diff --git a/.ansible-lint b/.ansible-lint index 3c0a5a33..ef074bef 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -13,10 +13,7 @@ skip_list: - yaml # we're using yamllint ourselves # To be checked and maybe fixed: - - fqcn[action] - - fqcn[action-core] - ignore-errors - - jinja[spacing] - key-order[task] - name[casing] - name[missing] diff --git a/tests/ee/all.yml b/tests/ee/all.yml index 962b24a7..c2148b38 100644 --- a/tests/ee/all.yml +++ b/tests/ee/all.yml @@ -6,15 +6,15 @@ - hosts: localhost tasks: - name: Show Python info - debug: + ansible.builtin.debug: var: ansible_python - name: Register cryptography version - command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'" + ansible.builtin.command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'" register: cryptography_version - name: Determine output directory - set_fact: + ansible.builtin.set_fact: output_path: "{{ 'output-%0x' % ((2**32) | random) }}" - name: Find all roles diff --git a/tests/ee/roles/crypto_info/tasks/main.yml b/tests/ee/roles/crypto_info/tasks/main.yml index 76cecf25..c7e8a8c0 100644 --- a/tests/ee/roles/crypto_info/tasks/main.yml +++ b/tests/ee/roles/crypto_info/tasks/main.yml @@ -8,11 +8,11 @@ register: result - name: Dump result - debug: + ansible.builtin.debug: var: result - name: Validate result - assert: + ansible.builtin.assert: that: - result.openssl_present - result.python_cryptography_installed diff --git a/tests/ee/roles/luks_device/tasks/main.yml b/tests/ee/roles/luks_device/tasks/main.yml index 9469fedc..17ba9ce4 100644 --- a/tests/ee/roles/luks_device/tasks/main.yml +++ b/tests/ee/roles/luks_device/tasks/main.yml @@ -24,13 +24,13 @@ when: false block: - name: Create lookback device - command: losetup -f {{ cryptfile_path }} + ansible.builtin.command: losetup -f {{ cryptfile_path }} - name: Determine loop device name - command: losetup -j {{ cryptfile_path }} --output name + ansible.builtin.command: losetup -j {{ cryptfile_path }} --output name register: cryptfile_device_output - - set_fact: + - ansible.builtin.set_fact: cryptfile_device: "{{ cryptfile_device_output.stdout_lines[1] }}" - name: Create LUKS container diff --git a/tests/ee/roles/smoke/tasks/main.yml b/tests/ee/roles/smoke/tasks/main.yml index a883b111..cd1d7f32 100644 --- a/tests/ee/roles/smoke/tasks/main.yml +++ b/tests/ee/roles/smoke/tasks/main.yml @@ -8,7 +8,7 @@ register: result - name: Validate result - assert: + ansible.builtin.assert: that: - result.msg == 'Everything is ok' @@ -17,6 +17,6 @@ register: result - name: Validate result - assert: + ansible.builtin.assert: that: - result.msg == 'Everything is ok' diff --git a/tests/integration/targets/acme_account/tasks/impl.yml b/tests/integration/targets/acme_account/tasks/impl.yml index 3d218763..0789e775 100644 --- a/tests/integration/targets/acme_account/tasks/impl.yml +++ b/tests/integration/targets/acme_account/tasks/impl.yml @@ -5,7 +5,7 @@ - block: - name: Generate account keys - openssl_privatekey: + community.crypto.openssl_privatekey: path: "{{ remote_tmp_dir }}/{{ item.name }}.pem" passphrase: "{{ item.pass | default(omit) | default(omit, true) }}" type: ECC @@ -14,7 +14,7 @@ loop: "{{ account_keys }}" - name: Parse account keys (to ease debugging some test failures) - openssl_privatekey_info: + community.crypto.openssl_privatekey_info: path: "{{ remote_tmp_dir }}/{{ item.name }}.pem" passphrase: "{{ item.pass | default(omit) | default(omit, true) }}" return_private_key_data: true @@ -30,7 +30,7 @@ - name: accountkey5 - name: Do not try to create account - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 @@ -42,7 +42,7 @@ register: account_not_created - name: Create it now (check mode, diff) - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 @@ -58,7 +58,7 @@ register: account_created_check - name: Create it now - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 @@ -72,7 +72,7 @@ register: account_created - name: Create it now (idempotent) - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 @@ -86,12 +86,12 @@ register: account_created_idempotent - name: Read account key - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/accountkey.pem' register: slurp - name: Change email address (check mode, diff) - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_content: "{{ slurp.content | b64decode }}" acme_version: 2 @@ -106,7 +106,7 @@ register: account_modified_check - name: Change email address - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_content: "{{ slurp.content | b64decode }}" acme_version: 2 @@ -119,7 +119,7 @@ register: account_modified - name: Change email address (idempotent) - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_created.account_uri }}" @@ -133,7 +133,7 @@ register: account_modified_idempotent - name: Cannot access account with wrong URI - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" account_uri: "{{ account_created.account_uri ~ '12345thisdoesnotexist' }}" @@ -146,7 +146,7 @@ register: account_modified_wrong_uri - name: Clear contact email addresses (check mode, diff) - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 @@ -160,7 +160,7 @@ register: account_modified_2_check - name: Clear contact email addresses - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 @@ -172,7 +172,7 @@ register: account_modified_2 - name: Clear contact email addresses (idempotent) - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 @@ -184,7 +184,7 @@ register: account_modified_2_idempotent - name: Change account key (check mode, diff) - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 @@ -200,7 +200,7 @@ register: account_change_key_check - name: Change account key - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 @@ -214,7 +214,7 @@ register: account_change_key - name: Deactivate account (check mode, diff) - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" @@ -227,7 +227,7 @@ register: account_deactivate_check - name: Deactivate account - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" @@ -238,7 +238,7 @@ register: account_deactivate - name: Deactivate account (idempotent) - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" @@ -249,7 +249,7 @@ register: account_deactivate_idempotent - name: Do not try to create account II - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" @@ -262,7 +262,7 @@ register: account_not_created_2 - name: Do not try to create account III - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 @@ -274,7 +274,7 @@ register: account_not_created_3 - name: Create account with External Account Binding - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/{{ item.account }}.pem" acme_version: 2 @@ -304,4 +304,4 @@ kid: kid-3 alg: HS512 key: zWNDZM6eQGHWpSRTPal5eIUYFTu7EajVIoguysqZ9wG44nMEtx3MUAsUDkMTQ12W -- debug: var=account_created_eab +- ansible.builtin.debug: var=account_created_eab diff --git a/tests/integration/targets/acme_account/tasks/main.yml b/tests/integration/targets/acme_account/tasks/main.yml index bcc10397..714aed87 100644 --- a/tests/integration/targets/acme_account/tasks/main.yml +++ b/tests/integration/targets/acme_account/tasks/main.yml @@ -10,31 +10,31 @@ - block: - name: Running tests with OpenSSL backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: openssl - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml # Old 0.9.8 versions have insufficient CLI support for signing with EC keys when: openssl_version is version('1.0.0', '>=') - name: Remove output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: directory - block: - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/acme_account/tests/validate.yml b/tests/integration/targets/acme_account/tests/validate.yml index 582f8b58..21262115 100644 --- a/tests/integration/targets/acme_account/tests/validate.yml +++ b/tests/integration/targets/acme_account/tests/validate.yml @@ -4,13 +4,13 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Validate that account wasn't created in the first step - assert: + ansible.builtin.assert: that: - account_not_created is failed - account_not_created.msg == 'Account does not exist or is deactivated.' - name: Validate that account was created in the second step (check mode) - assert: + ansible.builtin.assert: that: - account_created_check is changed - account_created_check.account_uri is none @@ -21,19 +21,19 @@ - account_created_check.diff.after.contact[0] in ['mailto:example@example.org', 'mailto:********@********.org'] - name: Validate that account was created in the second step - assert: + ansible.builtin.assert: that: - account_created is changed - account_created.account_uri is not none - name: Validate that account was created in the second step (idempotency) - assert: + ansible.builtin.assert: that: - account_created_idempotent is not changed - account_created_idempotent.account_uri is not none - name: Validate that email address was changed (check mode) - assert: + ansible.builtin.assert: that: - account_modified_check is changed - account_modified_check.account_uri is not none @@ -44,24 +44,24 @@ - account_modified_check.diff.after.contact[0] in ['mailto:example@example.com', 'mailto:********@********.com'] - name: Validate that email address was changed - assert: + ansible.builtin.assert: that: - account_modified is changed - account_modified.account_uri is not none - name: Validate that email address was not changed a second time (idempotency) - assert: + ansible.builtin.assert: that: - account_modified_idempotent is not changed - account_modified_idempotent.account_uri is not none - name: Make sure that with the wrong account URI, the account cannot be changed - assert: + ansible.builtin.assert: that: - account_modified_wrong_uri is failed - name: Validate that email address was cleared (check mode) - assert: + ansible.builtin.assert: that: - account_modified_2_check is changed - account_modified_2_check.account_uri is not none @@ -71,19 +71,19 @@ - account_modified_2_check.diff.after.contact | length == 0 - name: Validate that email address was cleared - assert: + ansible.builtin.assert: that: - account_modified_2 is changed - account_modified_2.account_uri is not none - name: Validate that email address was not cleared a second time (idempotency) - assert: + ansible.builtin.assert: that: - account_modified_2_idempotent is not changed - account_modified_2_idempotent.account_uri is not none - name: Validate that the account key was changed (check mode) - assert: + ansible.builtin.assert: that: - account_change_key_check is changed - account_change_key_check.account_uri is not none @@ -91,13 +91,13 @@ - account_change_key_check.diff.before.public_account_key != account_change_key_check.diff.after.public_account_key - name: Validate that the account key was changed - assert: + ansible.builtin.assert: that: - account_change_key is changed - account_change_key.account_uri is not none - name: Validate that the account was deactivated (check mode) - assert: + ansible.builtin.assert: that: - account_deactivate_check is changed - account_deactivate_check.account_uri is not none @@ -106,13 +106,13 @@ - "account_deactivate_check.diff.after == {}" - name: Validate that the account was deactivated - assert: + ansible.builtin.assert: that: - account_deactivate is changed - account_deactivate.account_uri is not none - name: Validate that the account was really deactivated (idempotency) - assert: + ansible.builtin.assert: that: - account_deactivate_idempotent is not changed # The next condition should be true for all conforming ACME servers. @@ -121,19 +121,19 @@ - account_deactivate_idempotent.account_uri is none - name: Validate that the account is gone (new account key) - assert: + ansible.builtin.assert: that: - account_not_created_2 is failed - account_not_created_2.msg == 'Account does not exist or is deactivated.' - name: Validate that the account is gone (old account key) - assert: + ansible.builtin.assert: that: - account_not_created_3 is failed - account_not_created_3.msg == 'Account does not exist or is deactivated.' - name: Validate that the account with External Account Binding has been created - assert: + ansible.builtin.assert: that: - account_created_eab.results[0] is changed - account_created_eab.results[1] is changed diff --git a/tests/integration/targets/acme_account_info/tasks/impl.yml b/tests/integration/targets/acme_account_info/tasks/impl.yml index 25ae9287..ecf408e6 100644 --- a/tests/integration/targets/acme_account_info/tasks/impl.yml +++ b/tests/integration/targets/acme_account_info/tasks/impl.yml @@ -5,7 +5,7 @@ - block: - name: Generate account keys - openssl_privatekey: + community.crypto.openssl_privatekey: path: "{{ remote_tmp_dir }}/{{ item }}.pem" type: ECC curve: secp256r1 @@ -13,7 +13,7 @@ loop: "{{ account_keys }}" - name: Parse account keys (to ease debugging some test failures) - openssl_privatekey_info: + community.crypto.openssl_privatekey_info: path: "{{ remote_tmp_dir }}/{{ item }}.pem" return_private_key_data: true loop: "{{ account_keys }}" @@ -24,7 +24,7 @@ - accountkey2 - name: Check that account does not exist - acme_account_info: + community.crypto.acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 @@ -33,7 +33,7 @@ register: account_not_created - name: Create it now - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 @@ -46,7 +46,7 @@ - mailto:example@example.org - name: Check that account exists - acme_account_info: + community.crypto.acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 @@ -55,12 +55,12 @@ register: account_created - name: Read account key - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/accountkey.pem' register: slurp - name: Clear email address - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" account_key_content: "{{ slurp.content | b64decode }}" acme_version: 2 @@ -71,7 +71,7 @@ contact: [] - name: Check that account was modified - acme_account_info: + community.crypto.acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 @@ -81,7 +81,7 @@ register: account_modified - name: Check with wrong account URI - acme_account_info: + community.crypto.acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" acme_version: 2 @@ -91,7 +91,7 @@ register: account_not_exist - name: Check with wrong account key - acme_account_info: + community.crypto.acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem" acme_version: 2 diff --git a/tests/integration/targets/acme_account_info/tasks/main.yml b/tests/integration/targets/acme_account_info/tasks/main.yml index bcc10397..714aed87 100644 --- a/tests/integration/targets/acme_account_info/tasks/main.yml +++ b/tests/integration/targets/acme_account_info/tasks/main.yml @@ -10,31 +10,31 @@ - block: - name: Running tests with OpenSSL backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: openssl - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml # Old 0.9.8 versions have insufficient CLI support for signing with EC keys when: openssl_version is version('1.0.0', '>=') - name: Remove output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: directory - block: - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/acme_account_info/tests/validate.yml b/tests/integration/targets/acme_account_info/tests/validate.yml index 3730599c..f4c2778d 100644 --- a/tests/integration/targets/acme_account_info/tests/validate.yml +++ b/tests/integration/targets/acme_account_info/tests/validate.yml @@ -4,14 +4,14 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Validate that account wasn't there - assert: + ansible.builtin.assert: that: - not account_not_created.exists - account_not_created.account_uri is none - "'account' not in account_not_created" - name: Validate that account was created - assert: + ansible.builtin.assert: that: - account_created.exists - account_created.account_uri is not none @@ -22,7 +22,7 @@ - "account_created.account.contact[0] == 'mailto:example@example.org'" - name: Validate that account email was removed - assert: + ansible.builtin.assert: that: - account_modified.exists - account_modified.account_uri is not none @@ -32,13 +32,13 @@ - account_modified.account.contact | length == 0 - name: Validate that account does not exist with wrong account URI - assert: + ansible.builtin.assert: that: - not account_not_exist.exists - account_not_exist.account_uri is none - "'account' not in account_not_exist" - name: Validate that account cannot be accessed with wrong key - assert: + ansible.builtin.assert: that: - account_wrong_key is failed diff --git a/tests/integration/targets/acme_ari_info/tasks/impl.yml b/tests/integration/targets/acme_ari_info/tasks/impl.yml index bda73d53..97d6ae7b 100644 --- a/tests/integration/targets/acme_ari_info/tasks/impl.yml +++ b/tests/integration/targets/acme_ari_info/tasks/impl.yml @@ -6,7 +6,7 @@ ## SET UP ACCOUNT KEYS ######################################################################## - block: - name: Generate account keys - openssl_privatekey: + community.crypto.openssl_privatekey: path: "{{ remote_tmp_dir }}/{{ item.name }}.pem" type: "{{ item.type }}" size: "{{ item.size | default(omit) }}" @@ -21,7 +21,7 @@ curve: secp256r1 ## CREATE ACCOUNTS AND OBTAIN CERTIFICATES #################################################### - name: Obtain cert 1 - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: certgen_title: Certificate 1 for renewal check certificate_name: cert-1 @@ -39,18 +39,18 @@ account_email: "example@example.org" ## OBTAIN CERTIFICATE INFOS ################################################################### - name: Dump OpenSSL x509 info - command: + ansible.builtin.command: cmd: openssl x509 -in {{ remote_tmp_dir }}/cert-1.pem -noout -text - name: Obtain certificate information - x509_certificate_info: + community.crypto.x509_certificate_info: path: "{{ remote_tmp_dir }}/cert-1.pem" register: cert_1_info - name: Read certificate - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/cert-1.pem' register: slurp_cert_1 - name: Obtain certificate information - acme_ari_info: + community.crypto.acme_ari_info: select_crypto_backend: "{{ select_crypto_backend }}" certificate_path: "{{ remote_tmp_dir }}/cert-1.pem" acme_version: 2 diff --git a/tests/integration/targets/acme_ari_info/tasks/main.yml b/tests/integration/targets/acme_ari_info/tasks/main.yml index 84221e68..62c4b955 100644 --- a/tests/integration/targets/acme_ari_info/tasks/main.yml +++ b/tests/integration/targets/acme_ari_info/tasks/main.yml @@ -14,31 +14,31 @@ block: - block: - name: Running tests with OpenSSL backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: openssl - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml # Old 0.9.8 versions have insufficient CLI support for signing with EC keys when: 1 is version('1.0.0', '>=') - name: Remove output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: directory - block: - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/acme_ari_info/tests/validate.yml b/tests/integration/targets/acme_ari_info/tests/validate.yml index a19c92a7..b71d70b0 100644 --- a/tests/integration/targets/acme_ari_info/tests/validate.yml +++ b/tests/integration/targets/acme_ari_info/tests/validate.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Validate results - assert: + ansible.builtin.assert: that: - cert_1 is not changed - cert_1.renewal_info.explanationURL is not defined or cert_1.renewal_info.explanationURL is string diff --git a/tests/integration/targets/acme_certificate/tasks/impl.yml b/tests/integration/targets/acme_certificate/tasks/impl.yml index 39ea5e3d..173fff6e 100644 --- a/tests/integration/targets/acme_certificate/tasks/impl.yml +++ b/tests/integration/targets/acme_certificate/tasks/impl.yml @@ -6,7 +6,7 @@ ## SET UP ACCOUNT KEYS ######################################################################## - block: - name: Generate account keys - openssl_privatekey: + community.crypto.openssl_privatekey: path: "{{ remote_tmp_dir }}/{{ item.name }}.pem" type: "{{ item.type }}" size: "{{ item.size | default(omit) }}" @@ -28,7 +28,7 @@ ## SET UP ACCOUNTS ############################################################################ - name: Make sure ECC256 account hasn't been created yet - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" acme_version: 2 acme_directory: "{{ acme_directory_url }}" @@ -36,11 +36,11 @@ account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" state: absent - name: Read account key (EC384) - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/account-ec384.pem' register: slurp - name: Create ECC384 account - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" acme_version: 2 acme_directory: "{{ acme_directory_url }}" @@ -53,7 +53,7 @@ - mailto:example@example.org - mailto:example@example.com - name: Create RSA account - acme_account: + community.crypto.acme_account: select_crypto_backend: "{{ select_crypto_backend }}" acme_version: 2 acme_directory: "{{ acme_directory_url }}" @@ -66,7 +66,7 @@ ## OBTAIN CERTIFICATES ######################################################################## - name: Obtain cert 1 - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: certgen_title: Certificate 1 certificate_name: cert-1 @@ -89,11 +89,11 @@ issuer: "{{ acme_roots[1].subject }}" use_csr_content: true - name: Store obtain results for cert 1 - set_fact: + ansible.builtin.set_fact: cert_1_obtain_results: "{{ certificate_obtain_result }}" cert_1_alternate: "{{ 1 if select_crypto_backend == 'cryptography' else 0 }}" - name: Obtain cert 2 - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: certgen_title: Certificate 2 certificate_name: cert-2 @@ -122,15 +122,15 @@ issuer: "{{ acme_roots[2].subject }}" use_csr_content: false - name: Store obtain results for cert 2 - set_fact: + ansible.builtin.set_fact: cert_2_obtain_results: "{{ certificate_obtain_result }}" cert_2_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}" - name: Read account key (RSA) - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/account-rsa.pem' register: slurp_account_key - name: Obtain cert 3 - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: certgen_title: Certificate 3 certificate_name: cert-3 @@ -152,11 +152,11 @@ subject: "{{ acme_roots[1].subject }}" use_csr_content: true - name: Store obtain results for cert 3 - set_fact: + ansible.builtin.set_fact: cert_3_obtain_results: "{{ certificate_obtain_result }}" cert_3_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}" - name: Obtain cert 4 - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: certgen_title: Certificate 4 certificate_name: cert-4 @@ -181,11 +181,11 @@ issuer: "{{ acme_roots[1].subject }}" use_csr_content: false - name: Store obtain results for cert 4 - set_fact: + ansible.builtin.set_fact: cert_4_obtain_results: "{{ certificate_obtain_result }}" cert_4_alternate: "{{ 2 if select_crypto_backend == 'cryptography' else 0 }}" - name: Obtain cert 5 - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: certgen_title: Certificate 5, Iteration 1/4 certificate_name: cert-5 @@ -202,11 +202,11 @@ account_email: "" use_csr_content: true - name: Store obtain results for cert 5a - set_fact: + ansible.builtin.set_fact: cert_5a_obtain_results: "{{ certificate_obtain_result }}" cert_5_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}" - name: Obtain cert 5 (should not, since already there and valid for more than 1 days) - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: certgen_title: Certificate 5, Iteration 2/4 certificate_name: cert-5 @@ -223,10 +223,10 @@ account_email: "" use_csr_content: false - name: Store obtain results for cert 5b - set_fact: + ansible.builtin.set_fact: cert_5_recreate_1: "{{ challenge_data is changed }}" - name: Obtain cert 5 (should again by less days) - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: certgen_title: Certificate 5, Iteration 3/4 certificate_name: cert-5 @@ -245,15 +245,15 @@ acme_certificate_profile: "{{ '6days' if acme_supports_profiles else omit }}" acme_certificate_include_renewal_cert_id: when_ari_supported - name: Store obtain results for cert 5c - set_fact: + ansible.builtin.set_fact: cert_5_recreate_2: "{{ challenge_data is changed }}" cert_5c_obtain_results: "{{ certificate_obtain_result }}" - name: Read account key (EC384) - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/account-ec384.pem' register: slurp_account_key - name: Obtain cert 5 (should again by force) - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: certgen_title: Certificate 5, Iteration 4/4 certificate_name: cert-5 @@ -270,12 +270,12 @@ account_email: "" use_csr_content: false - name: Store obtain results for cert 5d - set_fact: + ansible.builtin.set_fact: cert_5_recreate_3: "{{ challenge_data is changed }}" cert_5d_obtain_results: "{{ certificate_obtain_result }}" - block: - name: Obtain cert 6 - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: certgen_title: Certificate 6 certificate_name: cert-6 @@ -303,13 +303,13 @@ issuer: "{{ acme_roots[1].subject }}" use_csr_content: true - name: Store obtain results for cert 6 - set_fact: + ansible.builtin.set_fact: cert_6_obtain_results: "{{ certificate_obtain_result }}" cert_6_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}" when: acme_intermediates[0].subject_key_identifier is defined - block: - name: Obtain cert 7 - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: certgen_title: Certificate 7 certificate_name: cert-7 @@ -333,13 +333,13 @@ authority_key_identifier: "{{ acme_roots[2].subject_key_identifier }}" use_csr_content: false - name: Store obtain results for cert 7 - set_fact: + ansible.builtin.set_fact: cert_7_obtain_results: "{{ certificate_obtain_result }}" cert_7_alternate: "{{ 2 if select_crypto_backend == 'cryptography' else 0 }}" when: acme_roots[2].subject_key_identifier is defined - block: - name: Obtain cert 8 - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: certgen_title: Certificate 8 certificate_name: cert-8 @@ -361,114 +361,114 @@ account_email: "example@example.org" use_csr_content: true - name: Store obtain results for cert 8 - set_fact: + ansible.builtin.set_fact: cert_8_obtain_results: "{{ certificate_obtain_result }}" cert_8_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}" ## DISSECT CERTIFICATES ####################################################################### # Make sure certificates are valid. Root certificate for Pebble equals the chain certificate. - name: Verifying cert 1 - command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-1-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-1-chain.pem" "{{ remote_tmp_dir }}/cert-1.pem"' + ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-1-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-1-chain.pem" "{{ remote_tmp_dir }}/cert-1.pem"' ignore_errors: true register: cert_1_valid - name: Verifying cert 2 - command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-2-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-2-chain.pem" "{{ remote_tmp_dir }}/cert-2.pem"' + ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-2-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-2-chain.pem" "{{ remote_tmp_dir }}/cert-2.pem"' ignore_errors: true register: cert_2_valid - name: Verifying cert 3 - command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-3-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-3-chain.pem" "{{ remote_tmp_dir }}/cert-3.pem"' + ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-3-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-3-chain.pem" "{{ remote_tmp_dir }}/cert-3.pem"' ignore_errors: true register: cert_3_valid - name: Verifying cert 4 - command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-4-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-4-chain.pem" "{{ remote_tmp_dir }}/cert-4.pem"' + ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-4-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-4-chain.pem" "{{ remote_tmp_dir }}/cert-4.pem"' ignore_errors: true register: cert_4_valid - name: Verifying cert 5 - command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-5-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-5-chain.pem" "{{ remote_tmp_dir }}/cert-5.pem"' + ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-5-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-5-chain.pem" "{{ remote_tmp_dir }}/cert-5.pem"' ignore_errors: true register: cert_5_valid - name: Verifying cert 6 - command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-6-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-6-chain.pem" "{{ remote_tmp_dir }}/cert-6.pem"' + ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-6-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-6-chain.pem" "{{ remote_tmp_dir }}/cert-6.pem"' ignore_errors: true register: cert_6_valid when: acme_intermediates[0].subject_key_identifier is defined - name: Verifying cert 7 - command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-7-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-7-chain.pem" "{{ remote_tmp_dir }}/cert-7.pem"' + ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-7-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-7-chain.pem" "{{ remote_tmp_dir }}/cert-7.pem"' ignore_errors: true register: cert_7_valid when: acme_roots[2].subject_key_identifier is defined - name: Verifying cert 8 - command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-8-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-8-chain.pem" "{{ remote_tmp_dir }}/cert-8.pem"' + ansible.builtin.command: '{{ openssl_binary }} verify -CAfile "{{ remote_tmp_dir }}/cert-8-root.pem" -untrusted "{{ remote_tmp_dir }}/cert-8-chain.pem" "{{ remote_tmp_dir }}/cert-8.pem"' ignore_errors: true register: cert_8_valid # Dump certificate info - name: Dumping cert 1 - command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-1.pem" -noout -text' + ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-1.pem" -noout -text' register: cert_1_text - name: Dumping cert 2 - command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-2.pem" -noout -text' + ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-2.pem" -noout -text' register: cert_2_text - name: Dumping cert 3 - command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-3.pem" -noout -text' + ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-3.pem" -noout -text' register: cert_3_text - name: Dumping cert 4 - command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-4.pem" -noout -text' + ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-4.pem" -noout -text' register: cert_4_text - name: Dumping cert 5 - command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-5.pem" -noout -text' + ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-5.pem" -noout -text' register: cert_5_text - name: Dumping cert 6 - command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-6.pem" -noout -text' + ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-6.pem" -noout -text' register: cert_6_text when: acme_intermediates[0].subject_key_identifier is defined - name: Dumping cert 7 - command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-7.pem" -noout -text' + ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-7.pem" -noout -text' register: cert_7_text when: acme_roots[2].subject_key_identifier is defined - name: Dumping cert 8 - command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-8.pem" -noout -text' + ansible.builtin.command: '{{ openssl_binary }} x509 -in "{{ remote_tmp_dir }}/cert-8.pem" -noout -text' register: cert_8_text # Dump certificate info - name: Dumping cert 1 - x509_certificate_info: + community.crypto.x509_certificate_info: path: "{{ remote_tmp_dir }}/cert-1.pem" register: cert_1_info - name: Dumping cert 2 - x509_certificate_info: + community.crypto.x509_certificate_info: path: "{{ remote_tmp_dir }}/cert-2.pem" register: cert_2_info - name: Dumping cert 3 - x509_certificate_info: + community.crypto.x509_certificate_info: path: "{{ remote_tmp_dir }}/cert-3.pem" register: cert_3_info - name: Dumping cert 4 - x509_certificate_info: + community.crypto.x509_certificate_info: path: "{{ remote_tmp_dir }}/cert-4.pem" register: cert_4_info - name: Dumping cert 5 - x509_certificate_info: + community.crypto.x509_certificate_info: path: "{{ remote_tmp_dir }}/cert-5.pem" register: cert_5_info - name: Dumping cert 6 - x509_certificate_info: + community.crypto.x509_certificate_info: path: "{{ remote_tmp_dir }}/cert-6.pem" register: cert_6_info when: acme_intermediates[0].subject_key_identifier is defined - name: Dumping cert 7 - x509_certificate_info: + community.crypto.x509_certificate_info: path: "{{ remote_tmp_dir }}/cert-7.pem" register: cert_7_info when: acme_roots[2].subject_key_identifier is defined - name: Dumping cert 8 - x509_certificate_info: + community.crypto.x509_certificate_info: path: "{{ remote_tmp_dir }}/cert-8.pem" register: cert_8_info ## GET ACCOUNT ORDERS ######################################################################### - name: Don't retrieve orders - acme_account_info: + community.crypto.acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" acme_version: 2 @@ -477,7 +477,7 @@ retrieve_orders: ignore register: account_orders_not - name: Retrieve orders as URL list (1/2) - acme_account_info: + community.crypto.acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" acme_version: 2 @@ -486,7 +486,7 @@ retrieve_orders: url_list register: account_orders_urls - name: Retrieve orders as URL list (2/2) - acme_account_info: + community.crypto.acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem" acme_version: 2 @@ -495,7 +495,7 @@ retrieve_orders: url_list register: account_orders_urls2 - name: Retrieve orders as object list (1/2) - acme_account_info: + community.crypto.acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" acme_version: 2 @@ -504,7 +504,7 @@ retrieve_orders: object_list register: account_orders_full - name: Retrieve orders as object list (2/2) - acme_account_info: + community.crypto.acme_account_info: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem" acme_version: 2 diff --git a/tests/integration/targets/acme_certificate/tasks/main.yml b/tests/integration/targets/acme_certificate/tasks/main.yml index 75035501..d58b21d5 100644 --- a/tests/integration/targets/acme_certificate/tasks/main.yml +++ b/tests/integration/targets/acme_certificate/tasks/main.yml @@ -10,46 +10,46 @@ - block: - name: Obtain root and intermediate certificates - get_url: + ansible.builtin.get_url: url: "http://{{ acme_host }}:5000/{{ item.0 }}-certificate-for-ca/{{ item.1 }}" dest: "{{ remote_tmp_dir }}/acme-{{ item.0 }}-{{ item.1 }}.pem" loop: "{{ query('nested', types, root_numbers) }}" - name: Analyze root certificates - x509_certificate_info: + community.crypto.x509_certificate_info: path: "{{ remote_tmp_dir }}/acme-root-{{ item }}.pem" loop: "{{ root_numbers }}" register: acme_roots - name: Analyze intermediate certificates - x509_certificate_info: + community.crypto.x509_certificate_info: path: "{{ remote_tmp_dir }}/acme-intermediate-{{ item }}.pem" loop: "{{ root_numbers }}" register: acme_intermediates - name: Read root certificates - slurp: + ansible.builtin.slurp: src: "{{ remote_tmp_dir ~ '/acme-root-' ~ item ~ '.pem' }}" loop: "{{ root_numbers }}" register: slurp_roots - - set_fact: + - ansible.builtin.set_fact: x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}" loop: "{{ acme_roots.results }}" register: acme_roots_tmp - name: Read intermediate certificates - slurp: + ansible.builtin.slurp: src: "{{ remote_tmp_dir ~ '/acme-intermediate-' ~ item ~ '.pem' }}" loop: "{{ root_numbers }}" register: slurp_intermediates - - set_fact: + - ansible.builtin.set_fact: x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}" loop: "{{ acme_intermediates.results }}" register: acme_intermediates_tmp - - set_fact: + - ansible.builtin.set_fact: acme_roots: "{{ acme_roots_tmp.results | map(attribute='ansible_facts.x__') | list }}" acme_root_certs: "{{ slurp_roots.results | map(attribute='content') | map('b64decode') | list }}" acme_intermediates: "{{ acme_intermediates_tmp.results | map(attribute='ansible_facts.x__') | list }}" @@ -74,48 +74,48 @@ # - public_key_fingerprints - name: ACME root certificate info - debug: + ansible.builtin.debug: var: acme_roots # - name: ACME root certificates as PEM -# debug: +# ansible.builtin.debug: # var: acme_root_certs - name: ACME intermediate certificate info - debug: + ansible.builtin.debug: var: acme_intermediates # - name: ACME intermediate certificates as PEM -# debug: +# ansible.builtin.debug: # var: acme_intermediate_certs - block: - name: Running tests with OpenSSL backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: openssl - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml # Old 0.9.8 versions have insufficient CLI support for signing with EC keys when: openssl_version is version('1.0.0', '>=') - name: Remove output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: directory - block: - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/acme_certificate/tests/validate.yml b/tests/integration/targets/acme_certificate/tests/validate.yml index 57aa7ae8..6b399823 100644 --- a/tests/integration/targets/acme_certificate/tests/validate.yml +++ b/tests/integration/targets/acme_certificate/tests/validate.yml @@ -4,15 +4,15 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Check that certificate 1 is valid - assert: + ansible.builtin.assert: that: - cert_1_valid is not failed - name: Check that certificate 1 contains correct SANs - assert: + ansible.builtin.assert: that: - "'DNS:example.com' in cert_1_text.stdout" - name: Read certificate 1 files - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/{{ item }}' loop: - cert-1.pem @@ -20,7 +20,7 @@ - cert-1-fullchain.pem register: slurp - name: Check that certificate 1 retrieval got all chains - assert: + ansible.builtin.assert: that: - "'all_chains' in cert_1_obtain_results" - "cert_1_obtain_results.all_chains | length > 1" @@ -32,16 +32,16 @@ - "(slurp.results[2].content | b64decode) == cert_1_obtain_results.all_chains[cert_1_alternate | int].full_chain" - name: Check that certificate 2 is valid - assert: + ansible.builtin.assert: that: - cert_2_valid is not failed - name: Check that certificate 2 contains correct SANs - assert: + ansible.builtin.assert: that: - "'DNS:*.example.com' in cert_2_text.stdout" - "'DNS:example.com' in cert_2_text.stdout" - name: Read certificate 2 files - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/{{ item }}' loop: - cert-2.pem @@ -49,7 +49,7 @@ - cert-2-fullchain.pem register: slurp - name: Check that certificate 1 retrieval got all chains - assert: + ansible.builtin.assert: that: - "'all_chains' in cert_2_obtain_results" - "cert_2_obtain_results.all_chains | length > 1" @@ -61,17 +61,17 @@ - "(slurp.results[2].content | b64decode) == cert_2_obtain_results.all_chains[cert_2_alternate | int].full_chain" - name: Check that certificate 3 is valid - assert: + ansible.builtin.assert: that: - cert_3_valid is not failed - name: Check that certificate 3 contains correct SANs - assert: + ansible.builtin.assert: that: - "'DNS:*.example.com' in cert_3_text.stdout" - "'DNS:example.org' in cert_3_text.stdout" - "'DNS:t1.example.com' in cert_3_text.stdout" - name: Read certificate 3 files - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/{{ item }}' loop: - cert-3.pem @@ -79,7 +79,7 @@ - cert-3-fullchain.pem register: slurp - name: Check that certificate 1 retrieval got all chains - assert: + ansible.builtin.assert: that: - "'all_chains' in cert_3_obtain_results" - "cert_3_obtain_results.all_chains | length > 1" @@ -91,11 +91,11 @@ - "(slurp.results[2].content | b64decode) == cert_3_obtain_results.all_chains[cert_3_alternate | int].full_chain" - name: Check that certificate 4 is valid - assert: + ansible.builtin.assert: that: - cert_4_valid is not failed - name: Check that certificate 4 contains correct SANs - assert: + ansible.builtin.assert: that: - "'DNS:example.com' in cert_4_text.stdout" - "'DNS:t1.example.com' in cert_4_text.stdout" @@ -103,71 +103,71 @@ - "'DNS:example.org' in cert_4_text.stdout" - "'DNS:TesT.example.org' in cert_4_text.stdout" - name: Check that certificate 4 retrieval did not get all chains - assert: + ansible.builtin.assert: that: - "'all_chains' not in cert_4_obtain_results" - name: Check that certificate 5 is valid - assert: + ansible.builtin.assert: that: - cert_5_valid is not failed - name: Check that certificate 5 contains correct SANs - assert: + ansible.builtin.assert: that: - "'DNS:t2.example.com' in cert_5_text.stdout" - name: Check that certificate 5 was not recreated on the first try - assert: + ansible.builtin.assert: that: - cert_5_recreate_1 == false - name: Check that certificate 5 was recreated on the second try - assert: + ansible.builtin.assert: that: - cert_5_recreate_2 == true - name: Check that certificate 5 was recreated on the third try - assert: + ansible.builtin.assert: that: - cert_5_recreate_3 == true - block: - name: Check that certificate 6 is valid - assert: + ansible.builtin.assert: that: - cert_6_valid is not failed - name: Check that certificate 6 contains correct SANs - assert: + ansible.builtin.assert: that: - "'DNS:example.org' in cert_6_text.stdout" when: acme_intermediates[0].subject_key_identifier is defined - block: - name: Check that certificate 7 is valid - assert: + ansible.builtin.assert: that: - cert_7_valid is not failed - name: Check that certificate 7 contains correct SANs - assert: + ansible.builtin.assert: that: - "'IP Address:127.0.0.1' in cert_8_text.stdout or 'IP:127.0.0.1' in cert_8_text.stdout" when: acme_roots[2].subject_key_identifier is defined - block: - name: Check that certificate 8 is valid - assert: + ansible.builtin.assert: that: - cert_8_valid is not failed - name: Check that certificate 8 contains correct SANs - assert: + ansible.builtin.assert: that: - "'IP Address:127.0.0.1' in cert_8_text.stdout or 'IP:127.0.0.1' in cert_8_text.stdout" - name: Validate that orders were not retrieved - assert: + ansible.builtin.assert: that: - "'account' in account_orders_not" - "'orders' not in account_orders_not" - name: Validate that orders were retrieved as list of URLs (1/2) - assert: + ansible.builtin.assert: that: - "'account' in account_orders_urls" - "'orders' not in account_orders_urls" @@ -175,7 +175,7 @@ - "account_orders_urls.order_uris[0] is string" - name: Validate that orders were retrieved as list of URLs (2/2) - assert: + ansible.builtin.assert: that: - "'account' in account_orders_urls2" - "'orders' not in account_orders_urls2" @@ -183,7 +183,7 @@ - "account_orders_urls2.order_uris[0] is string" - name: Validate that orders were retrieved as list of objects (1/2) - assert: + ansible.builtin.assert: that: - "'account' in account_orders_full" - "'orders' in account_orders_full" @@ -192,7 +192,7 @@ - "account_orders_full.order_uris[0] is string" - name: Validate that orders were retrieved as list of objects (2/2) - assert: + ansible.builtin.assert: that: - "'account' in account_orders_full2" - "'orders' in account_orders_full2" diff --git a/tests/integration/targets/acme_certificate_deactivate_authz/tasks/impl.yml b/tests/integration/targets/acme_certificate_deactivate_authz/tasks/impl.yml index 4389dfc0..2b0241d9 100644 --- a/tests/integration/targets/acme_certificate_deactivate_authz/tasks/impl.yml +++ b/tests/integration/targets/acme_certificate_deactivate_authz/tasks/impl.yml @@ -9,24 +9,24 @@ account_email: example@example.org block: - name: Generate account key - openssl_privatekey: + community.crypto.openssl_privatekey: path: "{{ remote_tmp_dir }}/account-ec256.pem" type: ECC curve: secp256r1 force: true - name: Create cert private key - openssl_privatekey: + community.crypto.openssl_privatekey: path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key" type: ECC curve: secp256r1 force: true - name: Create cert CSR - openssl_csr: + community.crypto.openssl_csr: path: "{{ remote_tmp_dir }}/{{ certificate_name }}.csr" privatekey_path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key" subject_alt_name: "{{ subject_alt_name }}" - name: Start process of obtaining certificate - acme_certificate: + community.crypto.acme_certificate: select_crypto_backend: "{{ select_crypto_backend }}" acme_version: 2 acme_directory: "{{ acme_directory_url }}" @@ -42,7 +42,7 @@ register: certificate_data - name: Inspect order - acme_inspect: + community.crypto.acme_inspect: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -52,11 +52,11 @@ method: get register: order_1 - name: Show order - debug: + ansible.builtin.debug: var: order_1.output_json - name: Deactivate order (check mode) - acme_certificate_deactivate_authz: + community.crypto.acme_certificate_deactivate_authz: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -67,7 +67,7 @@ register: deactivate_1 - name: Inspect order again - acme_inspect: + community.crypto.acme_inspect: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -77,11 +77,11 @@ method: get register: order_2 - name: Show order - debug: + ansible.builtin.debug: var: order_2.output_json - name: Deactivate order - acme_certificate_deactivate_authz: + community.crypto.acme_certificate_deactivate_authz: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -91,7 +91,7 @@ register: deactivate_2 - name: Inspect order again - acme_inspect: + community.crypto.acme_inspect: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -101,11 +101,11 @@ method: get register: order_3 - name: Show order - debug: + ansible.builtin.debug: var: order_3.output_json - name: Deactivate order (check mode, idempotent) - acme_certificate_deactivate_authz: + community.crypto.acme_certificate_deactivate_authz: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -116,7 +116,7 @@ register: deactivate_3 - name: Inspect order again - acme_inspect: + community.crypto.acme_inspect: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -126,11 +126,11 @@ method: get register: order_4 - name: Show order - debug: + ansible.builtin.debug: var: order_4.output_json - name: Deactivate order (idempotent) - acme_certificate_deactivate_authz: + community.crypto.acme_certificate_deactivate_authz: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -140,7 +140,7 @@ register: deactivate_4 - name: Inspect order again - acme_inspect: + community.crypto.acme_inspect: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -150,5 +150,5 @@ method: get register: order_5 - name: Show order - debug: + ansible.builtin.debug: var: order_5.output_json diff --git a/tests/integration/targets/acme_certificate_deactivate_authz/tasks/main.yml b/tests/integration/targets/acme_certificate_deactivate_authz/tasks/main.yml index bcc10397..714aed87 100644 --- a/tests/integration/targets/acme_certificate_deactivate_authz/tasks/main.yml +++ b/tests/integration/targets/acme_certificate_deactivate_authz/tasks/main.yml @@ -10,31 +10,31 @@ - block: - name: Running tests with OpenSSL backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: openssl - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml # Old 0.9.8 versions have insufficient CLI support for signing with EC keys when: openssl_version is version('1.0.0', '>=') - name: Remove output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: directory - block: - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/acme_certificate_deactivate_authz/tests/validate.yml b/tests/integration/targets/acme_certificate_deactivate_authz/tests/validate.yml index 603c7d7c..96ca27d6 100644 --- a/tests/integration/targets/acme_certificate_deactivate_authz/tests/validate.yml +++ b/tests/integration/targets/acme_certificate_deactivate_authz/tests/validate.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Checks - assert: + ansible.builtin.assert: that: - order_1.output_json.status == 'pending' - deactivate_1 is changed diff --git a/tests/integration/targets/acme_certificate_order/tasks/impl.yml b/tests/integration/targets/acme_certificate_order/tasks/impl.yml index e68cadda..c7cad757 100644 --- a/tests/integration/targets/acme_certificate_order/tasks/impl.yml +++ b/tests/integration/targets/acme_certificate_order/tasks/impl.yml @@ -4,23 +4,23 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: "({{ select_crypto_backend }}) Generate random domain name" - set_fact: + ansible.builtin.set_fact: domain_name: "host{{ '%0x' % ((2**32) | random) }}.example.com" - name: "({{ select_crypto_backend }}) Generate account key" - openssl_privatekey: + community.crypto.openssl_privatekey: path: "{{ remote_tmp_dir }}/accountkey.pem" type: ECC curve: secp256r1 force: true - name: "({{ select_crypto_backend }}) Parse account keys (to ease debugging some test failures)" - openssl_privatekey_info: + community.crypto.openssl_privatekey_info: path: "{{ remote_tmp_dir }}/accountkey.pem" return_private_key_data: true - name: "({{ select_crypto_backend }}) Create ACME account" - acme_account: + community.crypto.acme_account: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -31,14 +31,14 @@ register: account - name: "({{ select_crypto_backend }}) Generate certificate key" - openssl_privatekey: + community.crypto.openssl_privatekey: path: "{{ remote_tmp_dir }}/cert.key" type: ECC curve: secp256r1 force: true - name: "({{ select_crypto_backend }}) Generate certificate CSR" - openssl_csr: + community.crypto.openssl_csr: path: "{{ remote_tmp_dir }}/cert.csr" privatekey_path: "{{ remote_tmp_dir }}/cert.key" subject: @@ -47,7 +47,7 @@ register: csr - name: "({{ select_crypto_backend }}) Create certificate order" - acme_certificate_order_create: + community.crypto.acme_certificate_order_create: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -57,11 +57,11 @@ register: order_1 - name: "({{ select_crypto_backend }}) Show order information" - debug: + ansible.builtin.debug: var: order_1 - name: "({{ select_crypto_backend }}) Check order" - assert: + ansible.builtin.assert: that: - order_1 is changed - order_1.order_uri.startswith('https://' ~ acme_host ~ ':14000/') @@ -81,7 +81,7 @@ - order_1.account_uri == account.account_uri - name: "({{ select_crypto_backend }}) Get order information" - acme_certificate_order_info: + community.crypto.acme_certificate_order_info: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -91,11 +91,11 @@ register: order_info_1 - name: "({{ select_crypto_backend }}) Show order information" - debug: + ansible.builtin.debug: var: order_info_1 - name: "({{ select_crypto_backend }}) Check order information" - assert: + ansible.builtin.assert: that: - order_info_1 is not changed - order_info_1.authorizations_by_identifier | length == 1 @@ -120,8 +120,8 @@ - order_info_1.account_uri == account.account_uri - name: "({{ select_crypto_backend }}) Create HTTP challenges" - uri: - url: "http://{{ acme_host }}:5000/http/{{ item.identifier }}/{{ item.challenges['http-01'].resource[('.well-known/acme-challenge/'|length):] }}" + ansible.builtin.uri: + url: "http://{{ acme_host }}:5000/http/{{ item.identifier }}/{{ item.challenges['http-01'].resource[('.well-known/acme-challenge/' | length) :] }}" method: PUT body_format: raw body: "{{ item.challenges['http-01'].resource_value }}" @@ -142,13 +142,13 @@ register: validate_1 - name: "({{ select_crypto_backend }}) Check validation result" - assert: + ansible.builtin.assert: that: - validate_1 is changed - validate_1.account_uri == account.account_uri - name: "({{ select_crypto_backend }}) Get order information" - acme_certificate_order_info: + community.crypto.acme_certificate_order_info: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -158,11 +158,11 @@ register: order_info_2 - name: "({{ select_crypto_backend }}) Show order information" - debug: + ansible.builtin.debug: var: order_info_2 - name: "({{ select_crypto_backend }}) Check order information" - assert: + ansible.builtin.assert: that: - order_info_2 is not changed - order_info_2.authorizations_by_identifier | length == 1 @@ -198,7 +198,7 @@ register: validate_2 - name: "({{ select_crypto_backend }}) Check validation result" - assert: + ansible.builtin.assert: that: - validate_2 is not changed - validate_2.account_uri == account.account_uri @@ -220,7 +220,7 @@ register: finalize_1 - name: "({{ select_crypto_backend }}) Check finalization result" - assert: + ansible.builtin.assert: that: - finalize_1 is changed - finalize_1.account_uri == account.account_uri @@ -231,7 +231,7 @@ - finalize_1.selected_chain.full_chain == finalize_1.selected_chain.cert + finalize_1.selected_chain.chain - name: "({{ select_crypto_backend }}) Read files from disk" - slurp: + ansible.builtin.slurp: src: "{{ remote_tmp_dir }}/{{ item }}.pem" loop: - cert @@ -240,14 +240,14 @@ register: slurp - name: "({{ select_crypto_backend }}) Compare finalization result with files on disk" - assert: + ansible.builtin.assert: that: - finalize_1.selected_chain.cert == slurp.results[0].content | b64decode - finalize_1.selected_chain.chain == slurp.results[1].content | b64decode - finalize_1.selected_chain.full_chain == slurp.results[2].content | b64decode - name: "({{ select_crypto_backend }}) Get order information" - acme_certificate_order_info: + community.crypto.acme_certificate_order_info: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -257,11 +257,11 @@ register: order_info_3 - name: "({{ select_crypto_backend }}) Show order information" - debug: + ansible.builtin.debug: var: order_info_3 - name: "({{ select_crypto_backend }}) Check order information" - assert: + ansible.builtin.assert: that: - order_info_3 is not changed - order_info_3.authorizations_by_identifier['dns:' ~ domain_name].identifier.type == 'dns' @@ -299,7 +299,7 @@ register: finalize_2 - name: "({{ select_crypto_backend }}) Check finalization result" - assert: + ansible.builtin.assert: that: - finalize_2 is not changed - finalize_2.account_uri == account.account_uri @@ -311,7 +311,7 @@ - finalize_2.selected_chain == finalize_1.selected_chain - name: "({{ select_crypto_backend }}) Get order information" - acme_certificate_order_info: + community.crypto.acme_certificate_order_info: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -321,11 +321,11 @@ register: order_info_4 - name: "({{ select_crypto_backend }}) Show order information" - debug: + ansible.builtin.debug: var: order_info_4 - name: "({{ select_crypto_backend }}) Check order information" - assert: + ansible.builtin.assert: that: - order_info_4 is not changed - order_info_4.authorizations_by_identifier['dns:' ~ domain_name].identifier.type == 'dns' @@ -351,7 +351,7 @@ - when: acme_supports_ari block: - name: "({{ select_crypto_backend }}) Get certificate renewal information" - acme_certificate_renewal_info: + community.crypto.acme_certificate_renewal_info: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -361,14 +361,14 @@ register: cert_info - name: "({{ select_crypto_backend }}) Verify information" - assert: + ansible.builtin.assert: that: - cert_info.supports_ari == true - cert_info.should_renew == false - cert_info.cert_id is string - name: "({{ select_crypto_backend }}) Create replacement order 1" - acme_certificate_order_create: + community.crypto.acme_certificate_order_create: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -381,7 +381,7 @@ register: replacement_order_1 - name: "({{ select_crypto_backend }}) Get replacement order 1 information" - acme_certificate_order_info: + community.crypto.acme_certificate_order_info: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -391,7 +391,7 @@ register: order_info_5 - name: "({{ select_crypto_backend }}) Check replacement order 1" - assert: + ansible.builtin.assert: that: - replacement_order_1 is changed - replacement_order_1.order_uri.startswith('https://' ~ acme_host ~ ':14000/') @@ -412,7 +412,7 @@ - replacement_order_1.order_uri not in [order_1.order_uri] - name: "({{ select_crypto_backend }}) Check replacement order 1 information" - assert: + ansible.builtin.assert: that: - order_info_5 is not changed - order_info_5.authorizations_by_identifier | length == 1 @@ -441,7 +441,7 @@ - when: false # TODO get Pebble improved block: - name: "({{ select_crypto_backend }}) Create replacement order 2 (should fail)" - acme_certificate_order_create: + community.crypto.acme_certificate_order_create: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -454,7 +454,7 @@ ignore_errors: true - name: "({{ select_crypto_backend }}) Check replacement order 2" - assert: + ansible.builtin.assert: that: - replacement_order_2 is failed - >- @@ -465,7 +465,7 @@ ) - name: "({{ select_crypto_backend }}) Create replacement order 3 with error handling" - acme_certificate_order_create: + community.crypto.acme_certificate_order_create: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -477,7 +477,7 @@ register: replacement_order_3 - name: "({{ select_crypto_backend }}) Get replacement order 3 information" - acme_certificate_order_info: + community.crypto.acme_certificate_order_info: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -487,7 +487,7 @@ register: order_info_6 - name: "({{ select_crypto_backend }}) Check replacement order 3" - assert: + ansible.builtin.assert: that: - replacement_order_3 is changed - replacement_order_3.order_uri.startswith('https://' ~ acme_host ~ ':14000/') @@ -510,7 +510,7 @@ ('Stop passing `replaces=' ~ cert_info.cert_id ~ '` due to error 409 urn:ietf:params:acme:error:malformed when creating ACME order') in replacement_order_3.warnings - name: "({{ select_crypto_backend }}) Check replacement order 3 information" - assert: + ansible.builtin.assert: that: - order_info_6 is not changed - order_info_6.authorizations_by_identifier | length == 1 @@ -535,7 +535,7 @@ - order_info_6.account_uri == account.account_uri - name: "({{ select_crypto_backend }}) Deactivate authzs for replacement order 3" - acme_certificate_deactivate_authz: + community.crypto.acme_certificate_deactivate_authz: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -546,8 +546,8 @@ # Complete replacement order 1 - name: "({{ select_crypto_backend }}) Create HTTP challenges (replacement order 1)" - uri: - url: "http://{{ acme_host }}:5000/http/{{ item.identifier }}/{{ item.challenges['http-01'].resource[('.well-known/acme-challenge/'|length):] }}" + ansible.builtin.uri: + url: "http://{{ acme_host }}:5000/http/{{ item.identifier }}/{{ item.challenges['http-01'].resource[('.well-known/acme-challenge/' | length) :] }}" method: PUT body_format: raw body: "{{ item.challenges['http-01'].resource_value }}" @@ -585,7 +585,7 @@ - when: true block: - name: "({{ select_crypto_backend }}) Create replacement order 4 (should fail)" - acme_certificate_order_create: + community.crypto.acme_certificate_order_create: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -598,7 +598,7 @@ ignore_errors: true - name: "({{ select_crypto_backend }}) Check replacement order 4" - assert: + ansible.builtin.assert: that: - replacement_order_4 is failed - replacement_order_4.msg.startswith('Failed to start new order for https://' ~ acme_host) @@ -606,7 +606,7 @@ ' with status 409 Conflict. Error urn:ietf:params:acme:error:malformed: ' in replacement_order_4.msg - name: "({{ select_crypto_backend }}) Create replacement order 5 with error handling" - acme_certificate_order_create: + community.crypto.acme_certificate_order_create: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -618,7 +618,7 @@ register: replacement_order_5 - name: "({{ select_crypto_backend }}) Get replacement order 5 information" - acme_certificate_order_info: + community.crypto.acme_certificate_order_info: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -628,7 +628,7 @@ register: order_info_7 - name: "({{ select_crypto_backend }}) Check replacement order 5" - assert: + ansible.builtin.assert: that: - replacement_order_5 is changed - replacement_order_5.order_uri.startswith('https://' ~ acme_host ~ ':14000/') @@ -651,7 +651,7 @@ ('Stop passing `replaces=' ~ cert_info.cert_id ~ '` due to error 409 urn:ietf:params:acme:error:malformed when creating ACME order') in replacement_order_5.warnings - name: "({{ select_crypto_backend }}) Check replacement order 5 information" - assert: + ansible.builtin.assert: that: - order_info_7 is not changed - order_info_7.authorizations_by_identifier | length == 1 @@ -676,7 +676,7 @@ - order_info_7.account_uri == account.account_uri - name: "({{ select_crypto_backend }}) Deactivate authzs for replacement order 5" - acme_certificate_deactivate_authz: + community.crypto.acme_certificate_deactivate_authz: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -689,7 +689,7 @@ - when: acme_supports_profiles block: - name: "({{ select_crypto_backend }}) Create order with invalid profile (should fail)" - acme_certificate_order_create: + community.crypto.acme_certificate_order_create: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -702,7 +702,7 @@ ignore_errors: true - name: "({{ select_crypto_backend }}) Check invalid profile order" - assert: + ansible.builtin.assert: that: - invalid_profile_order is failed - invalid_profile_order.msg == "The ACME CA does not support selected profile 'does-not-exist'." @@ -712,7 +712,7 @@ - when: not acme_supports_profiles block: - name: "({{ select_crypto_backend }}) Create order with profile when server does not support it (should fail)" - acme_certificate_order_create: + community.crypto.acme_certificate_order_create: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -724,7 +724,7 @@ ignore_errors: true - name: "({{ select_crypto_backend }}) Check profile without server support order" - assert: + ansible.builtin.assert: that: - profile_without_server_support is failed - profile_without_server_support.msg == 'The ACME CA does not support profiles. Please omit the "profile" option.' diff --git a/tests/integration/targets/acme_certificate_order/tasks/main.yml b/tests/integration/targets/acme_certificate_order/tasks/main.yml index a6e9b371..e2f08d7b 100644 --- a/tests/integration/targets/acme_certificate_order/tasks/main.yml +++ b/tests/integration/targets/acme_certificate_order/tasks/main.yml @@ -10,7 +10,7 @@ - block: - name: Running tests with OpenSSL backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: openssl @@ -18,18 +18,18 @@ when: openssl_version is version('1.0.0', '>=') - name: Remove output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: directory - block: - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography diff --git a/tests/integration/targets/acme_certificate_renewal_info/tasks/impl.yml b/tests/integration/targets/acme_certificate_renewal_info/tasks/impl.yml index 73eed907..88017d7b 100644 --- a/tests/integration/targets/acme_certificate_renewal_info/tasks/impl.yml +++ b/tests/integration/targets/acme_certificate_renewal_info/tasks/impl.yml @@ -6,7 +6,7 @@ ## SET UP ACCOUNT KEYS ######################################################################## - block: - name: Generate account keys - openssl_privatekey: + community.crypto.openssl_privatekey: path: "{{ remote_tmp_dir }}/{{ item.name }}.pem" type: "{{ item.type }}" size: "{{ item.size | default(omit) }}" @@ -22,7 +22,7 @@ ## CREATE ACCOUNTS AND OBTAIN CERTIFICATES #################################################### - name: Obtain cert 1 - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: certgen_title: Certificate 1 for renewal check certificate_name: cert-1 @@ -41,18 +41,18 @@ ## OBTAIN CERTIFICATE INFOS ################################################################### - name: Dump OpenSSL x509 info - command: + ansible.builtin.command: cmd: openssl x509 -in {{ remote_tmp_dir }}/cert-1.pem -noout -text - name: Obtain certificate information - x509_certificate_info: + community.crypto.x509_certificate_info: path: "{{ remote_tmp_dir }}/cert-1.pem" register: cert_1_info - name: Read certificate - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/cert-1.pem' register: slurp_cert_1 - name: Obtain certificate information (1/11) - acme_certificate_renewal_info: + community.crypto.acme_certificate_renewal_info: select_crypto_backend: "{{ select_crypto_backend }}" certificate_path: "{{ remote_tmp_dir }}/cert-1.pem" acme_version: 2 @@ -60,7 +60,7 @@ validate_certs: false register: cert_1_renewal_1 - name: Obtain certificate information (2/11) - acme_certificate_renewal_info: + community.crypto.acme_certificate_renewal_info: select_crypto_backend: "{{ select_crypto_backend }}" certificate_path: "{{ remote_tmp_dir }}/cert-1.pem" acme_version: 2 @@ -70,7 +70,7 @@ remaining_percentage: 0.5 register: cert_1_renewal_2 - name: Obtain certificate information (3/11) - acme_certificate_renewal_info: + community.crypto.acme_certificate_renewal_info: select_crypto_backend: "{{ select_crypto_backend }}" certificate_content: "{{ slurp_cert_1.content | b64decode }}" acme_version: 2 @@ -79,7 +79,7 @@ now: +1800d register: cert_1_renewal_3 - name: Obtain certificate information (4/11) - acme_certificate_renewal_info: + community.crypto.acme_certificate_renewal_info: select_crypto_backend: "{{ select_crypto_backend }}" certificate_path: "{{ remote_tmp_dir }}/cert-1.pem" acme_version: 2 @@ -90,7 +90,7 @@ remaining_percentage: 0.1 register: cert_1_renewal_4 - name: Obtain certificate information (5/11) - acme_certificate_renewal_info: + community.crypto.acme_certificate_renewal_info: select_crypto_backend: "{{ select_crypto_backend }}" certificate_path: "{{ remote_tmp_dir }}/cert-1.pem" acme_version: 2 @@ -101,7 +101,7 @@ remaining_percentage: 0.01 register: cert_1_renewal_5 - name: Obtain certificate information (6/11) - acme_certificate_renewal_info: + community.crypto.acme_certificate_renewal_info: select_crypto_backend: "{{ select_crypto_backend }}" certificate_path: "{{ remote_tmp_dir }}/cert-1.pem" acme_version: 2 @@ -112,7 +112,7 @@ remaining_percentage: 0.03 register: cert_1_renewal_6 - name: Obtain certificate information (7/11) - acme_certificate_renewal_info: + community.crypto.acme_certificate_renewal_info: select_crypto_backend: "{{ select_crypto_backend }}" certificate_path: "{{ remote_tmp_dir }}/cert-1.pem" acme_version: 2 @@ -121,7 +121,7 @@ now: +1830d register: cert_1_renewal_7 - name: Obtain certificate information (8/11) - acme_certificate_renewal_info: + community.crypto.acme_certificate_renewal_info: select_crypto_backend: "{{ select_crypto_backend }}" acme_version: 2 acme_directory: "{{ acme_directory_url }}" @@ -129,7 +129,7 @@ now: +1830d register: cert_1_renewal_8 - name: Obtain certificate information (9/11) - acme_certificate_renewal_info: + community.crypto.acme_certificate_renewal_info: select_crypto_backend: "{{ select_crypto_backend }}" certificate_path: "{{ remote_tmp_dir }}/cert-does-not-exist.pem" acme_version: 2 @@ -137,12 +137,12 @@ validate_certs: false register: cert_1_renewal_9 - name: Create broken file - copy: + ansible.builtin.copy: dest: "{{ remote_tmp_dir }}/cert-is-broken.pem" content: | --- THIS IS NOT A CERT --- - name: Obtain certificate information (10/11) - acme_certificate_renewal_info: + community.crypto.acme_certificate_renewal_info: treat_parsing_error_as_non_existing: false select_crypto_backend: "{{ select_crypto_backend }}" certificate_path: "{{ remote_tmp_dir }}/cert-is-broken.pem" @@ -152,7 +152,7 @@ register: cert_1_renewal_10 ignore_errors: true - name: Obtain certificate information (11/11) - acme_certificate_renewal_info: + community.crypto.acme_certificate_renewal_info: treat_parsing_error_as_non_existing: true select_crypto_backend: "{{ select_crypto_backend }}" certificate_path: "{{ remote_tmp_dir }}/cert-is-broken.pem" diff --git a/tests/integration/targets/acme_certificate_renewal_info/tasks/main.yml b/tests/integration/targets/acme_certificate_renewal_info/tasks/main.yml index 245b19a1..bcbd0ff4 100644 --- a/tests/integration/targets/acme_certificate_renewal_info/tasks/main.yml +++ b/tests/integration/targets/acme_certificate_renewal_info/tasks/main.yml @@ -13,31 +13,31 @@ block: - block: - name: Running tests with OpenSSL backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: openssl - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml # Old 0.9.8 versions have insufficient CLI support for signing with EC keys when: openssl_version is version('1.0.0', '>=') - name: Remove output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: directory - block: - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/acme_certificate_renewal_info/tests/validate.yml b/tests/integration/targets/acme_certificate_renewal_info/tests/validate.yml index fb5beb89..b3c3698f 100644 --- a/tests/integration/targets/acme_certificate_renewal_info/tests/validate.yml +++ b/tests/integration/targets/acme_certificate_renewal_info/tests/validate.yml @@ -9,7 +9,7 @@ block: - name: Validate results (generic) - assert: + ansible.builtin.assert: that: - cert_1_renewal_1.should_renew == false - cert_1_renewal_1.msg == 'The certificate is still valid and no condition was reached' @@ -64,7 +64,7 @@ when: not acme_supports_ari - name: Validate results without ARI - assert: + ansible.builtin.assert: that: - cert_1_renewal_1.supports_ari == false - cert_1_renewal_2.supports_ari == false @@ -84,7 +84,7 @@ when: not acme_supports_ari - name: Validate results with ARI - assert: + ansible.builtin.assert: that: - cert_1_renewal_1.supports_ari == true - cert_1_renewal_2.supports_ari == true diff --git a/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml b/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml index e7d6bd3c..7fe3e947 100644 --- a/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml +++ b/tests/integration/targets/acme_certificate_revoke/tasks/impl.yml @@ -6,7 +6,7 @@ ## SET UP ACCOUNT KEYS ######################################################################## - block: - name: Generate account keys - openssl_privatekey: + community.crypto.openssl_privatekey: path: "{{ remote_tmp_dir }}/{{ item.name }}.pem" type: "{{ item.type }}" size: "{{ item.size | default(omit) }}" @@ -28,11 +28,11 @@ ## CREATE ACCOUNTS AND OBTAIN CERTIFICATES #################################################### - name: Read account key (EC256) - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/account-ec256.pem' register: slurp_account_key - name: Obtain cert 1 - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: certgen_title: Certificate 1 for revocation certificate_name: cert-1 @@ -49,7 +49,7 @@ terms_agreed: true account_email: "example@example.org" - name: Obtain cert 2 - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: certgen_title: Certificate 2 for revocation certificate_name: cert-2 @@ -66,7 +66,7 @@ terms_agreed: true account_email: "example@example.org" - name: Obtain cert 3 - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: certgen_title: Certificate 3 for revocation certificate_name: cert-3 @@ -84,7 +84,7 @@ ## REVOKE CERTIFICATES ######################################################################## - name: Revoke certificate 1 via account key - acme_certificate_revoke: + community.crypto.acme_certificate_revoke: select_crypto_backend: "{{ select_crypto_backend }}" account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" certificate: "{{ remote_tmp_dir }}/cert-1.pem" @@ -94,7 +94,7 @@ ignore_errors: true register: cert_1_revoke - name: Revoke certificate 2 via certificate private key - acme_certificate_revoke: + community.crypto.acme_certificate_revoke: select_crypto_backend: "{{ select_crypto_backend }}" private_key_src: "{{ remote_tmp_dir }}/cert-2.key" private_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}" @@ -105,11 +105,11 @@ ignore_errors: true register: cert_2_revoke - name: Read account key (RSA) - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/account-rsa.pem' register: slurp_account_key - name: Revoke certificate 3 via account key (fullchain) - acme_certificate_revoke: + community.crypto.acme_certificate_revoke: select_crypto_backend: "{{ select_crypto_backend }}" account_key_content: "{{ slurp_account_key.content | b64decode }}" certificate: "{{ remote_tmp_dir }}/cert-3-fullchain.pem" diff --git a/tests/integration/targets/acme_certificate_revoke/tasks/main.yml b/tests/integration/targets/acme_certificate_revoke/tasks/main.yml index bcc10397..714aed87 100644 --- a/tests/integration/targets/acme_certificate_revoke/tasks/main.yml +++ b/tests/integration/targets/acme_certificate_revoke/tasks/main.yml @@ -10,31 +10,31 @@ - block: - name: Running tests with OpenSSL backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: openssl - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml # Old 0.9.8 versions have insufficient CLI support for signing with EC keys when: openssl_version is version('1.0.0', '>=') - name: Remove output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: directory - block: - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/acme_certificate_revoke/tests/validate.yml b/tests/integration/targets/acme_certificate_revoke/tests/validate.yml index 4c06fc56..8b574525 100644 --- a/tests/integration/targets/acme_certificate_revoke/tests/validate.yml +++ b/tests/integration/targets/acme_certificate_revoke/tests/validate.yml @@ -4,17 +4,17 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Check that certificate 1 was revoked - assert: + ansible.builtin.assert: that: - cert_1_revoke is changed - cert_1_revoke is not failed - name: Check that certificate 2 was revoked - assert: + ansible.builtin.assert: that: - cert_2_revoke is changed - cert_2_revoke is not failed - name: Check that certificate 3 was revoked - assert: + ansible.builtin.assert: that: - cert_3_revoke is changed - cert_3_revoke is not failed diff --git a/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml b/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml index 8f7ffd3a..6f3ffb7d 100644 --- a/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml +++ b/tests/integration/targets/acme_challenge_cert_helper/tasks/main.yml @@ -10,13 +10,13 @@ - block: - name: Generate ECC256 account keys - openssl_privatekey: + community.crypto.openssl_privatekey: path: "{{ remote_tmp_dir }}/account-ec256.pem" type: ECC curve: secp256r1 force: true - name: Obtain cert 1 - include_tasks: obtain-cert.yml + ansible.builtin.include_tasks: obtain-cert.yml vars: select_crypto_backend: auto certgen_title: Certificate 1 diff --git a/tests/integration/targets/acme_inspect/tasks/impl.yml b/tests/integration/targets/acme_inspect/tasks/impl.yml index 79b53dd8..ed38657b 100644 --- a/tests/integration/targets/acme_inspect/tasks/impl.yml +++ b/tests/integration/targets/acme_inspect/tasks/impl.yml @@ -5,7 +5,7 @@ - block: - name: Generate account keys - openssl_privatekey: + community.crypto.openssl_privatekey: path: "{{ remote_tmp_dir }}/{{ item }}.pem" type: ECC curve: secp256r1 @@ -13,7 +13,7 @@ loop: "{{ account_keys }}" - name: Parse account keys (to ease debugging some test failures) - openssl_privatekey_info: + community.crypto.openssl_privatekey_info: path: "{{ remote_tmp_dir }}/{{ item }}.pem" return_private_key_data: true loop: "{{ account_keys }}" @@ -23,32 +23,32 @@ - accountkey - name: Get directory - acme_inspect: + community.crypto.acme_inspect: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false method: directory-only select_crypto_backend: "{{ select_crypto_backend }}" register: directory -- debug: var=directory +- ansible.builtin.debug: var=directory - name: Create an account - acme_inspect: + community.crypto.acme_inspect: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false account_key_src: "{{ remote_tmp_dir }}/accountkey.pem" - url: "{{ directory.directory.newAccount}}" + url: "{{ directory.directory.newAccount }}" method: post content: '{"termsOfServiceAgreed":true}' select_crypto_backend: "{{ select_crypto_backend }}" register: account_creation # account_creation.headers.location contains the account URI # if creation was successful -- debug: var=account_creation +- ansible.builtin.debug: var=account_creation - name: Get account information - acme_inspect: + community.crypto.acme_inspect: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -58,10 +58,10 @@ method: get select_crypto_backend: "{{ select_crypto_backend }}" register: account_get -- debug: var=account_get +- ansible.builtin.debug: var=account_get - name: Update account contacts - acme_inspect: + community.crypto.acme_inspect: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -78,10 +78,10 @@ contact: - mailto:me@example.com register: account_update -- debug: var=account_update +- ansible.builtin.debug: var=account_update - name: Create certificate order - acme_inspect: + community.crypto.acme_inspect: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -102,10 +102,10 @@ - type: dns value: example.org register: new_order -- debug: var=new_order +- ansible.builtin.debug: var=new_order - name: Get order information - acme_inspect: + community.crypto.acme_inspect: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -115,10 +115,10 @@ method: get select_crypto_backend: "{{ select_crypto_backend }}" register: order -- debug: var=order +- ansible.builtin.debug: var=order - name: Get authzs for order - acme_inspect: + community.crypto.acme_inspect: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -129,10 +129,10 @@ select_crypto_backend: "{{ select_crypto_backend }}" loop: "{{ order.output_json.authorizations }}" register: authz -- debug: var=authz +- ansible.builtin.debug: var=authz - name: Get HTTP-01 challenge for authz - acme_inspect: + community.crypto.acme_inspect: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -143,10 +143,10 @@ select_crypto_backend: "{{ select_crypto_backend }}" register: http01challenge loop: "{{ authz.results | map(attribute='output_json') | list }}" -- debug: var=http01challenge +- ansible.builtin.debug: var=http01challenge - name: Activate HTTP-01 challenge manually - acme_inspect: + community.crypto.acme_inspect: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -158,10 +158,10 @@ select_crypto_backend: "{{ select_crypto_backend }}" register: activation loop: "{{ http01challenge.results | map(attribute='output_json') | list }}" -- debug: var=activation +- ansible.builtin.debug: var=activation - name: Get HTTP-01 challenge results - acme_inspect: + community.crypto.acme_inspect: acme_directory: "{{ acme_directory_url }}" acme_version: 2 validate_certs: false @@ -175,4 +175,4 @@ until: "validation_result.output_json.status not in ['pending', 'processing']" retries: 20 delay: 1 -- debug: var=validation_result +- ansible.builtin.debug: var=validation_result diff --git a/tests/integration/targets/acme_inspect/tasks/main.yml b/tests/integration/targets/acme_inspect/tasks/main.yml index bcc10397..714aed87 100644 --- a/tests/integration/targets/acme_inspect/tasks/main.yml +++ b/tests/integration/targets/acme_inspect/tasks/main.yml @@ -10,31 +10,31 @@ - block: - name: Running tests with OpenSSL backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: openssl - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml # Old 0.9.8 versions have insufficient CLI support for signing with EC keys when: openssl_version is version('1.0.0', '>=') - name: Remove output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: directory - block: - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/acme_inspect/tests/validate.yml b/tests/integration/targets/acme_inspect/tests/validate.yml index b3519233..a1d7159e 100644 --- a/tests/integration/targets/acme_inspect/tests/validate.yml +++ b/tests/integration/targets/acme_inspect/tests/validate.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Check directory output - assert: + ansible.builtin.assert: that: - directory is not changed - "'directory' in directory" @@ -16,7 +16,7 @@ - "'output_json' not in directory" - name: Check account creation output - assert: + ansible.builtin.assert: that: - account_creation is changed - "'directory' in account_creation" @@ -30,7 +30,7 @@ - account_creation.output_text | from_json == account_creation.output_json - name: Check account get output - assert: + ansible.builtin.assert: that: - account_get is not changed - "'directory' in account_get" @@ -41,7 +41,7 @@ - account_get.output_json == account_creation.output_json - name: Check account update output - assert: + ansible.builtin.assert: that: - account_update is changed - "'directory' in account_update" @@ -53,7 +53,7 @@ - account_update.output_json.contact[0] in ['mailto:me@example.com', 'mailto:*******@example.com'] - name: Check certificate request output - assert: + ansible.builtin.assert: that: - new_order is changed - "'directory' in new_order" @@ -66,7 +66,7 @@ - "'finalize' in new_order.output_json" - name: Check get order output - assert: + ansible.builtin.assert: that: - order is not changed - "'directory' in order" @@ -77,7 +77,7 @@ # - new_order.output_json == order.output_json - name: Check get authz output - assert: + ansible.builtin.assert: that: - item is not changed - "'directory' in item" @@ -90,7 +90,7 @@ loop: "{{ authz.results }}" - name: Check get challenge output - assert: + ansible.builtin.assert: that: - item is not changed - "'directory' in item" @@ -104,7 +104,7 @@ loop: "{{ http01challenge.results }}" - name: Check challenge activation output - assert: + ansible.builtin.assert: that: - item is changed - "'directory' in item" @@ -118,7 +118,7 @@ loop: "{{ activation.results }}" - name: Check validation result - assert: + ansible.builtin.assert: that: - item is not changed - "'directory' in item" diff --git a/tests/integration/targets/certificate_complete_chain/tasks/create-single-certificate.yml b/tests/integration/targets/certificate_complete_chain/tasks/create-single-certificate.yml index fbeac4e3..df1e268a 100644 --- a/tests/integration/targets/certificate_complete_chain/tasks/create-single-certificate.yml +++ b/tests/integration/targets/certificate_complete_chain/tasks/create-single-certificate.yml @@ -9,14 +9,14 @@ #################################################################### - name: Generate CSR for {{ certificate.name }} - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/{{ certificate.name }}.csr' privatekey_path: '{{ remote_tmp_dir }}/{{ certificate.name }}.key' subject: '{{ certificate.subject }}' useCommonNameForSAN: false - name: Generate certificate for {{ certificate.name }} - x509_certificate: + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/{{ certificate.name }}.pem' csr_path: '{{ remote_tmp_dir }}/{{ certificate.name }}.csr' privatekey_path: '{{ remote_tmp_dir }}/{{ certificate.name }}.key' diff --git a/tests/integration/targets/certificate_complete_chain/tasks/create.yml b/tests/integration/targets/certificate_complete_chain/tasks/create.yml index 5f41aca5..57b6e9c4 100644 --- a/tests/integration/targets/certificate_complete_chain/tasks/create.yml +++ b/tests/integration/targets/certificate_complete_chain/tasks/create.yml @@ -10,25 +10,25 @@ - block: - name: Create private keys - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/{{ item.name }}.key' size: '{{ default_rsa_key_size_certificates }}' loop: '{{ certificates }}' - name: Generate certificates - include_tasks: create-single-certificate.yml + ansible.builtin.include_tasks: create-single-certificate.yml loop: '{{ certificates }}' loop_control: loop_var: certificate - name: Read certificates - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/{{ item.name }}.pem' loop: '{{ certificates }}' register: certificates_read - name: Store read certificates - set_fact: + ansible.builtin.set_fact: read_certificates: >- {{ certificates_read.results | map(attribute='content') | map('b64decode') | zip(certificates | map(attribute='name')) diff --git a/tests/integration/targets/certificate_complete_chain/tasks/created.yml b/tests/integration/targets/certificate_complete_chain/tasks/created.yml index 373b8b92..bdfb1378 100644 --- a/tests/integration/targets/certificate_complete_chain/tasks/created.yml +++ b/tests/integration/targets/certificate_complete_chain/tasks/created.yml @@ -9,7 +9,7 @@ #################################################################### - name: Case A => works - certificate_complete_chain: + community.crypto.certificate_complete_chain: input_chain: "{{ read_certificates['d-leaf'] }}" intermediate_certificates: - '{{ remote_tmp_dir }}/b-intermediate.pem' @@ -19,7 +19,7 @@ - name: Case B => doesn't work, but this is expected failed_when: false register: caseb - certificate_complete_chain: + community.crypto.certificate_complete_chain: input_chain: "{{ read_certificates['d-leaf'] }}" intermediate_certificates: - '{{ remote_tmp_dir }}/c-intermediate.pem' @@ -27,11 +27,11 @@ - '{{ remote_tmp_dir }}/a-root.pem' - name: Assert that case B failed - assert: + ansible.builtin.assert: that: "'Cannot complete chain' in caseb.msg" - name: Case C => works - certificate_complete_chain: + community.crypto.certificate_complete_chain: input_chain: "{{ read_certificates['d-leaf'] }}" intermediate_certificates: - '{{ remote_tmp_dir }}/c-intermediate.pem' @@ -40,7 +40,7 @@ - '{{ remote_tmp_dir }}/a-root.pem' - name: Case D => works as well after PR 403 - certificate_complete_chain: + community.crypto.certificate_complete_chain: input_chain: "{{ read_certificates['d-leaf'] }}" intermediate_certificates: - '{{ remote_tmp_dir }}/b-intermediate.pem' diff --git a/tests/integration/targets/certificate_complete_chain/tasks/existing.yml b/tests/integration/targets/certificate_complete_chain/tasks/existing.yml index 03effefb..65afe8ad 100644 --- a/tests/integration/targets/certificate_complete_chain/tasks/existing.yml +++ b/tests/integration/targets/certificate_complete_chain/tasks/existing.yml @@ -10,13 +10,13 @@ - block: - name: Find root for cert 1 using directory - certificate_complete_chain: + community.crypto.certificate_complete_chain: input_chain: '{{ fullchain | trim }}' root_certificates: - '{{ remote_tmp_dir }}/files/roots/' register: cert1_root - name: Verify root for cert 1 - assert: + ansible.builtin.assert: that: - cert1_root.complete_chain | join('') == (fullchain ~ root) - cert1_root.root == root @@ -26,7 +26,7 @@ - block: - name: Find rootchain for cert 1 using intermediate and root PEM - certificate_complete_chain: + community.crypto.certificate_complete_chain: input_chain: '{{ cert }}' intermediate_certificates: - '{{ remote_tmp_dir }}/files/cert1-chain.pem' @@ -34,7 +34,7 @@ - '{{ remote_tmp_dir }}/files/roots.pem' register: cert1_rootchain - name: Verify rootchain for cert 1 - assert: + ansible.builtin.assert: that: - cert1_rootchain.complete_chain | join('') == (cert ~ chain ~ root) - cert1_rootchain.chain[:-1] | join('') == chain @@ -46,13 +46,13 @@ - block: - name: Find root for cert 2 using directory - certificate_complete_chain: + community.crypto.certificate_complete_chain: input_chain: "{{ fullchain | trim }}" root_certificates: - '{{ remote_tmp_dir }}/files/roots/' register: cert2_root - name: Verify root for cert 2 - assert: + ansible.builtin.assert: that: - cert2_root.complete_chain | join('') == (fullchain ~ root) - cert2_root.root == root @@ -62,7 +62,7 @@ - block: - name: Find rootchain for cert 2 using intermediate and root PEM - certificate_complete_chain: + community.crypto.certificate_complete_chain: input_chain: '{{ cert }}' intermediate_certificates: - '{{ remote_tmp_dir }}/files/cert2-chain.pem' @@ -70,7 +70,7 @@ - '{{ remote_tmp_dir }}/files/roots.pem' register: cert2_rootchain - name: Verify rootchain for cert 2 - assert: + ansible.builtin.assert: that: - cert2_rootchain.complete_chain | join('') == (cert ~ chain ~ root) - cert2_rootchain.chain[:-1] | join('') == chain @@ -82,7 +82,7 @@ - block: - name: Find alternate rootchain for cert 2 using intermediate and root PEM - certificate_complete_chain: + community.crypto.certificate_complete_chain: input_chain: '{{ cert }}' intermediate_certificates: - '{{ remote_tmp_dir }}/files/cert2-altchain.pem' @@ -90,7 +90,7 @@ - '{{ remote_tmp_dir }}/files/roots.pem' register: cert2_rootchain_alt - name: Verify rootchain for cert 2 - assert: + ansible.builtin.assert: that: - cert2_rootchain_alt.complete_chain | join('') == (cert ~ chain ~ root) - cert2_rootchain_alt.chain[:-1] | join('') == chain @@ -102,13 +102,13 @@ - block: - name: Find alternate rootchain for cert 2 when complete chain is already presented to the module - certificate_complete_chain: + community.crypto.certificate_complete_chain: input_chain: '{{ cert ~ chain ~ root }}' root_certificates: - '{{ remote_tmp_dir }}/files/roots.pem' register: cert2_complete_chain - name: Verify rootchain for cert 2 - assert: + ansible.builtin.assert: that: - cert2_complete_chain.complete_chain | join('') == (cert ~ chain ~ root) - cert2_complete_chain.chain == [] @@ -119,7 +119,7 @@ root: "{{ lookup('file', 'cert2-altroot.pem', rstrip=False) }}" - name: Check failure when no intermediate certificate can be found - certificate_complete_chain: + community.crypto.certificate_complete_chain: input_chain: '{{ lookup("file", "cert2.pem", rstrip=true) }}' intermediate_certificates: - '{{ remote_tmp_dir }}/files/cert1-chain.pem' @@ -128,13 +128,13 @@ register: cert2_no_intermediate ignore_errors: true - name: Verify failure - assert: + ansible.builtin.assert: that: - cert2_no_intermediate is failed - "cert2_no_intermediate.msg.startswith('Cannot complete chain. Stuck at certificate ')" - name: Check failure when infinite loop is found - certificate_complete_chain: + community.crypto.certificate_complete_chain: input_chain: '{{ lookup("file", "cert1-fullchain.pem", rstrip=true) }}' intermediate_certificates: - '{{ remote_tmp_dir }}/files/roots.pem' @@ -143,7 +143,7 @@ register: cert2_infinite_loop ignore_errors: true - name: Verify failure - assert: + ansible.builtin.assert: that: - cert2_infinite_loop is failed - "cert2_infinite_loop.msg == 'Found cycle while building certificate chain'" diff --git a/tests/integration/targets/certificate_complete_chain/tasks/main.yml b/tests/integration/targets/certificate_complete_chain/tasks/main.yml index e4e1cfc2..b7266c59 100644 --- a/tests/integration/targets/certificate_complete_chain/tasks/main.yml +++ b/tests/integration/targets/certificate_complete_chain/tasks/main.yml @@ -11,17 +11,17 @@ - block: - name: Copy test files to testhost - copy: + ansible.builtin.copy: src: '{{ role_path }}/files/' dest: '{{ remote_tmp_dir }}/files/' - name: Run tests with copied certificates - import_tasks: existing.yml + ansible.builtin.import_tasks: existing.yml - name: Create more certificates - import_tasks: create.yml + ansible.builtin.import_tasks: create.yml - name: Run tests with created certificates - import_tasks: created.yml + ansible.builtin.import_tasks: created.yml when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/crypto_info/tasks/main.yml b/tests/integration/targets/crypto_info/tasks/main.yml index f8a37f26..04b446ca 100644 --- a/tests/integration/targets/crypto_info/tasks/main.yml +++ b/tests/integration/targets/crypto_info/tasks/main.yml @@ -9,23 +9,23 @@ #################################################################### - name: Retrieve information - crypto_info: + community.crypto.crypto_info: register: result - name: Display information - debug: + ansible.builtin.debug: var: result - name: Register cryptography version - command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'" + ansible.builtin.command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'" register: local_cryptography_version - name: Set cryptography version - set_fact: + ansible.builtin.set_fact: local_cryptography_version: "{{ local_cryptography_version.stdout }}" - name: Determine complex version-based capabilities - set_fact: + ansible.builtin.set_fact: supports_ed25519: >- {{ local_cryptography_version is version("2.6", ">=") @@ -46,7 +46,7 @@ }} - name: Verify cryptography information - assert: + ansible.builtin.assert: that: - result.python_cryptography_installed - "'python_cryptography_import_error' not in result" @@ -67,15 +67,15 @@ - result.python_cryptography_capabilities.has_x448 == (local_cryptography_version is version('2.5', '>=')) - name: Find OpenSSL binary - command: which openssl + ansible.builtin.command: which openssl register: local_openssl_path - name: Find OpenSSL version - command: openssl version + ansible.builtin.command: openssl version register: local_openssl_version_full - name: Verify OpenSSL information - assert: + ansible.builtin.assert: that: - result.openssl_present - result.openssl.path == local_openssl_path.stdout diff --git a/tests/integration/targets/filter_openssl_csr_info/tasks/impl.yml b/tests/integration/targets/filter_openssl_csr_info/tasks/impl.yml index 83aeb1c0..6fb2ebd9 100644 --- a/tests/integration/targets/filter_openssl_csr_info/tasks/impl.yml +++ b/tests/integration/targets/filter_openssl_csr_info/tasks/impl.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: "Get CSR info" - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/csr_1.csr') | community.crypto.openssl_csr_info }} result_idna: >- @@ -13,7 +13,7 @@ {{ lookup('file', remote_tmp_dir ~ '/csr_1.csr') | community.crypto.openssl_csr_info(name_encoding='unicode') }} - name: "Check whether subject and extensions behaves as expected" - assert: + ansible.builtin.assert: that: - result.subject.organizationalUnitName == 'ACME Department' - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered" @@ -40,7 +40,7 @@ - result.extensions_by_oid['2.5.29.37'].value == 'MHQGCCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJBgRVHSUABggrBgEFBQcBAwYIKwYBBQUHAwoGCCsGAQUFBwMHBggrBgEFBQcBAg==' - name: "Check SubjectKeyIdentifier and AuthorityKeyIdentifier" - assert: + ansible.builtin.assert: that: - result.subject_key_identifier == "00:11:22:33" - result.authority_key_identifier == "44:55:66:77" @@ -56,17 +56,17 @@ - "IP:1.2.3.4" - name: "Get CSR info" - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/csr_2.csr') | community.crypto.openssl_csr_info }} - name: "Get CSR info" - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/csr_3.csr') | community.crypto.openssl_csr_info }} - name: "Check AuthorityKeyIdentifier" - assert: + ansible.builtin.assert: that: - result.authority_key_identifier is none - result.authority_cert_issuer == expected_authority_cert_issuer @@ -77,65 +77,65 @@ - "IP:1.2.3.4" - name: "Get CSR info" - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/csr_4.csr') | community.crypto.openssl_csr_info }} - name: "Check AuthorityKeyIdentifier" - assert: + ansible.builtin.assert: that: - result.authority_key_identifier == "44:55:66:77" - result.authority_cert_issuer is none - result.authority_cert_serial_number is none - name: Get invalid certificate info - set_fact: + ansible.builtin.set_fact: result: >- {{ [] | community.crypto.openssl_csr_info }} ignore_errors: true register: output - name: Check that task failed and error message is OK - assert: + ansible.builtin.assert: that: - output is failed - output.msg is search("The community.crypto.openssl_csr_info input must be a text type, not ") - name: Get invalid certificate info - set_fact: + ansible.builtin.set_fact: result: >- {{ 'foo' | community.crypto.openssl_csr_info }} ignore_errors: true register: output - name: Check that task failed and error message is OK - assert: + ansible.builtin.assert: that: - output is failed - output.msg is search("Unable to load (?:request|PEM file)(?:\.|$)") - name: Get invalid certificate info - set_fact: + ansible.builtin.set_fact: result: >- {{ 'foo' | community.crypto.openssl_csr_info(name_encoding=[]) }} ignore_errors: true register: output - name: Check that task failed and error message is OK - assert: + ansible.builtin.assert: that: - output is failed - output.msg is search("The name_encoding option must be of a text type, not ") - name: Get invalid name_encoding parameter - set_fact: + ansible.builtin.set_fact: result: >- {{ 'bar' | community.crypto.openssl_csr_info(name_encoding='foo') }} ignore_errors: true register: output - name: Check that task failed and error message is OK - assert: + ansible.builtin.assert: that: - output is failed - output.msg is search("The name_encoding option must be one of the values \"ignore\", \"idna\", or \"unicode\", not \"foo\"$") diff --git a/tests/integration/targets/filter_openssl_csr_info/tasks/main.yml b/tests/integration/targets/filter_openssl_csr_info/tasks/main.yml index 27384072..c517b680 100644 --- a/tests/integration/targets/filter_openssl_csr_info/tasks/main.yml +++ b/tests/integration/targets/filter_openssl_csr_info/tasks/main.yml @@ -9,23 +9,23 @@ #################################################################### - name: Make sure the Python idna library is installed - pip: + ansible.builtin.pip: name: idna state: present - name: Generate privatekey - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size }}' - name: Generate privatekey with password - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 size: '{{ default_rsa_key_size }}' - name: Generate CSR 1 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_1.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -94,7 +94,7 @@ - "IP:1.2.3.4" - name: Generate CSR 2 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_2.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: hunter2 @@ -103,7 +103,7 @@ - "CA:TRUE" - name: Generate CSR 3 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_3.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' useCommonNameForSAN: false @@ -121,12 +121,12 @@ - "IP:1.2.3.4" - name: Generate CSR 4 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_4.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' useCommonNameForSAN: false authority_key_identifier: "44:55:66:77" - name: Running tests - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml b/tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml index ec4e3c6f..e1acf393 100644 --- a/tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml +++ b/tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml @@ -4,12 +4,12 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Get key 1 info - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/privatekey_1.pem') | community.crypto.openssl_privatekey_info }} - name: Check that RSA key info is ok - assert: + ansible.builtin.assert: that: - "'public_key' in result" - "'public_key_fingerprints' in result" @@ -21,12 +21,12 @@ - "'private_data' not in result" - name: Get key 2 info - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/privatekey_2.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }} - name: Check that RSA key info is ok - assert: + ansible.builtin.assert: that: - "'public_key' in result" - "'public_key_fingerprints' in result" @@ -41,26 +41,26 @@ - "result.private_data.exponent > 5" - name: Get key 3 info (without passphrase) - set_fact: + ansible.builtin.set_fact: result_: >- {{ lookup('file', remote_tmp_dir ~ '/privatekey_3.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }} ignore_errors: true register: result - name: Check that loading passphrase protected key without passphrase failed - assert: + ansible.builtin.assert: that: - result is failed - >- 'Wrong or empty passphrase provided for private key' in result.msg - name: Get key 3 info (with passphrase) - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/privatekey_3.pem') | community.crypto.openssl_privatekey_info(passphrase='hunter2', return_private_key_data=true) }} - name: Check that RSA key info is ok - assert: + ansible.builtin.assert: that: - "'public_key' in result" - "'public_key_fingerprints' in result" @@ -74,12 +74,12 @@ - "result.private_data.exponent > 5" - name: Get key 4 info - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/privatekey_4.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }} - name: Check that ECC key info is ok - assert: + ansible.builtin.assert: that: - "'public_key' in result" - "'public_key_fingerprints' in result" @@ -94,12 +94,12 @@ - "result.private_data.multiplier > 1024" - name: Get key 5 info - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/privatekey_5.pem') | community.crypto.openssl_privatekey_info(return_private_key_data=true) }} - name: Check that DSA key info is ok - assert: + ansible.builtin.assert: that: - "'public_key' in result" - "'public_key_fingerprints' in result" diff --git a/tests/integration/targets/filter_openssl_privatekey_info/tasks/main.yml b/tests/integration/targets/filter_openssl_privatekey_info/tasks/main.yml index f208733e..5adeb235 100644 --- a/tests/integration/targets/filter_openssl_privatekey_info/tasks/main.yml +++ b/tests/integration/targets/filter_openssl_privatekey_info/tasks/main.yml @@ -9,34 +9,34 @@ #################################################################### - name: Generate privatekey 1 - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_1.pem' - name: Generate privatekey 2 (less bits) - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_2.pem' type: RSA size: '{{ default_rsa_key_size }}' - name: Generate privatekey 3 (with password) - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_3.pem' passphrase: hunter2 size: '{{ default_rsa_key_size }}' - name: Generate privatekey 4 (ECC) - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_4.pem' type: ECC curve: "{{ (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') | ternary('secp521r1', 'secp256k1') }}" # ^ cryptography on CentOS6 doesn't support secp256k1, so we use secp521r1 instead - name: Generate privatekey 5 (DSA) - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_5.pem' type: DSA size: 1024 - name: Running tests - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/filter_openssl_publickey_info/tasks/impl.yml b/tests/integration/targets/filter_openssl_publickey_info/tasks/impl.yml index 3bfe1fc1..5bcbf4b7 100644 --- a/tests/integration/targets/filter_openssl_publickey_info/tasks/impl.yml +++ b/tests/integration/targets/filter_openssl_publickey_info/tasks/impl.yml @@ -4,12 +4,12 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Get key 1 info - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/publickey_1.pem') | community.crypto.openssl_publickey_info }} - name: Check that RSA key info is ok - assert: + ansible.builtin.assert: that: - "'fingerprints' in result" - "'type' in result" @@ -19,12 +19,12 @@ - "result.public_data.exponent > 5" - name: Get key 2 info - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/publickey_2.pem') | community.crypto.openssl_publickey_info }} - name: Check that RSA key info is ok - assert: + ansible.builtin.assert: that: - "'fingerprints' in result" - "'type' in result" @@ -35,12 +35,12 @@ - "result.public_data.exponent > 5" - name: Get key 3 info - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/publickey_3.pem') | community.crypto.openssl_publickey_info }} - name: Check that ECC key info is ok - assert: + ansible.builtin.assert: that: - "'fingerprints' in result" - "'type' in result" @@ -52,12 +52,12 @@ - "result.public_data.exponent_size == (521 if (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') else 256)" - name: Get key 4 info - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/publickey_4.pem') | community.crypto.openssl_publickey_info }} - name: Check that DSA key info is ok - assert: + ansible.builtin.assert: that: - "'fingerprints' in result" - "'type' in result" @@ -69,27 +69,27 @@ - "result.public_data.y > 2" - name: Get invalid key info - set_fact: + ansible.builtin.set_fact: result: >- {{ [] | community.crypto.openssl_publickey_info }} ignore_errors: true register: output - name: Check that task failed and error message is OK - assert: + ansible.builtin.assert: that: - output is failed - output.msg is search("The community.crypto.openssl_publickey_info input must be a text type, not ") - name: Get invalid key info - set_fact: + ansible.builtin.set_fact: result: >- {{ 'foo' | community.crypto.openssl_publickey_info }} ignore_errors: true register: output - name: Check that task failed and error message is OK - assert: + ansible.builtin.assert: that: - output is failed - 'output.msg is search("Error while deserializing key: ")' diff --git a/tests/integration/targets/filter_openssl_publickey_info/tasks/main.yml b/tests/integration/targets/filter_openssl_publickey_info/tasks/main.yml index 87e18149..1d1eab34 100644 --- a/tests/integration/targets/filter_openssl_publickey_info/tasks/main.yml +++ b/tests/integration/targets/filter_openssl_publickey_info/tasks/main.yml @@ -9,17 +9,17 @@ #################################################################### - name: Generate privatekey 1 - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_1.pem' - name: Generate privatekey 2 (less bits) - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_2.pem' type: RSA size: '{{ default_rsa_key_size }}' - name: Generate privatekey 3 (ECC) - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_3.pem' type: ECC curve: "{{ (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') | ternary('secp521r1', 'secp256k1') }}" @@ -27,13 +27,13 @@ select_crypto_backend: cryptography - name: Generate privatekey 4 (DSA) - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_4.pem' type: DSA size: 1024 - name: Generate public keys - openssl_publickey: + community.crypto.openssl_publickey: privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' path: '{{ remote_tmp_dir }}/publickey_{{ item }}.pem' loop: @@ -43,5 +43,5 @@ - 4 - name: Running tests - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/filter_parse_serial/tasks/main.yml b/tests/integration/targets/filter_parse_serial/tasks/main.yml index 67175ac0..41e4bf66 100644 --- a/tests/integration/targets/filter_parse_serial/tasks/main.yml +++ b/tests/integration/targets/filter_parse_serial/tasks/main.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Test parse_serial filter - assert: + ansible.builtin.assert: that: - >- '0' | community.crypto.parse_serial == 0 @@ -22,35 +22,35 @@ '1:2:3' | community.crypto.parse_serial == 66051 - name: "Test error 1: empty string" - debug: + ansible.builtin.debug: msg: >- {{ '' | community.crypto.parse_serial }} ignore_errors: true register: error_1 - name: "Test error 2: invalid type" - debug: + ansible.builtin.debug: msg: >- {{ [] | community.crypto.parse_serial }} ignore_errors: true register: error_2 - name: "Test error 3: invalid values (range)" - debug: + ansible.builtin.debug: msg: >- {{ '100' | community.crypto.parse_serial }} ignore_errors: true register: error_3 - name: "Test error 4: invalid values (digits)" - debug: + ansible.builtin.debug: msg: >- {{ 'abcdefg' | community.crypto.parse_serial }} ignore_errors: true register: error_4 - name: Validate errors - assert: + ansible.builtin.assert: that: - >- error_1 is failed and "The 1st part '' is not a hexadecimal number in range [0, 255]: invalid literal" in error_1.msg diff --git a/tests/integration/targets/filter_split_pem/tasks/main.yml b/tests/integration/targets/filter_split_pem/tasks/main.yml index 069b37db..6e06c235 100644 --- a/tests/integration/targets/filter_split_pem/tasks/main.yml +++ b/tests/integration/targets/filter_split_pem/tasks/main.yml @@ -9,7 +9,7 @@ #################################################################### - name: Run tests that raise no errors - assert: + ansible.builtin.assert: that: - >- '' | community.crypto.split_pem == [] @@ -49,13 +49,13 @@ AAb= - name: Invalid input - debug: + ansible.builtin.debug: msg: "{{ [] | community.crypto.split_pem }}" ignore_errors: true register: output - name: Validate error - assert: + ansible.builtin.assert: that: - output is failed - output.msg is search("The community.crypto.split_pem input must be a text type, not ") diff --git a/tests/integration/targets/filter_to_serial/tasks/main.yml b/tests/integration/targets/filter_to_serial/tasks/main.yml index 1b1f4385..154488d7 100644 --- a/tests/integration/targets/filter_to_serial/tasks/main.yml +++ b/tests/integration/targets/filter_to_serial/tasks/main.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Test to_serial filter - assert: + ansible.builtin.assert: that: - 0 | community.crypto.to_serial == '00' - 1 | community.crypto.to_serial == '01' @@ -13,21 +13,21 @@ - 65536 | community.crypto.to_serial == '01:00:00' - name: "Test error 1: negative number" - debug: + ansible.builtin.debug: msg: >- {{ (-1) | community.crypto.to_serial }} ignore_errors: true register: error_1 - name: "Test error 2: invalid type" - debug: + ansible.builtin.debug: msg: >- {{ [] | community.crypto.to_serial }} ignore_errors: true register: error_2 - name: Validate error - assert: + ansible.builtin.assert: that: - >- error_1 is failed and "The input for the community.crypto.to_serial filter must not be negative" in error_1.msg diff --git a/tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml b/tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml index 4dac09e2..39174860 100644 --- a/tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml +++ b/tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Get certificate info - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/cert_1.pem') | community.crypto.x509_certificate_info }} result_idna: >- @@ -13,7 +13,7 @@ {{ lookup('file', remote_tmp_dir ~ '/cert_1.pem') | community.crypto.x509_certificate_info(name_encoding='unicode') }} - name: Check whether issuer and subject and extensions behave as expected - assert: + ansible.builtin.assert: that: - result.issuer.organizationalUnitName == 'ACME Department' - "['organizationalUnitName', 'Crypto Department'] in result.issuer_ordered" @@ -70,7 +70,7 @@ - result.extensions_by_oid['2.5.29.37'].value == 'MHQGCCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJBgRVHSUABggrBgEFBQcBAwYIKwYBBQUHAwoGCCsGAQUFBwMHBggrBgEFBQcBAg==' - name: Check SubjectKeyIdentifier and AuthorityKeyIdentifier - assert: + ansible.builtin.assert: that: - result.subject_key_identifier == "00:11:22:33" - result.authority_key_identifier == "44:55:66:77" @@ -86,17 +86,17 @@ - "IP:1.2.3.4" - name: Get certificate info - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/cert_2.pem') | community.crypto.x509_certificate_info }} - name: Get certificate info - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/cert_3.pem') | community.crypto.x509_certificate_info }} - name: Check AuthorityKeyIdentifier - assert: + ansible.builtin.assert: that: - result.authority_key_identifier is none - result.authority_cert_issuer == expected_authority_cert_issuer @@ -107,23 +107,23 @@ - "IP:1.2.3.4" - name: Get certificate info - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', remote_tmp_dir ~ '/cert_4.pem') | community.crypto.x509_certificate_info }} - name: Check AuthorityKeyIdentifier - assert: + ansible.builtin.assert: that: - result.authority_key_identifier == "44:55:66:77" - result.authority_cert_issuer is none - result.authority_cert_serial_number is none - name: Get certificate info for packaged cert 1 - set_fact: + ansible.builtin.set_fact: result: >- {{ lookup('file', role_path ~ '/../x509_certificate_info/files/cert1.pem') | community.crypto.x509_certificate_info }} - name: Check extensions - assert: + ansible.builtin.assert: that: - "'ocsp_uri' in result" - "result.ocsp_uri == 'http://ocsp.foobarbaz.example.com'" @@ -160,59 +160,59 @@ - result.extensions_by_oid['2.5.29.37'].critical == false - result.extensions_by_oid['2.5.29.37'].value == 'MBQGCCsGAQUFBwMBBggrBgEFBQcDAg==' - name: Check fingerprints - assert: + ansible.builtin.assert: that: - (result.fingerprints.sha256 == '08:26:60:3d:29:11:f2:88:09:3f:40:71:bb:67:cb:59:9c:6e:cf:e0:49:22:ab:e8:60:bd:f6:9a:01:e3:0e:2c' if result.fingerprints.sha256 is defined else true) - (result.fingerprints.sha1 == '5a:32:7f:22:61:f3:2e:ad:a7:d8:77:07:1c:7f:08:cd:ab:7f:bc:11' if result.fingerprints.sha1 is defined else true) - name: Get invalid certificate info - set_fact: + ansible.builtin.set_fact: result: >- {{ [] | community.crypto.x509_certificate_info }} ignore_errors: true register: output - name: Check that task failed and error message is OK - assert: + ansible.builtin.assert: that: - output is failed - output.msg is search("The community.crypto.x509_certificate_info input must be a text type, not ") - name: Get invalid certificate info - set_fact: + ansible.builtin.set_fact: result: >- {{ 'foo' | community.crypto.x509_certificate_info }} ignore_errors: true register: output - name: Check that task failed and error message is OK - assert: + ansible.builtin.assert: that: - output is failed - output.msg is search("Unable to load (?:certificate|PEM file)(?:\.|$)") - name: Get invalid certificate info - set_fact: + ansible.builtin.set_fact: result: >- {{ 'foo' | community.crypto.x509_certificate_info(name_encoding=[]) }} ignore_errors: true register: output - name: Check that task failed and error message is OK - assert: + ansible.builtin.assert: that: - output is failed - output.msg is search("The name_encoding option must be of a text type, not ") - name: Get invalid name_encoding parameter - set_fact: + ansible.builtin.set_fact: result: >- {{ 'bar' | community.crypto.x509_certificate_info(name_encoding='foo') }} ignore_errors: true register: output - name: Check that task failed and error message is OK - assert: + ansible.builtin.assert: that: - output is failed - output.msg is search("The name_encoding option must be one of the values \"ignore\", \"idna\", or \"unicode\", not \"foo\"$") diff --git a/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml b/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml index 703c3b79..4763262f 100644 --- a/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml +++ b/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml @@ -9,24 +9,24 @@ #################################################################### - name: Make sure the Python idna library is installed - pip: + ansible.builtin.pip: name: idna state: present - name: Generate privatekey - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size_certificates }}' - name: Generate privatekey with password - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 select_crypto_backend: cryptography size: '{{ default_rsa_key_size_certificates }}' - name: Generate CSR 1 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_1.