41,7 +41,7 @@
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: generate_csr_idempotent_check
- name: "({{ select_crypto_backend }}) Generate CSR (changed)"
@@ -60,7 +60,7 @@
subject:
commonName: ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: generate_csr_changed_check
- name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)"

28
tests/integration/targets/openssl_dhparam/tasks/impl.yml
View File

@@ -10,7 +10,7 @@
size: 768
path: '{{ remote_tmp_dir }}/dh768.pem'
select_crypto_backend: "{{ select_crypto_backend }}"
return_content: yes
return_content: true
check_mode: true
register: dhparam_check
@@ -19,7 +19,7 @@
size: 768
path: '{{ remote_tmp_dir }}/dh768.pem'
select_crypto_backend: "{{ select_crypto_backend }}"
return_content: yes
return_content: true
register: dhparam
- name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change (check mode)"
@@ -27,7 +27,7 @@
size: 768
path: '{{ remote_tmp_dir }}/dh768.pem'
select_crypto_backend: "{{ select_crypto_backend }}"
return_content: yes
return_content: true
check_mode: true
register: dhparam_changed_check
@@ -36,7 +36,7 @@
size: 768
path: '{{ remote_tmp_dir }}/dh768.pem'
select_crypto_backend: "{{ select_crypto_backend }}"
return_content: yes
return_content: true
register: dhparam_changed
- name: "[{{ select_crypto_backend }}] Generate parameters with size option"
@@ -54,7 +54,7 @@
- copy:
src: '{{ remote_tmp_dir }}/dh768.pem'
remote_src: yes
remote_src: true
dest: '{{ remote_tmp_dir }}/dh512.pem'
- name: "[{{ select_crypto_backend }}] Re-generate if size is different"
@@ -68,7 +68,7 @@
openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh512.pem'
size: 512
force: yes
force: true
select_crypto_backend: "{{ select_crypto_backend }}"
register: dhparam_changed_force
@@ -80,7 +80,7 @@
openssl_dhparam:
path: '{{ remote_tmp_dir }}/dhbroken.pem'
size: 512
force: yes
force: true
select_crypto_backend: "{{ select_crypto_backend }}"
register: output_broken
@@ -88,36 +88,36 @@
openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh_backup.pem'
size: 512
backup: yes
backup: true
select_crypto_backend: "{{ select_crypto_backend }}"
register: dhparam_backup_1
- name: "[{{ select_crypto_backend }}] Generate params (idempotent)"
openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh_backup.pem'
size: 512
backup: yes
backup: true
select_crypto_backend: "{{ select_crypto_backend }}"
register: dhparam_backup_2
- name: "[{{ select_crypto_backend }}] Generate params (change)"
openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh_backup.pem'
size: 512
force: yes
backup: yes
force: true
backup: true
select_crypto_backend: "{{ select_crypto_backend }}"
register: dhparam_backup_3
- name: "[{{ select_crypto_backend }}] Generate params (remove)"
openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh_backup.pem'
state: absent
backup: yes
backup: true
select_crypto_backend: "{{ select_crypto_backend }}"
return_content: yes
return_content: true
register: dhparam_backup_4
- name: "[{{ select_crypto_backend }}] Generate params (remove, idempotent)"
openssl_dhparam:
path: '{{ remote_tmp_dir }}/dh_backup.pem'
state: absent
backup: yes
backup: true
select_crypto_backend: "{{ select_crypto_backend }}"
register: dhparam_backup_5

