diff --git a/tests/integration/targets/openssh_cert/aliases b/tests/integration/targets/openssh_cert/aliases index d84d0772..6eae8bd8 100644 --- a/tests/integration/targets/openssh_cert/aliases +++ b/tests/integration/targets/openssh_cert/aliases @@ -1,3 +1,2 @@ shippable/posix/group1 destructive -skip/rhel9.0 # TODO figure out why and fix diff --git a/tests/integration/targets/openssh_cert/tests/key_idempotency.yml b/tests/integration/targets/openssh_cert/tests/key_idempotency.yml index 8d3157d2..1d005dcc 100644 --- a/tests/integration/targets/openssh_cert/tests/key_idempotency.yml +++ b/tests/integration/targets/openssh_cert/tests/key_idempotency.yml @@ -53,21 +53,25 @@ that: - updated_signature_algorithm_idempotent is not changed - - name: Generate cert with original signature algorithm - openssh_cert: - type: user - path: "{{ certificate_path }}" - public_key: "{{ public_key }}" - signing_key: "{{ signing_key }}" - signature_algorithm: ssh-rsa - valid_from: always - valid_to: forever - register: second_signature_algorithm + - block: + - name: Generate cert with original signature algorithm + openssh_cert: + type: user + path: "{{ certificate_path }}" + public_key: "{{ public_key }}" + signing_key: "{{ signing_key }}" + signature_algorithm: ssh-rsa + valid_from: always + valid_to: forever + register: second_signature_algorithm - - name: Assert second signature algorithm update causes change - assert: - that: - - second_signature_algorithm is changed + - name: Assert second signature algorithm update causes change + assert: + that: + - second_signature_algorithm is changed + # RHEL9 disables SHA-1 algorithms by default making this test fail with a 'libcrypt' error. Other systems which + # impose a similar restriction may also need to skip this block in the future. + when: not (ansible_facts['distribution'] == "RedHat" and (ansible_facts['distribution_major_version'] | int) >= 9) - name: Omit signature algorithm openssh_cert: