openssl_csr: extend tests to check for privatekey_content together with privatekey_passphrase (#490)

* Extend tests to check for privatekey_content together with privatekey_passphrase. * Also test privatekey_content for private keys without passphrases.
2026-05-06 13:22:58 +00:00 · 2022-07-14 14:32:53 +02:00
parent c106638648
commit 7deb0a6db9
2 changed files with 26 additions and 2 deletions
--- a/tests/integration/targets/openssl_csr/tasks/impl.yml
+++ b/tests/integration/targets/openssl_csr/tasks/impl.yml
@@ -4,6 +4,11 @@
    path: '{{ remote_tmp_dir }}/privatekey.pem'
    size: '{{ default_rsa_key_size }}'

+- name: "({{ select_crypto_backend }}) Read privatekey"
+  slurp:
+    src: '{{ remote_tmp_dir }}/privatekey.pem'
+  register: privatekey
+
 - name: "({{ select_crypto_backend }}) Generate CSR (check mode)"
  openssl_csr:
    path: '{{ remote_tmp_dir }}/csr.csr'
@@ -28,7 +33,7 @@
 - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
  openssl_csr:
    path: '{{ remote_tmp_dir }}/csr.csr'
-    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
+    privatekey_content: '{{ privatekey.content | b64decode }}'
    subject_ordered:
      - commonName: www.ansible.com
    select_crypto_backend: '{{ select_crypto_backend }}'
@@ -264,6 +269,11 @@
    select_crypto_backend: cryptography
    size: '{{ default_rsa_key_size }}'

+- name: "({{ select_crypto_backend }}) Read privatekey"
+  slurp:
+    src: '{{ remote_tmp_dir }}/privatekeypw.pem'
+  register: privatekeypw
+
 - name: "({{ select_crypto_backend }}) Generate CSR with privatekey passphrase"
  openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_pw.csr'
@@ -272,6 +282,14 @@
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: passphrase_1

+- name: "({{ select_crypto_backend }}) Generate CSR with privatekey passphrase and private key content"
+  openssl_csr:
+    path: '{{ remote_tmp_dir }}/csr_pw.csr'
+    privatekey_content: '{{ privatekeypw.content | b64decode }}'
+    privatekey_passphrase: hunter2
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: passphrase_1_content
+
 - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 1)"
  openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_pw1.csr'
--- a/tests/integration/targets/openssl_csr/tests/validate.yml
+++ b/tests/integration/targets/openssl_csr/tests/validate.yml
@@ -132,7 +132,13 @@
      - country_idempotent_3 is not changed
      - country_fail_4 is failed

- name:
+- name: "({{ select_crypto_backend }}) Validate idempotency of privatekey_passphrase"
+  assert:
+    that:
+      - passphrase_1 is changed
+      - passphrase_1_content is not changed
+
+- name: "({{ select_crypto_backend }}) Validate private key passphrase errors"
  assert:
    that:
      - passphrase_error_1 is failed