92
tests/integration/targets/openssl_privatekey/tasks/impl.yml
View File

@@ -7,7 +7,7 @@
openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey1.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
check_mode: true
register: privatekey1_check
@@ -15,14 +15,14 @@
openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey1.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: privatekey1
- name: "({{ select_crypto_backend }}) Generate privatekey1 - standard (idempotence, check mode)"
openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey1.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
check_mode: true
register: privatekey1_idempotence_check
@@ -30,7 +30,7 @@
openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey1.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: privatekey1_idempotence
- name: "({{ select_crypto_backend }}) Generate privatekey2 - size 2048"
@@ -57,7 +57,7 @@
state: absent
path: '{{ remote_tmp_dir }}/privatekey4.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: privatekey4_delete
- name: "({{ select_crypto_backend }}) Delete privatekey4 - standard (idempotence)"
@@ -190,7 +190,7 @@
loop: "{{ types }}"
loop_control:
label: "{{ item.type }}"
ignore_errors: yes
ignore_errors: true
register: privatekey_t1_generate
- name: "({{ select_crypto_backend }}) Test other type generation (idempotency)"
@@ -202,7 +202,7 @@
loop: "{{ types }}"
loop_control:
label: "{{ item.type }}"
ignore_errors: yes
ignore_errors: true
register: privatekey_t1_idempotency
when: select_crypto_backend == 'cryptography'
@@ -224,7 +224,7 @@
cipher: auto
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes
backup: true
register: passphrase_1
- name: "({{ select_crypto_backend }}) Generate privatekey with passphrase (idempotent)"
@@ -234,7 +234,7 @@
cipher: auto
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes
backup: true
register: passphrase_2
- name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase"
@@ -242,7 +242,7 @@
path: '{{ remote_tmp_dir }}/privatekeypw.pem'
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes
backup: true
register: passphrase_3
- name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase (idempotent)"
@@ -250,7 +250,7 @@
path: '{{ remote_tmp_dir }}/privatekeypw.pem'
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes
backup: true
register: passphrase_4
- name: "({{ select_crypto_backend }}) Regenerate privatekey with passphrase"
@@ -260,7 +260,7 @@
cipher: auto
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes
backup: true
register: passphrase_5
- name: "({{ select_crypto_backend }}) Create broken key"
@@ -281,7 +281,7 @@
cipher: auto
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes
backup: true
state: absent
register: remove_1
@@ -292,7 +292,7 @@
cipher: auto
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
backup: yes
backup: true
state: absent
register: remove_2
@@ -327,7 +327,7 @@
openssl_privatekey:
path: '{{ remote_tmp_dir }}/privatekey_mode.pem'
mode: '0400'
force: yes
force: true
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey_mode_3
@@ -405,7 +405,7 @@
format: raw
size: '{{ default_rsa_key_size }}'
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: privatekey_fmt_1_step_8
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)"
@@ -438,7 +438,7 @@
type: X448
format: pkcs8
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: privatekey_fmt_2_step_1
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - PKCS8 format (idempotent)"
@@ -447,7 +447,7 @@
type: X448
format: pkcs8
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: privatekey_fmt_2_step_2
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - raw format"
@@ -456,14 +456,14 @@
type: X448
format: raw
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
ignore_errors: yes
return_content: true
ignore_errors: true
register: privatekey_fmt_2_step_3
- name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem"
slurp:
src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem"
ignore_errors: yes
ignore_errors: true
register: content
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded"
@@ -478,14 +478,14 @@
type: X448
format: raw
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
ignore_errors: yes
return_content: true
ignore_errors: true
register: privatekey_fmt_2_step_4
- name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem"
slurp:
src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem"
ignore_errors: yes
ignore_errors: true
register: content
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded"
@@ -500,14 +500,14 @@
type: X448
format: auto_ignore
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
ignore_errors: yes
return_content: true
ignore_errors: true
register: privatekey_fmt_2_step_5
- name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem"
slurp:
src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem"
ignore_errors: yes
ignore_errors: true
register: content
- name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded"
@@ -522,8 +522,8 @@
type: X448
format: auto
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
ignore_errors: yes
return_content: true
ignore_errors: true
register: privatekey_fmt_2_step_6
- name: "({{ select_crypto_backend }}) Read private key"
@@ -574,9 +574,9 @@
size: '{{ default_rsa_key_size }}'
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@@ -597,7 +597,7 @@
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@@ -617,9 +617,9 @@
size: '{{ default_rsa_key_size }}'
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@@ -640,7 +640,7 @@
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@@ -660,7 +660,7 @@
size: '{{ default_rsa_key_size }}'
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
loop: "{{ regenerate_values }}"
register: result
- assert:
@@ -695,9 +695,9 @@
size: '{{ default_rsa_key_size + 20 }}'
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@@ -716,7 +716,7 @@
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@@ -742,9 +742,9 @@
size: '{{ default_rsa_key_size }}'
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@@ -763,7 +763,7 @@
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@@ -791,9 +791,9 @@
format: pkcs8
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@@ -813,7 +813,7 @@
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
loop: "{{ regenerate_values }}"
ignore_errors: yes
ignore_errors: true
register: result
- assert:
that:
@@ -841,7 +841,7 @@
format_mismatch: convert
regenerate: '{{ item }}'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
loop: "{{ regenerate_values }}"
register: result
- assert:

