Fix linting errors.

2026-03-26 21:33:25 +00:00 · 2025-04-26 09:01:44 +02:00
parent 51a4f76f26
commit 33ef158b09
132 changed files with 2305 additions and 2214 deletions
--- a/.azure-pipelines/templates/matrix.yml
+++ b/.azure-pipelines/templates/matrix.yml
@@ -50,11 +50,11 @@ jobs:
    parameters:
      jobs:
        - ${{ if eq(length(parameters.groups), 0) }}:
          - ${{ each target in parameters.targets }}:
            - name: ${{ format(parameters.nameFormat, coalesce(target.name, target.test)) }}
              test: ${{ format(parameters.testFormat, coalesce(target.test, target.name)) }}
        - ${{ if not(eq(length(parameters.groups), 0)) }}:
          - ${{ each group in parameters.groups }}:
            - ${{ each target in parameters.targets }}:
-              - name: ${{ format(format(parameters.nameGroupFormat, parameters.nameFormat), coalesce(target.name, target.test), group) }}
+                - name: ${{ format(parameters.nameFormat, coalesce(target.name, target.test)) }}
-                test: ${{ format(format(parameters.testGroupFormat, parameters.testFormat), coalesce(target.test, target.name), group) }}
+                  test: ${{ format(parameters.testFormat, coalesce(target.test, target.name)) }}
        - ${{ if not(eq(length(parameters.groups), 0)) }}:
            - ${{ each group in parameters.groups }}:
                - ${{ each target in parameters.targets }}:
                    - name: ${{ format(format(parameters.nameGroupFormat, parameters.nameFormat), coalesce(target.name, target.test), group) }}
                      test: ${{ format(format(parameters.testGroupFormat, parameters.testFormat), coalesce(target.test, target.name), group) }}
--- a/.azure-pipelines/templates/test.yml
+++ b/.azure-pipelines/templates/test.yml
@@ -14,37 +14,37 @@ parameters:
 jobs:
  - ${{ each job in parameters.jobs }}:
-    - job: test_${{ replace(replace(replace(job.test, '/', '_'), '.', '_'), '-', '_') }}
+      - job: test_${{ replace(replace(replace(job.test, '/', '_'), '.', '_'), '-', '_') }}
-      displayName: ${{ job.name }}
+        displayName: ${{ job.name }}
-      container: default
+        container: default
-      workspace:
+        workspace:
-        clean: all
+          clean: all
-      steps:
+        steps:
-        - checkout: self
+          - checkout: self
-          fetchDepth: $(fetchDepth)
+            fetchDepth: $(fetchDepth)
-          path: $(checkoutPath)
+            path: $(checkoutPath)
-        - bash: .azure-pipelines/scripts/run-tests.sh "$(entryPoint)" "${{ job.test }}" "$(coverageBranches)"
+          - bash: .azure-pipelines/scripts/run-tests.sh "$(entryPoint)" "${{ job.test }}" "$(coverageBranches)"
-          displayName: Run Tests
+            displayName: Run Tests
-        - bash: .azure-pipelines/scripts/process-results.sh
+          - bash: .azure-pipelines/scripts/process-results.sh
-          condition: succeededOrFailed()
+            condition: succeededOrFailed()
-          displayName: Process Results
+            displayName: Process Results
-        - bash: .azure-pipelines/scripts/aggregate-coverage.sh "$(Agent.TempDirectory)"
+          - bash: .azure-pipelines/scripts/aggregate-coverage.sh "$(Agent.TempDirectory)"
-          condition: eq(variables.haveCoverageData, 'true')
+            condition: eq(variables.haveCoverageData, 'true')
-          displayName: Aggregate Coverage Data
+            displayName: Aggregate Coverage Data
-        - task: PublishTestResults@2
+          - task: PublishTestResults@2
-          condition: eq(variables.haveTestResults, 'true')
+            condition: eq(variables.haveTestResults, 'true')
-          inputs:
+            inputs:
-            testResultsFiles: "$(outputPath)/junit/*.xml"
+              testResultsFiles: "$(outputPath)/junit/*.xml"
-          displayName: Publish Test Results
+            displayName: Publish Test Results
-        - task: PublishPipelineArtifact@1
+          - task: PublishPipelineArtifact@1
-          condition: eq(variables.haveBotResults, 'true')
+            condition: eq(variables.haveBotResults, 'true')
-          displayName: Publish Bot Results
+            displayName: Publish Bot Results
-          inputs:
+            inputs:
-            targetPath: "$(outputPath)/bot/"
+              targetPath: "$(outputPath)/bot/"
-            artifactName: "Bot $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
+              artifactName: "Bot $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
-        - task: PublishPipelineArtifact@1
+          - task: PublishPipelineArtifact@1
-          condition: eq(variables.haveCoverageData, 'true')
+            condition: eq(variables.haveCoverageData, 'true')
-          displayName: Publish Coverage Data
+            displayName: Publish Coverage Data
-          inputs:
+            inputs:
-            targetPath: "$(Agent.TempDirectory)/coverage/"
+              targetPath: "$(Agent.TempDirectory)/coverage/"
-            artifactName: "Coverage $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
+              artifactName: "Coverage $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
--- a/.github/workflows/ansible-test.yml
+++ b/.github/workflows/ansible-test.yml
@@ -7,7 +7,7 @@
 # https://github.com/marketplace/actions/ansible-test
 name: EOL CI
-on:
+'on':
  # Run EOL CI against all pushes (direct commits, also merged PRs), Pull Requests
  push:
    branches:
--- a/.github/workflows/docs-pr.yml
+++ b/.github/workflows/docs-pr.yml
@@ -7,7 +7,7 @@ name: Collection Docs
 concurrency:
  group: docs-pr-${{ github.head_ref }}
  cancel-in-progress: true
-on:
+'on':
  pull_request_target:
    types: [opened, synchronize, reopened, closed]
--- a/.github/workflows/docs-push.yml
+++ b/.github/workflows/docs-push.yml
@@ -7,7 +7,7 @@ name: Collection Docs
 concurrency:
  group: docs-push-${{ github.sha }}
  cancel-in-progress: true
-on:
+'on':
  push:
    branches:
      - main
--- a/.github/workflows/ee.yml
+++ b/.github/workflows/ee.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 name: execution environment
-on:
+'on':
  # Run CI against all pushes (direct commits, also merged PRs), Pull Requests
  push:
    branches:
--- a/antsibull-nox.toml
+++ b/antsibull-nox.toml
@@ -42,3 +42,5 @@ doc_fragment = "community.crypto.attributes.actiongroup_acme"
 [sessions.build_import_check]
 run_galaxy_importer = true
 # [sessions.ansible_lint]
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -16,7 +16,7 @@ license:
  - BSD-2-Clause
  - BSD-3-Clause
  - PSF-2.0
-#license_file: COPYING
+# license_file: COPYING
 tags:
  - acme
  - certificate
--- a/plugins/filter/gpg_fingerprint.py
+++ b/plugins/filter/gpg_fingerprint.py
@@ -27,6 +27,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Show fingerprint of GPG public key
  ansible.builtin.debug:
    msg: "{{ lookup('file', '/path/to/public_key.gpg') | community.crypto.gpg_fingerprint }}"
--- a/plugins/filter/openssl_csr_info.py
+++ b/plugins/filter/openssl_csr_info.py
@@ -31,6 +31,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Show the Subject Alt Names of the CSR
  ansible.builtin.debug:
    msg: >-
--- a/plugins/filter/openssl_privatekey_info.py
+++ b/plugins/filter/openssl_privatekey_info.py
@@ -40,6 +40,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Show the Subject Alt Names of the CSR
  ansible.builtin.debug:
    msg: >-
--- a/plugins/filter/openssl_publickey_info.py
+++ b/plugins/filter/openssl_publickey_info.py
@@ -27,6 +27,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Show the type of a public key
  ansible.builtin.debug:
    msg: >-
--- a/plugins/filter/parse_serial.py
+++ b/plugins/filter/parse_serial.py
@@ -27,6 +27,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Parse serial number
  ansible.builtin.debug:
    msg: "{{ '11:22:33' | community.crypto.parse_serial }}"
--- a/plugins/filter/split_pem.py
+++ b/plugins/filter/split_pem.py
@@ -24,6 +24,7 @@ options:
 """
 EXAMPLES = r"""
 ---
 - name: Print all CA certificates
  ansible.builtin.debug:
    msg: '{{ item }}'
--- a/plugins/filter/to_serial.py
+++ b/plugins/filter/to_serial.py
@@ -25,6 +25,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Convert integer to serial number
  ansible.builtin.debug:
    msg: "{{ 1234567 | community.crypto.to_serial }}"
--- a/plugins/filter/x509_certificate_info.py
+++ b/plugins/filter/x509_certificate_info.py
@@ -31,6 +31,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Show the Subject Alt Names of the certificate
  ansible.builtin.debug:
    msg: >-
--- a/plugins/filter/x509_crl_info.py
+++ b/plugins/filter/x509_crl_info.py
@@ -39,6 +39,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Show the Organization Name of the CRL's subject
  ansible.builtin.debug:
    msg: >-
--- a/plugins/lookup/gpg_fingerprint.py
+++ b/plugins/lookup/gpg_fingerprint.py
@@ -28,6 +28,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Show fingerprint of GPG public key
  ansible.builtin.debug:
    msg: "{{ lookup('community.crypto.gpg_fingerprint', '/path/to/public_key.gpg') }}"
--- a/plugins/modules/acme_account.py
+++ b/plugins/modules/acme_account.py
@@ -130,6 +130,7 @@ options:
 """
 EXAMPLES = r"""
 ---
 - name: Make sure account exists and has given contacts. We agree to TOS.
  community.crypto.acme_account:
    account_key_src: /etc/pki/cert/private/account.key
--- a/plugins/modules/acme_account_info.py
+++ b/plugins/modules/acme_account_info.py
@@ -47,6 +47,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Check whether an account with the given account key exists
  community.crypto.acme_account_info:
    account_key_src: /etc/pki/cert/private/account.key
--- a/plugins/modules/acme_ari_info.py
+++ b/plugins/modules/acme_ari_info.py
@@ -44,6 +44,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Retrieve renewal information for a certificate
  community.crypto.acme_ari_info:
    certificate_path: /etc/httpd/ssl/sample.com.crt
--- a/plugins/modules/acme_certificate.py
+++ b/plugins/modules/acme_certificate.py
@@ -302,6 +302,7 @@ options:
 """
 EXAMPLES = r"""
 ---
 ### Example with HTTP challenge ###
 - name: Create a challenge for sample.com using a account key from a variable.
@@ -356,6 +357,7 @@ EXAMPLES = r"""
    chain_dest: /etc/httpd/ssl/sample.com-intermediate.crt
    data: "{{ sample_com_challenge }}"
 ---
 ### Example with DNS challenge against production ACME server ###
 - name: Create a challenge for sample.com using a account key file.
--- a/plugins/modules/acme_certificate_deactivate_authz.py
+++ b/plugins/modules/acme_certificate_deactivate_authz.py
@@ -45,6 +45,7 @@ options:
 """
 EXAMPLES = r"""
 ---
 - name: Deactivate all authzs for an order
  community.crypto.acme_certificate_deactivate_authz:
    account_key_content: "{{ account_private_key }}"
--- a/plugins/modules/acme_certificate_order_create.py
+++ b/plugins/modules/acme_certificate_order_create.py
@@ -10,7 +10,6 @@ __metaclass__ = type
 DOCUMENTATION = '''
 ---
 module: acme_certificate_order_create
 author: Felix Fontein (@felixfontein)
 version_added: 2.24.0
@@ -160,6 +159,7 @@ options:
 '''
 EXAMPLES = r'''
 ---
 ### Example with HTTP-01 challenge ###
 - name: Create a challenge for sample.com using a account key from a variable
@@ -207,6 +207,7 @@ EXAMPLES = r'''
    fullchain_dest: /etc/httpd/ssl/sample.com-fullchain.crt
    chain_dest: /etc/httpd/ssl/sample.com-intermediate.crt
 ---
 ### Example with DNS challenge against production ACME server ###
 - name: Create a challenge for sample.com using a account key file.
--- a/plugins/modules/acme_certificate_order_finalize.py
+++ b/plugins/modules/acme_certificate_order_finalize.py
@@ -10,7 +10,6 @@ __metaclass__ = type
 DOCUMENTATION = '''
 ---
 module: acme_certificate_order_finalize
 author: Felix Fontein (@felixfontein)
 version_added: 2.24.0
@@ -172,6 +171,7 @@ options:
 '''
 EXAMPLES = r'''
 ---
 ### Example with HTTP-01 challenge ###
 - name: Create a challenge for sample.com using a account key from a variable
@@ -219,6 +219,7 @@ EXAMPLES = r'''
    fullchain_dest: /etc/httpd/ssl/sample.com-fullchain.crt
    chain_dest: /etc/httpd/ssl/sample.com-intermediate.crt
 ---
 ### Example with DNS challenge against production ACME server ###
 - name: Create a challenge for sample.com using a account key file.
--- a/plugins/modules/acme_certificate_order_info.py
+++ b/plugins/modules/acme_certificate_order_info.py
@@ -10,7 +10,6 @@ __metaclass__ = type
 DOCUMENTATION = '''
 ---
 module: acme_certificate_order_info
 author: Felix Fontein (@felixfontein)
 version_added: 2.24.0
@@ -59,6 +58,7 @@ options:
 '''
 EXAMPLES = r'''
 ---
 - name: Create a challenge for sample.com using a account key from a variable
  community.crypto.acme_certificate_order_create:
    account_key_content: "{{ account_private_key }}"
--- a/plugins/modules/acme_certificate_order_validate.py
+++ b/plugins/modules/acme_certificate_order_validate.py
@@ -10,7 +10,6 @@ __metaclass__ = type
 DOCUMENTATION = '''
 ---
 module: acme_certificate_order_validate
 author: Felix Fontein (@felixfontein)
 version_added: 2.24.0
@@ -97,6 +96,7 @@ options:
 '''
 EXAMPLES = r'''
 ---
 ### Example with HTTP-01 challenge ###
 - name: Create a challenge for sample.com using a account key from a variable
@@ -144,6 +144,7 @@ EXAMPLES = r'''
    fullchain_dest: /etc/httpd/ssl/sample.com-fullchain.crt
    chain_dest: /etc/httpd/ssl/sample.com-intermediate.crt
 ---
 ### Example with DNS challenge against production ACME server ###
 - name: Create a challenge for sample.com using a account key file.
--- a/plugins/modules/acme_certificate_renewal_info.py
+++ b/plugins/modules/acme_certificate_renewal_info.py
@@ -97,6 +97,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Retrieve renewal information for a certificate
  community.crypto.acme_certificate_renewal_info:
    certificate_path: /etc/httpd/ssl/sample.com.crt
--- a/plugins/modules/acme_certificate_revoke.py
+++ b/plugins/modules/acme_certificate_revoke.py
@@ -99,6 +99,7 @@ options:
 """
 EXAMPLES = r"""
 ---
 - name: Revoke certificate with account key
  community.crypto.acme_certificate_revoke:
    account_key_src: /etc/pki/cert/private/account.key
--- a/plugins/modules/acme_challenge_cert_helper.py
+++ b/plugins/modules/acme_challenge_cert_helper.py
@@ -74,6 +74,7 @@ options:
 """
 EXAMPLES = r"""
 ---
 - name: Create challenges for a given CRT for sample.com
  community.crypto.acme_certificate:
    account_key_src: /etc/pki/cert/private/account.key
--- a/plugins/modules/acme_inspect.py
+++ b/plugins/modules/acme_inspect.py
@@ -77,6 +77,7 @@ options:
 """
 EXAMPLES = r"""
 ---
 - name: Get directory
  community.crypto.acme_inspect:
    acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
@@ -181,24 +182,43 @@ directory:
  description: The ACME directory's content.
  returned: always
  type: dict
-  sample: {"a85k3x9f91A4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
+  sample: {
    "a85k3x9f91A4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
    "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
-    "meta": {"caaIdentities": ["letsencrypt.org"], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
+    "meta": {
-      "website": "https://letsencrypt.org"},
+      "caaIdentities": ["letsencrypt.org"],
      "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
      "website": "https://letsencrypt.org",
    },
    "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
    "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
    "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
-    "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"}
+    "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
  }
 headers:
  description: The request's HTTP headers (with lowercase keys).