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -96,7 +96,7 @@ - "IP:1.2.3.4" - name: Generate CSR 2 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_2.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: hunter2 @@ -105,7 +105,7 @@ - "CA:TRUE" - name: Generate CSR 3 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_3.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' useCommonNameForSAN: false @@ -123,14 +123,14 @@ - "IP:1.2.3.4" - name: Generate CSR 4 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_4.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' useCommonNameForSAN: false authority_key_identifier: "44:55:66:77" - name: Generate selfsigned certificates - x509_certificate: + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert_{{ item }}.pem' csr_path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -145,5 +145,5 @@ - 4 - name: Running tests - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/filter_x509_crl_info/tasks/impl.yml b/tests/integration/targets/filter_x509_crl_info/tasks/impl.yml index 9b949ab1..98f77fcb 100644 --- a/tests/integration/targets/filter_x509_crl_info/tasks/impl.yml +++ b/tests/integration/targets/filter_x509_crl_info/tasks/impl.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Create CRL 1 - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: @@ -23,17 +23,17 @@ revocation_date: 20191001000000Z - name: Retrieve CRL 1 infos - set_fact: + ansible.builtin.set_fact: crl_1_info_1: >- {{ lookup('file', remote_tmp_dir ~ '/ca-crl1.crl') | community.crypto.x509_crl_info }} - name: Retrieve CRL 1 infos - set_fact: + ansible.builtin.set_fact: crl_1_info_2: >- {{ lookup('file', remote_tmp_dir ~ '/ca-crl1.crl') | b64encode | community.crypto.x509_crl_info }} - name: Validate CRL 1 info - assert: + ansible.builtin.assert: that: - crl_1_info_1.format == 'pem' - crl_1_info_1.digest == 'ecdsa-with-SHA256' @@ -70,7 +70,7 @@ - crl_1_info_1 == crl_1_info_2 - name: Recreate CRL 1 as DER file - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' format: der @@ -90,22 +90,22 @@ revocation_date: 20191001000000Z - name: Read ca-crl1.crl - slurp: + ansible.builtin.slurp: src: "{{ remote_tmp_dir }}/ca-crl1.crl" register: content - name: Retrieve CRL 1 infos from DER (Base64 encoded) - set_fact: + ansible.builtin.set_fact: crl_1_info_5: >- {{ content.content | community.crypto.x509_crl_info }} - name: Validate CRL 1 - assert: + ansible.builtin.assert: that: - crl_1_info_5.format == 'der' - name: Create CRL 2 - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: @@ -126,12 +126,12 @@ register: crl_2_change - name: Retrieve CRL 2 infos - set_fact: + ansible.builtin.set_fact: crl_2_info_1: >- {{ lookup('file', remote_tmp_dir ~ '/ca-crl2.crl') | community.crypto.x509_crl_info(list_revoked_certificates=false) }} - name: Create CRL 2 (changed order) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: @@ -152,12 +152,12 @@ register: crl_2_change_order - name: Retrieve CRL 2 infos again - set_fact: + ansible.builtin.set_fact: crl_2_info_2: >- {{ lookup('file', remote_tmp_dir ~ '/ca-crl2.crl') | community.crypto.x509_crl_info(list_revoked_certificates=false) }} - name: Validate CRL 2 info - assert: + ansible.builtin.assert: that: - "'revoked_certificates' not in crl_2_info_1" - > @@ -176,7 +176,7 @@ ] - name: Create CRL 3 - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl3.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: @@ -199,7 +199,7 @@ register: crl_3 - name: Create CRL 3 (IDNA encoding) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl3.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: @@ -224,7 +224,7 @@ register: crl_3_idna - name: Create CRL 3 (Unicode encoding) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl3.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: @@ -249,7 +249,7 @@ register: crl_3_unicode - name: Retrieve CRL 3 infos - set_fact: + ansible.builtin.set_fact: crl_3_info: >- {{ lookup('file', remote_tmp_dir ~ '/ca-crl3.crl') | community.crypto.x509_crl_info(list_revoked_certificates=true) }} crl_3_info_idna: >- @@ -258,73 +258,73 @@ {{ lookup('file', remote_tmp_dir ~ '/ca-crl3.crl') | community.crypto.x509_crl_info(list_revoked_certificates=true, name_encoding='unicode') }} - name: Validate CRL 3 info - assert: + ansible.builtin.assert: that: - crl_3.revoked_certificates == crl_3_info.revoked_certificates - crl_3_idna.revoked_certificates == crl_3_info_idna.revoked_certificates - crl_3_unicode.revoked_certificates == crl_3_info_unicode.revoked_certificates - name: Get invalid CRL info - set_fact: + ansible.builtin.set_fact: result: >- {{ [] | community.crypto.x509_crl_info }} ignore_errors: true register: output - name: Check that task failed and error message is OK - assert: + ansible.builtin.assert: that: - output is failed - output.msg is search("The community.crypto.x509_crl_info input must be a text type, not ") - name: Get invalid CRL info - set_fact: + ansible.builtin.set_fact: result: >- {{ 'foo' | community.crypto.x509_crl_info }} ignore_errors: true register: output - name: Check that task failed and error message is OK - assert: + ansible.builtin.assert: that: - output is failed - output.msg is search("Error while decoding CRL") - name: Get invalid CRL info - set_fact: + ansible.builtin.set_fact: result: >- {{ 'foo' | community.crypto.x509_crl_info(name_encoding=[]) }} ignore_errors: true register: output - name: Check that task failed and error message is OK - assert: + ansible.builtin.assert: that: - output is failed - output.msg is search("The name_encoding option must be of a text type, not ") - name: Get invalid name_encoding parameter - set_fact: + ansible.builtin.set_fact: result: >- {{ 'bar' | community.crypto.x509_crl_info(name_encoding='foo') }} ignore_errors: true register: output - name: Check that task failed and error message is OK - assert: + ansible.builtin.assert: that: - output is failed - output.msg is search("The name_encoding option must be one of the values \"ignore\", \"idna\", or \"unicode\", not \"foo\"$") - name: Get invalid list_revoked_certificates parameter - set_fact: + ansible.builtin.set_fact: result: >- {{ 'bar' | community.crypto.x509_crl_info(list_revoked_certificates=[]) }} ignore_errors: true register: output - name: Check that task failed and error message is OK - assert: + ansible.builtin.assert: that: - output is failed - output.msg is search("The list_revoked_certificates option must be a boolean, not ") diff --git a/tests/integration/targets/filter_x509_crl_info/tasks/main.yml b/tests/integration/targets/filter_x509_crl_info/tasks/main.yml index e38931b4..54dc366a 100644 --- a/tests/integration/targets/filter_x509_crl_info/tasks/main.yml +++ b/tests/integration/targets/filter_x509_crl_info/tasks/main.yml @@ -9,11 +9,11 @@ #################################################################### - name: Make sure the Python idna library is installed - pip: + ansible.builtin.pip: name: idna state: present -- set_fact: +- ansible.builtin.set_fact: certificates: - name: ca subject: @@ -39,14 +39,14 @@ - DNS:b64.ansible.com - name: Generate private keys - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/{{ item.name }}.key' type: ECC curve: secp256r1 loop: "{{ certificates }}" - name: Generate CSRs - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/{{ item.name }}.csr' privatekey_path: '{{ remote_tmp_dir }}/{{ item.name }}.key' subject: "{{ item.subject | default(omit) }}" @@ -56,7 +56,7 @@ loop: "{{ certificates }}" - name: Generate CA certificates - x509_certificate: + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/{{ item.name }}.pem' csr_path: '{{ remote_tmp_dir }}/{{ item.name }}.csr' privatekey_path: '{{ remote_tmp_dir }}/{{ item.name }}.key' @@ -65,7 +65,7 @@ when: item.is_ca | default(false) - name: Generate other certificates - x509_certificate: + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/{{ item.name }}.pem' csr_path: '{{ remote_tmp_dir }}/{{ item.name }}.csr' provider: ownca @@ -75,7 +75,7 @@ when: not (item.is_ca | default(false)) - name: Get certificate infos - x509_certificate_info: + community.crypto.x509_certificate_info: path: '{{ remote_tmp_dir }}/{{ item }}.pem' loop: - cert-1 @@ -86,6 +86,6 @@ - block: - name: Running tests - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/get_certificate/tasks/main.yml b/tests/integration/targets/get_certificate/tasks/main.yml index 8c5da1f8..046123b4 100644 --- a/tests/integration/targets/get_certificate/tasks/main.yml +++ b/tests/integration/targets/get_certificate/tasks/main.yml @@ -8,7 +8,7 @@ # and should not be used as examples of how to write Ansible roles # #################################################################### -- set_fact: +- ansible.builtin.set_fact: skip_tests: false has_get_certificate_chain: >- {{ ansible_facts.python_version is version('3.10.0', '>=') }} @@ -16,14 +16,14 @@ - block: - name: Get servers certificate with backend auto-detection - get_certificate: + community.crypto.get_certificate: host: "{{ httpbin_host }}" port: 443 asn1_base64: "{{ true if ansible_version.full is version('2.18', '>=') else omit }}" ignore_errors: true register: result - - set_fact: + - ansible.builtin.set_fact: skip_tests: | {{ result is failed and ( @@ -33,7 +33,7 @@ ) }} - - assert: + - ansible.builtin.assert: that: - result is success or skip_tests @@ -41,7 +41,7 @@ - block: - - include_tasks: ../tests/validate.yml + - ansible.builtin.include_tasks: ../tests/validate.yml vars: select_crypto_backend: cryptography diff --git a/tests/integration/targets/get_certificate/tests/validate.yml b/tests/integration/targets/get_certificate/tests/validate.yml index deec3fa1..55da9de0 100644 --- a/tests/integration/targets/get_certificate/tests/validate.yml +++ b/tests/integration/targets/get_certificate/tests/validate.yml @@ -4,16 +4,16 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Get servers certificate for SNI test part 1 - get_certificate: + community.crypto.get_certificate: host: "{{ httpbin_host }}" port: 443 server_name: "{{ sni_host }}" asn1_base64: true register: result -- debug: var=result +- ansible.builtin.debug: var=result -- assert: +- ansible.builtin.assert: that: # This module should never change anything - result is not changed @@ -22,16 +22,16 @@ - "'{{ sni_host }}' == result.subject.CN" - name: Get servers certificate for SNI test part 2 - get_certificate: + community.crypto.get_certificate: host: "{{ sni_host }}" port: 443 server_name: "{{ httpbin_host }}" asn1_base64: true register: result -- debug: var=result +- ansible.builtin.debug: var=result -- assert: +- ansible.builtin.assert: that: # This module should never change anything - result is not changed @@ -40,16 +40,16 @@ - "'{{ httpbin_host }}' == result.subject.CN" - name: Get servers certificate - get_certificate: + community.crypto.get_certificate: host: "{{ httpbin_host }}" port: 443 select_crypto_backend: "{{ select_crypto_backend }}" asn1_base64: true register: result -- debug: var=result +- ansible.builtin.debug: var=result -- assert: +- ansible.builtin.assert: that: # This module should never change anything - result is not changed @@ -58,7 +58,7 @@ - "'North Carolina' == result.subject.ST" - name: Connect to http port (will fail because there is no SSL cert to get) - get_certificate: + community.crypto.get_certificate: host: "{{ httpbin_host }}" port: 80 select_crypto_backend: "{{ select_crypto_backend }}" @@ -66,7 +66,7 @@ register: result ignore_errors: true -- assert: +- ansible.builtin.assert: that: - result is not changed - result is failed @@ -78,7 +78,7 @@ or 'record layer failure' in result.msg - name: Test timeout option - get_certificate: + community.crypto.get_certificate: host: "{{ httpbin_host }}" port: 1234 timeout: 1 @@ -87,7 +87,7 @@ register: result ignore_errors: true -- assert: +- ansible.builtin.assert: that: - result is not changed - result is failed @@ -95,7 +95,7 @@ - "'Failed to get cert from port with error: timed out' == result.msg or 'Connection refused' in result.msg" - name: Test failure if ca_cert is not a valid file - get_certificate: + community.crypto.get_certificate: host: "{{ httpbin_host }}" port: 443 ca_cert: dn.e @@ -104,7 +104,7 @@ register: result ignore_errors: true -- assert: +- ansible.builtin.assert: that: - result is not changed - result is failed @@ -112,12 +112,12 @@ - "'ca_cert file does not exist' == result.msg" - name: Download CA Cert as pem from server - get_url: + ansible.builtin.get_url: url: "http://ansible.http.tests/cacert.pem" dest: "{{ remote_tmp_dir }}/temp.pem" - name: Get servers certificate comparing it to its own ca_cert file - get_certificate: + community.crypto.get_certificate: ca_cert: '{{ remote_tmp_dir }}/temp.pem' host: "{{ httpbin_host }}" port: 443 @@ -126,19 +126,19 @@ get_certificate_chain: "{{ has_get_certificate_chain }}" register: result -- assert: +- ansible.builtin.assert: that: - result is not changed - result is not failed - name: Read CA cert - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/temp.pem' register: cacert when: has_get_certificate_chain - name: Validate get_certificate_chain=true results - assert: + ansible.builtin.assert: that: - result.verified_chain is sequence - result.unverified_chain is sequence @@ -149,20 +149,20 @@ when: has_get_certificate_chain - name: Validate get_certificate_chain=false results - assert: + ansible.builtin.assert: that: - result.verified_chain is undefined - result.unverified_chain is undefined when: not has_get_certificate_chain - name: Generate bogus CA privatekey - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/bogus_ca.key' type: ECC curve: secp256r1 - name: Generate bogus CA CSR - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/bogus_ca.csr' privatekey_path: '{{ remote_tmp_dir }}/bogus_ca.key' subject: @@ -173,7 +173,7 @@ basic_constraints_critical: true - name: Generate selfsigned bogus CA certificate - x509_certificate: + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/bogus_ca.pem' csr_path: '{{ remote_tmp_dir }}/bogus_ca.csr' privatekey_path: '{{ remote_tmp_dir }}/bogus_ca.key' @@ -181,7 +181,7 @@ selfsigned_digest: sha256 - name: Get servers certificate comparing it to an invalid ca_cert file - get_certificate: + community.crypto.get_certificate: ca_cert: '{{ remote_tmp_dir }}/bogus_ca.pem' host: "{{ httpbin_host }}" port: 443 @@ -190,7 +190,7 @@ register: result ignore_errors: true -- assert: +- ansible.builtin.assert: that: - result is not changed - result is failed diff --git a/tests/integration/targets/luks_device/tasks/main.yml b/tests/integration/targets/luks_device/tasks/main.yml index 516499f6..3c0964d2 100644 --- a/tests/integration/targets/luks_device/tasks/main.yml +++ b/tests/integration/targets/luks_device/tasks/main.yml @@ -9,7 +9,7 @@ #################################################################### - name: Copy keyfiles - copy: + ansible.builtin.copy: src: '{{ item }}' dest: '{{ remote_tmp_dir }}/{{ item }}' loop: @@ -17,7 +17,7 @@ - keyfile2 - name: Include OS-specific variables - include_vars: '{{ lookup("first_found", search) }}' + ansible.builtin.include_vars: '{{ lookup("first_found", search) }}' vars: search: files: @@ -30,62 +30,62 @@ - vars - name: Make sure cryptsetup is installed - package: + ansible.builtin.package: name: '{{ cryptsetup_package }}' state: present become: true - name: Install additionally required packages - package: + ansible.builtin.package: name: '{{ luks_extra_packages }}' state: present become: true when: luks_extra_packages | length > 0 - name: Determine cryptsetup version - command: cryptsetup --version + ansible.builtin.command: cryptsetup --version register: cryptsetup_version - name: Extract cryptsetup version - set_fact: + ansible.builtin.set_fact: cryptsetup_version: >- {{ cryptsetup_version.stdout_lines[0] | regex_search('cryptsetup ([0-9]+\.[0-9]+\.[0-9]+)') | split | last }} - name: Create cryptfile - command: dd if=/dev/zero of={{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile bs=1M count=32 + ansible.builtin.command: dd if=/dev/zero of={{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile bs=1M count=32 - name: Figure out next loopback device - command: losetup -f + ansible.builtin.command: losetup -f become: true register: cryptfile_device_output - name: Create lookback device - command: losetup -f {{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile + ansible.builtin.command: losetup -f {{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile become: true - name: Store some common data for tests - set_fact: + ansible.builtin.set_fact: cryptfile_device: "{{ cryptfile_device_output.stdout_lines[0] }}" cryptfile_passphrase1: "uNiJ9vKG2mUOEWDiQVuBHJlfMHE" cryptfile_passphrase2: "HW4Ak2HtE2vvne0qjJMPTtmbV4M" cryptfile_passphrase3: "qQJqsjabO9pItV792k90VvX84MM" - block: - - include_tasks: run-test.yml + - ansible.builtin.include_tasks: run-test.yml with_fileglob: - "tests/*.yml" always: - name: Make sure LUKS device is gone - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: absent become: true ignore_errors: true - - command: losetup -d "{{ cryptfile_device }}" + - ansible.builtin.command: losetup -d "{{ cryptfile_device }}" become: true - - file: + - ansible.builtin.file: dest: "{{ remote_tmp_dir.replace('~', ansible_env.HOME) }}/cryptfile" state: absent diff --git a/tests/integration/targets/luks_device/tasks/run-test.yml b/tests/integration/targets/luks_device/tasks/run-test.yml index eff7ac73..3fcdfa37 100644 --- a/tests/integration/targets/luks_device/tasks/run-test.yml +++ b/tests/integration/targets/luks_device/tasks/run-test.yml @@ -4,9 +4,9 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Make sure LUKS device is gone - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: absent become: true - name: "Loading tasks from {{ item }}" - include_tasks: "{{ item }}" + ansible.builtin.include_tasks: "{{ item }}" diff --git a/tests/integration/targets/luks_device/tasks/tests/create-destroy.yml b/tests/integration/targets/luks_device/tasks/tests/create-destroy.yml index ab95a43e..aeb57605 100644 --- a/tests/integration/targets/luks_device/tasks/tests/create-destroy.yml +++ b/tests/integration/targets/luks_device/tasks/tests/create-destroy.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Create (check) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -14,7 +14,7 @@ become: true register: create_check - name: Create - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -23,7 +23,7 @@ become: true register: create - name: Create (idempotent) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -32,7 +32,7 @@ become: true register: create_idem - name: Create (idempotent, check) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -41,7 +41,7 @@ check_mode: true become: true register: create_idem_check -- assert: +- ansible.builtin.assert: that: - create_check is changed - create is changed @@ -49,7 +49,7 @@ - create_idem_check is not changed - name: Open (check) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -57,28 +57,28 @@ become: true register: open_check - name: Open - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" become: true register: open - name: Open (idempotent) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" become: true register: open_idem - name: Open (idempotent, check) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" check_mode: true become: true register: open_idem_check -- assert: +- ansible.builtin.assert: that: - open_check is changed - open is changed @@ -86,32 +86,32 @@ - open_idem_check is not changed - name: Closed (via name, check) - luks_device: + community.crypto.luks_device: name: "{{ open.name }}" state: closed check_mode: true become: true register: close_check - name: Closed (via name) - luks_device: + community.crypto.luks_device: name: "{{ open.name }}" state: closed become: true register: close - name: Closed (via name, idempotent) - luks_device: + community.crypto.luks_device: name: "{{ open.name }}" state: closed become: true register: close_idem - name: Closed (via name, idempotent, check) - luks_device: + community.crypto.luks_device: name: "{{ open.name }}" state: closed check_mode: true become: true register: close_idem_check -- assert: +- ansible.builtin.assert: that: - close_check is changed - close is changed @@ -119,39 +119,39 @@ - close_idem_check is not changed - name: Re-open - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" become: true - name: Closed (via device, check) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed check_mode: true become: true register: close_check - name: Closed (via device) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed become: true register: close - name: Closed (via device, idempotent) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed become: true register: close_idem - name: Closed (via device, idempotent, check) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed check_mode: true become: true register: close_idem_check -- assert: +- ansible.builtin.assert: that: - close_check is changed - close is changed @@ -159,39 +159,39 @@ - close_idem_check is not changed - name: Re-opened - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" become: true - name: Absent (check) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: absent check_mode: true become: true register: absent_check - name: Absent - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: absent become: true register: absent - name: Absent (idempotence) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: absent become: true register: absent_idem - name: Absent (idempotence, check) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: absent check_mode: true become: true register: absent_idem_check -- assert: +- ansible.builtin.assert: that: - absent_check is changed - absent is changed diff --git a/tests/integration/targets/luks_device/tasks/tests/cryptname.yml b/tests/integration/targets/luks_device/tasks/tests/cryptname.yml index 2db304e8..94ff10f2 100644 --- a/tests/integration/targets/luks_device/tasks/tests/cryptname.yml +++ b/tests/integration/targets/luks_device/tasks/tests/cryptname.yml @@ -4,11 +4,11 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Fix name - set_fact: + ansible.builtin.set_fact: cryptname: "crypt{{ '%0x' % ((2**32) | random) }}" - name: Create - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" name: "{{ cryptname }}" state: present @@ -18,7 +18,7 @@ become: true register: create - name: Open - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" name: "{{ cryptname }}" state: opened @@ -26,7 +26,7 @@ become: true register: open - name: Open (idempotent) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" name: "{{ cryptname }}" state: opened @@ -34,25 +34,25 @@ become: true register: open_idem - name: Closed (via name) - luks_device: + community.crypto.luks_device: name: "{{ cryptname }}" state: closed become: true register: close - name: Closed (via name, idempotent) - luks_device: + community.crypto.luks_device: name: "{{ cryptname }}" state: closed become: true register: close_idem - name: Absent - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" name: "{{ cryptname }}" state: absent become: true register: absent -- assert: +- ansible.builtin.assert: that: - create is changed - open is changed diff --git a/tests/integration/targets/luks_device/tasks/tests/device-check.yml b/tests/integration/targets/luks_device/tasks/tests/device-check.yml index e6f8a6a1..316e15a5 100644 --- a/tests/integration/targets/luks_device/tasks/tests/device-check.yml +++ b/tests/integration/targets/luks_device/tasks/tests/device-check.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Create with invalid device name (check) - luks_device: + community.crypto.luks_device: device: /dev/asdfasdfasdf state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -15,7 +15,7 @@ become: true register: create_check - name: Create with invalid device name - luks_device: + community.crypto.luks_device: device: /dev/asdfasdfasdf state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -24,7 +24,7 @@ ignore_errors: true become: true register: create -- assert: +- ansible.builtin.assert: that: - create_check is failed - create is failed @@ -32,7 +32,7 @@ - "'o such file or directory' in create.msg" - name: Create with something which is not a device (check) - luks_device: + community.crypto.luks_device: device: /tmp/ state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -43,7 +43,7 @@ become: true register: create_check - name: Create with something which is not a device - luks_device: + community.crypto.luks_device: device: /tmp/ state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -52,7 +52,7 @@ ignore_errors: true become: true register: create -- assert: +- ansible.builtin.assert: that: - create_check is failed - create is failed diff --git a/tests/integration/targets/luks_device/tasks/tests/key-management.yml b/tests/integration/targets/luks_device/tasks/tests/key-management.yml index 8d85fd49..9a5d31ab 100644 --- a/tests/integration/targets/luks_device/tasks/tests/key-management.yml +++ b/tests/integration/targets/luks_device/tasks/tests/key-management.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Create with keyfile1 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -15,36 +15,36 @@ # Access: keyfile1 - name: Try to open with keyfile1 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is not failed - name: Close - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed become: true - name: Try to open with keyfile2 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile2" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is failed - name: Give access to keyfile2 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -55,7 +55,7 @@ register: result_1 - name: Give access to keyfile2 (idempotent) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -63,7 +63,7 @@ become: true register: result_2 -- assert: +- ansible.builtin.assert: that: - result_1 is changed - result_2 is not changed @@ -71,28 +71,28 @@ # Access: keyfile1 and keyfile2 - name: Try to open with keyfile2 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile2" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is not failed - name: Close - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed become: true - name: Dump LUKS header - command: "cryptsetup luksDump {{ cryptfile_device }}" + ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}" become: true - name: Remove access from keyfile1 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -101,7 +101,7 @@ register: result_1 - name: Remove access from keyfile1 (idempotent) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -109,7 +109,7 @@ become: true register: result_2 -- assert: +- ansible.builtin.assert: that: - result_1 is changed - result_2 is not changed @@ -117,40 +117,40 @@ # Access: keyfile2 - name: Try to open with keyfile1 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is failed - name: Try to open with keyfile2 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile2" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is not failed - name: Close - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed become: true - name: Dump LUKS header - command: "cryptsetup luksDump {{ cryptfile_device }}" + ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}" become: true - name: Remove access from keyfile2 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed keyfile: "{{ remote_tmp_dir }}/keyfile2" @@ -158,7 +158,7 @@ become: true ignore_errors: true register: remove_last_key -- assert: +- ansible.builtin.assert: that: - remove_last_key is failed - "'force_remove_last_key' in remove_last_key.msg" @@ -166,24 +166,24 @@ # Access: keyfile2 - name: Try to open with keyfile2 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile2" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is not failed - name: Close - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed become: true - name: Remove access from keyfile2 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed keyfile: "{{ remote_tmp_dir }}/keyfile2" @@ -194,13 +194,13 @@ # Access: none - name: Try to open with keyfile2 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile2" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is failed diff --git a/tests/integration/targets/luks_device/tasks/tests/keyfile_binary_nocopy.yml b/tests/integration/targets/luks_device/tasks/tests/keyfile_binary_nocopy.yml index d74fa993..77fabb40 100644 --- a/tests/integration/targets/luks_device/tasks/tests/keyfile_binary_nocopy.yml +++ b/tests/integration/targets/luks_device/tasks/tests/keyfile_binary_nocopy.