12
tests/integration/targets/openssl_privatekey_info/tasks/impl.yml
View File

@@ -43,7 +43,7 @@
- name: ({{select_crypto_backend}}) Get key 2 info
openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_2.pem'
return_private_key_data: yes
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
@@ -65,9 +65,9 @@
- name: ({{select_crypto_backend}}) Get key 3 info (without passphrase)
openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_3.pem'
return_private_key_data: yes
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: result
- name: Check that loading passphrase protected key without passphrase failed
@@ -91,7 +91,7 @@
openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_3.pem'
passphrase: hunter2
return_private_key_data: yes
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
@@ -112,7 +112,7 @@
- name: ({{select_crypto_backend}}) Get key 4 info
openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_4.pem'
return_private_key_data: yes
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
@@ -134,7 +134,7 @@
- name: ({{select_crypto_backend}}) Get key 5 info
openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_5.pem'
return_private_key_data: yes
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: result

26
tests/integration/targets/openssl_publickey/tasks/impl.yml
View File

@@ -13,7 +13,7 @@
path: '{{ remote_tmp_dir }}/publickey.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
check_mode: true
register: publickey_check
@@ -22,7 +22,7 @@
path: '{{ remote_tmp_dir }}/publickey.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: publickey
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (check mode, idempotence)"
@@ -30,7 +30,7 @@
path: '{{ remote_tmp_dir }}/publickey.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
check_mode: true
register: publickey_check2
@@ -39,7 +39,7 @@
path: '{{ remote_tmp_dir }}/publickey.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: publickey_idempotence
- name: "({{ select_crypto_backend }}) Verify check mode"
@@ -79,7 +79,7 @@
path: '{{ remote_tmp_dir }}/publickey2.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: publickey2_absent
- name: "({{ select_crypto_backend }}) Delete publickey2 - standard (idempotence)"
@@ -134,21 +134,21 @@
openssl_publickey:
path: '{{ remote_tmp_dir }}/publickey5.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey5_1
- name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (idempotent)"
openssl_publickey:
path: '{{ remote_tmp_dir }}/publickey5.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey5_2
- name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (different private key)"
openssl_publickey:
path: '{{ remote_tmp_dir }}/publickey5.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey5.pem'
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: privatekey5_3
@@ -166,7 +166,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
privatekey_passphrase: hunter2
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_1
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 2)"
@@ -175,7 +175,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: wrong_password
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_2
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 3)"
@@ -183,7 +183,7 @@
path: '{{ remote_tmp_dir }}/publickey_pw3.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_3
- name: "({{ select_crypto_backend }}) Create broken key"
@@ -207,7 +207,7 @@
state: absent
path: '{{ remote_tmp_dir }}/publickey_removal.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: remove_1
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (removal, idempotent)"
@@ -215,6 +215,6 @@
state: absent
path: '{{ remote_tmp_dir }}/publickey_removal.pub'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: remove_2

4
tests/integration/targets/setup_acme/tasks/obtain-cert.yml
View File

@@ -34,7 +34,7 @@
select_crypto_backend: "{{ select_crypto_backend }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}"
account_key_content: "{{ account_key_content | default(omit) }}"
account_key_passphrase: "{{ account_key_passphrase | default(omit) | default(omit, true) }}"
@@ -112,7 +112,7 @@
select_crypto_backend: "{{ select_crypto_backend }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
validate_certs: false
account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}"
account_key_content: "{{ account_key_content | default(omit) }}"
account_key_passphrase: "{{ account_key_passphrase | default(omit) | default(omit, true) }}"

2
tests/integration/targets/setup_openssl/tasks/main.yml
View File

@@ -59,7 +59,7 @@
homebrew:
name: openssl
state: present
become: yes
become: true
become_user: "{{ brew_stat.stat.pw_name }}"
- name: MACOS | Locale openssl binary

4
tests/integration/targets/setup_pkg_mgr/tasks/main.yml
View File

@@ -11,11 +11,11 @@
- set_fact:
pkg_mgr: community.general.pkgng
ansible_pkg_mgr: community.general.pkgng
cacheable: yes
cacheable: true
when: ansible_os_family == 'FreeBSD' and ansible_version.string is version('2.10', '>=')
- set_fact:
pkg_mgr: community.general.zypper
ansible_pkg_mgr: community.general.zypper
cacheable: yes
cacheable: true
when: ansible_os_family == 'Suse' and ansible_version.string is version('2.10', '>=')