  returned: always
  type: dict
-  sample: {"boulder-requester": "12345", "cache-control": "max-age=0, no-cache, no-store", "connection": "close", "content-length": "904",
+  sample: {
-    "content-type": "application/json", "cookies": {}, "cookies_string": "", "date": "Wed, 07 Nov 2018 12:34:56 GMT", "expires": "Wed,
+    "boulder-requester": "12345",
-      07 Nov 2018 12:44:56 GMT", "link": '<https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel="terms-of-service"',
+    "cache-control": "max-age=0, no-cache, no-store",
-    "msg": "OK (904 bytes)", "pragma": "no-cache", "replay-nonce": "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGH", "server": "nginx",
+    "connection": "close",
-    "status": 200, "strict-transport-security": "max-age=604800", "url": "https://acme-v02.api.letsencrypt.org/acme/acct/46161",
+    "content-length": "904",
-    "x-frame-options": "DENY"}
+    "content-type": "application/json",
    "cookies": {},
    "cookies_string": "",
    "date": "Wed, 07 Nov 2018 12:34:56 GMT",
    "expires": "Wed, 07 Nov 2018 12:44:56 GMT",
    "link": '<https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel="terms-of-service"',
    "msg": "OK (904 bytes)",
    "pragma": "no-cache",
    "replay-nonce": "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGH",
    "server": "nginx",
    "status": 200,
    "strict-transport-security": "max-age=604800",
    "url": "https://acme-v02.api.letsencrypt.org/acme/acct/46161",
    "x-frame-options": "DENY",
  }
 output_text:
  description: The raw text output.
  returned: always
--- a/plugins/modules/certificate_complete_chain.py
+++ b/plugins/modules/certificate_complete_chain.py
@@ -67,6 +67,7 @@ options:
 EXAMPLES = r"""
 ---
 # Given a leaf certificate for www.ansible.com and one or more intermediate
 # certificates, finds the associated root certificate.
 - name: Find root certificate
--- a/plugins/modules/crypto_info.py
+++ b/plugins/modules/crypto_info.py
@@ -26,6 +26,7 @@ options: {}
 """
 EXAMPLES = r"""
 ---
 - name: Retrieve information
  community.crypto.crypto_info:
    account_key_src: /etc/pki/cert/private/account.key
--- a/plugins/modules/ecs_certificate.py
+++ b/plugins/modules/ecs_certificate.py
@@ -140,8 +140,21 @@ options:
      - If a certificate is being reissued or renewed, this parameter is ignored, and the O(cert_type) of the initial certificate
        is used.
    type: str
-    choices: ['STANDARD_SSL', 'ADVANTAGE_SSL', 'UC_SSL', 'EV_SSL', 'WILDCARD_SSL', 'PRIVATE_SSL', 'PD_SSL', 'CODE_SIGNING',
+    choices:
-      'EV_CODE_SIGNING', 'CDS_INDIVIDUAL', 'CDS_GROUP', 'CDS_ENT_LITE', 'CDS_ENT_PRO', 'SMIME_ENT']
+      - STANDARD_SSL
      - ADVANTAGE_SSL
      - UC_SSL
      - EV_SSL
      - WILDCARD_SSL
      - PRIVATE_SSL
      - PD_SSL
      - CODE_SIGNING
      - EV_CODE_SIGNING
      - CDS_INDIVIDUAL
      - CDS_GROUP
      - CDS_ENT_LITE
      - CDS_ENT_PRO
      - SMIME_ENT
  subject_alt_name:
    description:
      - The subject alternative name identifiers, as an array of values (applies to O(cert_type) with a value of V(STANDARD_SSL),
@@ -377,6 +390,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Request a new certificate from Entrust with bare minimum parameters. Will request a new certificate if current one
    is valid but within 30 days of expiry. If replacing an existing file in path, will back it up.
  community.crypto.ecs_certificate:
--- a/plugins/modules/ecs_domain.py
+++ b/plugins/modules/ecs_domain.py
@@ -100,6 +100,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Request domain validation using email validation for client ID of 2.
  community.crypto.ecs_domain:
    domain_name: ansible.com
--- a/plugins/modules/get_certificate.py
+++ b/plugins/modules/get_certificate.py
@@ -220,6 +220,7 @@ unverified_chain:
 """
 EXAMPLES = r"""
 ---
 - name: Get the cert from an RDP port
  community.crypto.get_certificate:
    host: "1.2.3.4"
--- a/plugins/modules/luks_device.py
+++ b/plugins/modules/luks_device.py
@@ -290,6 +290,7 @@ author: Jan Pokorny (@japokorn)
 """
 EXAMPLES = r"""
 ---
 - name: Create LUKS container (remains unchanged if it already exists)
  community.crypto.luks_device:
    device: "/dev/loop0"
--- a/plugins/modules/openssh_cert.py
+++ b/plugins/modules/openssh_cert.py
@@ -201,6 +201,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Generate an OpenSSH user certificate that is valid forever and for all users
  community.crypto.openssh_cert:
    type: user
--- a/plugins/modules/openssh_keypair.py
+++ b/plugins/modules/openssh_keypair.py
@@ -142,6 +142,7 @@ notes:
 """
 EXAMPLES = r"""
 ---
 - name: Generate an OpenSSH keypair with the default values (4096 bits, rsa)
  community.crypto.openssh_keypair:
    path: /tmp/id_ssh_rsa
--- a/plugins/modules/openssl_csr.py
+++ b/plugins/modules/openssl_csr.py
@@ -72,6 +72,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Generate an OpenSSL Certificate Signing Request
  community.crypto.openssl_csr:
    path: /etc/ssl/csr/www.ansible.com.csr
--- a/plugins/modules/openssl_csr_info.py
+++ b/plugins/modules/openssl_csr_info.py
@@ -59,6 +59,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Generate an OpenSSL Certificate Signing Request
  community.crypto.openssl_csr:
    path: /etc/ssl/csr/www.ansible.com.csr
--- a/plugins/modules/openssl_csr_pipe.py
+++ b/plugins/modules/openssl_csr_pipe.py
@@ -49,6 +49,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Generate an OpenSSL Certificate Signing Request
  community.crypto.openssl_csr_pipe:
    privatekey_path: /etc/ssl/private/ansible.com.pem
--- a/plugins/modules/openssl_dhparam.py
+++ b/plugins/modules/openssl_dhparam.py
@@ -92,6 +92,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Generate Diffie-Hellman parameters with the default size (4096 bits)
  community.crypto.openssl_dhparam:
    path: /etc/ssl/dhparams.pem
--- a/plugins/modules/openssl_pkcs12.py
+++ b/plugins/modules/openssl_pkcs12.py
@@ -187,6 +187,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Generate PKCS#12 file
  community.crypto.openssl_pkcs12:
    action: export
--- a/plugins/modules/openssl_privatekey.py
+++ b/plugins/modules/openssl_privatekey.py
@@ -77,6 +77,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
  community.crypto.openssl_privatekey:
    path: /etc/ssl/private/ansible.com.pem
--- a/plugins/modules/openssl_privatekey_convert.py
+++ b/plugins/modules/openssl_privatekey_convert.py
@@ -45,6 +45,7 @@ seealso: []
 """
 EXAMPLES = r"""
 ---
 - name: Convert private key to PKCS8 format with passphrase
  community.crypto.openssl_privatekey_convert:
    src_path: /etc/ssl/private/ansible.com.pem
--- a/plugins/modules/openssl_privatekey_info.py
+++ b/plugins/modules/openssl_privatekey_info.py
@@ -81,6 +81,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
  community.crypto.openssl_privatekey:
    path: /etc/ssl/private/ansible.com.pem
--- a/plugins/modules/openssl_privatekey_pipe.py
+++ b/plugins/modules/openssl_privatekey_pipe.py
@@ -86,6 +86,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
  community.crypto.openssl_privatekey_pipe:
  register: output
--- a/plugins/modules/openssl_publickey.py
+++ b/plugins/modules/openssl_publickey.py
@@ -110,6 +110,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Generate an OpenSSL public key in PEM format
  community.crypto.openssl_publickey:
    path: /etc/ssl/public/ansible.com.pem
--- a/plugins/modules/openssl_publickey_info.py
+++ b/plugins/modules/openssl_publickey_info.py
@@ -53,6 +53,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
  community.crypto.openssl_privatekey:
    path: /etc/ssl/private/ansible.com.pem
--- a/plugins/modules/openssl_signature.py
+++ b/plugins/modules/openssl_signature.py
@@ -75,6 +75,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Sign example file
  community.crypto.openssl_signature:
    privatekey_path: private.key
--- a/plugins/modules/openssl_signature_info.py
+++ b/plugins/modules/openssl_signature_info.py
@@ -64,6 +64,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Sign example file
  community.crypto.openssl_signature:
    privatekey_path: private.key
--- a/plugins/modules/x509_certificate.py
+++ b/plugins/modules/x509_certificate.py
@@ -95,6 +95,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Generate a Self Signed OpenSSL certificate
  community.crypto.x509_certificate:
    path: /etc/ssl/crt/ansible.com.crt
--- a/plugins/modules/x509_certificate_convert.py
+++ b/plugins/modules/x509_certificate_convert.py
@@ -93,6 +93,7 @@ requirements:
 """
 EXAMPLES = r"""
 ---
 - name: Convert PEM X.509 certificate to DER format
  community.crypto.x509_certificate_convert:
    src_path: /etc/ssl/cert/ansible.com.pem
--- a/plugins/modules/x509_certificate_info.py
+++ b/plugins/modules/x509_certificate_info.py
@@ -79,6 +79,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Generate a Self Signed OpenSSL certificate
  community.crypto.x509_certificate:
    path: /etc/ssl/crt/ansible.com.crt
--- a/plugins/modules/x509_certificate_pipe.py
+++ b/plugins/modules/x509_certificate_pipe.py
@@ -55,6 +55,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Generate a Self Signed OpenSSL certificate
  community.crypto.x509_certificate_pipe:
    provider: selfsigned
--- a/plugins/modules/x509_crl.py
+++ b/plugins/modules/x509_crl.py
@@ -292,6 +292,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Generate a CRL
  community.crypto.x509_crl:
    path: /etc/ssl/my-ca.crl
--- a/plugins/modules/x509_crl_info.py
+++ b/plugins/modules/x509_crl_info.py
@@ -57,6 +57,7 @@ seealso:
 """
 EXAMPLES = r"""
 ---
 - name: Get information on CRL
  community.crypto.x509_crl_info:
    path: /etc/ssl/my-ca.crl
--- a/tests/ee/all.yml
+++ b/tests/ee/all.yml
@@ -36,13 +36,13 @@
        state: directory
    - block:
-      - name: Include all roles
+        - name: Include all roles
-        ansible.builtin.include_role:
+          ansible.builtin.include_role:
-          name: "{{ item }}"
+            name: "{{ item }}"
-        loop: "{{ result.files | map(attribute='path') | map('regex_replace', '.*/', '') | sort }}"
+          loop: "{{ result.files | map(attribute='path') | map('regex_replace', '.*/', '') | sort }}"
      always:
-      - name: Remove output directory
+        - name: Remove output directory
-        ansible.builtin.file:
+          ansible.builtin.file:
-          path: "{{ output_path }}"
+            path: "{{ output_path }}"
-          state: absent
+            state: absent
--- a/tests/ee/roles/luks_device/tasks/main.yml
+++ b/tests/ee/roles/luks_device/tasks/main.yml
@@ -23,27 +23,27 @@
  # supports working with container files directly.
  when: false
  block:
-  - name: Create lookback device
+    - name: Create lookback device
-    command: losetup -f {{ cryptfile_path }}
+      command: losetup -f {{ cryptfile_path }}
-  - name: Determine loop device name
+    - name: Determine loop device name
-    command: losetup -j {{ cryptfile_path }} --output name
+      command: losetup -j {{ cryptfile_path }} --output name
-    register: cryptfile_device_output
+      register: cryptfile_device_output
-  - set_fact:
+    - set_fact:
-      cryptfile_device: "{{ cryptfile_device_output.stdout_lines[1] }}"
+        cryptfile_device: "{{ cryptfile_device_output.stdout_lines[1] }}"
-  - name: Create LUKS container
+    - name: Create LUKS container
-    community.crypto.luks_device:
+      community.crypto.luks_device:
-      device: "{{ cryptfile_device }}"
+        device: "{{ cryptfile_device }}"
-      # device: "{{ cryptfile_path }}"
+        # device: "{{ cryptfile_path }}"
-      state: present
+        state: present
-      keyfile: "{{ keyfile_path }}"
+        keyfile: "{{ keyfile_path }}"
-      pbkdf:
+        pbkdf:
-        iteration_time: 0.1
+          iteration_time: 0.1
-  - name: Destroy LUKS container
+    - name: Destroy LUKS container
-    community.crypto.luks_device:
+      community.crypto.luks_device:
-      device: "{{ cryptfile_device }}"
+        device: "{{ cryptfile_device }}"
-      # device: "{{ cryptfile_path }}"
+        # device: "{{ cryptfile_path }}"
-      state: absent
+        state: absent
--- a/tests/ee/roles/smoke/tasks/main.yml
+++ b/tests/ee/roles/smoke/tasks/main.yml
@@ -7,7 +7,7 @@
  smoke_ipaddress:
  register: result
- name: Validate result 
+- name: Validate result
  assert:
    that:
      - result.msg == 'Everything is ok'
@@ -16,7 +16,7 @@
  smoke_pyyaml:
  register: result
- name: Validate result 
+- name: Validate result
  assert:
    that:
      - result.msg == 'Everything is ok'
--- a/tests/integration/requirements.yml
+++ b/tests/integration/requirements.yml
@@ -4,5 +4,5 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 collections:
- community.general
+  - community.general
- community.internal_test_tools
+  - community.internal_test_tools
--- a/tests/integration/targets/acme_account/tasks/impl.yml
+++ b/tests/integration/targets/acme_account/tasks/impl.yml
@@ -4,21 +4,21 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - block:
-  - name: Generate account keys
+    - name: Generate account keys
-    openssl_privatekey:
+      openssl_privatekey:
-      path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
+        path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
-      passphrase: "{{ item.pass | default(omit) | default(omit, true) }}"
+        passphrase: "{{ item.pass | default(omit) | default(omit, true) }}"
-      type: ECC
+        type: ECC
-      curve: secp256r1
+        curve: secp256r1
-      force: true
+        force: true
-    loop: "{{ account_keys }}"
+      loop: "{{ account_keys }}"
-  - name: Parse account keys (to ease debugging some test failures)
+    - name: Parse account keys (to ease debugging some test failures)
-    openssl_privatekey_info:
+      openssl_privatekey_info:
-      path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
+        path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
-      passphrase: "{{ item.pass | default(omit) | default(omit, true) }}"
+        passphrase: "{{ item.pass | default(omit) | default(omit, true) }}"
-      return_private_key_data: true
+        return_private_key_data: true
-    loop: "{{ account_keys }}"
+      loop: "{{ account_keys }}"
  vars:
    account_keys:
@@ -52,7 +52,7 @@
    allow_creation: true
    terms_agreed: true
    contact:
-    - mailto:example@example.org
+      - mailto:example@example.org
  check_mode: true
  diff: true
  register: account_created_check
@@ -68,7 +68,7 @@
    allow_creation: true
    terms_agreed: true
    contact:
-    - mailto:example@example.org
+      - mailto:example@example.org
  register: account_created
 - name: Create it now (idempotent)
@@ -82,7 +82,7 @@
    allow_creation: true
    terms_agreed: true
    contact:
-    - mailto:example@example.org
+      - mailto:example@example.org
  register: account_created_idempotent
 - name: Read account key
@@ -100,7 +100,7 @@
    state: present
    # allow_creation: false
    contact:
-    - mailto:example@example.com
+      - mailto:example@example.com
  check_mode: true
  diff: true
  register: account_modified_check
@@ -115,7 +115,7 @@
    state: present
    # allow_creation: false
    contact:
-    - mailto:example@example.com
+      - mailto:example@example.com
  register: account_modified
 - name: Change email address (idempotent)
@@ -129,7 +129,7 @@
    state: present
    # allow_creation: false
    contact:
-    - mailto:example@example.com
+      - mailto:example@example.com
  register: account_modified_idempotent
 - name: Cannot access account with wrong URI
@@ -194,7 +194,7 @@
    new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
    state: changed_key
    contact:
-    - mailto:example@example.com
+      - mailto:example@example.com
  check_mode: true
  diff: true
  register: account_change_key_check
@@ -210,7 +210,7 @@
    new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
    state: changed_key
    contact:
-    - mailto:example@example.com
+      - mailto:example@example.com
  register: account_change_key
 - name: Deactivate account (check mode, diff)
@@ -284,7 +284,7 @@
    allow_creation: true
    terms_agreed: true
    contact:
-    - mailto:example@example.org
+      - mailto:example@example.org
    external_account_binding:
      kid: "{{ item.kid }}"
      alg: "{{ item.alg }}"
--- a/tests/integration/targets/acme_account/tasks/main.yml
+++ b/tests/integration/targets/acme_account/tasks/main.yml
@@ -9,12 +9,12 @@
 ####################################################################
 - block:
-  - name: Running tests with OpenSSL backend
+    - name: Running tests with OpenSSL backend
-    include_tasks: impl.yml
+      include_tasks: impl.yml
-    vars:
+      vars:
-      select_crypto_backend: openssl
+        select_crypto_backend: openssl
-  - import_tasks: ../tests/validate.yml
+    - import_tasks: ../tests/validate.yml
  # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
  when: openssl_version.stdout is version('1.0.0', '>=')
@@ -30,11 +30,11 @@
    state: directory
 - block:
-  - name: Running tests with cryptography backend
+    - name: Running tests with cryptography backend
-    include_tasks: impl.yml
+      include_tasks: impl.yml
-    vars:
+      vars:
-      select_crypto_backend: cryptography
+        select_crypto_backend: cryptography
-  - import_tasks: ../tests/validate.yml
+    - import_tasks: ../tests/validate.yml
  when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_account_info/tasks/impl.yml
+++ b/tests/integration/targets/acme_account_info/tasks/impl.yml
@@ -4,19 +4,19 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - block:
-  - name: Generate account keys
+    - name: Generate account keys
-    openssl_privatekey:
+      openssl_privatekey:
-      path: "{{ remote_tmp_dir }}/{{ item }}.pem"
+        path: "{{ remote_tmp_dir }}/{{ item }}.pem"
-      type: ECC
+        type: ECC
-      curve: secp256r1
+        curve: secp256r1
-      force: true
+        force: true
-    loop: "{{ account_keys }}"
+      loop: "{{ account_keys }}"
-  - name: Parse account keys (to ease debugging some test failures)
+    - name: Parse account keys (to ease debugging some test failures)
-    openssl_privatekey_info:
+      openssl_privatekey_info:
-      path: "{{ remote_tmp_dir }}/{{ item }}.pem"
+        path: "{{ remote_tmp_dir }}/{{ item }}.pem"
-      return_private_key_data: true
+        return_private_key_data: true
-    loop: "{{ account_keys }}"
+      loop: "{{ account_keys }}"
  vars:
    account_keys:
@@ -43,7 +43,7 @@
    allow_creation: true
    terms_agreed: true
    contact:
-    - mailto:example@example.org
+      - mailto:example@example.org
 - name: Check that account exists
  acme_account_info:
--- a/tests/integration/targets/acme_account_info/tasks/main.yml
+++ b/tests/integration/targets/acme_account_info/tasks/main.yml
@@ -9,12 +9,12 @@
 ####################################################################
 - block:
-  - name: Running tests with OpenSSL backend
+    - name: Running tests with OpenSSL backend
-    include_tasks: impl.yml
+      include_tasks: impl.yml
-    vars:
+      vars:
-      select_crypto_backend: openssl
+        select_crypto_backend: openssl
-  - import_tasks: ../tests/validate.yml
+    - import_tasks: ../tests/validate.yml
  # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
  when: openssl_version.stdout is version('1.0.0', '>=')
@@ -30,11 +30,11 @@
    state: directory
 - block:
-  - name: Running tests with cryptography backend
+    - name: Running tests with cryptography backend
-    include_tasks: impl.yml
+      include_tasks: impl.yml
-    vars:
+      vars:
-      select_crypto_backend: cryptography
+        select_crypto_backend: cryptography
-  - import_tasks: ../tests/validate.yml
+    - import_tasks: ../tests/validate.yml
  when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_ari_info/tasks/impl.yml
+++ b/tests/integration/targets/acme_ari_info/tasks/impl.yml
@@ -5,14 +5,14 @@
 ## SET UP ACCOUNT KEYS ########################################################################
 - block:
-  - name: Generate account keys
+    - name: Generate account keys
-    openssl_privatekey:
+      openssl_privatekey:
-      path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
+        path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
-      type: "{{ item.type }}"
+        type: "{{ item.type }}"
-      size: "{{ item.size | default(omit) }}"
+        size: "{{ item.size | default(omit) }}"
-      curve: "{{ item.curve | default(omit) }}"
+        curve: "{{ item.curve | default(omit) }}"
-      force: true
+        force: true
-    loop: "{{ account_keys }}"
+      loop: "{{ account_keys }}"
  vars:
    account_keys:
--- a/tests/integration/targets/acme_ari_info/tasks/main.yml
+++ b/tests/integration/targets/acme_ari_info/tasks/main.yml
@@ -13,12 +13,12 @@
  when: acme_supports_ari
  block:
    - block:
-      - name: Running tests with OpenSSL backend
+        - name: Running tests with OpenSSL backend
-        include_tasks: impl.yml
+          include_tasks: impl.yml
-        vars:
+          vars:
-          select_crypto_backend: openssl
+            select_crypto_backend: openssl
-      - import_tasks: ../tests/validate.yml
+        - import_tasks: ../tests/validate.yml
      # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
      when: openssl_version.stdout is version('1.0.0', '>=')
@@ -34,11 +34,11 @@
        state: directory
    - block:
-      - name: Running tests with cryptography backend
+        - name: Running tests with cryptography backend
-        include_tasks: impl.yml
+          include_tasks: impl.yml
-        vars:
+          vars:
-          select_crypto_backend: cryptography
+            select_crypto_backend: cryptography
-      - import_tasks: ../tests/validate.yml
+        - import_tasks: ../tests/validate.yml
      when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_certificate/tasks/impl.yml
+++ b/tests/integration/targets/acme_certificate/tasks/impl.yml
@@ -5,14 +5,14 @@
 ## SET UP ACCOUNT KEYS ########################################################################
 - block:
-  - name: Generate account keys
+    - name: Generate account keys
-    openssl_privatekey:
+      openssl_privatekey:
-      path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
+        path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
-      type: "{{ item.type }}"
+        type: "{{ item.type }}"
-      size: "{{ item.size | default(omit) }}"
+        size: "{{ item.size | default(omit) }}"
-      curve: "{{ item.curve | default(omit) }}"
+        curve: "{{ item.curve | default(omit) }}"
-      force: true
+        force: true
-    loop: "{{ account_keys }}"
+      loop: "{{ account_keys }}"
  vars:
    account_keys:
@@ -25,6 +25,7 @@
      - name: account-rsa
        type: RSA
        size: "{{ default_rsa_key_size }}"
 ## SET UP ACCOUNTS ############################################################################
 - name: Make sure ECC256 account hasn't been created yet
  acme_account:
@@ -49,8 +50,8 @@
    allow_creation: true
    terms_agreed: true
    contact:
-    - mailto:example@example.org
+      - mailto:example@example.org
-    - mailto:example@example.com
+      - mailto:example@example.com
 - name: Create RSA account
  acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
@@ -62,6 +63,7 @@
    allow_creation: true
    terms_agreed: true
    contact: []
 ## OBTAIN CERTIFICATES ########################################################################
 - name: Obtain cert 1
  include_tasks: obtain-cert.yml
@@ -272,97 +274,98 @@
    cert_5_recreate_3: "{{ challenge_data is changed }}"
    cert_5d_obtain_results: "{{ certificate_obtain_result }}"
 - block:
-  - name: Obtain cert 6
+    - name: Obtain cert 6
-    include_tasks: obtain-cert.yml
+      include_tasks: obtain-cert.yml
-    vars:
+      vars:
-      certgen_title: Certificate 6
+        certgen_title: Certificate 6
-      certificate_name: cert-6
+        certificate_name: cert-6
-      key_type: rsa
+        key_type: rsa
-      rsa_bits: "{{ default_rsa_key_size }}"
+        rsa_bits: "{{ default_rsa_key_size }}"
-      subject_alt_name: "DNS:example.org"
+        subject_alt_name: "DNS:example.org"
-      subject_alt_name_critical: false
+        subject_alt_name_critical: false
-      account_key: account-ec256
+        account_key: account-ec256
-      challenge: tls-alpn-01
+        challenge: tls-alpn-01
-      modify_account: true
+        modify_account: true
-      deactivate_authzs: false
+        deactivate_authzs: false
-      force: false
+        force: false
-      remaining_days: 1
+        remaining_days: 1
-      terms_agreed: true
+        terms_agreed: true
-      account_email: "example@example.org"
+        account_email: "example@example.org"
-      acme_expected_root_number: 0
+        acme_expected_root_number: 0
-      select_chain:
+        select_chain:
-        # All intermediates have the same subject key identifier, so always
+          # All intermediates have the same subject key identifier, so always
-        # the first chain will be found, and we need a second condition to
+          # the first chain will be found, and we need a second condition to
-        # make sure that the first condition actually works. (The second
+          # make sure that the first condition actually works. (The second
-        # condition has been tested above.)
+          # condition has been tested above.)
-        - test_certificates: first
+          - test_certificates: first
-          subject_key_identifier: "{{ acme_intermediates[0].subject_key_identifier }}"
+            subject_key_identifier: "{{ acme_intermediates[0].subject_key_identifier }}"
-        - test_certificates: last
+          - test_certificates: last
-          issuer: "{{ acme_roots[1].subject }}"
+            issuer: "{{ acme_roots[1].subject }}"
-      use_csr_content: true
+        use_csr_content: true
-  - name: Store obtain results for cert 6
+    - name: Store obtain results for cert 6
-    set_fact:
+      set_fact:
-      cert_6_obtain_results: "{{ certificate_obtain_result }}"
+        cert_6_obtain_results: "{{ certificate_obtain_result }}"
-      cert_6_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}"
+        cert_6_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}"
  when: acme_intermediates[0].subject_key_identifier is defined
 - block:
-  - name: Obtain cert 7
+    - name: Obtain cert 7
-    include_tasks: obtain-cert.yml
+      include_tasks: obtain-cert.yml
-    vars:
+      vars:
-      certgen_title: Certificate 7
+        certgen_title: Certificate 7
-      certificate_name: cert-7
+        certificate_name: cert-7
-      key_type: rsa
+        key_type: rsa
-      rsa_bits: "{{ default_rsa_key_size }}"
+        rsa_bits: "{{ default_rsa_key_size }}"
-      subject_alt_name:
+        subject_alt_name:
-      - "IP:127.0.0.1"
+          - "IP:127.0.0.1"
-      # - "IP:::1"
+          # - "IP:::1"
-      subject_alt_name_critical: false
+        subject_alt_name_critical: false
-      account_key: account-ec256
+        account_key: account-ec256
-      challenge: http-01
+        challenge: http-01
-      modify_account: true
+        modify_account: true
-      deactivate_authzs: false
+        deactivate_authzs: false
-      force: false
+        force: false
-      remaining_days: 1
+        remaining_days: 1
-      terms_agreed: true
+        terms_agreed: true
-      account_email: "example@example.org"
+        account_email: "example@example.org"
-      acme_expected_root_number: 2
+        acme_expected_root_number: 2
-      select_chain:
+        select_chain:
-        - test_certificates: last
+          - test_certificates: last
-          authority_key_identifier: "{{ acme_roots[2].subject_key_identifier }}"
+            authority_key_identifier: "{{ acme_roots[2].subject_key_identifier }}"
-      use_csr_content: false
+        use_csr_content: false
-  - name: Store obtain results for cert 7
+    - name: Store obtain results for cert 7
-    set_fact:
+      set_fact:
-      cert_7_obtain_results: "{{ certificate_obtain_result }}"
+        cert_7_obtain_results: "{{ certificate_obtain_result }}"
-      cert_7_alternate: "{{ 2 if select_crypto_backend == 'cryptography' else 0 }}"
+        cert_7_alternate: "{{ 2 if select_crypto_backend == 'cryptography' else 0 }}"
  when: acme_roots[2].subject_key_identifier is defined
 - block:
-  - name: Obtain cert 8
+    - name: Obtain cert 8
-    include_tasks: obtain-cert.yml
+      include_tasks: obtain-cert.yml
-    vars:
+      vars:
-      certgen_title: Certificate 8
+        certgen_title: Certificate 8
-      certificate_name: cert-8
+        certificate_name: cert-8
-      key_type: rsa
+        key_type: rsa
-      rsa_bits: "{{ default_rsa_key_size_certificates }}"
+        rsa_bits: "{{ default_rsa_key_size_certificates }}"
-      subject_alt_name:
+        subject_alt_name:
-      - "IP:127.0.0.1"
+          - "IP:127.0.0.1"
-      # IPv4 only since our test validation server doesn't work
+        # IPv4 only since our test validation server doesn't work
-      # with IPv6 (thanks to Python's socketserver).
+        # with IPv6 (thanks to Python's socketserver).
-      subject_alt_name_critical: false
+        subject_alt_name_critical: false
-      account_key: account-ec256
+        account_key: account-ec256
-      challenge: tls-alpn-01
+        challenge: tls-alpn-01
-      challenge_alpn_tls: acme_challenge_cert_helper
+        challenge_alpn_tls: acme_challenge_cert_helper
-      modify_account: true
+        modify_account: true
-      deactivate_authzs: false
+        deactivate_authzs: false
-      force: false
+        force: false
-      remaining_days: 1
+        remaining_days: 1
-      terms_agreed: true
+        terms_agreed: true
-      account_email: "example@example.org"
+        account_email: "example@example.org"
-      use_csr_content: true
+        use_csr_content: true
-  - name: Store obtain results for cert 8
+    - name: Store obtain results for cert 8
-    set_fact:
+      set_fact:
-      cert_8_obtain_results: "{{ certificate_obtain_result }}"
+        cert_8_obtain_results: "{{ certificate_obtain_result }}"
-      cert_8_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}"
+        cert_8_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}"
  when: cryptography_version.stdout is version('1.3', '>=')
 ## DISSECT CERTIFICATES #######################################################################
 # Make sure certificates are valid. Root certificate for Pebble equals the chain certificate.
 - name: Verifying cert 1
@@ -400,6 +403,7 @@
  ignore_errors: true
  register: cert_8_valid
  when: cryptography_version.stdout is version('1.3', '>=')
 # Dump certificate info
 - name: Dumping cert 1
  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-1.pem" -noout -text'
@@ -428,6 +432,7 @@
  command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-8.pem" -noout -text'
  register: cert_8_text
  when: cryptography_version.stdout is version('1.3', '>=')
 # Dump certificate info
 - name: Dumping cert 1
  x509_certificate_info:
@@ -464,6 +469,7 @@
    path: "{{ remote_tmp_dir }}/cert-8.pem"
  register: cert_8_info
  when: cryptography_version.stdout is version('1.3', '>=')
 ## GET ACCOUNT ORDERS #########################################################################
 - name: Don't retrieve orders
  acme_account_info:
--- a/tests/integration/targets/acme_certificate/tasks/main.yml
+++ b/tests/integration/targets/acme_certificate/tasks/main.yml
@@ -9,51 +9,51 @@
 ####################################################################
 - block:
-  - name: Obtain root and intermediate certificates
+    - name: Obtain root and intermediate certificates
-    get_url:
+      get_url:
-      url: "http://{{ acme_host }}:5000/{{ item.0 }}-certificate-for-ca/{{ item.1 }}"
+        url: "http://{{ acme_host }}:5000/{{ item.0 }}-certificate-for-ca/{{ item.1 }}"
-      dest: "{{ remote_tmp_dir }}/acme-{{ item.0 }}-{{ item.1 }}.pem"
+        dest: "{{ remote_tmp_dir }}/acme-{{ item.0 }}-{{ item.1 }}.pem"
-    loop: "{{ query('nested', types, root_numbers) }}"
+      loop: "{{ query('nested', types, root_numbers) }}"
-  - name: Analyze root certificates
+    - name: Analyze root certificates
-    x509_certificate_info:
+      x509_certificate_info:
-      path: "{{ remote_tmp_dir }}/acme-root-{{ item }}.pem"
+        path: "{{ remote_tmp_dir }}/acme-root-{{ item }}.pem"
-    loop: "{{ root_numbers }}"
+      loop: "{{ root_numbers }}"
-    register: acme_roots
+      register: acme_roots
-  - name: Analyze intermediate certificates
+    - name: Analyze intermediate certificates
-    x509_certificate_info:
+      x509_certificate_info:
-      path: "{{ remote_tmp_dir }}/acme-intermediate-{{ item }}.pem"
+        path: "{{ remote_tmp_dir }}/acme-intermediate-{{ item }}.pem"
-    loop: "{{ root_numbers }}"
+      loop: "{{ root_numbers }}"
-    register: acme_intermediates
+      register: acme_intermediates
-  - name: Read root certificates
+    - name: Read root certificates
-    slurp:
+      slurp:
-      src: "{{ remote_tmp_dir ~ '/acme-root-' ~ item ~ '.pem' }}"
+        src: "{{ remote_tmp_dir ~ '/acme-root-' ~ item ~ '.pem' }}"
-    loop: "{{ root_numbers }}"
+      loop: "{{ root_numbers }}"
-    register: slurp_roots
+      register: slurp_roots
-  - set_fact:
+    - set_fact:
-      x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}"
+        x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}"
-    loop: "{{ acme_roots.results }}"
+      loop: "{{ acme_roots.results }}"
-    register: acme_roots_tmp
+      register: acme_roots_tmp
-  - name: Read intermediate certificates
+    - name: Read intermediate certificates
-    slurp:
+      slurp:
-      src: "{{ remote_tmp_dir ~ '/acme-intermediate-' ~ item ~ '.pem' }}"
+        src: "{{ remote_tmp_dir ~ '/acme-intermediate-' ~ item ~ '.pem' }}"
-    loop: "{{ root_numbers }}"
+      loop: "{{ root_numbers }}"
-    register: slurp_intermediates
+      register: slurp_intermediates
-  - set_fact:
+    - set_fact:
-      x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}"
+        x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}"
-    loop: "{{ acme_intermediates.results }}"
+      loop: "{{ acme_intermediates.results }}"
-    register: acme_intermediates_tmp
+      register: acme_intermediates_tmp
-  - set_fact:
+    - set_fact:
-      acme_roots: "{{ acme_roots_tmp.results | map(attribute='ansible_facts.x__') | list }}"
+        acme_roots: "{{ acme_roots_tmp.results | map(attribute='ansible_facts.x__') | list }}"
-      acme_root_certs: "{{ slurp_roots.results | map(attribute='content') | map('b64decode') | list }}"
+        acme_root_certs: "{{ slurp_roots.results | map(attribute='content') | map('b64decode') | list }}"
-      acme_intermediates: "{{ acme_intermediates_tmp.results | map(attribute='ansible_facts.x__') | list }}"
+        acme_intermediates: "{{ acme_intermediates_tmp.results | map(attribute='ansible_facts.x__') | list }}"
-      acme_intermediate_certs: "{{ slurp_intermediates.results | map(attribute='content') | map('b64decode') | list }}"
+        acme_intermediate_certs: "{{ slurp_intermediates.results | map(attribute='content') | map('b64decode') | list }}"
  vars:
    types:
@@ -70,32 +70,32 @@
      - subject_key_identifier
      - issuer
      - subject
-      #- serial_number
+      # - serial_number
-      #- public_key_fingerprints
+      # - public_key_fingerprints
 - name: ACME root certificate info
  debug:
    var: acme_roots
-#- name: ACME root certificates as PEM
+# - name: ACME root certificates as PEM
-#  debug:
+#   debug:
-#    var: acme_root_certs
+#     var: acme_root_certs
 - name: ACME intermediate certificate info
  debug:
    var: acme_intermediates
-#- name: ACME intermediate certificates as PEM
+# - name: ACME intermediate certificates as PEM
-#  debug:
+#   debug:
-#    var: acme_intermediate_certs
+#     var: acme_intermediate_certs
 - block:
-  - name: Running tests with OpenSSL backend
+    - name: Running tests with OpenSSL backend
-    include_tasks: impl.yml
+      include_tasks: impl.yml
-    vars:
+      vars:
-      select_crypto_backend: openssl
+        select_crypto_backend: openssl
-  - import_tasks: ../tests/validate.yml
+    - import_tasks: ../tests/validate.yml
  # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
  when: openssl_version.stdout is version('1.0.0', '>=')
@@ -111,11 +111,11 @@
    state: directory
 - block:
-  - name: Running tests with cryptography backend
+    - name: Running tests with cryptography backend
-    include_tasks: impl.yml
+      include_tasks: impl.yml
-    vars:
+      vars:
-      select_crypto_backend: cryptography
+        select_crypto_backend: cryptography
-  - import_tasks: ../tests/validate.yml
+    - import_tasks: ../tests/validate.yml
  when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_certificate/tests/validate.yml
+++ b/tests/integration/targets/acme_certificate/tests/validate.yml
@@ -129,36 +129,36 @@
      - cert_5_recreate_3 == true
 - block:
-  - name: Check that certificate 6 is valid
+    - name: Check that certificate 6 is valid
-    assert:
+      assert:
-      that:
+        that:
-        - cert_6_valid is not failed
+          - cert_6_valid is not failed
-  - name: Check that certificate 6 contains correct SANs
+    - name: Check that certificate 6 contains correct SANs
-    assert:
+      assert:
-      that:
+        that:
-        - "'DNS:example.org' in cert_6_text.stdout"
+          - "'DNS:example.org' in cert_6_text.stdout"
  when: acme_intermediates[0].subject_key_identifier is defined
 - block:
-  - name: Check that certificate 7 is valid
+    - name: Check that certificate 7 is valid
-    assert:
+      assert:
-      that:
+        that:
-        - cert_7_valid is not failed
+          - cert_7_valid is not failed
-  - name: Check that certificate 7 contains correct SANs
+    - name: Check that certificate 7 contains correct SANs
-    assert:
+      assert:
-      that:
+        that:
-        - "'IP Address:127.0.0.1' in cert_8_text.stdout or 'IP:127.0.0.1' in cert_8_text.stdout"
+          - "'IP Address:127.0.0.1' in cert_8_text.stdout or 'IP:127.0.0.1' in cert_8_text.stdout"
  when: acme_roots[2].subject_key_identifier is defined
 - block:
-  - name: Check that certificate 8 is valid
+    - name: Check that certificate 8 is valid
-    assert:
+      assert:
-      that:
+        that:
-        - cert_8_valid is not failed
+          - cert_8_valid is not failed
-  - name: Check that certificate 8 contains correct SANs
+    - name: Check that certificate 8 contains correct SANs
-    assert:
+      assert:
-      that:
+        that:
-        - "'IP Address:127.0.0.1' in cert_8_text.stdout or 'IP:127.0.0.1' in cert_8_text.stdout"
+          - "'IP Address:127.0.0.1' in cert_8_text.stdout or 'IP:127.0.0.1' in cert_8_text.stdout"
  when: cryptography_version.stdout is version('1.3', '>=')
 - name: Validate that orders were not retrieved
--- a/tests/integration/targets/acme_certificate_deactivate_authz/tasks/main.yml
+++ b/tests/integration/targets/acme_certificate_deactivate_authz/tasks/main.yml
@@ -9,12 +9,12 @@
 ####################################################################
 - block:
-  - name: Running tests with OpenSSL backend
+    - name: Running tests with OpenSSL backend
-    include_tasks: impl.yml
+      include_tasks: impl.yml
-    vars:
+      vars:
-      select_crypto_backend: openssl
+        select_crypto_backend: openssl
-  - import_tasks: ../tests/validate.yml
+    - import_tasks: ../tests/validate.yml
  # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
  when: openssl_version.stdout is version('1.0.0', '>=')
@@ -30,11 +30,11 @@
    state: directory
 - block:
-  - name: Running tests with cryptography backend
+    - name: Running tests with cryptography backend
-    include_tasks: impl.yml
+      include_tasks: impl.yml
-    vars:
+      vars:
-      select_crypto_backend: cryptography
+        select_crypto_backend: cryptography
-  - import_tasks: ../tests/validate.yml
+    - import_tasks: ../tests/validate.yml
  when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_certificate_order/tasks/main.yml
+++ b/tests/integration/targets/acme_certificate_order/tasks/main.yml
@@ -9,10 +9,10 @@
 ####################################################################
 - block:
-  - name: Running tests with OpenSSL backend
+    - name: Running tests with OpenSSL backend
-    include_tasks: impl.yml
+      include_tasks: impl.yml
-    vars:
+      vars:
-      select_crypto_backend: openssl
+        select_crypto_backend: openssl
  # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
  when: openssl_version.stdout is version('1.0.0', '>=')
@@ -28,9 +28,9 @@
    state: directory
 - block:
-  - name: Running tests with cryptography backend
+    - name: Running tests with cryptography backend
-    include_tasks: impl.yml
+      include_tasks: impl.yml
-    vars:
+      vars:
-      select_crypto_backend: cryptography
+        select_crypto_backend: cryptography
  when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_certificate_renewal_info/tasks/impl.yml
+++ b/tests/integration/targets/acme_certificate_renewal_info/tasks/impl.yml
@@ -5,20 +5,21 @@
 ## SET UP ACCOUNT KEYS ########################################################################
 - block:
-  - name: Generate account keys
+    - name: Generate account keys
-    openssl_privatekey:
+      openssl_privatekey:
-      path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
+        path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
-      type: "{{ item.type }}"
+        type: "{{ item.type }}"
-      size: "{{ item.size | default(omit) }}"
+        size: "{{ item.size | default(omit) }}"
-      curve: "{{ item.curve | default(omit) }}"
+        curve: "{{ item.curve | default(omit) }}"
-      force: true
+        force: true
-    loop: "{{ account_keys }}"
+      loop: "{{ account_keys }}"
  vars:
    account_keys:
      - name: account-ec256
        type: ECC
        curve: secp256r1
 ## CREATE ACCOUNTS AND OBTAIN CERTIFICATES ####################################################
 - name: Obtain cert 1
  include_tasks: obtain-cert.yml
@@ -37,6 +38,7 @@
    remaining_days: "{{ omit }}"
    terms_agreed: true
    account_email: "example@example.org"
 ## OBTAIN CERTIFICATE INFOS ###################################################################
 - name: Dump OpenSSL x509 info
  command:
--- a/tests/integration/targets/acme_certificate_renewal_info/tasks/main.yml
+++ b/tests/integration/targets/acme_certificate_renewal_info/tasks/main.yml
@@ -12,12 +12,12 @@
    acme_certificate_profile: "{{ 'default' if acme_supports_profiles else omit }}"
  block:
    - block:
-      - name: Running tests with OpenSSL backend
+        - name: Running tests with OpenSSL backend
-        include_tasks: impl.yml
+          include_tasks: impl.yml
-        vars:
+          vars:
-          select_crypto_backend: openssl
+            select_crypto_backend: openssl
-      - import_tasks: ../tests/validate.yml
+        - import_tasks: ../tests/validate.yml
      # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
      when: openssl_version.stdout is version('1.0.0', '>=')
@@ -33,11 +33,11 @@
        state: directory
    - block:
-      - name: Running tests with cryptography backend
+        - name: Running tests with cryptography backend
-        include_tasks: impl.yml
+          include_tasks: impl.yml
-        vars:
+          vars:
-          select_crypto_backend: cryptography
+            select_crypto_backend: cryptography
-      - import_tasks: ../tests/validate.yml
+        - import_tasks: ../tests/validate.yml
      when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml
+++ b/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml
@@ -5,14 +5,14 @@
 ## SET UP ACCOUNT KEYS ########################################################################
 - block:
-  - name: Generate account keys
+    - name: Generate account keys
-    openssl_privatekey:
+      openssl_privatekey:
-      path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
+        path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
-      type: "{{ item.type }}"
+        type: "{{ item.type }}"
-      size: "{{ item.size | default(omit) }}"
+        size: "{{ item.size | default(omit) }}"
-      curve: "{{ item.curve | default(omit) }}"
+        curve: "{{ item.curve | default(omit) }}"
-      force: true
+        force: true
-    loop: "{{ account_keys }}"
+      loop: "{{ account_keys }}"
  vars:
    account_keys:
@@ -25,6 +25,7 @@
      - name: account-rsa
        type: RSA
        size: "{{ default_rsa_key_size }}"
 ## CREATE ACCOUNTS AND OBTAIN CERTIFICATES ####################################################
 - name: Read account key (EC256)
  slurp:
@@ -80,6 +81,7 @@
    remaining_days: 10
    terms_agreed: true
    account_email: "example@example.org"
 ## REVOKE CERTIFICATES ########################################################################
 - name: Revoke certificate 1 via account key
  acme_certificate_revoke:
--- a/tests/integration/targets/acme_certificate_revoke/tasks/main.yml
+++ b/tests/integration/targets/acme_certificate_revoke/tasks/main.yml
@@ -9,12 +9,12 @@
 ####################################################################
 - block:
-  - name: Running tests with OpenSSL backend
+    - name: Running tests with OpenSSL backend
-    include_tasks: impl.yml
+      include_tasks: impl.yml
-    vars:
+      vars:
-      select_crypto_backend: openssl
+        select_crypto_backend: openssl
-  - import_tasks: ../tests/validate.yml
+    - import_tasks: ../tests/validate.yml
  # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
  when: openssl_version.stdout is version('1.0.0', '>=')
@@ -30,11 +30,11 @@
    state: directory
 - block:
-  - name: Running tests with cryptography backend
+    - name: Running tests with cryptography backend
-    include_tasks: impl.yml
+      include_tasks: impl.yml
-    vars:
+      vars:
-      select_crypto_backend: cryptography
+        select_crypto_backend: cryptography
-  - import_tasks: ../tests/validate.yml
+    - import_tasks: ../tests/validate.yml
  when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml
+++ b/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml
@@ -9,30 +9,30 @@
 ####################################################################
 - block:
-  - name: Generate ECC256 account keys
+    - name: Generate ECC256 account keys
-    openssl_privatekey:
+      openssl_privatekey:
-      path: "{{ remote_tmp_dir }}/account-ec256.pem"
+        path: "{{ remote_tmp_dir }}/account-ec256.pem"
-      type: ECC
+        type: ECC
-      curve: secp256r1
+        curve: secp256r1
-      force: true
+        force: true
-  - name: Obtain cert 1
+    - name: Obtain cert 1
-    include_tasks: obtain-cert.yml
+      include_tasks: obtain-cert.yml
-    vars:
+      vars:
-      select_crypto_backend: auto
+        select_crypto_backend: auto
-      certgen_title: Certificate 1
+        certgen_title: Certificate 1
-      certificate_name: cert-1
+        certificate_name: cert-1
-      key_type: rsa
+        key_type: rsa
-      rsa_bits: "{{ default_rsa_key_size_certificates }}"
+        rsa_bits: "{{ default_rsa_key_size_certificates }}"
-      subject_alt_name: "DNS:example.com"
+        subject_alt_name: "DNS:example.com"
-      subject_alt_name_critical: false
+        subject_alt_name_critical: false
-      account_key: account-ec256
+        account_key: account-ec256
-      challenge: tls-alpn-01
+        challenge: tls-alpn-01
-      challenge_alpn_tls: acme_challenge_cert_helper
+        challenge_alpn_tls: acme_challenge_cert_helper
-      modify_account: true
+        modify_account: true
-      deactivate_authzs: false
+        deactivate_authzs: false
-      force: false
+        force: false
-      remaining_days: 10
+        remaining_days: 10
-      terms_agreed: true
+        terms_agreed: true
-      account_email: "example@example.org"
+        account_email: "example@example.org"
  when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_inspect/tasks/impl.yml
+++ b/tests/integration/targets/acme_inspect/tasks/impl.yml
@@ -4,19 +4,19 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 - block:
-  - name: Generate account keys
+    - name: Generate account keys
-    openssl_privatekey:
+      openssl_privatekey:
-      path: "{{ remote_tmp_dir }}/{{ item }}.pem"
+        path: "{{ remote_tmp_dir }}/{{ item }}.pem"
-      type: ECC
+        type: ECC
-      curve: secp256r1
+        curve: secp256r1
-      force: true
+        force: true
-    loop: "{{ account_keys }}"
+      loop: "{{ account_keys }}"
-  - name: Parse account keys (to ease debugging some test failures)
+    - name: Parse account keys (to ease debugging some test failures)
-    openssl_privatekey_info:
+      openssl_privatekey_info:
-      path: "{{ remote_tmp_dir }}/{{ item }}.pem"
+        path: "{{ remote_tmp_dir }}/{{ item }}.pem"
-      return_private_key_data: true
+        return_private_key_data: true
-    loop: "{{ account_keys }}"
+      loop: "{{ account_keys }}"
  vars:
    account_keys:
@@ -76,7 +76,7 @@
      # For valid values, see
      # https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3
      contact:
-      - mailto:me@example.com
+        - mailto:me@example.com
  register: account_update
 - debug: var=account_update
@@ -97,10 +97,10 @@
      # https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4 and
      # https://www.rfc-editor.org/rfc/rfc8738.html
      identifiers:
-      - type: dns
+        - type: dns
-        value: example.com
+          value: example.com
-      - type: dns
+        - type: dns
-        value: example.org
+          value: example.org
  register: new_order
 - debug: var=new_order
--- a/tests/integration/targets/acme_inspect/tasks/main.yml
+++ b/tests/integration/targets/acme_inspect/tasks/main.yml
@@ -9,12 +9,12 @@
 ####################################################################
 - block:
-  - name: Running tests with OpenSSL backend
+    - name: Running tests with OpenSSL backend
-    include_tasks: impl.yml
+      include_tasks: impl.yml
-    vars:
+      vars:
-      select_crypto_backend: openssl
+        select_crypto_backend: openssl
-  - import_tasks: ../tests/validate.yml
+    - import_tasks: ../tests/validate.yml
  # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
  when: openssl_version.stdout is version('1.0.0', '>=')
@@ -30,11 +30,11 @@
    state: directory
 - block:
-  - name: Running tests with cryptography backend
+    - name: Running tests with cryptography backend
-    include_tasks: impl.yml
+      include_tasks: impl.yml
-    vars:
+      vars:
-      select_crypto_backend: cryptography
+        select_crypto_backend: cryptography
-  - import_tasks: ../tests/validate.yml
+    - import_tasks: ../tests/validate.yml
  when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/acme_inspect/tests/validate.yml
+++ b/tests/integration/targets/acme_inspect/tests/validate.yml
@@ -6,130 +6,130 @@
 - name: Check directory output
  assert:
    that:
-    - directory is not changed
+      - directory is not changed
-    - "'directory' in directory"
+      - "'directory' in directory"
-    - "'newAccount' in directory.directory"
+      - "'newAccount' in directory.directory"
-    - "'newOrder' in directory.directory"
+      - "'newOrder' in directory.directory"
-    - "'newNonce' in directory.directory"
+      - "'newNonce' in directory.directory"
-    - "'headers' not in directory"
+      - "'headers' not in directory"
-    - "'output_text' not in directory"
+      - "'output_text' not in directory"
-    - "'output_json' not in directory"
+      - "'output_json' not in directory"
 - name: Check account creation output
  assert:
    that:
-    - account_creation is changed
+      - account_creation is changed
-    - "'directory' in account_creation"
+      - "'directory' in account_creation"
-    - "'headers' in account_creation"
+      - "'headers' in account_creation"
-    - "'output_text' in account_creation"
+      - "'output_text' in account_creation"
-    - "'output_json' in account_creation"
+      - "'output_json' in account_creation"
-    - account_creation.headers.status == 201
+      - account_creation.headers.status == 201
-    - "'location' in account_creation.headers"
+      - "'location' in account_creation.headers"
-    - account_creation.output_json.status == 'valid'
+      - account_creation.output_json.status == 'valid'
-    - not (account_creation.output_json.contact | default([]))
+      - not (account_creation.output_json.contact | default([]))
-    - account_creation.output_text | from_json == account_creation.output_json
+      - account_creation.output_text | from_json == account_creation.output_json
 - name: Check account get output
  assert:
    that:
-    - account_get is not changed
+      - account_get is not changed
-    - "'directory' in account_get"
+      - "'directory' in account_get"
-    - "'headers' in account_get"
+      - "'headers' in account_get"
-    - "'output_text' in account_get"
+      - "'output_text' in account_get"
-    - "'output_json' in account_get"
+      - "'output_json' in account_get"
-    - account_get.headers.status == 200
+      - account_get.headers.status == 200
-    - account_get.output_json == account_creation.output_json
+      - account_get.output_json == account_creation.output_json
 - name: Check account update output
  assert:
    that:
-    - account_update is changed
+      - account_update is changed
-    - "'directory' in account_update"
+      - "'directory' in account_update"
-    - "'headers' in account_update"
+      - "'headers' in account_update"
-    - "'output_text' in account_update"
+      - "'output_text' in account_update"
-    - "'output_json' in account_update"
+      - "'output_json' in account_update"
-    - account_update.output_json.status == 'valid'
+      - account_update.output_json.status == 'valid'
-    - account_update.output_json.contact | length == 1
+      - account_update.output_json.contact | length == 1
-    - account_update.output_json.contact[0] in ['mailto:me@example.com', 'mailto:*******@example.com']
+      - account_update.output_json.contact[0] in ['mailto:me@example.com', 'mailto:*******@example.com']
 - name: Check certificate request output
  assert:
    that:
-    - new_order is changed
+      - new_order is changed
-    - "'directory' in new_order"
+      - "'directory' in new_order"
-    - "'headers' in new_order"
+      - "'headers' in new_order"
-    - "'output_text' in new_order"
+      - "'output_text' in new_order"
-    - "'output_json' in new_order"
+      - "'output_json' in new_order"
-    - new_order.output_json.authorizations | length == 2
+      - new_order.output_json.authorizations | length == 2
-    - new_order.output_json.identifiers | length == 2
+      - new_order.output_json.identifiers | length == 2
-    - new_order.output_json.status == 'pending'
+      - new_order.output_json.status == 'pending'
-    - "'finalize' in new_order.output_json"
+      - "'finalize' in new_order.output_json"
 - name: Check get order output
  assert:
    that:
-    - order is not changed
+      - order is not changed
-    - "'directory' in order"
+      - "'directory' in order"
-    - "'headers' in order"
+      - "'headers' in order"
-    - "'output_text' in order"
+      - "'output_text' in order"
-    - "'output_json' in order"
+      - "'output_json' in order"
-    # The order of identifiers and authorizations is randomized!
+      # The order of identifiers and authorizations is randomized!
-    # - new_order.output_json == order.output_json
+      # - new_order.output_json == order.output_json
 - name: Check get authz output
  assert:
    that:
-    - item is not changed
+      - item is not changed
-    - "'directory' in item"
+      - "'directory' in item"
-    - "'headers' in item"
+      - "'headers' in item"
-    - "'output_text' in item"
+      - "'output_text' in item"
-    - "'output_json' in item"
+      - "'output_json' in item"
-    - item.output_json.challenges | length >= 3
+      - item.output_json.challenges | length >= 3
-    - item.output_json.identifier.type == 'dns'
+      - item.output_json.identifier.type == 'dns'
-    - item.output_json.status == 'pending'
+      - item.output_json.status == 'pending'
  loop: "{{ authz.results }}"
 - name: Check get challenge output
  assert:
    that:
-    - item is not changed
+      - item is not changed
-    - "'directory' in item"
+      - "'directory' in item"
-    - "'headers' in item"
+      - "'headers' in item"
-    - "'output_text' in item"
+      - "'output_text' in item"
-    - "'output_json' in item"
+      - "'output_json' in item"
-    - item.output_json.status == 'pending'
+      - item.output_json.status == 'pending'
-    - item.output_json.type == 'http-01'
+      - item.output_json.type == 'http-01'
-    - item.output_json.url == item.invocation.module_args.url
+      - item.output_json.url == item.invocation.module_args.url
-    - "'token' in item.output_json"
+      - "'token' in item.output_json"
  loop: "{{ http01challenge.results }}"
 - name: Check challenge activation output
  assert:
    that:
-    - item is changed
+      - item is changed
-    - "'directory' in item"
+      - "'directory' in item"
-    - "'headers' in item"
+      - "'headers' in item"
-    - "'output_text' in item"
+      - "'output_text' in item"
-    - "'output_json' in item"
+      - "'output_json' in item"
-    - item.output_json.status in ['pending', 'processing']
+      - item.output_json.status in ['pending', 'processing']
-    - item.output_json.type == 'http-01'
+      - item.output_json.type == 'http-01'
-    - item.output_json.url == item.invocation.module_args.url
+      - item.output_json.url == item.invocation.module_args.url
-    - "'token' in item.output_json"
+      - "'token' in item.output_json"
  loop: "{{ activation.results }}"
 - name: Check validation result
  assert:
    that:
-    - item is not changed
+      - item is not changed
-    - "'directory' in item"
+      - "'directory' in item"
-    - "'headers' in item"
+      - "'headers' in item"
-    - "'output_text' in item"
+      - "'output_text' in item"
-    - "'output_json' in item"
+      - "'output_json' in item"
-    - item.output_json.status == 'invalid'
+      - item.output_json.status == 'invalid'
-    - item.output_json.type == 'http-01'
+      - item.output_json.type == 'http-01'
-    - item.output_json.url == item.invocation.module_args.url
+      - item.output_json.url == item.invocation.module_args.url
-    - "'token' in item.output_json"
+      - "'token' in item.output_json"
-    - "'validated' in item.output_json"
+      - "'validated' in item.output_json"
-    - "'error' in item.output_json"
+      - "'error' in item.output_json"
-    - item.output_json.error.type == 'urn:ietf:params:acme:error:unauthorized'
+      - item.output_json.error.type == 'urn:ietf:params:acme:error:unauthorized'
  loop: "{{ validation_result.results }}"
--- a/tests/integration/targets/certificate_complete_chain/tasks/create.yml
+++ b/tests/integration/targets/certificate_complete_chain/tasks/create.yml
@@ -9,31 +9,31 @@
 ####################################################################
 - block:
-  - name: Create private keys
+    - name: Create private keys
-    openssl_privatekey:
+      openssl_privatekey:
-      path: '{{ remote_tmp_dir }}/{{ item.name }}.key'
+        path: '{{ remote_tmp_dir }}/{{ item.name }}.key'
-      size: '{{ default_rsa_key_size_certificates }}'
+        size: '{{ default_rsa_key_size_certificates }}'
-    loop: '{{ certificates }}'
+      loop: '{{ certificates }}'
-  - name: Generate certificates
+    - name: Generate certificates
-    include_tasks: create-single-certificate.yml
+      include_tasks: create-single-certificate.yml
-    loop: '{{ certificates }}'
+      loop: '{{ certificates }}'
-    loop_control:
+      loop_control:
-      loop_var: certificate
+        loop_var: certificate
-  - name: Read certificates
+    - name: Read certificates
-    slurp:
+      slurp:
-      src: '{{ remote_tmp_dir }}/{{ item.name }}.pem'
+        src: '{{ remote_tmp_dir }}/{{ item.name }}.pem'
-    loop: '{{ certificates }}'
+      loop: '{{ certificates }}'
-    register: certificates_read
+      register: certificates_read
-  - name: Store read certificates
+    - name: Store read certificates
-    set_fact:
+      set_fact:
-      read_certificates: >-
+        read_certificates: >-
-        {{ certificates_read.results | map(attribute='content') | map('b64decode')
+          {{ certificates_read.results | map(attribute='content') | map('b64decode')
-           | zip(certificates | map(attribute='name'))
+             | zip(certificates | map(attribute='name'))
-           | list
+             | list
-           | items2dict(key_name=1, value_name=0) }}
+             | items2dict(key_name=1, value_name=0) }}
  vars:
    certificates:
--- a/tests/integration/targets/certificate_complete_chain/tasks/created.yml
+++ b/tests/integration/targets/certificate_complete_chain/tasks/created.yml
@@ -12,9 +12,9 @@
  certificate_complete_chain:
    input_chain: "{{ read_certificates['d-leaf'] }}"
    intermediate_certificates:
-    - '{{ remote_tmp_dir }}/b-intermediate.pem'
+      - '{{ remote_tmp_dir }}/b-intermediate.pem'
    root_certificates:
-    - '{{ remote_tmp_dir }}/a-root.pem'
+      - '{{ remote_tmp_dir }}/a-root.pem'
 - name: Case B => doesn't work, but this is expected
  failed_when: false
@@ -22,9 +22,9 @@
  certificate_complete_chain:
    input_chain: "{{ read_certificates['d-leaf'] }}"
    intermediate_certificates:
-    - '{{ remote_tmp_dir }}/c-intermediate.pem'
+      - '{{ remote_tmp_dir }}/c-intermediate.pem'
    root_certificates:
-    - '{{ remote_tmp_dir }}/a-root.pem'
+      - '{{ remote_tmp_dir }}/a-root.pem'
 - name: Assert that case B failed
  assert:
@@ -34,16 +34,16 @@
  certificate_complete_chain:
    input_chain: "{{ read_certificates['d-leaf'] }}"
    intermediate_certificates:
-    - '{{ remote_tmp_dir }}/c-intermediate.pem'
+      - '{{ remote_tmp_dir }}/c-intermediate.pem'
-    - '{{ remote_tmp_dir }}/b-intermediate.pem'
+      - '{{ remote_tmp_dir }}/b-intermediate.pem'
    root_certificates:
-    - '{{ remote_tmp_dir }}/a-root.pem'
+      - '{{ remote_tmp_dir }}/a-root.pem'
 - name: Case D => works as well after PR 403
  certificate_complete_chain:
    input_chain: "{{ read_certificates['d-leaf'] }}"
    intermediate_certificates:
-    - '{{ remote_tmp_dir }}/b-intermediate.pem'
+      - '{{ remote_tmp_dir }}/b-intermediate.pem'
-    - '{{ remote_tmp_dir }}/c-intermediate.pem'
+      - '{{ remote_tmp_dir }}/c-intermediate.pem'
    root_certificates:
-    - '{{ remote_tmp_dir }}/a-root.pem'
+      - '{{ remote_tmp_dir }}/a-root.pem'
--- a/tests/integration/targets/certificate_complete_chain/tasks/existing.yml
+++ b/tests/integration/targets/certificate_complete_chain/tasks/existing.yml
@@ -9,110 +9,110 @@
 ####################################################################
 - block:
-  - name: Find root for cert 1 using directory
+    - name: Find root for cert 1 using directory
-    certificate_complete_chain:
+      certificate_complete_chain:
-      input_chain: '{{ fullchain | trim }}'
+        input_chain: '{{ fullchain | trim }}'
-      root_certificates:
+        root_certificates:
-      - '{{ remote_tmp_dir }}/files/roots/'
+          - '{{ remote_tmp_dir }}/files/roots/'
-    register: cert1_root
+      register: cert1_root
-  - name: Verify root for cert 1
+    - name: Verify root for cert 1
-    assert:
+      assert:
-      that:
+        that:
-      - cert1_root.complete_chain | join('') == (fullchain ~ root)
+          - cert1_root.complete_chain | join('') == (fullchain ~ root)
-      - cert1_root.root == root
+          - cert1_root.root == root
  vars:
    fullchain: "{{ lookup('file', 'cert1-fullchain.pem', rstrip=False) }}"
    root: "{{ lookup('file', 'cert1-root.pem', rstrip=False) }}"
 - block:
-  - name: Find rootchain for cert 1 using intermediate and root PEM
+    - name: Find rootchain for cert 1 using intermediate and root PEM
-    certificate_complete_chain:
+      certificate_complete_chain:
-      input_chain: '{{ cert }}'
+        input_chain: '{{ cert }}'
-      intermediate_certificates:
+        intermediate_certificates:
-      - '{{ remote_tmp_dir }}/files/cert1-chain.pem'
+          - '{{ remote_tmp_dir }}/files/cert1-chain.pem'
-      root_certificates:
+        root_certificates:
-      - '{{ remote_tmp_dir }}/files/roots.pem'
+          - '{{ remote_tmp_dir }}/files/roots.pem'
-    register: cert1_rootchain
+      register: cert1_rootchain
-  - name: Verify rootchain for cert 1
+    - name: Verify rootchain for cert 1
-    assert:
+      assert:
-      that:
+        that:
-      - cert1_rootchain.complete_chain | join('') == (cert ~ chain ~ root)
+          - cert1_rootchain.complete_chain | join('') == (cert ~ chain ~ root)
-      - cert1_rootchain.chain[:-1] | join('') == chain
+          - cert1_rootchain.chain[:-1] | join('') == chain
-      - cert1_rootchain.root == root
+          - cert1_rootchain.root == root
  vars:
    cert: "{{ lookup('file', 'cert1.pem', rstrip=False) }}"
    chain: "{{ lookup('file', 'cert1-chain.pem', rstrip=False) }}"
    root: "{{ lookup('file', 'cert1-root.pem', rstrip=False) }}"
 - block:
-  - name: Find root for cert 2 using directory
+    - name: Find root for cert 2 using directory
-    certificate_complete_chain:
+      certificate_complete_chain:
-      input_chain: "{{ fullchain | trim }}"
+        input_chain: "{{ fullchain | trim }}"
-      root_certificates:
+        root_certificates:
-      - '{{ remote_tmp_dir }}/files/roots/'
+          - '{{ remote_tmp_dir }}/files/roots/'
-    register: cert2_root
+      register: cert2_root
-  - name: Verify root for cert 2
+    - name: Verify root for cert 2
-    assert:
+      assert:
-      that:
+        that:
-      - cert2_root.complete_chain | join('') == (fullchain ~ root)
+          - cert2_root.complete_chain | join('') == (fullchain ~ root)
-      - cert2_root.root == root
+          - cert2_root.root == root
  vars:
    fullchain: "{{ lookup('file', 'cert2-fullchain.pem', rstrip=False) }}"
    root: "{{ lookup('file', 'cert2-root.pem', rstrip=False) }}"
 - block:
-  - name: Find rootchain for cert 2 using intermediate and root PEM
+    - name: Find rootchain for cert 2 using intermediate and root PEM
-    certificate_complete_chain:
+      certificate_complete_chain:
-      input_chain: '{{ cert }}'
+        input_chain: '{{ cert }}'
-      intermediate_certificates:
+        intermediate_certificates:
-      - '{{ remote_tmp_dir }}/files/cert2-chain.pem'
+          - '{{ remote_tmp_dir }}/files/cert2-chain.pem'
-      root_certificates:
+        root_certificates:
-      - '{{ remote_tmp_dir }}/files/roots.pem'
+          - '{{ remote_tmp_dir }}/files/roots.pem'
-    register: cert2_rootchain
+      register: cert2_rootchain
-  - name: Verify rootchain for cert 2
+    - name: Verify rootchain for cert 2
-    assert:
+      assert:
-      that:
+        that:
-      - cert2_rootchain.complete_chain | join('') == (cert ~ chain ~ root)
+          - cert2_rootchain.complete_chain | join('') == (cert ~ chain ~ root)
-      - cert2_rootchain.chain[:-1] | join('') == chain
+          - cert2_rootchain.chain[:-1] | join('') == chain
-      - cert2_rootchain.root == root
+          - cert2_rootchain.root == root
  vars:
    cert: "{{ lookup('file', 'cert2.pem', rstrip=False) }}"
    chain: "{{ lookup('file', 'cert2-chain.pem', rstrip=False) }}"
    root: "{{ lookup('file', 'cert2-root.pem', rstrip=False) }}"
 - block:
-  - name: Find alternate rootchain for cert 2 using intermediate and root PEM
+    - name: Find alternate rootchain for cert 2 using intermediate and root PEM
-    certificate_complete_chain:
+      certificate_complete_chain:
-      input_chain: '{{ cert }}'
+        input_chain: '{{ cert }}'
-      intermediate_certificates:
+        intermediate_certificates:
-      - '{{ remote_tmp_dir }}/files/cert2-altchain.pem'
+          - '{{ remote_tmp_dir }}/files/cert2-altchain.pem'
-      root_certificates:
+        root_certificates:
-      - '{{ remote_tmp_dir }}/files/roots.pem'
+          - '{{ remote_tmp_dir }}/files/roots.pem'
-    register: cert2_rootchain_alt
+      register: cert2_rootchain_alt
-  - name: Verify rootchain for cert 2
+    - name: Verify rootchain for cert 2
-    assert:
+      assert:
-      that:
+        that:
-      - cert2_rootchain_alt.complete_chain | join('') == (cert ~ chain ~ root)
+          - cert2_rootchain_alt.complete_chain | join('') == (cert ~ chain ~ root)
-      - cert2_rootchain_alt.chain[:-1] | join('') == chain
+          - cert2_rootchain_alt.chain[:-1] | join('') == chain
-      - cert2_rootchain_alt.root == root
+          - cert2_rootchain_alt.root == root
  vars:
    cert: "{{ lookup('file', 'cert2.pem', rstrip=False) }}"
    chain: "{{ lookup('file', 'cert2-altchain.pem', rstrip=False) }}"
    root: "{{ lookup('file', 'cert2-altroot.pem', rstrip=False) }}"
 - block:
-  - name: Find alternate rootchain for cert 2 when complete chain is already presented to the module
+    - name: Find alternate rootchain for cert 2 when complete chain is already presented to the module
-    certificate_complete_chain:
+      certificate_complete_chain:
-      input_chain: '{{ cert ~ chain ~ root }}'
+        input_chain: '{{ cert ~ chain ~ root }}'
-      root_certificates:
+        root_certificates:
-      - '{{ remote_tmp_dir }}/files/roots.pem'
+          - '{{ remote_tmp_dir }}/files/roots.pem'
-    register: cert2_complete_chain
+      register: cert2_complete_chain
-  - name: Verify rootchain for cert 2
+    - name: Verify rootchain for cert 2
-    assert:
+      assert:
-      that:
+        that:
-      - cert2_complete_chain.complete_chain | join('') == (cert ~ chain ~ root)
+          - cert2_complete_chain.complete_chain | join('') == (cert ~ chain ~ root)
-      - cert2_complete_chain.chain == []
+          - cert2_complete_chain.chain == []
-      - cert2_complete_chain.root == root
+          - cert2_complete_chain.root == root
  vars:
    cert: "{{ lookup('file', 'cert2.pem', rstrip=False) }}"
    chain: "{{ lookup('file', 'cert2-altchain.pem', rstrip=False) }}"
@@ -122,28 +122,28 @@
  certificate_complete_chain:
    input_chain: '{{ lookup("file", "cert2.pem", rstrip=true) }}'
    intermediate_certificates:
-    - '{{ remote_tmp_dir }}/files/cert1-chain.pem'
+      - '{{ remote_tmp_dir }}/files/cert1-chain.pem'
    root_certificates:
-    - '{{ remote_tmp_dir }}/files/roots.pem'
+      - '{{ remote_tmp_dir }}/files/roots.pem'
  register: cert2_no_intermediate
  ignore_errors: true
 - name: Verify failure
  assert:
    that:
-    - cert2_no_intermediate is failed
+      - cert2_no_intermediate is failed
-    - "cert2_no_intermediate.msg.startswith('Cannot complete chain. Stuck at certificate ')"
+      - "cert2_no_intermediate.msg.startswith('Cannot complete chain. Stuck at certificate ')"
 - name: Check failure when infinite loop is found
  certificate_complete_chain:
    input_chain: '{{ lookup("file", "cert1-fullchain.pem", rstrip=true) }}'
    intermediate_certificates:
-    - '{{ remote_tmp_dir }}/files/roots.pem'
+      - '{{ remote_tmp_dir }}/files/roots.pem'
    root_certificates:
-    - '{{ remote_tmp_dir }}/files/cert2-chain.pem'
+      - '{{ remote_tmp_dir }}/files/cert2-chain.pem'
  register: cert2_infinite_loop
  ignore_errors: true
 - name: Verify failure
  assert:
    that:
-    - cert2_infinite_loop is failed
+      - cert2_infinite_loop is failed
