x509_crl_info: allow to not enumerate revoked certificates (#232)

* Allow to not enumerate revoked certificates. * Forgot to remove one instance. * Add example.
2026-05-07 05:43:06 +00:00 · 2021-05-19 09:32:30 +02:00
parent 7298c1f49a
commit 69aeb2d86f
5 changed files with 64 additions and 10 deletions
--- a/tests/integration/targets/x509_crl/tasks/impl.yml
+++ b/tests/integration/targets/x509_crl/tasks/impl.yml
@@ -19,6 +19,7 @@
        revocation_date: 20191001000000Z
  check_mode: yes
  register: crl_1_check
+
 - name: Create CRL 1
  x509_crl:
    path: '{{ output_dir }}/ca-crl1.crl'
@@ -38,18 +39,22 @@
      - serial_number: 1234
        revocation_date: 20191001000000Z
  register: crl_1
+
 - name: Retrieve CRL 1 infos
  x509_crl_info:
    path: '{{ output_dir }}/ca-crl1.crl'
  register: crl_1_info_1
+
 - name: Retrieve CRL 1 infos via file content
  x509_crl_info:
    content: '{{ lookup("file", output_dir ~ "/ca-crl1.crl") }}'
  register: crl_1_info_2
+
 - name: Retrieve CRL 1 infos via file content (Base64)
  x509_crl_info:
    content: '{{ lookup("file", output_dir ~ "/ca-crl1.crl") | b64encode }}'
  register: crl_1_info_3
+
 - name: Create CRL 1 (idempotent, check mode)
  x509_crl:
    path: '{{ output_dir }}/ca-crl1.crl'
@@ -70,6 +75,7 @@
        revocation_date: 20191001000000Z
  check_mode: yes
  register: crl_1_idem_check
+
 - name: Create CRL 1 (idempotent)
  x509_crl:
    path: '{{ output_dir }}/ca-crl1.crl'
@@ -89,6 +95,7 @@
      - serial_number: 1234
        revocation_date: 20191001000000Z
  register: crl_1_idem
+
 - name: Create CRL 1 (idempotent with content, check mode)
  x509_crl:
    path: '{{ output_dir }}/ca-crl1.crl'
@@ -109,6 +116,7 @@
        revocation_date: 20191001000000Z
  check_mode: yes
  register: crl_1_idem_content_check
+
 - name: Create CRL 1 (idempotent with content)
  x509_crl:
    path: '{{ output_dir }}/ca-crl1.crl'
@@ -128,6 +136,7 @@
      - serial_number: 1234
        revocation_date: 20191001000000Z
  register: crl_1_idem_content
+
 - name: Create CRL 1 (format, check mode)
  x509_crl:
    path: '{{ output_dir }}/ca-crl1.crl'
@@ -149,6 +158,7 @@
        revocation_date: 20191001000000Z
  check_mode: yes
  register: crl_1_format_check
+
 - name: Create CRL 1 (format)
  x509_crl:
    path: '{{ output_dir }}/ca-crl1.crl'
@@ -169,6 +179,7 @@
      - serial_number: 1234
        revocation_date: 20191001000000Z
  register: crl_1_format
+
 - name: Create CRL 1 (format, idempotent, check mode)
  x509_crl:
    path: '{{ output_dir }}/ca-crl1.crl'
@@ -190,6 +201,7 @@
        revocation_date: 20191001000000Z
  check_mode: yes
  register: crl_1_format_idem_check
+
 - name: Create CRL 1 (format, idempotent)
  x509_crl:
    path: '{{ output_dir }}/ca-crl1.crl'
@@ -211,14 +223,17 @@
        revocation_date: 20191001000000Z
    return_content: yes
  register: crl_1_format_idem
+
 - name: Retrieve CRL 1 infos via file
  x509_crl_info:
    path: '{{ output_dir }}/ca-crl1.crl'
  register: crl_1_info_4
+
 - name: Read ca-crl1.crl
  slurp:
    src: "{{ output_dir }}/ca-crl1.crl"
  register: content
+
 - name: Retrieve CRL 1 infos via file content (Base64)
  x509_crl_info:
    content: '{{ content.content }}'
@@ -241,6 +256,7 @@
      - serial_number: 1234
  check_mode: yes
  register: crl_2_check
+
 - name: Create CRL 2
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
@@ -257,6 +273,7 @@
        invalidity_date: 20191012000000Z
      - serial_number: 1234
  register: crl_2
+
 - name: Create CRL 2 (idempotent, check mode)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
@@ -275,6 +292,7 @@
    ignore_timestamps: yes
  check_mode: yes
  register: crl_2_idem_check
+
 - name: Create CRL 2 (idempotent)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
@@ -292,6 +310,7 @@
      - serial_number: 1234
    ignore_timestamps: yes
  register: crl_2_idem
+
 - name: Create CRL 2 (idempotent update, check mode)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
@@ -306,6 +325,7 @@
    mode: update
  check_mode: yes
  register: crl_2_idem_update_change_check
+
 - name: Create CRL 2 (idempotent update)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
@@ -319,6 +339,7 @@
    ignore_timestamps: yes
    mode: update
  register: crl_2_idem_update_change
+
 - name: Create CRL 2 (idempotent update, check mode)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
@@ -336,6 +357,7 @@
    mode: update
  check_mode: yes
  register: crl_2_idem_update_check
+
 - name: Create CRL 2 (idempotent update)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
@@ -352,6 +374,7 @@
    ignore_timestamps: yes
    mode: update
  register: crl_2_idem_update
+
 - name: Create CRL 2 (changed timestamps, check mode)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
@@ -369,6 +392,7 @@
    mode: update
  check_mode: yes
  register: crl_2_change_check
+
 - name: Create CRL 2 (changed timestamps)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
@@ -386,3 +410,9 @@
    mode: update
    return_content: yes
  register: crl_2_change
+
+- name: Retrieve CRL 2 infos
+  x509_crl_info:
+    path: '{{ output_dir }}/ca-crl2.crl'
+    list_revoked_certificates: false
+  register: crl_2_info_1
--- a/tests/integration/targets/x509_crl/tests/validate.yml
+++ b/tests/integration/targets/x509_crl/tests/validate.yml
@@ -80,3 +80,8 @@
      - crl_2_change_check is changed
      - crl_2_change is changed
      - crl_2_change.crl == lookup('file', output_dir ~ '/ca-crl2.crl', rstrip=False)
+
+- name: Validate CRL 2 info
+  assert:
+    that:
+      - "'revoked_certificates' not in crl_2_info_1"