4
tests/integration/targets/setup_pyopenssl/tasks/main.yml
View File

@@ -60,7 +60,7 @@
- name: Register pyOpenSSL debug details
command: "{{ ansible_python.executable }} -m OpenSSL.debug"
register: pyopenssl_debug_version
ignore_errors: yes
ignore_errors: true
# Depending on which pyOpenSSL version has been installed, it could be that cryptography has
# been upgraded to a newer version. Make sure to register cryptography_version another time here
@@ -68,4 +68,4 @@
- name: Register cryptography version
command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'"
register: cryptography_version
ignore_errors: yes # in case cryptography was not installed, and setup_openssl hasn't been run before, ignore errors
ignore_errors: true # in case cryptography was not installed, and setup_openssl hasn't been run before, ignore errors

2
tests/integration/targets/setup_remote_tmp_dir/tasks/default-cleanup.yml
View File

@@ -7,4 +7,4 @@
file:
path: "{{ remote_tmp_dir }}"
state: absent
no_log: yes
no_log: true

66
tests/integration/targets/x509_certificate/tasks/ownca.yml
View File

@@ -21,10 +21,10 @@
path: '{{ item.path }}'
privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
subject: '{{ item.subject }}'
useCommonNameForSAN: no
useCommonNameForSAN: false
basic_constraints:
- 'CA:TRUE'
basic_constraints_critical: yes
basic_constraints_critical: true
loop:
- path: '{{ remote_tmp_dir }}/ca_csr.csr'
subject:
@@ -40,10 +40,10 @@
privatekey_passphrase: hunter2
subject:
commonName: Example CA
useCommonNameForSAN: no
useCommonNameForSAN: false
basic_constraints:
- 'CA:TRUE'
basic_constraints_critical: yes
basic_constraints_critical: true
- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate (check mode)
x509_certificate:
@@ -101,7 +101,7 @@
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: ownca_certificate
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent)
@@ -114,7 +114,7 @@
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: ownca_certificate_idempotence
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (check mode)
@@ -127,7 +127,7 @@
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
- name: (OwnCA, {{select_crypto_backend}}) Copy ownca certificate to new file to check regeneration
copy:
@@ -148,7 +148,7 @@
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: ownca_certificate_ca_subject_changed
- name: (OwnCA, {{select_crypto_backend}}) Regenerate ownca certificate with different CA key
@@ -162,7 +162,7 @@
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: ownca_certificate_ca_key_changed
- name: (OwnCA, {{select_crypto_backend}}) Get certificate information
@@ -300,7 +300,7 @@
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_1
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 2)
@@ -313,7 +313,7 @@
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_2
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 3)
@@ -325,7 +325,7 @@
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_3
- name: (OwnCA, {{select_crypto_backend}}) Create broken certificate
@@ -351,7 +351,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_1
- name: (OwnCA, {{select_crypto_backend}}) Backup test (idempotent)
@@ -362,7 +362,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_2
- name: (OwnCA, {{select_crypto_backend}}) Backup test (change)
@@ -373,7 +373,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_3
- name: (OwnCA, {{select_crypto_backend}}) Backup test (remove)
@@ -381,7 +381,7 @@
path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem'
state: absent
provider: ownca
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_4
- name: (OwnCA, {{select_crypto_backend}}) Backup test (remove, idempotent)
@@ -389,7 +389,7 @@
path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem'
state: absent
provider: ownca
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_5
@@ -461,7 +461,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_authority_key_identifier: yes
ownca_create_authority_key_identifier: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_authority_key_identifier_1
@@ -473,7 +473,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_authority_key_identifier: yes
ownca_create_authority_key_identifier: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_authority_key_identifier_2
@@ -485,7 +485,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_authority_key_identifier: no
ownca_create_authority_key_identifier: false
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_authority_key_identifier_3
@@ -497,7 +497,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_authority_key_identifier: no
ownca_create_authority_key_identifier: false
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_authority_key_identifier_4
@@ -509,7 +509,7 @@
ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_authority_key_identifier: yes
ownca_create_authority_key_identifier: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_authority_key_identifier_5
@@ -523,7 +523,7 @@
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_privatekey
ignore_errors: yes
ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate CSR etc. if private key generation succeeded
when: ownca_certificate_ed25519_ed448_privatekey is not failed
@@ -539,7 +539,7 @@
loop:
- Ed25519
- Ed448
ignore_errors: yes
ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate
x509_certificate:
@@ -554,7 +554,7 @@
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448
ignore_errors: yes
ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent)
x509_certificate:
@@ -569,7 +569,7 @@
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_idempotence
ignore_errors: yes
ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey
openssl_privatekey:
@@ -577,7 +577,7 @@
type: '{{ item }}'
cipher: auto
passphrase: Test123
ignore_errors: yes
ignore_errors: true
loop:
- Ed25519
- Ed448
@@ -589,17 +589,17 @@
privatekey_passphrase: Test123
subject:
commonName: Example CA
useCommonNameForSAN: no
useCommonNameForSAN: false
basic_constraints:
- 'CA:TRUE'
basic_constraints_critical: yes
basic_constraints_critical: true
key_usage:
- cRLSign
- keyCertSign
loop:
- Ed25519
- Ed448
ignore_errors: yes
ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate
x509_certificate:
@@ -612,7 +612,7 @@
loop:
- Ed25519
- Ed448
ignore_errors: yes
ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate
x509_certificate:
@@ -628,7 +628,7 @@
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_2
ignore_errors: yes
ignore_errors: true
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent)
x509_certificate:
@@ -644,7 +644,7 @@
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_2_idempotence
ignore_errors: yes
ignore_errors: true
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=')