-    - "cert2_infinite_loop.msg == 'Found cycle while building certificate chain'"
+      - "cert2_infinite_loop.msg == 'Found cycle while building certificate chain'"
--- a/tests/integration/targets/certificate_complete_chain/tasks/main.yml
+++ b/tests/integration/targets/certificate_complete_chain/tasks/main.yml
@@ -10,23 +10,23 @@
 - block:
-  - name: Make sure testhost directory exists
+    - name: Make sure testhost directory exists
-    file:
+      file:
-      path: '{{ remote_tmp_dir }}/files/'
+        path: '{{ remote_tmp_dir }}/files/'
-      state: directory
+        state: directory
-    when: ansible_version.string is version('2.10', '<')
+      when: ansible_version.string is version('2.10', '<')
-  - name: Copy test files to testhost
+    - name: Copy test files to testhost
-    copy:
+      copy:
-      src: '{{ role_path }}/files/'
+        src: '{{ role_path }}/files/'
-      dest: '{{ remote_tmp_dir }}/files/'
+        dest: '{{ remote_tmp_dir }}/files/'
-  - name: Run tests with copied certificates
+    - name: Run tests with copied certificates
-    import_tasks: existing.yml
+      import_tasks: existing.yml
-  - name: Create more certificates
+    - name: Create more certificates
-    import_tasks: create.yml
+      import_tasks: create.yml
-  - name: Run tests with created certificates
+    - name: Run tests with created certificates
-    import_tasks: created.yml
+      import_tasks: created.yml
  when: cryptography_version.stdout is version('1.5', '>=')
--- a/tests/integration/targets/ecs_certificate/tasks/main.yml
+++ b/tests/integration/targets/ecs_certificate/tasks/main.yml
@@ -9,16 +9,15 @@
 ####################################################################
 ## Verify that integration_config was specified
- block:
+- assert:
-  - assert:
+    that:
-      that:
+      - entrust_api_user is defined
-        - entrust_api_user is defined
+      - entrust_api_key is defined
-        - entrust_api_key is defined
+      - entrust_api_ip_address is defined
-        - entrust_api_ip_address is defined
+      - entrust_cloud_ip_address is defined
-        - entrust_cloud_ip_address is defined
+      - entrust_api_client_cert_path is defined or entrust_api_client_cert_contents is defined
-        - entrust_api_client_cert_path is defined or entrust_api_client_cert_contents is defined
+      - entrust_api_client_cert_key_path is defined or entrust_api_client_cert_key_contents
-        - entrust_api_client_cert_key_path is defined or entrust_api_client_cert_key_contents
+      - cacerts_bundle_path_local is defined
        - cacerts_bundle_path_local is defined
 ## SET UP TEST ENVIRONMENT ########################################################################
 - name: copy the files needed for verifying test server certificate to the host
@@ -84,137 +83,137 @@
    digest: sha256
 - block:
-  - name: Have ECS generate a signed certificate
+    - name: Have ECS generate a signed certificate
-    ecs_certificate:
+      ecs_certificate:
-      backup: true
+        backup: true
-      path: '{{ example1_cert_path }}'
+        path: '{{ example1_cert_path }}'
-      full_chain_path: '{{ example1_chain_path }}'
+        full_chain_path: '{{ example1_chain_path }}'
-      csr: '{{ csr_path }}'
+        csr: '{{ csr_path }}'
-      cert_type: '{{ example1_cert_type }}'
+        cert_type: '{{ example1_cert_type }}'
-      requester_name: '{{ entrust_requester_name }}'
+        requester_name: '{{ entrust_requester_name }}'
-      requester_email: '{{ entrust_requester_email }}'
+        requester_email: '{{ entrust_requester_email }}'
-      requester_phone: '{{ entrust_requester_phone }}'
+        requester_phone: '{{ entrust_requester_phone }}'
-      entrust_api_user: '{{ entrust_api_user }}'
+        entrust_api_user: '{{ entrust_api_user }}'
-      entrust_api_key: '{{ entrust_api_key }}'
+        entrust_api_key: '{{ entrust_api_key }}'
-      entrust_api_client_cert_path: '{{ entrust_api_cert }}'
+        entrust_api_client_cert_path: '{{ entrust_api_cert }}'
-      entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
+        entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
-    register: example1_result
+      register: example1_result
-  - assert:
+    - assert:
-      that:
+        that:
-        - example1_result is not failed
+          - example1_result is not failed
-        - example1_result.changed
+          - example1_result.changed
-        - example1_result.tracking_id > 0
+          - example1_result.tracking_id > 0
-        - example1_result.serial_number is string
+          - example1_result.serial_number is string
-  # Internal CA refuses to issue certificates with the same DN in a short time frame
+    # Internal CA refuses to issue certificates with the same DN in a short time frame
-  - name: Sleep for 5 seconds so we don't run into duplicate-request errors
+    - name: Sleep for 5 seconds so we don't run into duplicate-request errors
-    pause:
+      pause:
-      seconds: 5
+        seconds: 5
-  - name: Attempt to have ECS generate a signed certificate, but existing one is valid
+    - name: Attempt to have ECS generate a signed certificate, but existing one is valid
-    ecs_certificate:
+      ecs_certificate:
-      backup: true
+        backup: true
-      path: '{{ example1_cert_path }}'
+        path: '{{ example1_cert_path }}'
-      full_chain_path: '{{ example1_chain_path }}'
+        full_chain_path: '{{ example1_chain_path }}'
-      csr: '{{ csr_path }}'
+        csr: '{{ csr_path }}'
-      cert_type: '{{ example1_cert_type }}'
+        cert_type: '{{ example1_cert_type }}'
-      requester_name: '{{ entrust_requester_name }}'
+        requester_name: '{{ entrust_requester_name }}'
-      requester_email: '{{ entrust_requester_email }}'
+        requester_email: '{{ entrust_requester_email }}'
-      requester_phone: '{{ entrust_requester_phone }}'
+        requester_phone: '{{ entrust_requester_phone }}'
-      entrust_api_user: '{{ entrust_api_user }}'
+        entrust_api_user: '{{ entrust_api_user }}'
-      entrust_api_key: '{{ entrust_api_key }}'
+        entrust_api_key: '{{ entrust_api_key }}'
-      entrust_api_client_cert_path: '{{ entrust_api_cert }}'
+        entrust_api_client_cert_path: '{{ entrust_api_cert }}'
-      entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
+        entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
-    register: example2_result
+      register: example2_result
-  - assert:
+    - assert:
-      that:
+        that:
-        - example2_result is not failed
+          - example2_result is not failed
-        - not example2_result.changed
+          - not example2_result.changed
-        - example2_result.backup_file is undefined
+          - example2_result.backup_file is undefined
-        - example2_result.backup_full_chain_file is undefined
+          - example2_result.backup_full_chain_file is undefined
-        - example2_result.serial_number == example1_result.serial_number
+          - example2_result.serial_number == example1_result.serial_number
-        - example2_result.tracking_id == example1_result.tracking_id
+          - example2_result.tracking_id == example1_result.tracking_id
-  # Internal CA refuses to issue certificates with the same DN in a short time frame
+    # Internal CA refuses to issue certificates with the same DN in a short time frame
-  - name: Sleep for 5 seconds so we don't run into duplicate-request errors
+    - name: Sleep for 5 seconds so we don't run into duplicate-request errors
-    pause:
+      pause:
-      seconds: 5
+        seconds: 5
-  - name: Force a reissue with no CSR, verify that contents changed
+    - name: Force a reissue with no CSR, verify that contents changed
-    ecs_certificate:
+      ecs_certificate:
-      backup: true
+        backup: true
-      force: true
+        force: true
-      path: '{{ example1_cert_path }}'
+        path: '{{ example1_cert_path }}'
-      full_chain_path: '{{ example1_chain_path }}'
+        full_chain_path: '{{ example1_chain_path }}'
-      cert_type: '{{ example1_cert_type }}'
+        cert_type: '{{ example1_cert_type }}'
-      request_type: reissue
+        request_type: reissue
-      requester_name: '{{ entrust_requester_name }}'
+        requester_name: '{{ entrust_requester_name }}'
-      requester_email: '{{ entrust_requester_email }}'
+        requester_email: '{{ entrust_requester_email }}'
-      requester_phone: '{{ entrust_requester_phone }}'
+        requester_phone: '{{ entrust_requester_phone }}'
-      entrust_api_user: '{{ entrust_api_user }}'
+        entrust_api_user: '{{ entrust_api_user }}'
-      entrust_api_key: '{{ entrust_api_key }}'
+        entrust_api_key: '{{ entrust_api_key }}'
-      entrust_api_client_cert_path: '{{ entrust_api_cert }}'
+        entrust_api_client_cert_path: '{{ entrust_api_cert }}'
-      entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
+        entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
-    register: example3_result
+      register: example3_result
-  - assert:
+    - assert:
-      that:
+        that:
-        - example3_result is not failed
+          - example3_result is not failed
-        - example3_result.changed
+          - example3_result.changed
-        - example3_result.backup_file is string
+          - example3_result.backup_file is string
-        - example3_result.backup_full_chain_file is string
+          - example3_result.backup_full_chain_file is string
-        - example3_result.tracking_id > 0
+          - example3_result.tracking_id > 0
-        - example3_result.tracking_id != example1_result.tracking_id
+          - example3_result.tracking_id != example1_result.tracking_id
-        - example3_result.serial_number != example1_result.serial_number
+          - example3_result.serial_number != example1_result.serial_number
-  # Internal CA refuses to issue certificates with the same DN in a short time frame
+    # Internal CA refuses to issue certificates with the same DN in a short time frame
-  - name: Sleep for 5 seconds so we don't run into duplicate-request errors
+    - name: Sleep for 5 seconds so we don't run into duplicate-request errors
-    pause:
+      pause:
-      seconds: 5
+        seconds: 5
-  - name: Test a request with all of the various optional possible fields populated
+    - name: Test a request with all of the various optional possible fields populated
-    ecs_certificate:
+      ecs_certificate:
-      path: '{{ example4_cert_path }}'
+        path: '{{ example4_cert_path }}'
-      full_chain_path: '{{ example4_full_chain_path }}'
+        full_chain_path: '{{ example4_full_chain_path }}'
-      csr: '{{ csr_path }}'
+        csr: '{{ csr_path }}'
-      subject_alt_name: '{{ example4_subject_alt_name }}'
+        subject_alt_name: '{{ example4_subject_alt_name }}'
-      eku: '{{ example4_eku }}'
+        eku: '{{ example4_eku }}'
-      ct_log: true
+        ct_log: true
-      cert_type: '{{ example4_cert_type }}'
+        cert_type: '{{ example4_cert_type }}'
-      org: '{{ example4_org }}'
+        org: '{{ example4_org }}'
-      ou: '{{ example4_ou }}'
+        ou: '{{ example4_ou }}'
-      tracking_info: '{{ example4_tracking_info }}'
+        tracking_info: '{{ example4_tracking_info }}'
-      additional_emails: '{{ example4_additional_emails }}'
+        additional_emails: '{{ example4_additional_emails }}'
-      custom_fields: '{{ example4_custom_fields }}'
+        custom_fields: '{{ example4_custom_fields }}'
-      cert_expiry: '{{ example4_cert_expiry }}'
+        cert_expiry: '{{ example4_cert_expiry }}'
-      requester_name: '{{ entrust_requester_name }}'
+        requester_name: '{{ entrust_requester_name }}'
-      requester_email: '{{ entrust_requester_email }}'
+        requester_email: '{{ entrust_requester_email }}'
-      requester_phone: '{{ entrust_requester_phone }}'
+        requester_phone: '{{ entrust_requester_phone }}'
-      entrust_api_user: '{{ entrust_api_user }}'
+        entrust_api_user: '{{ entrust_api_user }}'
-      entrust_api_key: '{{ entrust_api_key }}'
+        entrust_api_key: '{{ entrust_api_key }}'
-      entrust_api_client_cert_path: '{{ entrust_api_cert }}'
+        entrust_api_client_cert_path: '{{ entrust_api_cert }}'
-      entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
+        entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
-    register: example4_result
+      register: example4_result
-  - assert:
+    - assert:
-      that:
+        that:
-        - example4_result is not failed
+          - example4_result is not failed
-        - example4_result.changed
+          - example4_result.changed
-        - example4_result.backup_file is undefined
+          - example4_result.backup_file is undefined
-        - example4_result.backup_full_chain_file is undefined
+          - example4_result.backup_full_chain_file is undefined
-        - example4_result.tracking_id > 0
+          - example4_result.tracking_id > 0
-        - example4_result.serial_number is string
+          - example4_result.serial_number is string
-  # For bug 61738, verify that the full chain is valid
+    # For bug 61738, verify that the full chain is valid
-  - name: Verify that the full chain path can be successfully imported
+    - name: Verify that the full chain path can be successfully imported
-    command: '{{ openssl_binary }} verify "{{ example4_full_chain_path }}"'
+      command: '{{ openssl_binary }} verify "{{ example4_full_chain_path }}"'
-    register: openssl_result
+      register: openssl_result
-  - assert:
+    - assert:
-      that:
+        that:
-         - "' OK' in openssl_result.stdout_lines[0]"
+          - "' OK' in openssl_result.stdout_lines[0]"
  always:
    - name: clean-up temporary folder
--- a/tests/integration/targets/ecs_domain/tasks/main.yml
+++ b/tests/integration/targets/ecs_domain/tasks/main.yml
@@ -9,16 +9,15 @@
 ####################################################################
 ## Verify that integration_config was specified
- block:
+- assert:
-  - assert:
+    that:
-      that:
+      - entrust_api_user is defined
-        - entrust_api_user is defined
+      - entrust_api_key is defined
-        - entrust_api_key is defined
+      - entrust_api_ip_address is defined
-        - entrust_api_ip_address is defined
+      - entrust_cloud_ip_address is defined
-        - entrust_cloud_ip_address is defined
+      - entrust_api_client_cert_path is defined or entrust_api_client_cert_contents is defined
-        - entrust_api_client_cert_path is defined or entrust_api_client_cert_contents is defined
+      - entrust_api_client_cert_key_path is defined or entrust_api_client_cert_key_contents
-        - entrust_api_client_cert_key_path is defined or entrust_api_client_cert_key_contents
+      - cacerts_bundle_path_local is defined
        - cacerts_bundle_path_local is defined
 ## SET UP TEST ENVIRONMENT ########################################################################
 - name: copy the files needed for verifying test server certificate to the host
@@ -64,213 +63,212 @@
    dest: '{{ entrust_api_cert_key }}'
 - block:
-  - name: Have ECS request a domain validation via dns
+    - name: Have ECS request a domain validation via dns
-    ecs_domain:
+      ecs_domain:
-      domain_name: dns.{{ common_name }}
+        domain_name: dns.{{ common_name }}
-      verification_method: dns
+        verification_method: dns
-      entrust_api_user: '{{ entrust_api_user }}'
+        entrust_api_user: '{{ entrust_api_user }}'
-      entrust_api_key: '{{ entrust_api_key }}'
+        entrust_api_key: '{{ entrust_api_key }}'
-      entrust_api_client_cert_path: '{{ entrust_api_cert }}'
+        entrust_api_client_cert_path: '{{ entrust_api_cert }}'
-      entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
+        entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
-    register: dns_result
+      register: dns_result
-  - assert:
+    - assert:
-      that:
+        that:
-        - dns_result is not failed
+          - dns_result is not failed
-        - dns_result.changed