2
tests/integration/targets/x509_certificate/tasks/removal.yml
View File

@@ -32,7 +32,7 @@
path: "{{ remote_tmp_dir }}/removal_cert.pem"
state: absent
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: removal_1
- name: "(Removal, {{select_crypto_backend}}) Check that file is gone"

38
tests/integration/targets/x509_certificate/tasks/selfsigned.yml
View File

@@ -23,7 +23,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: selfsigned_certificate_no_csr
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR - idempotency
@@ -33,7 +33,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: selfsigned_certificate_no_csr_idempotence
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR (check mode)
@@ -43,7 +43,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: selfsigned_certificate_no_csr_idempotence_check
- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR
@@ -68,7 +68,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: selfsigned_certificate
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - idempotency
@@ -79,7 +79,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
return_content: true
register: selfsigned_certificate_idempotence
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (check mode)
@@ -90,7 +90,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (check mode, other CSR)
x509_certificate:
@@ -100,7 +100,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: selfsigned_certificate_csr_minimal_change
- name: (Selfsigned, {{select_crypto_backend}}) Get certificate information
@@ -272,7 +272,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_1
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 2)
@@ -284,7 +284,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_2
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 3)
@@ -295,7 +295,7 @@
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
ignore_errors: true
register: passphrase_error_3
- name: (Selfsigned, {{select_crypto_backend}}) Create broken certificate
@@ -318,7 +318,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem'
provider: selfsigned
selfsigned_digest: sha256
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: selfsigned_backup_1
- name: (Selfsigned, {{select_crypto_backend}}) Backup test (idempotent)
@@ -328,7 +328,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem'
provider: selfsigned
selfsigned_digest: sha256
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: selfsigned_backup_2
- name: (Selfsigned, {{select_crypto_backend}}) Backup test (change)
@@ -338,7 +338,7 @@
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
provider: selfsigned
selfsigned_digest: sha256
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: selfsigned_backup_3
- name: (Selfsigned, {{select_crypto_backend}}) Backup test (remove)
@@ -346,7 +346,7 @@
path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem'
state: absent
provider: selfsigned
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: selfsigned_backup_4
- name: (Selfsigned, {{select_crypto_backend}}) Backup test (remove, idempotent)
@@ -354,7 +354,7 @@
path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem'
state: absent
provider: selfsigned
backup: yes
backup: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: selfsigned_backup_5
@@ -423,7 +423,7 @@
- Ed25519
- Ed448
register: selfsigned_certificate_ed25519_ed448_privatekey
ignore_errors: yes
ignore_errors: true
- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR etc. if private key generation succeeded
when: selfsigned_certificate_ed25519_ed448_privatekey is not failed
@@ -439,7 +439,7 @@
loop:
- Ed25519
- Ed448
ignore_errors: yes
ignore_errors: true
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate
x509_certificate:
@@ -453,7 +453,7 @@
- Ed25519
- Ed448
register: selfsigned_certificate_ed25519_ed448
ignore_errors: yes
ignore_errors: true
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - idempotency
x509_certificate:
@@ -467,7 +467,7 @@
- Ed25519
- Ed448
register: selfsigned_certificate_ed25519_ed448_idempotence
ignore_errors: yes
ignore_errors: true
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=')

14
tests/integration/targets/x509_certificate_info/tasks/main.yml
View File

@@ -49,7 +49,7 @@
emailAddress: test@example.com
postalAddress: 1234 Somewhere
postalCode: "1234"
useCommonNameForSAN: no
useCommonNameForSAN: false
key_usage:
- digitalSignature
- keyAgreement
@@ -60,7 +60,7 @@
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
key_usage_critical: true
extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
@@ -86,8 +86,8 @@
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
ocsp_must_staple: yes
basic_constraints_critical: true
ocsp_must_staple: true
subject_key_identifier: '{{ "00:11:22:33" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
authority_cert_issuer: '{{ value_for_authority_cert_issuer if cryptography_version.stdout is version("1.3", ">=") else omit }}'
@@ -102,7 +102,7 @@
path: '{{ remote_tmp_dir }}/csr_2.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem'
privatekey_passphrase: hunter2
useCommonNameForSAN: no
useCommonNameForSAN: false
basic_constraints:
- "CA:TRUE"
@@ -110,7 +110,7 @@
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_3.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no
useCommonNameForSAN: false
subject_alt_name:
- "DNS:*.ansible.com"
- "DNS:*.example.org"
@@ -128,7 +128,7 @@
openssl_csr:
path: '{{ remote_tmp_dir }}/csr_4.csr'
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
useCommonNameForSAN: no
useCommonNameForSAN: false
authority_key_identifier: '{{ "44:55:66:77" if cryptography_version.stdout is version("1.3", ">=") else omit }}'
- name: Generate selfsigned certificates

12
tests/integration/targets/x509_certificate_pipe/tasks/impl.yml
View File

@@ -42,7 +42,7 @@
selfsigned_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: generate_certificate_check
- name: "({{ select_crypto_backend }}) Generate self-signed certificate"
@@ -75,7 +75,7 @@
selfsigned_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: generate_certificate_idempotent_check
- name: "({{ select_crypto_backend }}) Generate self-signed certificate (changed)"
@@ -98,7 +98,7 @@
selfsigned_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert-2.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: generate_certificate_changed_check
- name: "({{ select_crypto_backend }}) Validate certificate (test - privatekey modulus)"
@@ -144,7 +144,7 @@
ownca_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert-3.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: ownca_generate_certificate_check
- name: "({{ select_crypto_backend }}) Generate own CA certificate"
@@ -180,7 +180,7 @@
ownca_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert-3.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: ownca_generate_certificate_idempotent_check
- name: "({{ select_crypto_backend }}) Generate own CA certificate (changed)"
@@ -205,7 +205,7 @@
ownca_not_after: 20191023133742Z
csr_path: '{{ remote_tmp_dir }}/cert-4.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
check_mode: true
register: ownca_generate_certificate_changed_check
- name: "({{ select_crypto_backend }}) Validate certificate (test - privatekey modulus)"