+          - dns_result.changed
-        - dns_result.domain_status == 'INITIAL_VERIFICATION'
+          - dns_result.domain_status == 'INITIAL_VERIFICATION'
-        - dns_result.verification_method == 'dns'
+          - dns_result.verification_method == 'dns'
-        - dns_result.dns_location is string
+          - dns_result.dns_location is string
-        - dns_result.dns_contents is string
+          - dns_result.dns_contents is string
-        - dns_result.dns_resource_type is string
+          - dns_result.dns_resource_type is string
-        - dns_result.file_location is undefined
+          - dns_result.file_location is undefined
-        - dns_result.file_contents is undefined
+          - dns_result.file_contents is undefined
-        - dns_result.emails is undefined
+          - dns_result.emails is undefined
-  - name: Have ECS request a domain validation via web_server
+    - name: Have ECS request a domain validation via web_server
-    ecs_domain:
+      ecs_domain:
-      domain_name: FILE.{{ common_name }}
+        domain_name: FILE.{{ common_name }}
-      verification_method: web_server
+        verification_method: web_server
-      entrust_api_user: '{{ entrust_api_user }}'
+        entrust_api_user: '{{ entrust_api_user }}'
-      entrust_api_key: '{{ entrust_api_key }}'
+        entrust_api_key: '{{ entrust_api_key }}'
-      entrust_api_client_cert_path: '{{ entrust_api_cert }}'
+        entrust_api_client_cert_path: '{{ entrust_api_cert }}'
-      entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
+        entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
-    register: file_result
+      register: file_result
-  - assert:
+    - assert:
-      that:
+        that:
-        - file_result is not failed
+          - file_result is not failed
-        - file_result.changed
+          - file_result.changed
-        - file_result.domain_status == 'INITIAL_VERIFICATION'
+          - file_result.domain_status == 'INITIAL_VERIFICATION'
-        - file_result.verification_method == 'web_server'
+          - file_result.verification_method == 'web_server'
-        - file_result.dns_location is undefined
+          - file_result.dns_location is undefined
-        - file_result.dns_contents is undefined
+          - file_result.dns_contents is undefined
-        - file_result.dns_resource_type is undefined
+          - file_result.dns_resource_type is undefined
-        - file_result.file_location is string
+          - file_result.file_location is string
-        - file_result.file_contents is string
+          - file_result.file_contents is string
-        - file_result.emails is undefined
+          - file_result.emails is undefined
-  - name: Have ECS request a domain validation via email
+    - name: Have ECS request a domain validation via email
-    ecs_domain:
+      ecs_domain:
-      domain_name: email.{{ common_name }}
+        domain_name: email.{{ common_name }}
-      verification_method: email
+        verification_method: email
-      verification_email: admin@testcertificates.com
+        verification_email: admin@testcertificates.com
-      entrust_api_user: '{{ entrust_api_user }}'
+        entrust_api_user: '{{ entrust_api_user }}'
-      entrust_api_key: '{{ entrust_api_key }}'
+        entrust_api_key: '{{ entrust_api_key }}'
-      entrust_api_client_cert_path: '{{ entrust_api_cert }}'
+        entrust_api_client_cert_path: '{{ entrust_api_cert }}'
-      entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
+        entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
-    register: email_result
+      register: email_result
-  - assert:
+    - assert:
-      that:
+        that:
-        - email_result is not failed
+          - email_result is not failed
-        - email_result.changed
+          - email_result.changed
-        - email_result.domain_status == 'INITIAL_VERIFICATION'
+          - email_result.domain_status == 'INITIAL_VERIFICATION'
-        - email_result.verification_method == 'email'
+          - email_result.verification_method == 'email'
-        - email_result.dns_location is undefined
+          - email_result.dns_location is undefined
-        - email_result.dns_contents is undefined
+          - email_result.dns_contents is undefined
-        - email_result.dns_resource_type is undefined
+          - email_result.dns_resource_type is undefined
-        - email_result.file_location is undefined
+          - email_result.file_location is undefined
-        - email_result.file_contents is undefined
+          - email_result.file_contents is undefined
-        - email_result.emails[0] == 'admin@testcertificates.com'
+          - email_result.emails[0] == 'admin@testcertificates.com'
-  - name: Have ECS request a domain validation via email with no address provided
+    - name: Have ECS request a domain validation via email with no address provided
-    ecs_domain:
+      ecs_domain:
-      domain_name: email2.{{ common_name }}
+        domain_name: email2.{{ common_name }}
-      verification_method: email
+        verification_method: email
-      entrust_api_user: '{{ entrust_api_user }}'
+        entrust_api_user: '{{ entrust_api_user }}'
-      entrust_api_key: '{{ entrust_api_key }}'
+        entrust_api_key: '{{ entrust_api_key }}'
-      entrust_api_client_cert_path: '{{ entrust_api_cert }}'
+        entrust_api_client_cert_path: '{{ entrust_api_cert }}'
-      entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
+        entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
-    register: email_result2
+      register: email_result2
-  - assert:
+    - assert:
-      that:
+        that:
-        - email_result2 is not failed
+          - email_result2 is not failed
-        - email_result2.changed
+          - email_result2.changed
-        - email_result2.domain_status == 'INITIAL_VERIFICATION'
+          - email_result2.domain_status == 'INITIAL_VERIFICATION'
-        - email_result2.verification_method == 'email'
+          - email_result2.verification_method == 'email'
-        - email_result2.dns_location is undefined
+          - email_result2.dns_location is undefined
-        - email_result2.dns_contents is undefined
+          - email_result2.dns_contents is undefined
-        - email_result2.dns_resource_type is undefined
+          - email_result2.dns_resource_type is undefined
-        - email_result2.file_location is undefined
+          - email_result2.file_location is undefined
-        - email_result2.file_contents is undefined
+          - email_result2.file_contents is undefined
-        - email_result2.emails is defined
+          - email_result2.emails is defined
-  - name: Have ECS request a domain validation via manual
+    - name: Have ECS request a domain validation via manual
-    ecs_domain:
+      ecs_domain:
-      domain_name: manual.{{ common_name }}
+        domain_name: manual.{{ common_name }}
-      verification_method: manual
+        verification_method: manual
-      entrust_api_user: '{{ entrust_api_user }}'
+        entrust_api_user: '{{ entrust_api_user }}'
-      entrust_api_key: '{{ entrust_api_key }}'
+        entrust_api_key: '{{ entrust_api_key }}'
-      entrust_api_client_cert_path: '{{ entrust_api_cert }}'
+        entrust_api_client_cert_path: '{{ entrust_api_cert }}'
-      entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
+        entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
-    register: manual_result
+      register: manual_result
-  - assert:
+    - assert:
-      that:
+        that:
-        - manual_result is not failed
+          - manual_result is not failed
-        - manual_result.changed
+          - manual_result.changed
-        - manual_result.domain_status == 'INITIAL_VERIFICATION'
+          - manual_result.domain_status == 'INITIAL_VERIFICATION'
-        - manual_result.verification_method == 'manual'
+          - manual_result.verification_method == 'manual'
-        - manual_result.dns_location is undefined
+          - manual_result.dns_location is undefined
-        - manual_result.dns_contents is undefined
+          - manual_result.dns_contents is undefined
-        - manual_result.dns_resource_type is undefined
+          - manual_result.dns_resource_type is undefined
-        - manual_result.file_location is undefined
+          - manual_result.file_location is undefined
-        - manual_result.file_contents is undefined
+          - manual_result.file_contents is undefined
-        - manual_result.emails is undefined
+          - manual_result.emails is undefined
-  - name: Have ECS request a domain validation via dns that remains unchanged
+    - name: Have ECS request a domain validation via dns that remains unchanged
-    ecs_domain:
+      ecs_domain:
-      domain_name: dns.{{ common_name }}
+        domain_name: dns.{{ common_name }}
-      verification_method: dns
+        verification_method: dns
-      entrust_api_user: '{{ entrust_api_user }}'
+        entrust_api_user: '{{ entrust_api_user }}'
-      entrust_api_key: '{{ entrust_api_key }}'
+        entrust_api_key: '{{ entrust_api_key }}'
-      entrust_api_client_cert_path: '{{ entrust_api_cert }}'
+        entrust_api_client_cert_path: '{{ entrust_api_cert }}'
-      entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
+        entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
-    register: dns_result2
+      register: dns_result2
-  - assert:
+    - assert:
-      that:
+        that:
-        - dns_result2 is not failed
+          - dns_result2 is not failed
-        - not dns_result2.changed
+          - not dns_result2.changed
-        - dns_result2.domain_status == 'INITIAL_VERIFICATION'
+          - dns_result2.domain_status == 'INITIAL_VERIFICATION'
-        - dns_result2.verification_method == 'dns'
+          - dns_result2.verification_method == 'dns'
-        - dns_result2.dns_location is string
+          - dns_result2.dns_location is string
-        - dns_result2.dns_contents is string
+          - dns_result2.dns_contents is string
-        - dns_result2.dns_resource_type is string
+          - dns_result2.dns_resource_type is string
-        - dns_result2.file_location is undefined
+          - dns_result2.file_location is undefined
-        - dns_result2.file_contents is undefined
+          - dns_result2.file_contents is undefined
-        - dns_result2.emails is undefined
+          - dns_result2.emails is undefined
-  - name: Have ECS request a domain validation via FILE for dns, to change verification method
+    - name: Have ECS request a domain validation via FILE for dns, to change verification method
-    ecs_domain:
+      ecs_domain:
-      domain_name: dns.{{ common_name }}
+        domain_name: dns.{{ common_name }}
-      verification_method: web_server
+        verification_method: web_server
-      entrust_api_user: '{{ entrust_api_user }}'
+        entrust_api_user: '{{ entrust_api_user }}'
-      entrust_api_key: '{{ entrust_api_key }}'
+        entrust_api_key: '{{ entrust_api_key }}'
-      entrust_api_client_cert_path: '{{ entrust_api_cert }}'
+        entrust_api_client_cert_path: '{{ entrust_api_cert }}'
-      entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
+        entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
-    register: dns_result_now_file
+      register: dns_result_now_file
-  - assert:
+    - assert:
-      that:
+        that:
-        - dns_result_now_file is not failed
+          - dns_result_now_file is not failed
-        - dns_result_now_file.changed
+          - dns_result_now_file.changed
-        - dns_result_now_file.domain_status == 'INITIAL_VERIFICATION'
+          - dns_result_now_file.domain_status == 'INITIAL_VERIFICATION'
-        - dns_result_now_file.verification_method == 'web_server'
+          - dns_result_now_file.verification_method == 'web_server'
-        - dns_result_now_file.dns_location is undefined
+          - dns_result_now_file.dns_location is undefined
-        - dns_result_now_file.dns_contents is undefined
+          - dns_result_now_file.dns_contents is undefined
-        - dns_result_now_file.dns_resource_type is undefined
+          - dns_result_now_file.dns_resource_type is undefined
-        - dns_result_now_file.file_location is string
+          - dns_result_now_file.file_location is string
-        - dns_result_now_file.file_contents is string
+          - dns_result_now_file.file_contents is string
-        - dns_result_now_file.emails is undefined
+          - dns_result_now_file.emails is undefined
-  - name: Request revalidation of an approved domain
+    - name: Request revalidation of an approved domain
-    ecs_domain:
+      ecs_domain:
-      domain_name: '{{ existing_domain_common_name }}'
+        domain_name: '{{ existing_domain_common_name }}'
-      verification_method: manual
+        verification_method: manual
-      entrust_api_user: '{{ entrust_api_user }}'
+        entrust_api_user: '{{ entrust_api_user }}'
-      entrust_api_key: '{{ entrust_api_key }}'
+        entrust_api_key: '{{ entrust_api_key }}'
-      entrust_api_client_cert_path: '{{ entrust_api_cert }}'
+        entrust_api_client_cert_path: '{{ entrust_api_cert }}'
-      entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
+        entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
-    register: manual_existing_domain
+      register: manual_existing_domain
-  - assert:
+    - assert:
-      that:
+        that:
-        - manual_existing_domain is not failed
+          - manual_existing_domain is not failed
-        - not manual_existing_domain.changed
+          - not manual_existing_domain.changed
-        - manual_existing_domain.domain_status == 'RE_VERIFICATION'
+          - manual_existing_domain.domain_status == 'RE_VERIFICATION'
-        - manual_existing_domain.dns_location is undefined
+          - manual_existing_domain.dns_location is undefined
-        - manual_existing_domain.dns_contents is undefined
+          - manual_existing_domain.dns_contents is undefined
-        - manual_existing_domain.dns_resource_type is undefined
+          - manual_existing_domain.dns_resource_type is undefined
-        - manual_existing_domain.file_location is undefined
+          - manual_existing_domain.file_location is undefined
-        - manual_existing_domain.file_contents is undefined
+          - manual_existing_domain.file_contents is undefined
-        - manual_existing_domain.emails is undefined
+          - manual_existing_domain.emails is undefined
-  - name: Request revalidation of an approved domain
+    - name: Request revalidation of an approved domain
-    ecs_domain:
+      ecs_domain:
-      domain_name: '{{ existing_domain_common_name }}'
+        domain_name: '{{ existing_domain_common_name }}'
-      verification_method: web_server
+        verification_method: web_server
-      entrust_api_user: '{{ entrust_api_user }}'
+        entrust_api_user: '{{ entrust_api_user }}'
-      entrust_api_key: '{{ entrust_api_key }}'
+        entrust_api_key: '{{ entrust_api_key }}'
-      entrust_api_client_cert_path: '{{ entrust_api_cert }}'
+        entrust_api_client_cert_path: '{{ entrust_api_cert }}'
-      entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
+        entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
-    register: file_existing_domain_revalidate
+      register: file_existing_domain_revalidate
  - assert:
      that:
        - file_existing_domain_revalidate is not failed
        - file_existing_domain_revalidate.changed
        - file_existing_domain_revalidate.domain_status == 'RE_VERIFICATION'
        - file_existing_domain_revalidate.verification_method == 'web_server'
        - file_existing_domain_revalidate.dns_location is undefined
        - file_existing_domain_revalidate.dns_contents is undefined
        - file_existing_domain_revalidate.dns_resource_type is undefined
        - file_existing_domain_revalidate.file_location is string
        - file_existing_domain_revalidate.file_contents is string
        - file_existing_domain_revalidate.emails is undefined
    - assert:
        that:
          - file_existing_domain_revalidate is not failed
          - file_existing_domain_revalidate.changed
          - file_existing_domain_revalidate.domain_status == 'RE_VERIFICATION'
          - file_existing_domain_revalidate.verification_method == 'web_server'
          - file_existing_domain_revalidate.dns_location is undefined
          - file_existing_domain_revalidate.dns_contents is undefined
          - file_existing_domain_revalidate.dns_resource_type is undefined
          - file_existing_domain_revalidate.file_location is string
          - file_existing_domain_revalidate.file_contents is string
          - file_existing_domain_revalidate.emails is undefined
  always:
    - name: clean-up temporary folder
--- a/tests/integration/targets/filter_split_pem/tasks/main.yml
+++ b/tests/integration/targets/filter_split_pem/tasks/main.yml
@@ -33,10 +33,7 @@
      Baz
      Bam
      -----END PRIVATE KEY-----
-    pem_3: |
+    pem_3: "-----BEGIN \nfoo\n-----END \n"
      -----BEGIN 
      foo
      -----END 
    crap_1: |
      # Comment
    crap_2: |
--- a/tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml
+++ b/tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml
@@ -137,7 +137,9 @@
      - result.extensions_by_oid | length == 9
      # Precert Signed Certificate Timestamps
      - result.extensions_by_oid['1.3.6.1.4.1.11129.2.4.2'].critical == false
-      - result.extensions_by_oid['1.3.6.1.4.1.11129.2.4.2'].value == 'BIHvAO0AdADd3Mo0ldfhFgXnlTL6x5/4PRxQ39sAOhQSdgosrLvIKgAAAZYL7QgtAAAEAwBFMEMCIAXku/W4fMbkoOkHguRt8RfxVy6dgwpi9A8IDTRkOn1XAh9g9RjiBvMJdM/+UQS+WNXaxOqA5JzUfvCFjbYLbEZ5AHUADeHyMCvTDcFAYhIJ6lUu/Ed0fLHX6TDvDkIetH5OqjQAAAGWC+0H2AAABAMARjBEAiB26F5G8YPuZ11gAfEXqAFpVk01VcbOsS6w3dn2CJf6zgIgeEWCpg9tsQ8dB7/hU1zOmkZom62VDXvk8Cs+yscbQq4='
+      - >-
        result.extensions_by_oid['1.3.6.1.4.1.11129.2.4.2'].value ==
        'BIHvAO0AdADd3Mo0ldfhFgXnlTL6x5/4PRxQ39sAOhQSdgosrLvIKgAAAZYL7QgtAAAEAwBFMEMCIAXku/W4fMbkoOkHguRt8RfxVy6dgwpi9A8IDTRkOn1XAh9g9RjiBvMJdM/+UQS+WNXaxOqA5JzUfvCFjbYLbEZ5AHUADeHyMCvTDcFAYhIJ6lUu/Ed0fLHX6TDvDkIetH5OqjQAAAGWC+0H2AAABAMARjBEAiB26F5G8YPuZ11gAfEXqAFpVk01VcbOsS6w3dn2CJf6zgIgeEWCpg9tsQ8dB7/hU1zOmkZom62VDXvk8Cs+yscbQq4='
      # Authority Information Access
      - result.extensions_by_oid['1.3.6.1.5.5.7.1.1'].critical == false
      - result.extensions_by_oid['1.3.6.1.5.5.7.1.1'].value == 'MGgwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLmZvb2JhcmJhei5leGFtcGxlLmNvbTA3BggrBgEFBQcwAoYraHR0cDovL2NlcnQuZm9vYmFyYmF6LmV4YW1wbGUuY29tL2ludGVyLnBlbQ=='
--- a/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml
+++ b/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml
@@ -140,10 +140,10 @@
    selfsigned_not_after: "+10d"
    selfsigned_not_before: "-3d"
  loop:
-  - 1
+    - 1
-  - 2
+    - 2
-  - 3
+    - 3
-  - 4
+    - 4
 - name: Running tests
  include_tasks: impl.yml
--- a/tests/integration/targets/filter_x509_crl_info/tasks/main.yml
+++ b/tests/integration/targets/filter_x509_crl_info/tasks/main.yml
@@ -78,14 +78,14 @@
  x509_certificate_info:
    path: '{{ remote_tmp_dir }}/{{ item }}.pem'
  loop:
-  - cert-1
+    - cert-1
-  - cert-2
+    - cert-2
-  - cert-3
+    - cert-3
-  - cert-4
+    - cert-4
  register: certificate_infos
 - block:
-  - name: Running tests
+    - name: Running tests
-    include_tasks: impl.yml
+      include_tasks: impl.yml
  when: cryptography_version.stdout is version('1.2', '>=')
--- a/tests/integration/targets/get_certificate/tasks/main.yml
+++ b/tests/integration/targets/get_certificate/tasks/main.yml
@@ -15,35 +15,35 @@
 - block:
-  - name: Get servers certificate with backend auto-detection
+    - name: Get servers certificate with backend auto-detection
-    get_certificate:
+      get_certificate:
-      host: "{{ httpbin_host }}"
+        host: "{{ httpbin_host }}"
-      port: 443
+        port: 443
-      asn1_base64: "{{ true if ansible_version.full is version('2.18', '>=') else omit }}"
+        asn1_base64: "{{ true if ansible_version.full is version('2.18', '>=') else omit }}"
-    ignore_errors: true
+      ignore_errors: true
-    register: result
+      register: result
-  - set_fact:
+    - set_fact:
-      skip_tests: |
+        skip_tests: |
-        {{
+          {{
-          result is failed and (
+            result is failed and (
-            'error: [Errno 1] _ssl.c:492: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure' in result.msg
+              'error: [Errno 1] _ssl.c:492: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure' in result.msg
-            or
+              or
-            'error: _ssl.c:314: Invalid SSL protocol variant specified.' in result.msg
+              'error: _ssl.c:314: Invalid SSL protocol variant specified.' in result.msg
-          )
+            )
-        }}
+          }}
-  - assert:
+    - assert:
-      that:
+        that:
-        - result is success or skip_tests
+          - result is success or skip_tests
  when: cryptography_version.stdout is version('1.6', '>=')
 - block:
-  - include_tasks: ../tests/validate.yml
+    - include_tasks: ../tests/validate.yml
-    vars:
+      vars:
-      select_crypto_backend: cryptography
+        select_crypto_backend: cryptography
  # The module doesn't work with CentOS 6. Since the pyOpenSSL installed there is too old,
  # we never noticed before. This becomes a problem with the new cryptography backend,
--- a/tests/integration/targets/get_certificate/tests/validate.yml
+++ b/tests/integration/targets/get_certificate/tests/validate.yml
@@ -76,7 +76,7 @@
        or 'unknown protocol' in result.msg
        or 'wrong version number' in result.msg
        or 'record layer failure' in result.msg
- 
+
 - name: Test timeout option
  get_certificate:
    host: "{{ httpbin_host }}"
--- a/tests/integration/targets/luks_device/tasks/main.yml
+++ b/tests/integration/targets/luks_device/tasks/main.yml
@@ -21,13 +21,13 @@
  vars:
    search:
      files:
-      - '{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version }}.yml'
+        - '{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version }}.yml'
-      - '{{ ansible_distribution | lower }}-{{ ansible_distribution_version }}.yml'
+        - '{{ ansible_distribution | lower }}-{{ ansible_distribution_version }}.yml'
-      - '{{ ansible_distribution | lower }}.yml'
+        - '{{ ansible_distribution | lower }}.yml'
-      - '{{ ansible_os_family | lower }}.yml'
+        - '{{ ansible_os_family | lower }}.yml'
-      - default.yml
+        - default.yml
      paths:
-      - vars
+        - vars
 - name: Make sure cryptsetup is installed
  package:
@@ -71,21 +71,21 @@
    cryptfile_passphrase3: "qQJqsjabO9pItV792k90VvX84MM"
 - block:
-  - include_tasks: run-test.yml
+    - include_tasks: run-test.yml
-    with_fileglob:
+      with_fileglob:
-    - "tests/*.yml"
+        - "tests/*.yml"
  always:
-  - name: Make sure LUKS device is gone
+    - name: Make sure LUKS device is gone
-    luks_device:
+      luks_device:
-      device: "{{ cryptfile_device }}"
+        device: "{{ cryptfile_device }}"
-      state: absent
+        state: absent
-    become: true
+      become: true
-    ignore_errors: true
+      ignore_errors: true
-  - command: losetup -d "{{ cryptfile_device }}"
+    - command: losetup -d "{{ cryptfile_device }}"
-    become: true
+      become: true
-  - file:
+    - file:
-      dest: "{{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile"
+        dest: "{{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile"
-      state: absent
+        state: absent
--- a/tests/integration/targets/luks_device/tasks/tests/create-destroy.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/create-destroy.yml
@@ -43,10 +43,10 @@
  register: create_idem_check
 - assert:
    that:
-    - create_check is changed
+      - create_check is changed
-    - create is changed
+      - create is changed
-    - create_idem is not changed
+      - create_idem is not changed
-    - create_idem_check is not changed
+      - create_idem_check is not changed
 - name: Open (check)
  luks_device:
@@ -80,10 +80,10 @@
  register: open_idem_check
 - assert:
    that:
-    - open_check is changed
+      - open_check is changed
-    - open is changed
+      - open is changed
-    - open_idem is not changed
+      - open_idem is not changed
-    - open_idem_check is not changed
+      - open_idem_check is not changed
 - name: Closed (via name, check)
  luks_device:
@@ -113,10 +113,10 @@
  register: close_idem_check
 - assert:
    that:
-    - close_check is changed
+      - close_check is changed
-    - close is changed
+      - close is changed
-    - close_idem is not changed
+      - close_idem is not changed
-    - close_idem_check is not changed
+      - close_idem_check is not changed
 - name: Re-open
  luks_device:
@@ -153,10 +153,10 @@
  register: close_idem_check
 - assert:
    that:
-    - close_check is changed
+      - close_check is changed
-    - close is changed
+      - close is changed
-    - close_idem is not changed
+      - close_idem is not changed
-    - close_idem_check is not changed
+      - close_idem_check is not changed
 - name: Re-opened
  luks_device:
@@ -193,7 +193,7 @@
  register: absent_idem_check
 - assert:
    that:
-    - absent_check is changed
+      - absent_check is changed
-    - absent is changed
+      - absent is changed
-    - absent_idem is not changed
+      - absent_idem is not changed
-    - absent_idem_check is not changed
+      - absent_idem_check is not changed
--- a/tests/integration/targets/luks_device/tasks/tests/cryptname.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/cryptname.yml
@@ -54,9 +54,9 @@
  register: absent
 - assert:
    that:
-    - create is changed
+      - create is changed
-    - open is changed
+      - open is changed
-    - open_idem is not changed
+      - open_idem is not changed
-    - close is changed
+      - close is changed
-    - close_idem is not changed
+      - close_idem is not changed
-    - absent is changed
+      - absent is changed
--- a/tests/integration/targets/luks_device/tasks/tests/key-management.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/key-management.yml
@@ -24,7 +24,7 @@
  register: open_try
 - assert:
    that:
-    - open_try is not failed
+      - open_try is not failed
 - name: Close
  luks_device:
    device: "{{ cryptfile_device }}"
@@ -41,7 +41,7 @@
  register: open_try
 - assert:
    that:
-    - open_try is failed
+      - open_try is failed
 - name: Give access to keyfile2
  luks_device:
@@ -80,7 +80,7 @@
  register: open_try
 - assert:
    that:
-    - open_try is not failed
+      - open_try is not failed
 - name: Close
  luks_device:
    device: "{{ cryptfile_device }}"
@@ -126,7 +126,7 @@
  register: open_try
 - assert:
    that:
-    - open_try is failed
+      - open_try is failed
 - name: Try to open with keyfile2
  luks_device:
@@ -138,7 +138,7 @@
  register: open_try
 - assert:
    that:
-    - open_try is not failed
+      - open_try is not failed
 - name: Close
  luks_device:
    device: "{{ cryptfile_device }}"
@@ -160,8 +160,8 @@
  register: remove_last_key
 - assert:
    that:
-    - remove_last_key is failed
+      - remove_last_key is failed
-    - "'force_remove_last_key' in remove_last_key.msg"
+      - "'force_remove_last_key' in remove_last_key.msg"
 # Access: keyfile2
@@ -175,7 +175,7 @@
  register: open_try
 - assert:
    that:
-    - open_try is not failed
+      - open_try is not failed
 - name: Close
  luks_device:
    device: "{{ cryptfile_device }}"
@@ -203,4 +203,4 @@
  register: open_try
 - assert:
    that:
-    - open_try is failed
+      - open_try is failed
--- a/tests/integration/targets/luks_device/tasks/tests/keyfile_binary_nocopy.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/keyfile_binary_nocopy.yml
@@ -42,7 +42,7 @@
  register: open_try
 - assert:
    that:
-    - open_try is not failed
+      - open_try is not failed
 - name: Close
  luks_device:
    device: "{{ cryptfile_device }}"
@@ -59,7 +59,7 @@
  register: open_try
 - assert:
    that:
-    - open_try is failed
+      - open_try is failed
 - name: Give access to passphrase1
  luks_device:
@@ -90,7 +90,7 @@
  register: open_try
 - assert:
    that:
-    - open_try is failed
+      - open_try is failed
 - name: Open with passphrase1
  luks_device:
@@ -102,4 +102,4 @@
  register: open_try
 - assert:
    that:
-    - open_try is not failed
+      - open_try is not failed
--- a/tests/integration/targets/luks_device/tasks/tests/keyslot-create-destroy.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/keyslot-create-destroy.yml
@@ -51,11 +51,11 @@
  register: luks_header_slot4
 - assert:
    that:
-    - create_luks_slot4_check is changed
+      - create_luks_slot4_check is changed
-    - create_luks_slot4 is changed
+      - create_luks_slot4 is changed
-    - create_luks_slot4_idem is not changed
+      - create_luks_slot4_idem is not changed
-    - create_luks_slot4_idem_check is not changed
+      - create_luks_slot4_idem_check is not changed
-    - "'Key Slot 4: ENABLED' in luks_header_slot4.stdout or '4: luks2' in luks_header_slot4.stdout"
+      - "'Key Slot 4: ENABLED' in luks_header_slot4.stdout or '4: luks2' in luks_header_slot4.stdout"
 - name: Add key in slot 2 (check)
  luks_device:
@@ -109,11 +109,11 @@
  register: luks_header_slot2
 - assert:
    that:
-    - add_luks_slot2_check is changed
+      - add_luks_slot2_check is changed
-    - add_luks_slot2 is changed
+      - add_luks_slot2 is changed
-    - add_luks_slot2_idem is not changed
+      - add_luks_slot2_idem is not changed
-    - add_luks_slot2_idem_check is not changed
+      - add_luks_slot2_idem_check is not changed
-    - "'Key Slot 2: ENABLED' in luks_header_slot2.stdout or '2: luks2' in luks_header_slot2.stdout"
+      - "'Key Slot 2: ENABLED' in luks_header_slot2.stdout or '2: luks2' in luks_header_slot2.stdout"
 - name: Check remove slot 4 without key
  luks_device:
@@ -132,8 +132,8 @@
  register: kill_slot4_key_slot4
 - assert:
    that:
-    - kill_slot4_nokey is failed
+      - kill_slot4_nokey is failed
-    - kill_slot4_key_slot4 is failed
+      - kill_slot4_key_slot4 is failed
 - name: Remove key in slot 4 (check)
  luks_device:
@@ -171,11 +171,11 @@
  register: luks_header_slot4_removed
 - assert:
    that:
-    - kill_luks_slot4_check is changed
+      - kill_luks_slot4_check is changed
-    - kill_luks_slot4 is changed
+      - kill_luks_slot4 is changed
-    - kill_luks_slot4_idem is not changed
+      - kill_luks_slot4_idem is not changed
-    - kill_luks_slot4_idem_check is not changed
+      - kill_luks_slot4_idem_check is not changed
-    - "'Key Slot 4: DISABLED' in luks_header_slot4_removed.stdout or not '4: luks' in luks_header_slot4_removed.stdout"
+      - "'Key Slot 4: DISABLED' in luks_header_slot4_removed.stdout or not '4: luks' in luks_header_slot4_removed.stdout"
 - name: Add key in slot 0
  luks_device:
@@ -201,6 +201,6 @@
  register: luks_header_slot0_removed
 - assert:
    that:
-    - add_luks_slot0 is changed
+      - add_luks_slot0 is changed
-    - kill_luks_slot0 is changed
+      - kill_luks_slot0 is changed
-    - "'Key Slot 0: DISABLED' in luks_header_slot0_removed.stdout or not '0: luks' in luks_header_slot0_removed.stdout"
+      - "'Key Slot 0: DISABLED' in luks_header_slot0_removed.stdout or not '0: luks' in luks_header_slot0_removed.stdout"
--- a/tests/integration/targets/luks_device/tasks/tests/keyslot-duplicate.yml
+++ b/tests/integration/targets/luks_device/tasks/tests/keyslot-duplicate.yml
@@ -34,7 +34,7 @@
  register: keyslot_duplicate
 - assert:
    that:
-    - keyslot_duplicate_check is failed
+      - keyslot_duplicate_check is failed
-    - "'Trying to add key that is already present in another slot' in keyslot_duplicate_check.msg"
+      - "'Trying to add key that is already present in another slot' in keyslot_duplicate_check.msg"
-    - keyslot_duplicate is failed
+      - keyslot_duplicate is failed
-    - "'Trying to add key that is already present in another slot' in keyslot_duplicate.msg"
+      - "'Trying to add key that is already present in another slot' in keyslot_duplicate.msg"
--- a/Show More
+++ b/Show More