92
tests/integration/targets/x509_crl/tasks/impl.yml
View File

@@ -17,7 +17,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@@ -38,7 +38,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@@ -83,11 +83,11 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
check_mode: yes
check_mode: true
register: crl_1_idem_check
- name: Create CRL 1 (idempotent)
@@ -104,7 +104,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@@ -133,11 +133,11 @@
- content: "{{ slurp.results[2].content | b64decode }}"
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
check_mode: yes
check_mode: true
register: crl_1_idem_content_check
- name: Create CRL 1 (idempotent with content)
@@ -154,7 +154,7 @@
- content: "{{ slurp.results[2].content | b64decode }}"
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@@ -175,11 +175,11 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
check_mode: yes
check_mode: true
register: crl_1_format_check
- name: Create CRL 1 (format)
@@ -197,7 +197,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@@ -218,11 +218,11 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
check_mode: yes
check_mode: true
register: crl_1_format_idem_check
- name: Create CRL 1 (format, idempotent)
@@ -240,11 +240,11 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
return_content: yes
return_content: true
register: crl_1_format_idem
- name: Retrieve CRL 1 infos via file
@@ -277,10 +277,10 @@
- path: '{{ remote_tmp_dir }}/cert-1.pem'
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
check_mode: yes
check_mode: true
register: crl_2_check
- name: Create CRL 2
@@ -298,7 +298,7 @@
- path: '{{ remote_tmp_dir }}/cert-1.pem'
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
register: crl_2
@@ -318,11 +318,11 @@
- path: '{{ remote_tmp_dir }}/cert-1.pem'
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
ignore_timestamps: yes
check_mode: yes
ignore_timestamps: true
check_mode: true
register: crl_2_idem_check
- name: Create CRL 2 (idempotent)
@@ -340,10 +340,10 @@
- path: '{{ remote_tmp_dir }}/cert-1.pem'
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
ignore_timestamps: yes
ignore_timestamps: true
register: crl_2_idem
- name: Create CRL 2 (idempotent update, check mode)
@@ -359,9 +359,9 @@
next_update: +0d
revoked_certificates:
- serial_number: 1235
ignore_timestamps: yes
ignore_timestamps: true
mode: update
check_mode: yes
check_mode: true
register: crl_2_idem_update_change_check
- name: Create CRL 2 (idempotent update)
@@ -377,7 +377,7 @@
next_update: +0d
revoked_certificates:
- serial_number: 1235
ignore_timestamps: yes
ignore_timestamps: true
mode: update
register: crl_2_idem_update_change
@@ -395,11 +395,11 @@
revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
ignore_timestamps: yes
ignore_timestamps: true
mode: update
check_mode: yes
check_mode: true
register: crl_2_idem_update_check
- name: Create CRL 2 (idempotent update)
@@ -416,9 +416,9 @@
revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
ignore_timestamps: yes
ignore_timestamps: true
mode: update
register: crl_2_idem_update
@@ -436,11 +436,11 @@
revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
ignore_timestamps: no
ignore_timestamps: false
mode: update
check_mode: yes
check_mode: true
register: crl_2_change_check
- name: Create CRL 2 (changed timestamps)
@@ -457,11 +457,11 @@
revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
ignore_timestamps: no
ignore_timestamps: false
mode: update
return_content: yes
return_content: true
register: crl_2_change
- name: Read ca-crl2.crl
@@ -490,11 +490,11 @@
revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
ignore_timestamps: true
mode: update
return_content: yes
return_content: true
register: crl_2_change_order_ignore
- name: Create CRL 2 (changed order)
@@ -511,11 +511,11 @@
revoked_certificates:
- path: '{{ remote_tmp_dir }}/cert-2.pem'
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
ignore_timestamps: true
mode: update
return_content: yes
return_content: true
register: crl_2_change_order
- name: Read ca-crl2.crl
@@ -639,7 +639,7 @@
- Ed25519
- Ed448
register: ed25519_ed448_privatekey
ignore_errors: yes
ignore_errors: true
- when: ed25519_ed448_privatekey is not failed
block:
@@ -658,7 +658,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@@ -666,7 +666,7 @@
loop:
- Ed25519
- Ed448
ignore_errors: yes
ignore_errors: true
- name: Create CRL (idempotence)
x509_crl:
@@ -682,7 +682,7 @@
- path: '{{ remote_tmp_dir }}/cert-2.pem'
revocation_date: 20191013000000Z
reason: key_compromise
reason_critical: yes
reason_critical: true
invalidity_date: 20191012000000Z
- serial_number: 1234
revocation_date: 20191001000000Z
@@ -690,6 +690,6 @@
loop:
- Ed25519
- Ed448
ignore_errors: yes
ignore_errors: true
when: cryptography_version.stdout is version('2.6', '>=')

6
tests/integration/targets/x509_crl/tasks/main.yml
View File

@@ -18,11 +18,11 @@
- name: ca
subject:
commonName: Ansible
is_ca: yes
is_ca: true
- name: ca-2
subject:
commonName: Ansible Other CA
is_ca: yes
is_ca: true
- name: cert-1
subject_alt_name:
- DNS:ansible.com
@@ -52,7 +52,7 @@
subject: "{{ item.subject | default(omit) }}"
subject_alt_name: "{{ item.subject_alt_name | default(omit) }}"
basic_constraints: "{{ 'CA:TRUE' if item.is_ca | default(false) else omit }}"
use_common_name_for_san: no
use_common_name_for_san: false
loop: "{{ certificates }}"
- name: Generate CA certificates