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Create with keyfile3 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed passphrase: "{{ keyfile3 }}" @@ -21,7 +21,7 @@ register: create_passphrase_1 - name: Create with keyfile3 (without argon2i) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed passphrase: "{{ keyfile3 }}" @@ -32,7 +32,7 @@ when: create_passphrase_1 is failed - name: Open with keyfile3 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened passphrase: "{{ keyfile3 }}" @@ -40,29 +40,29 @@ become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is not failed - name: Close - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed become: true - name: Try to open with passphrase1 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened passphrase: "{{ cryptfile_passphrase1 }}" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is failed - name: Give access to passphrase1 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed passphrase: "{{ keyfile3 }}" @@ -73,7 +73,7 @@ become: true - name: Remove access for keyfile3 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed remove_passphrase: "{{ keyfile3 }}" @@ -81,25 +81,25 @@ become: true - name: Try to open with keyfile3 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened passphrase: "{{ keyfile3 }}" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is failed - name: Open with passphrase1 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened passphrase: "{{ cryptfile_passphrase1 }}" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is not failed diff --git a/tests/integration/targets/luks_device/tasks/tests/keyslot-create-destroy.yml b/tests/integration/targets/luks_device/tasks/tests/keyslot-create-destroy.yml index b2230a13..6f7d0633 100644 --- a/tests/integration/targets/luks_device/tasks/tests/keyslot-create-destroy.yml +++ b/tests/integration/targets/luks_device/tasks/tests/keyslot-create-destroy.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Create luks with keyslot 4 (check) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -15,7 +15,7 @@ become: true register: create_luks_slot4_check - name: Create luks with keyslot 4 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -25,7 +25,7 @@ become: true register: create_luks_slot4 - name: Create luks with keyslot 4 (idempotent) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -35,7 +35,7 @@ become: true register: create_luks_slot4_idem - name: Create luks with keyslot 4 (idempotent, check) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -46,10 +46,10 @@ become: true register: create_luks_slot4_idem_check - name: Dump luks header - command: "cryptsetup luksDump {{ cryptfile_device }}" + ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}" become: true register: luks_header_slot4 -- assert: +- ansible.builtin.assert: that: - create_luks_slot4_check is changed - create_luks_slot4 is changed @@ -58,7 +58,7 @@ - "'Key Slot 4: ENABLED' in luks_header_slot4.stdout or '4: luks2' in luks_header_slot4.stdout" - name: Add key in slot 2 (check) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -70,7 +70,7 @@ become: true register: add_luks_slot2_check - name: Add key in slot 2 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -81,7 +81,7 @@ become: true register: add_luks_slot2 - name: Add key in slot 2 (idempotent) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -92,7 +92,7 @@ become: true register: add_luks_slot2_idem - name: Add key in slot 2 (idempotent, check) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -104,10 +104,10 @@ become: true register: add_luks_slot2_idem_check - name: Dump luks header - command: "cryptsetup luksDump {{ cryptfile_device }}" + ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}" become: true register: luks_header_slot2 -- assert: +- ansible.builtin.assert: that: - add_luks_slot2_check is changed - add_luks_slot2 is changed @@ -116,27 +116,27 @@ - "'Key Slot 2: ENABLED' in luks_header_slot2.stdout or '2: luks2' in luks_header_slot2.stdout" - name: Check remove slot 4 without key - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" remove_keyslot: 4 ignore_errors: true become: true register: kill_slot4_nokey - name: Check remove slot 4 with slot 4 key - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" remove_keyslot: 4 keyfile: "{{ remote_tmp_dir }}/keyfile1" ignore_errors: true become: true register: kill_slot4_key_slot4 -- assert: +- ansible.builtin.assert: that: - kill_slot4_nokey is failed - kill_slot4_key_slot4 is failed - name: Remove key in slot 4 (check) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" keyfile: "{{ remote_tmp_dir }}/keyfile2" remove_keyslot: 4 @@ -144,21 +144,21 @@ become: true register: kill_luks_slot4_check - name: Remove key in slot 4 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" keyfile: "{{ remote_tmp_dir }}/keyfile2" remove_keyslot: 4 become: true register: kill_luks_slot4 - name: Remove key in slot 4 (idempotent) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" keyfile: "{{ remote_tmp_dir }}/keyfile2" remove_keyslot: 4 become: true register: kill_luks_slot4_idem - name: Remove key in slot 4 (idempotent) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" keyfile: "{{ remote_tmp_dir }}/keyfile2" remove_keyslot: 4 @@ -166,10 +166,10 @@ become: true register: kill_luks_slot4_idem_check - name: Dump luks header - command: "cryptsetup luksDump {{ cryptfile_device }}" + ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}" become: true register: luks_header_slot4_removed -- assert: +- ansible.builtin.assert: that: - kill_luks_slot4_check is changed - kill_luks_slot4 is changed @@ -178,7 +178,7 @@ - "'Key Slot 4: DISABLED' in luks_header_slot4_removed.stdout or not '4: luks' in luks_header_slot4_removed.stdout" - name: Add key in slot 0 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile2" @@ -189,17 +189,17 @@ become: true register: add_luks_slot0 - name: Remove key in slot 0 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" keyfile: "{{ remote_tmp_dir }}/keyfile2" remove_keyslot: 0 become: true register: kill_luks_slot0 - name: Dump luks header - command: "cryptsetup luksDump {{ cryptfile_device }}" + ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}" become: true register: luks_header_slot0_removed -- assert: +- ansible.builtin.assert: that: - add_luks_slot0 is changed - kill_luks_slot0 is changed diff --git a/tests/integration/targets/luks_device/tasks/tests/keyslot-duplicate.yml b/tests/integration/targets/luks_device/tasks/tests/keyslot-duplicate.yml index fedc77de..59da495a 100644 --- a/tests/integration/targets/luks_device/tasks/tests/keyslot-duplicate.yml +++ b/tests/integration/targets/luks_device/tasks/tests/keyslot-duplicate.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Create new luks - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -12,7 +12,7 @@ iteration_time: 0.1 become: true - name: Add new keyslot with same keyfile (check) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present new_keyslot: 1 @@ -23,7 +23,7 @@ check_mode: true register: keyslot_duplicate_check - name: Add new keyslot with same keyfile - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present new_keyslot: 1 @@ -32,7 +32,7 @@ become: true ignore_errors: true register: keyslot_duplicate -- assert: +- ansible.builtin.assert: that: - keyslot_duplicate_check is failed - "'Trying to add key that is already present in another slot' in keyslot_duplicate_check.msg" diff --git a/tests/integration/targets/luks_device/tasks/tests/keyslot-options.yml b/tests/integration/targets/luks_device/tasks/tests/keyslot-options.yml index 2b40bded..dac13094 100644 --- a/tests/integration/targets/luks_device/tasks/tests/keyslot-options.yml +++ b/tests/integration/targets/luks_device/tasks/tests/keyslot-options.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Check invalid slot (luks1, 8) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present type: luks1 @@ -16,7 +16,7 @@ become: true register: create_luks1_slot8 - name: Check invalid slot (luks2, 32) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present type: luks2 @@ -28,7 +28,7 @@ become: true register: create_luks2_slot32 - name: Check invalid slot (no luks type, 8) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -38,14 +38,14 @@ ignore_errors: true become: true register: create_luks_slot8 -- assert: +- ansible.builtin.assert: that: - create_luks1_slot8 is failed - create_luks2_slot32 is failed - create_luks_slot8 is failed - name: Check valid slot (luks2, 8) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present type: luks2 @@ -57,12 +57,12 @@ ignore_errors: true register: create_luks2_slot8 - name: Make sure that the previous task only fails if LUKS2 is not supported - assert: + ansible.builtin.assert: that: - "'Unknown option --type' in create_luks2_slot8.msg" when: create_luks2_slot8 is failed - name: Check add valid slot (no luks type, 10) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -73,7 +73,7 @@ become: true register: create_luks_slot10 when: create_luks2_slot8 is changed -- assert: +- ansible.builtin.assert: that: - create_luks_slot10 is changed when: create_luks2_slot8 is changed \ No newline at end of file diff --git a/tests/integration/targets/luks_device/tasks/tests/options.yml b/tests/integration/targets/luks_device/tasks/tests/options.yml index 64df0951..eab8d5a9 100644 --- a/tests/integration/targets/luks_device/tasks/tests/options.yml +++ b/tests/integration/targets/luks_device/tasks/tests/options.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Create with keysize - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -15,7 +15,7 @@ become: true register: create_with_keysize - name: Create with keysize (idempotent) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -26,7 +26,7 @@ become: true register: create_idem_with_keysize - name: Create with different keysize (idempotent since we do not update keysize) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -37,7 +37,7 @@ become: true register: create_idem_with_diff_keysize - name: Create with ambiguous arguments - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -49,7 +49,7 @@ become: true register: create_with_ambiguous -- assert: +- ansible.builtin.assert: that: - create_with_keysize is changed - create_idem_with_keysize is not changed diff --git a/tests/integration/targets/luks_device/tasks/tests/passphrase.yml b/tests/integration/targets/luks_device/tasks/tests/passphrase.yml index 244900fa..60611f73 100644 --- a/tests/integration/targets/luks_device/tasks/tests/passphrase.yml +++ b/tests/integration/targets/luks_device/tasks/tests/passphrase.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Create with passphrase1 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed passphrase: "{{ cryptfile_passphrase1 }}" @@ -20,13 +20,13 @@ register: create_passphrase_1 - name: Make sure that the previous task only fails if LUKS2 is not supported - assert: + ansible.builtin.assert: that: - "'Unknown option --type' in create_passphrase_1.msg" when: create_passphrase_1 is failed - name: Create with passphrase1 (without argon2i) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed passphrase: "{{ cryptfile_passphrase1 }}" @@ -36,7 +36,7 @@ when: create_passphrase_1 is failed - name: Open with passphrase1 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened # Encode passphrase with Base64 to test passphrase_encoding @@ -45,17 +45,17 @@ become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is not failed - name: Close - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed become: true - name: Give access with ambiguous new_ arguments - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed passphrase: "{{ cryptfile_passphrase1 }}" @@ -66,24 +66,24 @@ become: true ignore_errors: true register: new_try -- assert: +- ansible.builtin.assert: that: - new_try is failed - name: Try to open with passphrase2 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened passphrase: "{{ cryptfile_passphrase2 }}" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is failed - name: Give access to passphrase2 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed passphrase: "{{ cryptfile_passphrase1 }}" @@ -94,7 +94,7 @@ register: result_1 - name: Give access to passphrase2 (idempotent) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed passphrase: "{{ cryptfile_passphrase1 }}" @@ -102,42 +102,42 @@ become: true register: result_2 -- assert: +- ansible.builtin.assert: that: - result_1 is changed - result_2 is not changed - name: Open with passphrase2 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened passphrase: "{{ cryptfile_passphrase2 }}" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is not failed - name: Close - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed become: true - name: Try to open with keyfile1 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is failed - name: Give access to keyfile1 from passphrase1 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed passphrase: "{{ cryptfile_passphrase1 }}" @@ -147,7 +147,7 @@ become: true - name: Remove access with ambiguous remove_ arguments - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed remove_keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -155,29 +155,29 @@ become: true ignore_errors: true register: remove_try -- assert: +- ansible.builtin.assert: that: - remove_try is failed - name: Open with keyfile1 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is not failed - name: Close - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed become: true - name: Remove access for passphrase1 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed remove_passphrase: "{{ cryptfile_passphrase1 }}" @@ -185,44 +185,44 @@ register: result_1 - name: Remove access for passphrase1 (idempotent) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed remove_passphrase: "{{ cryptfile_passphrase1 }}" become: true register: result_2 -- assert: +- ansible.builtin.assert: that: - result_1 is changed - result_2 is not changed - name: Try to open with passphrase1 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened passphrase: "{{ cryptfile_passphrase1 }}" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is failed - name: Try to open with passphrase3 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened passphrase: "{{ cryptfile_passphrase3 }}" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is failed - name: Give access to passphrase3 from keyfile1 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -232,18 +232,18 @@ become: true - name: Open with passphrase3 - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened passphrase: "{{ cryptfile_passphrase3 }}" become: true ignore_errors: true register: open_try -- assert: +- ansible.builtin.assert: that: - open_try is not failed - name: Close - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: closed become: true diff --git a/tests/integration/targets/luks_device/tasks/tests/performance.yml b/tests/integration/targets/luks_device/tasks/tests/performance.yml index d3379bec..11a58511 100644 --- a/tests/integration/targets/luks_device/tasks/tests/performance.yml +++ b/tests/integration/targets/luks_device/tasks/tests/performance.yml @@ -6,7 +6,7 @@ - name: On kernel >= 5.9 use performance flags block: - name: Create and open (check) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -22,7 +22,7 @@ become: true register: create_open_check - name: Create and open - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -37,7 +37,7 @@ become: true register: create_open - name: Create and open (idempotent) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: opened keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -52,7 +52,7 @@ become: true register: create_open_idem - name: Create and open (idempotent, check) - luks_device: + community.crypto.luks_device: device: "{{ cryptfile_device }}" state: present keyfile: "{{ remote_tmp_dir }}/keyfile1" @@ -67,7 +67,7 @@ check_mode: true become: true register: create_open_idem_check - - assert: + - ansible.builtin.assert: that: - create_open_check is changed - create_open is changed @@ -75,10 +75,10 @@ - create_open_idem_check is not changed - name: Dump LUKS Header - command: "cryptsetup luksDump {{ cryptfile_device }}" + ansible.builtin.command: "cryptsetup luksDump {{ cryptfile_device }}" become: true register: luks_header - - assert: + - ansible.builtin.assert: that: - "'no-read-workqueue' in luks_header.stdout" - "'no-write-workqueue' in luks_header.stdout" @@ -87,10 +87,10 @@ - "'allow-discards' in luks_header.stdout" - name: Dump device mapper table - command: "dmsetup table {{ create_open.name }}" + ansible.builtin.command: "dmsetup table {{ create_open.name }}" become: true register: dm_table - - assert: + - ansible.builtin.assert: that: - "'no_read_workqueue' in dm_table.stdout" - "'no_write_workqueue' in dm_table.stdout" @@ -99,7 +99,7 @@ - "'allow_discards' in dm_table.stdout" - name: Closed and Removed - luks_device: + community.crypto.luks_device: name: "{{ cryptfile_device }}" state: absent become: true diff --git a/tests/integration/targets/openssh_cert/tasks/main.yml b/tests/integration/targets/openssh_cert/tasks/main.yml index 94782c95..8cfc5640 100644 --- a/tests/integration/targets/openssh_cert/tasks/main.yml +++ b/tests/integration/targets/openssh_cert/tasks/main.yml @@ -9,39 +9,39 @@ #################################################################### - name: Declare global variables - set_fact: + ansible.builtin.set_fact: signing_key: '{{ remote_tmp_dir }}/id_key' public_key: '{{ remote_tmp_dir }}/id_key.pub' certificate_path: '{{ remote_tmp_dir }}/id_cert' - name: Generate keypair - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ signing_key }}" type: rsa size: 1024 - block: - name: Import idempotency tests - import_tasks: ../tests/idempotency.yml + ansible.builtin.import_tasks: ../tests/idempotency.yml - name: Import key_idempotency tests - import_tasks: ../tests/key_idempotency.yml + ansible.builtin.import_tasks: ../tests/key_idempotency.yml - name: Import options tests - import_tasks: ../tests/options_idempotency.yml + ansible.builtin.import_tasks: ../tests/options_idempotency.yml - name: Import regenerate tests - import_tasks: ../tests/regenerate.yml + ansible.builtin.import_tasks: ../tests/regenerate.yml - name: Import remove tests - import_tasks: ../tests/remove.yml + ansible.builtin.import_tasks: ../tests/remove.yml when: not (ansible_facts['distribution'] == "CentOS" and ansible_facts['distribution_major_version'] == "6") - name: Import ssh-agent tests - import_tasks: ../tests/ssh-agent.yml + ansible.builtin.import_tasks: ../tests/ssh-agent.yml when: openssh_version is version("7.6",">=") - name: Remove keypair - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ signing_key }}" state: absent diff --git a/tests/integration/targets/openssh_cert/tests/idempotency.yml b/tests/integration/targets/openssh_cert/tests/idempotency.yml index b1dd4a65..487fcc56 100644 --- a/tests/integration/targets/openssh_cert/tests/idempotency.yml +++ b/tests/integration/targets/openssh_cert/tests/idempotency.yml @@ -8,7 +8,7 @@ # and should not be used as examples of how to write Ansible roles # #################################################################### -- set_fact: +- ansible.builtin.set_fact: test_cases: - test_name: Generate cert - force option (check_mode) force: true @@ -253,7 +253,7 @@ changed: true - name: Execute idempotency tests - openssh_cert: + community.crypto.openssh_cert: force: "{{ test_case.force | default(omit) }}" identifier: "{{ test_case.identifier | default(omit) }}" options: "{{ test_case.options | default(omit) }}" @@ -275,7 +275,7 @@ loop_var: test_case - name: Assert task statuses - assert: + ansible.builtin.assert: that: - result.changed == test_cases[index].changed loop: "{{ idempotency_test_output.results }}" @@ -284,6 +284,6 @@ loop_var: result - name: Remove certificate - openssh_cert: + community.crypto.openssh_cert: path: "{{ certificate_path }}" state: absent \ No newline at end of file diff --git a/tests/integration/targets/openssh_cert/tests/key_idempotency.yml b/tests/integration/targets/openssh_cert/tests/key_idempotency.yml index df6d9d17..2868bb8e 100644 --- a/tests/integration/targets/openssh_cert/tests/key_idempotency.yml +++ b/tests/integration/targets/openssh_cert/tests/key_idempotency.yml @@ -8,16 +8,16 @@ # and should not be used as examples of how to write Ansible roles # #################################################################### -- set_fact: +- ansible.builtin.set_fact: new_signing_key: "{{ remote_tmp_dir }}/new_key" new_public_key: "{{ remote_tmp_dir }}/new_key.pub" - name: Generate new test key - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ new_signing_key }}" - name: Generate cert with original keys - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -27,7 +27,7 @@ - block: - name: Generate cert with updated signature algorithm - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -38,12 +38,12 @@ register: updated_signature_algorithm - name: Assert signature algorithm update causes change - assert: + ansible.builtin.assert: that: - updated_signature_algorithm is changed - name: Generate cert with updated signature algorithm (idempotent) - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -54,13 +54,13 @@ register: updated_signature_algorithm_idempotent - name: Assert signature algorithm update is idempotent - assert: + ansible.builtin.assert: that: - updated_signature_algorithm_idempotent is not changed - block: - name: Generate cert with original signature algorithm - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -71,7 +71,7 @@ register: second_signature_algorithm - name: Assert second signature algorithm update causes change - assert: + ansible.builtin.assert: that: - second_signature_algorithm is changed # RHEL9, Fedora 41 and Rocky 9 disable the SHA-1 algorithms by default, making this test fail with a 'libcrypt' error. @@ -81,7 +81,7 @@ - not (ansible_facts['distribution'] == "Fedora" and (ansible_facts['distribution_major_version'] | int) >= 41) - name: Omit signature algorithm - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -91,12 +91,12 @@ register: omitted_signature_algorithm - name: Assert omitted_signature_algorithm does not cause change - assert: + ansible.builtin.assert: that: - omitted_signature_algorithm is not changed - name: Revert to original certificate - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -107,7 +107,7 @@ when: openssh_version is version("7.3", ">=") - name: Generate cert with new signing key - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -117,7 +117,7 @@ register: new_signing_key_output - name: Generate cert with new public key - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ new_public_key }}" @@ -127,7 +127,7 @@ register: new_public_key_output - name: Generate cert with new signing key - full idempotency - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -138,7 +138,7 @@ register: new_signing_key_full_idempotency_output - name: Generate cert with new pubic key - full idempotency - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ new_public_key }}" @@ -149,7 +149,7 @@ register: new_public_key_full_idempotency_output - name: Assert changes to public key or signing key results in no change unless idempotency=full - assert: + ansible.builtin.assert: that: - new_signing_key_output is not changed - new_public_key_output is not changed @@ -157,11 +157,11 @@ - new_public_key_full_idempotency_output is changed - name: Remove certificate - openssh_cert: + community.crypto.openssh_cert: path: "{{ certificate_path }}" state: absent - name: Remove new keypair - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ new_signing_key }}" state: absent diff --git a/tests/integration/targets/openssh_cert/tests/options_idempotency.yml b/tests/integration/targets/openssh_cert/tests/options_idempotency.yml index cc7a1d4b..7705511a 100644 --- a/tests/integration/targets/openssh_cert/tests/options_idempotency.yml +++ b/tests/integration/targets/openssh_cert/tests/options_idempotency.yml @@ -9,7 +9,7 @@ #################################################################### - name: Generate cert with no options - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -22,7 +22,7 @@ register: no_options - name: Generate cert with no options with explicit directives - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -39,7 +39,7 @@ register: no_options_explicit_directives - name: Generate cert with explicit extension - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -53,7 +53,7 @@ register: explicit_extension_before - name: Generate cert with explicit extension (idempotency) - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -67,7 +67,7 @@ register: explicit_extension_after - name: Generate cert with explicit extension and corresponding directive - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -81,7 +81,7 @@ register: explicit_extension_and_directive - name: Generate cert with default options - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -92,7 +92,7 @@ register: default_options - name: Generate cert with relative timestamp - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -104,7 +104,7 @@ register: relative_timestamp - name: Generate cert with ignore_timestamp true - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -117,7 +117,7 @@ register: relative_timestamp_true - name: Generate cert with ignore_timestamp false - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -130,7 +130,7 @@ register: relative_timestamp_false - name: Generate cert with ignore_timestamp true - openssh_cert: + community.crypto.openssh_cert: type: user path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -143,7 +143,7 @@ register: relative_timestamp_invalid_at - name: Generate host cert full_idempotence - openssh_cert: + community.crypto.openssh_cert: type: host path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -153,7 +153,7 @@ regenerate: full_idempotence - name: Generate host cert full_idempotence again - openssh_cert: + community.crypto.openssh_cert: type: host path: "{{ certificate_path }}" public_key: "{{ public_key }}" @@ -164,7 +164,7 @@ register: host_cert_full_idempotence - name: Assert options results - assert: + ansible.builtin.assert: that: - no_options is changed - no_options_explicit_directives is not changed @@ -179,6 +179,6 @@ - host_cert_full_idempotence is not changed - name: Remove certificate - openssh_cert: + community.crypto.openssh_cert: path: "{{ certificate_path }}" state: absent diff --git a/tests/integration/targets/openssh_cert/tests/regenerate.yml b/tests/integration/targets/openssh_cert/tests/regenerate.yml index 39fe860d..163ad08c 100644 --- a/tests/integration/targets/openssh_cert/tests/regenerate.yml +++ b/tests/integration/targets/openssh_cert/tests/regenerate.yml @@ -8,7 +8,7 @@ # and should not be used as examples of how to write Ansible roles # #################################################################### -- set_fact: +- ansible.builtin.set_fact: test_cases: - test_name: Generate certificate type: user @@ -104,7 +104,7 @@ changed: true - name: Execute regenerate tests - openssh_cert: + community.crypto.openssh_cert: force: "{{ test_case.force | default(omit) }}" options: "{{ test_case.options | default(omit) }}" path: "{{ test_case.path | default(omit) }}" @@ -126,7 +126,7 @@ loop_var: test_case - name: Assert task statuses - assert: + ansible.builtin.assert: that: - result.changed == test_cases[index].changed loop: "{{ regenerate_tests_output.results }}" @@ -135,6 +135,6 @@ loop_var: result - name: Remove certificate - openssh_cert: + community.crypto.openssh_cert: path: "{{ certificate_path }}" state: absent diff --git a/tests/integration/targets/openssh_cert/tests/remove.yml b/tests/integration/targets/openssh_cert/tests/remove.yml index fcae3513..3dc496f3 100644 --- a/tests/integration/targets/openssh_cert/tests/remove.yml +++ b/tests/integration/targets/openssh_cert/tests/remove.yml @@ -8,7 +8,7 @@ # and should not be used as examples of how to write Ansible roles # #################################################################### -- set_fact: +- ansible.builtin.set_fact: test_cases: - test_name: Generate certificate type: user @@ -38,7 +38,7 @@ changed: false - name: Execute remove tests - openssh_cert: + community.crypto.openssh_cert: options: "{{ test_case.options | default(omit) }}" path: "{{ test_case.path | default(omit) }}" public_key: "{{ test_case.public_key | default(omit) }}" @@ -57,7 +57,7 @@ loop_var: test_case - name: Assert task statuses - assert: + ansible.builtin.assert: that: - result.changed == test_cases[index].changed loop: "{{ remove_test_output.results }}" diff --git a/tests/integration/targets/openssh_cert/tests/ssh-agent.yml b/tests/integration/targets/openssh_cert/tests/ssh-agent.yml index 1db0d218..b40343c4 100644 --- a/tests/integration/targets/openssh_cert/tests/ssh-agent.yml +++ b/tests/integration/targets/openssh_cert/tests/ssh-agent.yml @@ -14,7 +14,7 @@ block: - name: Generate always valid cert using agent without key in agent (should fail) - openssh_cert: + community.crypto.openssh_cert: type: user signing_key: "{{ signing_key }}" public_key: "{{ public_key }}" @@ -26,16 +26,16 @@ ignore_errors: true - name: Make sure cert creation with agent fails if key not in agent - assert: + ansible.builtin.assert: that: - rc_no_key_in_agent is failed - "'agent contains no identities' in rc_no_key_in_agent.msg or 'not found in agent' in rc_no_key_in_agent.msg" - name: Add key to agent - command: 'ssh-add {{ signing_key }}' + ansible.builtin.command: 'ssh-add {{ signing_key }}' - name: Generate always valid cert with agent (check mode) - openssh_cert: + community.crypto.openssh_cert: type: user signing_key: "{{ signing_key }}" public_key: "{{ public_key }}" @@ -46,7 +46,7 @@ check_mode: true - name: Generate always valid cert with agent - openssh_cert: + community.crypto.openssh_cert: type: user signing_key: "{{ signing_key }}" public_key: "{{ public_key }}" @@ -56,7 +56,7 @@ valid_to: forever - name: Generate always valid cert with agent (idempotent) - openssh_cert: + community.crypto.openssh_cert: type: user signing_key: "{{ signing_key }}" public_key: "{{ public_key }}" @@ -67,13 +67,13 @@ register: rc_cert_with_agent_idempotent - name: Check agent idempotency - assert: + ansible.builtin.assert: that: - rc_cert_with_agent_idempotent is not changed msg: OpenSSH certificate generation without serial number is idempotent. - name: Generate always valid cert with agent (idempotent, check mode) - openssh_cert: + community.crypto.openssh_cert: type: user signing_key: "{{ signing_key }}" public_key: "{{ public_key }}" @@ -84,6 +84,6 @@ check_mode: true - name: Remove certificate - openssh_cert: + community.crypto.openssh_cert: state: absent path: '{{ remote_tmp_dir }}/id_cert_with_agent' diff --git a/tests/integration/targets/openssh_keypair/tasks/main.yml b/tests/integration/targets/openssh_keypair/tasks/main.yml index c87c0fe7..cfeaf666 100644 --- a/tests/integration/targets/openssh_keypair/tasks/main.yml +++ b/tests/integration/targets/openssh_keypair/tasks/main.yml @@ -9,42 +9,42 @@ #################################################################### - name: Backend auto-detection test - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/auto_backend_key' state: "{{ item }}" loop: ['present', 'absent'] -- set_fact: +- ansible.builtin.set_fact: backends: ['opensshbin'] -- set_fact: +- ansible.builtin.set_fact: backends: "{{ backends + ['cryptography'] }}" when: cryptography_version is version('3.3', '>=') and bcrypt_version.stdout is version('3.1.5', '>=') -- include_tasks: ../tests/core.yml +- ansible.builtin.include_tasks: ../tests/core.yml loop: "{{ backends }}" loop_control: loop_var: backend -- include_tasks: ../tests/invalid.yml +- ansible.builtin.include_tasks: ../tests/invalid.yml loop: "{{ backends }}" loop_control: loop_var: backend -- include_tasks: ../tests/options.yml +- ansible.builtin.include_tasks: ../tests/options.yml loop: "{{ backends }}" loop_control: loop_var: backend -- include_tasks: ../tests/regenerate.yml +- ansible.builtin.include_tasks: ../tests/regenerate.yml loop: "{{ backends }}" loop_control: loop_var: backend -- include_tasks: ../tests/state.yml +- ansible.builtin.include_tasks: ../tests/state.yml loop: "{{ backends }}" loop_control: loop_var: backend -- include_tasks: ../tests/cryptography_backend.yml +- ansible.builtin.include_tasks: ../tests/cryptography_backend.yml when: cryptography_version is version('3.3', '>=') and bcrypt_version.stdout is version('3.1.5', '>=') diff --git a/tests/integration/targets/openssh_keypair/tests/core.yml b/tests/integration/targets/openssh_keypair/tests/core.yml index a0182b48..9f0c22e4 100644 --- a/tests/integration/targets/openssh_keypair/tests/core.yml +++ b/tests/integration/targets/openssh_keypair/tests/core.yml @@ -9,7 +9,7 @@ #################################################################### - name: "({{ backend }}) Generate key (check mode)" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/core" size: 1280 backend: "{{ backend }}" @@ -17,14 +17,14 @@ check_mode: true - name: "({{ backend }}) Generate key" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/core" size: 1280 backend: "{{ backend }}" register: core_output - name: "({{ backend }}) Generate key (check mode idempotent)" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/core" size: 1280 backend: "{{ backend }}" @@ -32,18 +32,18 @@ check_mode: true - name: "({{ backend }}) Generate key (idempotent)" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/core' size: 1280 backend: "{{ backend }}" register: idempotency_core_output - name: "({{ backend }}) Log key return values" - debug: + ansible.builtin.debug: msg: "{{ core_output }}" - name: "({{ backend }}) Assert core behavior" - assert: + ansible.builtin.assert: that: - check_core_output is changed - core_output is changed @@ -52,7 +52,7 @@ - idempotency_core_output is not changed - name: "({{ backend }}) Assert key returns fingerprint" - assert: + ansible.builtin.assert: that: - core_output['fingerprint'] is string - core_output['fingerprint'].startswith('SHA256:') @@ -60,44 +60,44 @@ when: not (backend == 'opensshbin' and openssh_version is version('6.8', '<')) - name: "({{ backend }}) Assert key returns public_key" - assert: + ansible.builtin.assert: that: - core_output['public_key'] is string - core_output['public_key'].startswith('ssh-rsa ') - name: "({{ backend }}) Assert key returns size value" - assert: + ansible.builtin.assert: that: - core_output['size']|type_debug == 'int' - core_output['size'] == 1280 - name: "({{ backend }}) Assert key returns key type" - assert: + ansible.builtin.assert: that: - core_output['type'] is string - core_output['type'] == 'rsa' - name: "({{ backend }}) Retrieve key size from 'ssh-keygen'" - shell: "ssh-keygen -lf {{ remote_tmp_dir }}/core | grep -o -E '^[0-9]+'" + ansible.builtin.shell: "ssh-keygen -lf {{ remote_tmp_dir }}/core | grep -o -E '^[0-9]+'" register: core_size_ssh_keygen - name: "({{ backend }}) Assert key size matches 'ssh-keygen' output" - assert: + ansible.builtin.assert: that: - core_size_ssh_keygen.stdout == '1280' - name: "({{ backend }}) Read core.pub" - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/core.pub' register: slurp - name: "({{ backend }}) Assert public key module return equal to the public key content" - assert: + ansible.builtin.assert: that: - "core_output.public_key == (slurp.content | b64decode).strip('\n ')" - name: "({{ backend }}) Remove key" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/core' backend: "{{ backend }}" state: absent diff --git a/tests/integration/targets/openssh_keypair/tests/cryptography_backend.yml b/tests/integration/targets/openssh_keypair/tests/cryptography_backend.yml index cf09dc20..a90fcfd6 100644 --- a/tests/integration/targets/openssh_keypair/tests/cryptography_backend.yml +++ b/tests/integration/targets/openssh_keypair/tests/cryptography_backend.yml @@ -4,10 +4,10 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Generate a password protected key - command: 'ssh-keygen -f {{ remote_tmp_dir }}/password_protected -N {{ passphrase }}' + ansible.builtin.command: 'ssh-keygen -f {{ remote_tmp_dir }}/password_protected -N {{ passphrase }}' - name: Modify the password protected key with passphrase - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/password_protected' size: 1024 passphrase: "{{ passphrase }}" @@ -15,7 +15,7 @@ register: password_protected_output - name: Check password protected key idempotency - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/password_protected' size: 1024 passphrase: "{{ passphrase }}" @@ -23,29 +23,29 @@ register: password_protected_idempotency_output - name: Ensure that ssh-keygen can read keys generated with passphrase - command: 'ssh-keygen -yf {{ remote_tmp_dir }}/password_protected -P {{ passphrase }}' + ansible.builtin.command: 'ssh-keygen -yf {{ remote_tmp_dir }}/password_protected -P {{ passphrase }}' register: password_protected_ssh_keygen_output - name: Check that password protected key with passphrase was regenerated - assert: + ansible.builtin.assert: that: - password_protected_output is changed - password_protected_idempotency_output is not changed - password_protected_ssh_keygen_output is success - name: Remove password protected key - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/password_protected' backend: cryptography state: absent - name: Generate an unprotected key - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/unprotected' backend: cryptography - name: Modify unprotected key with passphrase - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/unprotected' size: 1280 passphrase: "{{ passphrase }}" @@ -54,7 +54,7 @@ register: unprotected_modification_output - name: Modify unprotected key with passphrase (force) - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/unprotected' size: 1280 passphrase: "{{ passphrase }}" @@ -63,22 +63,22 @@ register: force_unprotected_modification_output - name: Check that unprotected key was modified - assert: + ansible.builtin.assert: that: - unprotected_modification_output is failed - force_unprotected_modification_output is changed - name: Remove unprotected key - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/unprotected' backend: cryptography state: absent - name: Generate PEM encoded key with passphrase - command: 'ssh-keygen -t rsa -b 1280 -f {{ remote_tmp_dir }}/pem_encoded -N {{ passphrase }} -m PEM' + ansible.builtin.command: 'ssh-keygen -t rsa -b 1280 -f {{ remote_tmp_dir }}/pem_encoded -N {{ passphrase }} -m PEM' - name: Try to verify a PEM encoded key - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/pem_encoded' passphrase: "{{ passphrase }}" backend: cryptography @@ -86,84 +86,84 @@ register: pem_encoded_output - name: Check that PEM encoded file is read without errors - assert: + ansible.builtin.assert: that: - pem_encoded_output is not changed - name: Remove PEM encoded key - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/pem_encoded' backend: cryptography state: absent - name: Generate a private key with specified format - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/private_key_format' private_key_format: pkcs1 backend: cryptography - name: Generate a private key with specified format (Idempotent) - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/private_key_format' private_key_format: pkcs1 backend: cryptography register: private_key_format_idempotent - name: Check that private key with specified format is idempotent - assert: + ansible.builtin.assert: that: - private_key_format_idempotent is not changed - name: Change to PKCS8 format - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/private_key_format' private_key_format: pkcs8 backend: cryptography register: private_key_format_pkcs8 - name: Check that format change causes regeneration - assert: + ansible.builtin.assert: that: - private_key_format_pkcs8 is changed - name: Change to PKCS8 format (Idempotent) - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/private_key_format' private_key_format: pkcs8 backend: cryptography register: private_key_format_pkcs8_idempotent - name: Check that private key with PKCS8 format is idempotent - assert: + ansible.builtin.assert: that: - private_key_format_pkcs8_idempotent is not changed - name: Change to SSH format - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/private_key_format' private_key_format: ssh backend: cryptography register: private_key_format_ssh - name: Check that format change causes regeneration - assert: + ansible.builtin.assert: that: - private_key_format_ssh is changed - name: Change to SSH format (Idempotent) - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/private_key_format' private_key_format: ssh backend: cryptography register: private_key_format_ssh_idempotent - name: Check that private key with SSH format is idempotent - assert: + ansible.builtin.assert: that: - private_key_format_ssh_idempotent is not changed - name: Remove private key with specified format - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/private_key_format' backend: cryptography state: absent diff --git a/tests/integration/targets/openssh_keypair/tests/invalid.yml b/tests/integration/targets/openssh_keypair/tests/invalid.yml index 35b749f7..b7440d69 100644 --- a/tests/integration/targets/openssh_keypair/tests/invalid.yml +++ b/tests/integration/targets/openssh_keypair/tests/invalid.yml @@ -9,7 +9,7 @@ #################################################################### - name: "({{ backend }}) Generate key - broken" - copy: + ansible.builtin.copy: dest: '{{ item }}' content: '' mode: '0700' @@ -18,91 +18,91 @@ - "{{ remote_tmp_dir }}/broken.pub" - name: "({{ backend }}) Regenerate key - broken" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/broken" backend: "{{ backend }}" register: broken_output ignore_errors: true - name: "({{ backend }}) Assert broken key causes failure - broken" - assert: + ansible.builtin.assert: that: - broken_output is failed - "'Unable to read the key. The key is protected with a passphrase or broken.' in broken_output.msg" - name: "({{ backend }}) Regenerate key with force - broken" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/broken" backend: "{{ backend }}" force: true register: force_broken_output - name: "({{ backend }}) Assert broken key regenerated when 'force=true' - broken" - assert: + ansible.builtin.assert: that: - force_broken_output is changed - name: "({{ backend }}) Remove key - broken" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/broken" backend: "{{ backend }}" state: absent - name: "({{ backend }}) Generate key - write-only" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/write-only" mode: "0200" backend: "{{ backend }}" - name: "({{ backend }}) Check private key status - write-only" - stat: + ansible.builtin.stat: path: '{{ remote_tmp_dir }}/write-only' register: write_only_private_key - name: "({{ backend }}) Check public key status - write-only" - stat: + ansible.builtin.stat: path: '{{ remote_tmp_dir }}/write-only.pub' register: write_only_public_key - name: "({{ backend }}) Assert that private and public keys match permissions - write-only" - assert: + ansible.builtin.assert: that: - write_only_private_key.stat.mode == '0200' - write_only_public_key.stat.mode == '0200' - name: "({{ backend }}) Regenerate key with force - write-only" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/write-only" backend: "{{ backend }}" force: true register: write_only_output - name: "({{ backend }}) Check private key status after regeneration - write-only" - stat: + ansible.builtin.stat: path: '{{ remote_tmp_dir }}/write-only' register: write_only_private_key_after - name: "({{ backend }}) Assert key is regenerated - write-only" - assert: + ansible.builtin.assert: that: - write_only_output is changed - name: "({{ backend }}) Assert key permissions are preserved with 'opensshbin'" - assert: + ansible.builtin.assert: that: - write_only_private_key_after.stat.mode == '0200' - name: "({{ backend }}) Remove key - write-only" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/write-only" backend: "{{ backend }}" state: absent - name: "({{ backend }}) Generate key with ssh-keygen - password_protected" - command: "ssh-keygen -f {{ remote_tmp_dir }}/password_protected -N {{ passphrase }}" + ansible.builtin.command: "ssh-keygen -f {{ remote_tmp_dir }}/password_protected -N {{ passphrase }}" - name: "({{ backend }}) Modify key - password_protected" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/password_protected" size: 1280 backend: "{{ backend }}" @@ -110,13 +110,13 @@ ignore_errors: true - name: "({{ backend }}) Assert key cannot be read - password_protected" - assert: + ansible.builtin.assert: that: - password_protected_output is failed - "'Unable to read the key. The key is protected with a passphrase or broken.' in password_protected_output.msg" - name: "({{ backend }}) Modify key with 'force=true' - password_protected" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/password_protected" size: 1280 backend: "{{ backend }}" @@ -124,12 +124,12 @@ register: force_password_protected_output - name: "({{ backend }}) Assert key regenerated with 'force=true' - password_protected" - assert: + ansible.builtin.assert: that: - force_password_protected_output is changed - name: "({{ backend }}) Remove key - password_protected" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/password_protected" backend: "{{ backend }}" state: absent diff --git a/tests/integration/targets/openssh_keypair/tests/options.yml b/tests/integration/targets/openssh_keypair/tests/options.yml index 96d7e4f5..90da9dfe 100644 --- a/tests/integration/targets/openssh_keypair/tests/options.yml +++ b/tests/integration/targets/openssh_keypair/tests/options.yml @@ -8,7 +8,7 @@ # and should not be used as examples of how to write Ansible roles # #################################################################### -- set_fact: +- ansible.builtin.set_fact: key_types: "{{ key_types_src | reject('equalto', '') | list }}" vars: key_types_src: @@ -17,61 +17,61 @@ - ecdsa - name: "({{ backend }}) Generate keys with default size - size" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/default_size_{{ item }}" type: "{{ item }}" backend: "{{ backend }}" loop: "{{ key_types }}" - name: "({{ backend }}) Retrieve key size from 'ssh-keygen' - size" - shell: "ssh-keygen -lf {{ remote_tmp_dir }}/default_size_{{ item }} | grep -o -E '^[0-9]+'" + ansible.builtin.shell: "ssh-keygen -lf {{ remote_tmp_dir }}/default_size_{{ item }} | grep -o -E '^[0-9]+'" loop: "{{ key_types }}" register: key_size_output - name: "({{ backend }}) Assert key sizes match default size - size" - assert: + ansible.builtin.assert: that: - (key_size_output.results | selectattr('item', 'equalto', 'rsa') | first).stdout == '4096' - not openssh_supports_dsa or (key_size_output.results | selectattr('item', 'equalto', 'dsa') | first).stdout == '1024' - (key_size_output.results | selectattr('item', 'equalto', 'ecdsa') | first).stdout == '256' - name: "({{ backend }}) Remove keys - size" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/default_size_{{ item }}" state: absent loop: "{{ key_types }}" - block: - name: "({{ backend }}) Generate ed25519 key with default size - size" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/default_size_ed25519" type: ed25519 backend: "{{ backend }}" - name: "({{ backend }}) Retrieve ed25519 key size from 'ssh-keygen' - size" - shell: "ssh-keygen -lf {{ remote_tmp_dir }}/default_size_ed25519 | grep -o -E '^[0-9]+'" + ansible.builtin.shell: "ssh-keygen -lf {{ remote_tmp_dir }}/default_size_ed25519 | grep -o -E '^[0-9]+'" register: ed25519_key_size_output - name: "({{ backend }}) Assert ed25519 key size matches default size - size" - assert: + ansible.builtin.assert: that: - ed25519_key_size_output.stdout == '256' - name: "({{ backend }}) Remove ed25519 key - size" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/default_size_ed25519" state: absent # Support for ed25519 keys was added in OpenSSH 6.5 when: not (backend == 'opensshbin' and openssh_version is version('6.5', '<')) - name: "({{ backend }}) Generate key - force" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/force" type: rsa backend: "{{ backend }}" - name: "({{ backend }}) Regenerate key - force" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/force" type: rsa force: true @@ -79,25 +79,25 @@ register: force_output - name: "({{ backend }}) Assert key regenerated - force" - assert: + ansible.builtin.assert: that: - force_output is changed - name: "({{ backend }}) Remove key - force" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/force" state: absent backend: "{{ backend }}" - name: "({{ backend }}) Generate key - comment" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/comment" comment: "test@comment" backend: "{{ backend }}" register: comment_output - name: "({{ backend }}) Modify comment - comment" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/comment" comment: "test_modified@comment" backend: "{{ backend }}" @@ -106,13 +106,13 @@ - name: "({{ backend }}) Assert comment preserved public key - comment" when: modified_comment_output is succeeded - assert: + ansible.builtin.assert: that: - comment_output.public_key == modified_comment_output.public_key - comment_output.comment == 'test@comment' - name: "({{ backend }}) Assert comment changed - comment" - assert: + ansible.builtin.assert: that: - modified_comment_output.comment == 'test_modified@comment' - modified_comment_output is succeeded @@ -120,14 +120,14 @@ when: not (backend == 'opensshbin' and openssh_version is version('7.2', '<')) - name: "({{ backend }}) Assert comment not changed - comment" - assert: + ansible.builtin.assert: that: - modified_comment_output is failed # Support for updating comments for key types other than rsa1 was added in OpenSSH 7.2 when: backend == 'opensshbin' and openssh_version is version('7.2', '<') - name: "({{ backend }}) Remove key - comment" - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ remote_tmp_dir }}/comment" state: absent backend: "{{ backend }}" diff --git a/tests/integration/targets/openssh_keypair/tests/regenerate.yml b/tests/integration/targets/openssh_keypair/tests/regenerate.yml index 9784b19a..0cb0b36f 100644 --- a/tests/integration/targets/openssh_keypair/tests/regenerate.yml +++ b/tests/integration/targets/openssh_keypair/tests/regenerate.yml @@ -23,7 +23,7 @@ loop: "{{ old_test_artifacts.files }}" - name: "({{ backend }}) Regenerate - setup simple keys" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: rsa size: 1024 @@ -31,11 +31,11 @@ regenerate: "{{ item }}" loop: "{{ regenerate_values }}" - name: "({{ backend }}) Regenerate - setup password protected keys" - command: 'ssh-keygen -f {{ remote_tmp_dir }}/regenerate-b-{{ item }} -N {{ passphrase }}' + ansible.builtin.command: 'ssh-keygen -f {{ remote_tmp_dir }}/regenerate-b-{{ item }} -N {{ passphrase }}' loop: "{{ regenerate_values }}" - name: "({{ backend }}) Regenerate - setup broken keys" - copy: + ansible.builtin.copy: dest: '{{ remote_tmp_dir }}/regenerate-c-{{ item.0 }}{{ item.1 }}' content: 'broken key' mode: '0700' @@ -44,11 +44,11 @@ - ['', '.pub'] - name: "({{ backend }}) Regenerate - setup password protected keys for passphrse test" - command: 'ssh-keygen -f {{ remote_tmp_dir }}/regenerate-d-{{ item }} -N {{ passphrase }}' + ansible.builtin.command: 'ssh-keygen -f {{ remote_tmp_dir }}/regenerate-d-{{ item }} -N {{ passphrase }}' loop: "{{ regenerate_values }}" - name: "({{ backend }}) Regenerate - modify broken keys (check mode)" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/regenerate-c-{{ item }}' type: rsa size: 1024 @@ -58,7 +58,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is failed - "'Unable to read the key. The key is protected with a passphrase or broken. Will not proceed.' in result.results[0].msg" @@ -70,7 +70,7 @@ - result.results[4] is changed - name: "({{ backend }}) Regenerate - modify broken keys" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/regenerate-c-{{ item }}' type: rsa size: 1024 @@ -79,7 +79,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is failed - "'Unable to read the key. The key is protected with a passphrase or broken. Will not proceed.' in result.results[0].msg" @@ -91,7 +91,7 @@ - result.results[4] is changed - name: "({{ backend }}) Regenerate - modify password protected keys (check mode)" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}' type: rsa size: 1024 @@ -101,7 +101,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is failed - "'Unable to read the key. The key is protected with a passphrase or broken. Will not proceed.' in result.results[0].msg" @@ -113,7 +113,7 @@ - result.results[4] is changed - name: "({{ backend }}) Regenerate - modify password protected keys with passphrase (check mode)" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}' type: rsa size: 1024 @@ -126,7 +126,7 @@ register: result when: backend == 'cryptography' -- assert: +- ansible.builtin.assert: that: - result.results[0] is success - result.results[1] is failed @@ -137,7 +137,7 @@ when: backend == 'cryptography' - name: "({{ backend }}) Regenerate - modify password protected keys" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}' type: rsa size: 1024 @@ -146,7 +146,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is failed - "'Unable to read the key. The key is protected with a passphrase or broken. Will not proceed.' in result.results[0].msg" @@ -158,7 +158,7 @@ - result.results[4] is changed - name: "({{ backend }}) Regenerate - modify password protected keys with passphrase" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/regenerate-d-{{ item }}' type: rsa size: 1024 @@ -170,7 +170,7 @@ register: result when: backend == 'cryptography' -- assert: +- ansible.builtin.assert: that: - result.results[0] is success - result.results[1] is failed @@ -181,7 +181,7 @@ when: backend == 'cryptography' - name: "({{ backend }}) Regenerate - not modify regular keys (check mode)" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: rsa size: 1024 @@ -190,7 +190,7 @@ check_mode: true loop: "{{ regenerate_values }}" register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is not changed - result.results[1] is not changed @@ -199,7 +199,7 @@ - result.results[4] is changed - name: "({{ backend }}) Regenerate - not modify regular keys" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: rsa size: 1024 @@ -207,7 +207,7 @@ backend: "{{ backend }}" loop: "{{ regenerate_values }}" register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is not changed - result.results[1] is not changed @@ -216,7 +216,7 @@ - result.results[4] is changed - name: "({{ backend }}) Regenerate - adjust key size (check mode)" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: rsa size: 1048 @@ -226,7 +226,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is success and result.results[0] is not changed - result.results[1] is failed @@ -236,7 +236,7 @@ - result.results[4] is changed - name: "({{ backend }}) Regenerate - adjust key size" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: rsa size: 1048 @@ -245,7 +245,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is success and result.results[0] is not changed - result.results[1] is failed @@ -255,7 +255,7 @@ - result.results[4] is changed - name: "({{ backend }}) Regenerate - redistribute keys" - copy: + ansible.builtin.copy: src: '{{ remote_tmp_dir }}/regenerate-a-always{{ item.1 }}' dest: '{{ remote_tmp_dir }}/regenerate-a-{{ item.0 }}{{ item.1 }}' remote_src: true @@ -270,7 +270,7 @@ block: - name: "({{ backend }}) Regenerate - adjust key type (check mode)" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: '{{ ssh_type }}' size: '{{ ssh_size }}' @@ -280,7 +280,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result - - assert: + - ansible.builtin.assert: that: - result.results[0] is success and result.results[0] is not changed - result.results[1] is failed @@ -290,7 +290,7 @@ - result.results[4] is changed - name: "({{ backend }}) Regenerate - adjust key type" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: '{{ ssh_type }}' size: '{{ ssh_size }}' @@ -299,7 +299,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result - - assert: + - ansible.builtin.assert: that: - result.results[0] is success and result.results[0] is not changed - result.results[1] is failed @@ -309,7 +309,7 @@ - result.results[4] is changed - name: "({{ backend }}) Regenerate - redistribute keys" - copy: + ansible.builtin.copy: src: '{{ remote_tmp_dir }}/regenerate-a-always{{ item.1 }}' dest: '{{ remote_tmp_dir }}/regenerate-a-{{ item.0 }}{{ item.1 }}' remote_src: true @@ -319,7 +319,7 @@ when: "item.0 != 'always'" - name: "({{ backend }}) Regenerate - adjust comment (check mode)" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: '{{ ssh_type }}' size: '{{ ssh_size }}' @@ -330,7 +330,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result - - assert: + - ansible.builtin.assert: that: - result is changed @@ -338,7 +338,7 @@ - when: not (backend == 'opensshbin' and openssh_version is version('7.2', '<')) block: - name: "({{ backend }}) Regenerate - adjust comment" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}' type: '{{ ssh_type }}' size: '{{ ssh_size }}' @@ -347,7 +347,7 @@ backend: "{{ backend }}" loop: "{{ regenerate_values }}" register: result - - assert: + - ansible.builtin.assert: that: - result is changed # for all values but 'always', the key should not be regenerated. diff --git a/tests/integration/targets/openssh_keypair/tests/state.yml b/tests/integration/targets/openssh_keypair/tests/state.yml index 70f129d4..a9793e52 100644 --- a/tests/integration/targets/openssh_keypair/tests/state.yml +++ b/tests/integration/targets/openssh_keypair/tests/state.yml @@ -9,41 +9,41 @@ #################################################################### - name: "({{ backend }}) Generate key" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/removed' backend: "{{ backend }}" state: present - name: "({{ backend }}) Generate key (idempotency)" - openssh_keypair: + community.crypto.openssh_keypair: path: '{{ remote_tmp_dir }}/removed' backend: "{{ backend }}" state: present - name: "({{ backend }}) Remove key" - openssh_keypair: + community.crypto.openssh_keypair: state: absent path: '{{ remote_tmp_dir }}/removed' backend: "{{ backend }}" - name: "({{ backend }}) Remove key (idempotency)" - openssh_keypair: + community.crypto.openssh_keypair: state: absent path: '{{ remote_tmp_dir }}/removed' backend: "{{ backend }}" - name: "({{ backend }}) Check private key status" - stat: + ansible.builtin.stat: path: '{{ remote_tmp_dir }}/removed' register: removed_private_key - name: "({{ backend }}) Check public key status" - stat: + ansible.builtin.stat: path: '{{ remote_tmp_dir }}/removed.pub' register: removed_public_key - name: "({{ backend }}) Assert key pair files are removed" - assert: + ansible.builtin.assert: that: - not removed_private_key.stat.exists - not removed_public_key.stat.exists diff --git a/tests/integration/targets/openssl_csr/tasks/impl.yml b/tests/integration/targets/openssl_csr/tasks/impl.yml index 57a930ff..7084ef38 100644 --- a/tests/integration/targets/openssl_csr/tasks/impl.yml +++ b/tests/integration/targets/openssl_csr/tasks/impl.yml @@ -4,17 +4,17 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: "({{ select_crypto_backend }}) Generate privatekey" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Read privatekey" - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/privatekey.pem' register: privatekey - name: "({{ select_crypto_backend }}) Generate CSR (check mode)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -25,7 +25,7 @@ register: generate_csr_check - name: "({{ select_crypto_backend }}) Generate CSR" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -35,7 +35,7 @@ register: generate_csr - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr.csr' privatekey_content: '{{ privatekey.content | b64decode }}' subject_ordered: @@ -45,7 +45,7 @@ register: generate_csr_idempotent - name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -56,7 +56,7 @@ register: generate_csr_idempotent_check - name: "({{ select_crypto_backend }}) Generate CSR without SAN (check mode)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr-nosan.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -67,7 +67,7 @@ register: generate_csr_nosan_check - name: "({{ select_crypto_backend }}) Generate CSR without SAN" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr-nosan.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -77,7 +77,7 @@ register: generate_csr_nosan - name: "({{ select_crypto_backend }}) Generate CSR without SAN (idempotent)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr-nosan.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -87,7 +87,7 @@ register: generate_csr_nosan_check_idempotent - name: "({{ select_crypto_backend }}) Generate CSR without SAN (idempotent, check mode)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr-nosan.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -102,7 +102,7 @@ # but the short name is used to test idempotency for ipsecuser # and vice-versa for biometricInfo - name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_ku_xku.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -118,7 +118,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test idempotency)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_ku_xku.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -135,7 +135,7 @@ register: csr_ku_xku - name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test XKU change)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_ku_xku.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -151,7 +151,7 @@ register: csr_ku_xku_change - name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test KU change)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_ku_xku.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -166,14 +166,14 @@ register: csr_ku_xku_change_2 - name: "({{ select_crypto_backend }}) Generate CSR with old API" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_oldapi.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' commonName: www.ansible.com select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (1/2)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csrinvsan.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject_alt_name: invalid-san.example.com @@ -182,7 +182,7 @@ ignore_errors: true - name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (2/2)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csrinvsan2.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject_alt_name: "DNS:system:kube-controller-manager" @@ -191,7 +191,7 @@ ignore_errors: true - name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_ocsp.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject_alt_name: "DNS:www.ansible.com" @@ -199,7 +199,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple (test idempotency)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_ocsp.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject_alt_name: "DNS:www.ansible.com" @@ -208,13 +208,13 @@ register: csr_ocsp_idempotency - name: "({{ select_crypto_backend }}) Generate ECC privatekey" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey2.pem' type: ECC curve: secp384r1 - name: "({{ select_crypto_backend }}) Generate CSR with ECC privatekey" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr2.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' subject: @@ -222,7 +222,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate CSR with text common name" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr3.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' subject: @@ -231,7 +231,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate CSR with country name" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr4.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' country_name: de @@ -239,7 +239,7 @@ register: country_idempotent_1 - name: "({{ select_crypto_backend }}) Generate CSR with country name (idempotent)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr4.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' country_name: de @@ -247,7 +247,7 @@ register: country_idempotent_2 - name: "({{ select_crypto_backend }}) Generate CSR with country name (idempotent 2)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr4.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' subject: @@ -256,7 +256,7 @@ register: country_idempotent_3 - name: "({{ select_crypto_backend }}) Generate CSR with country name (bad country name)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr4.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' subject: @@ -266,19 +266,19 @@ ignore_errors: true - name: "({{ select_crypto_backend }}) Generate privatekey with password" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 select_crypto_backend: cryptography size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Read privatekey" - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/privatekeypw.pem' register: privatekeypw - name: "({{ select_crypto_backend }}) Generate CSR with privatekey passphrase" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_pw.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: hunter2 @@ -286,7 +286,7 @@ register: passphrase_1 - name: "({{ select_crypto_backend }}) Generate CSR with privatekey passphrase and private key content" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_pw.csr' privatekey_content: '{{ privatekeypw.content | b64decode }}' privatekey_passphrase: hunter2 @@ -294,7 +294,7 @@ register: passphrase_1_content - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 1)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_pw1.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_passphrase: hunter2 @@ -303,7 +303,7 @@ register: passphrase_error_1 - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 2)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_pw2.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: wrong_password @@ -312,7 +312,7 @@ register: passphrase_error_2 - name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 3)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_pw3.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' select_crypto_backend: '{{ select_crypto_backend }}' @@ -320,11 +320,11 @@ register: passphrase_error_3 - name: "({{ select_crypto_backend }}) Create broken CSR" - copy: + ansible.builtin.copy: dest: "{{ remote_tmp_dir }}/csrbroken.csr" content: "broken" - name: "({{ select_crypto_backend }}) Regenerate broken CSR" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csrbroken.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' subject: @@ -334,7 +334,7 @@ register: output_broken - name: "({{ select_crypto_backend }}) Generate CSR" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_backup.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -343,7 +343,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: csr_backup_1 - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_backup.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -352,7 +352,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: csr_backup_2 - name: "({{ select_crypto_backend }}) Generate CSR (change)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_backup.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -361,7 +361,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: csr_backup_3 - name: "({{ select_crypto_backend }}) Generate CSR (remove)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_backup.csr' state: absent backup: true @@ -369,7 +369,7 @@ return_content: true register: csr_backup_4 - name: "({{ select_crypto_backend }}) Generate CSR (remove, idempotent)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_backup.csr' state: absent backup: true @@ -377,7 +377,7 @@ register: csr_backup_5 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_ski.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -387,7 +387,7 @@ register: subject_key_identifier_1 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (idempotency)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_ski.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -397,7 +397,7 @@ register: subject_key_identifier_2 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (change)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_ski.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -407,7 +407,7 @@ register: subject_key_identifier_3 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (auto-create)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_ski.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -417,7 +417,7 @@ register: subject_key_identifier_4 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (auto-create idempotency)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_ski.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -427,7 +427,7 @@ register: subject_key_identifier_5 - name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (remove)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_ski.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -436,7 +436,7 @@ register: subject_key_identifier_6 - name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_aki.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -446,7 +446,7 @@ register: authority_key_identifier_1 - name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (idempotency)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_aki.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -456,7 +456,7 @@ register: authority_key_identifier_2 - name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (change)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_aki.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -466,7 +466,7 @@ register: authority_key_identifier_3 - name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (remove)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_aki.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -475,7 +475,7 @@ register: authority_key_identifier_4 - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_acisn.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -488,7 +488,7 @@ register: authority_cert_issuer_sn_1 - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (idempotency)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_acisn.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -501,7 +501,7 @@ register: authority_cert_issuer_sn_2 - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (change issuer)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_acisn.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -514,7 +514,7 @@ register: authority_cert_issuer_sn_3 - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (change serial number)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_acisn.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -527,7 +527,7 @@ register: authority_cert_issuer_sn_4 - name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (remove)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_acisn.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -535,7 +535,7 @@ register: authority_cert_issuer_sn_5 - name: "({{ select_crypto_backend }}) Generate CSR with everything" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_everything.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject_ordered: @@ -620,7 +620,7 @@ register: everything_1 - name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent, check mode)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_everything.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject_ordered: @@ -706,7 +706,7 @@ register: everything_2 - name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_everything.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -792,7 +792,7 @@ register: everything_3 - name: "({{ select_crypto_backend }}) Generate CSR with everything (not idempotent, check mode)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_everything.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject_ordered: @@ -887,7 +887,7 @@ - name: "({{ select_crypto_backend }}) Ed25519 and Ed448 tests" block: - name: "({{ select_crypto_backend }}) Generate privatekeys" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' type: '{{ item }}' loop: @@ -901,7 +901,7 @@ block: - name: "({{ select_crypto_backend }}) Generate CSR" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' subject: @@ -914,7 +914,7 @@ ignore_errors: true - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' subject: @@ -931,7 +931,7 @@ - name: "({{ select_crypto_backend }}) CRL distribution endpoints" block: - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -953,7 +953,7 @@ register: crl_distribution_endpoints_1 - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints (idempotence)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -975,7 +975,7 @@ register: crl_distribution_endpoints_2 - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints (change)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -995,7 +995,7 @@ register: crl_distribution_endpoints_3 - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints (no endpoints)" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -1004,7 +1004,7 @@ register: crl_distribution_endpoints_4 - name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints" - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_crl_d_e.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: diff --git a/tests/integration/targets/openssl_csr/tasks/main.yml b/tests/integration/targets/openssl_csr/tasks/main.yml index a2f35696..51400ef0 100644 --- a/tests/integration/targets/openssl_csr/tasks/main.yml +++ b/tests/integration/targets/openssl_csr/tasks/main.yml @@ -10,22 +10,22 @@ - block: - name: Prepare private key for backend autodetection test - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem' size: '{{ default_rsa_key_size }}' - name: Run module with backend autodetection - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_backend_selection.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem' subject: commonName: www.ansible.com - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml vars: select_crypto_backend: cryptography diff --git a/tests/integration/targets/openssl_csr/tests/validate.yml b/tests/integration/targets/openssl_csr/tests/validate.yml index 251a3da9..b00e65ed 100644 --- a/tests/integration/targets/openssl_csr/tests/validate.yml +++ b/tests/integration/targets/openssl_csr/tests/validate.yml @@ -4,25 +4,25 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)" - command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' + ansible.builtin.command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' register: privatekey_modulus - name: "({{ select_crypto_backend }}) Validate CSR (test - Common Name)" - command: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr.csr -nameopt oneline,-space_eq" + ansible.builtin.command: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr.csr -nameopt oneline,-space_eq" register: csr_cn - name: "({{ select_crypto_backend }}) Validate CSR (test - csr modulus)" - command: '{{ openssl_binary }} req -noout -modulus -in {{ remote_tmp_dir }}/csr.csr' + ansible.builtin.command: '{{ openssl_binary }} req -noout -modulus -in {{ remote_tmp_dir }}/csr.csr' register: csr_modulus - name: "({{ select_crypto_backend }}) Validate CSR (assert)" - assert: + ansible.builtin.assert: that: - csr_cn.stdout.split('=')[-1] == 'www.ansible.com' - csr_modulus.stdout == privatekey_modulus.stdout - name: "({{ select_crypto_backend }}) Validate CSR (check mode, idempotency)" - assert: + ansible.builtin.assert: that: - generate_csr_check is changed - generate_csr is changed @@ -30,12 +30,12 @@ - generate_csr_idempotent_check is not changed - name: "({{ select_crypto_backend }}) Read CSR" - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/csr.csr' register: slurp - name: "({{ select_crypto_backend }}) Validate CSR (data retrieval)" - assert: + ansible.builtin.assert: that: - generate_csr_check.csr is none - generate_csr.csr == (slurp.content | b64decode) @@ -43,7 +43,7 @@ - generate_csr.csr == generate_csr_idempotent_check.csr - name: "({{ select_crypto_backend }}) Validate CSR without SAN (check mode, idempotency)" - assert: + ansible.builtin.assert: that: - generate_csr_nosan_check is changed - generate_csr_nosan is changed @@ -51,76 +51,76 @@ - generate_csr_nosan_check_idempotent_check is not changed - name: "({{ select_crypto_backend }}) Validate CSR_KU_XKU (assert idempotency, change)" - assert: + ansible.builtin.assert: that: - csr_ku_xku is not changed - csr_ku_xku_change is changed - csr_ku_xku_change_2 is changed - name: "({{ select_crypto_backend }}) Validate old_API CSR (test - Common Name)" - command: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr_oldapi.csr -nameopt oneline,-space_eq" + ansible.builtin.command: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr_oldapi.csr -nameopt oneline,-space_eq" register: csr_oldapi_cn - name: "({{ select_crypto_backend }}) Validate old_API CSR (test - csr modulus)" - command: '{{ openssl_binary }} req -noout -modulus -in {{ remote_tmp_dir }}/csr_oldapi.csr' + ansible.builtin.command: '{{ openssl_binary }} req -noout -modulus -in {{ remote_tmp_dir }}/csr_oldapi.csr' register: csr_oldapi_modulus - name: "({{ select_crypto_backend }}) Validate old_API CSR (assert)" - assert: + ansible.builtin.assert: that: - csr_oldapi_cn.stdout.split('=')[-1] == 'www.ansible.com' - csr_oldapi_modulus.stdout == privatekey_modulus.stdout - name: "({{ select_crypto_backend }}) Validate invalid SAN (1/2)" - assert: + ansible.builtin.assert: that: - generate_csr_invalid_san is failed - "'Subject Alternative Name' in generate_csr_invalid_san.msg" - name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (test - everything)" - command: "{{ openssl_binary }} req -noout -in {{ remote_tmp_dir }}/csr_ocsp.csr -text" + ansible.builtin.command: "{{ openssl_binary }} req -noout -in {{ remote_tmp_dir }}/csr_ocsp.csr -text" register: csr_ocsp - name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (assert)" - assert: + ansible.builtin.assert: that: - "(csr_ocsp.stdout is search('\\s+TLS Feature:\\s*\\n\\s+status_request\\s+')) or (csr_ocsp.stdout is search('\\s+1.3.6.1.5.5.7.1.24:\\s*\\n\\s+0\\.\\.\\.\\.\\s+'))" - name: "({{ select_crypto_backend }}) Validate OCSP Must Staple CSR (assert idempotency)" - assert: + ansible.builtin.assert: that: - csr_ocsp_idempotency is not changed - name: "({{ select_crypto_backend }}) Validate ECC CSR (test - privatekey's public key)" - command: '{{ openssl_binary }} ec -pubout -in {{ remote_tmp_dir }}/privatekey2.pem' + ansible.builtin.command: '{{ openssl_binary }} ec -pubout -in {{ remote_tmp_dir }}/privatekey2.pem' register: privatekey_ecc_key - name: "({{ select_crypto_backend }}) Validate ECC CSR (test - Common Name)" - command: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr2.csr -nameopt oneline,-space_eq" + ansible.builtin.command: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr2.csr -nameopt oneline,-space_eq" register: csr_ecc_cn - name: "({{ select_crypto_backend }}) Validate ECC CSR (test - CSR pubkey)" - command: '{{ openssl_binary }} req -noout -pubkey -in {{ remote_tmp_dir }}/csr2.csr' + ansible.builtin.command: '{{ openssl_binary }} req -noout -pubkey -in {{ remote_tmp_dir }}/csr2.csr' register: csr_ecc_pubkey - name: "({{ select_crypto_backend }}) Validate ECC CSR (assert)" - assert: + ansible.builtin.assert: that: - csr_ecc_cn.stdout.split('=')[-1] == 'www.ansible.com' - csr_ecc_pubkey.stdout == privatekey_ecc_key.stdout - name: "({{ select_crypto_backend }}) Validate CSR (text common name - Common Name)" - command: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr3.csr -nameopt oneline,-space_eq" + ansible.builtin.command: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr3.csr -nameopt oneline,-space_eq" register: csr3_cn - name: "({{ select_crypto_backend }}) Validate CSR (assert)" - assert: + ansible.builtin.assert: that: - csr3_cn.stdout.split('=')[-1] == 'This is for Ansible' - name: "({{ select_crypto_backend }}) Validate country name idempotency and validation" - assert: + ansible.builtin.assert: that: - country_idempotent_1 is changed - country_idempotent_2 is not changed @@ -128,13 +128,13 @@ - country_fail_4 is failed - name: "({{ select_crypto_backend }}) Validate idempotency of privatekey_passphrase" - assert: + ansible.builtin.assert: that: - passphrase_1 is changed - passphrase_1_content is not changed - name: "({{ select_crypto_backend }}) Validate private key passphrase errors" - assert: + ansible.builtin.assert: that: - passphrase_error_1 is failed - "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg" @@ -144,12 +144,12 @@ - "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg" - name: "({{ select_crypto_backend }}) Verify that broken CSR will be regenerated" - assert: + ansible.builtin.assert: that: - output_broken is changed - name: "({{ select_crypto_backend }}) Verify that subject key identifier handling works" - assert: + ansible.builtin.assert: that: - subject_key_identifier_1 is changed - subject_key_identifier_2 is not changed @@ -159,7 +159,7 @@ - subject_key_identifier_6 is changed - name: "({{ select_crypto_backend }}) Verify that authority key identifier handling works" - assert: + ansible.builtin.assert: that: - authority_key_identifier_1 is changed - authority_key_identifier_2 is not changed @@ -167,7 +167,7 @@ - authority_key_identifier_4 is changed - name: "({{ select_crypto_backend }}) Verify that authority cert issuer / serial number handling works" - assert: + ansible.builtin.assert: that: - authority_cert_issuer_sn_1 is changed - authority_cert_issuer_sn_2 is not changed @@ -176,7 +176,7 @@ - authority_cert_issuer_sn_5 is changed - name: "({{ select_crypto_backend }}) Check backup" - assert: + ansible.builtin.assert: that: - csr_backup_1 is changed - csr_backup_1.backup_file is undefined @@ -191,7 +191,7 @@ - csr_backup_4.csr is none - name: "({{ select_crypto_backend }}) Check CSR with everything" - assert: + ansible.builtin.assert: that: - everything_1 is changed - everything_2 is not changed @@ -262,7 +262,7 @@ - everything_info.name_constraints_critical == true - name: "({{ select_crypto_backend }}) Check CSR with everything" - assert: + ansible.builtin.assert: that: - everything_info.authority_cert_issuer == [ "DNS:ca.example.org", @@ -305,7 +305,7 @@ ] - name: "({{ select_crypto_backend }}) Verify Ed25519 and Ed448 tests" - assert: + ansible.builtin.assert: that: - generate_csr_ed25519_ed448 is succeeded - generate_csr_ed25519_ed448.results[0] is changed @@ -316,7 +316,7 @@ when: select_crypto_backend == 'cryptography' and generate_csr_ed25519_ed448_privatekey is not failed - name: "({{ select_crypto_backend }}) Verify CRL distribution endpoints" - assert: + ansible.builtin.assert: that: - crl_distribution_endpoints_1 is changed - crl_distribution_endpoints_2 is not changed diff --git a/tests/integration/targets/openssl_csr_info/tasks/impl.yml b/tests/integration/targets/openssl_csr_info/tasks/impl.yml index ca3e3cea..c3068d19 100644 --- a/tests/integration/targets/openssl_csr_info/tasks/impl.yml +++ b/tests/integration/targets/openssl_csr_info/tasks/impl.yml @@ -3,31 +3,31 @@ # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later -- debug: +- ansible.builtin.debug: msg: "Executing tests with backend {{ select_crypto_backend }}" - name: "({{ select_crypto_backend }}) Get CSR info" - openssl_csr_info: + community.crypto.openssl_csr_info: path: '{{ remote_tmp_dir }}/csr_1.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: result - name: "({{ select_crypto_backend }}) Get CSR info (IDNA encoding)" - openssl_csr_info: + community.crypto.openssl_csr_info: path: '{{ remote_tmp_dir }}/csr_1.csr' name_encoding: idna select_crypto_backend: '{{ select_crypto_backend }}' register: result_idna - name: "({{ select_crypto_backend }}) Get CSR info (Unicode encoding)" - openssl_csr_info: + community.crypto.openssl_csr_info: path: '{{ remote_tmp_dir }}/csr_1.csr' name_encoding: unicode select_crypto_backend: '{{ select_crypto_backend }}' register: result_unicode - name: "({{ select_crypto_backend }}) Check whether subject and extensions behaves as expected" - assert: + ansible.builtin.assert: that: - result.subject.organizationalUnitName == 'ACME Department' - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered" @@ -54,7 +54,7 @@ - result.extensions_by_oid['2.5.29.37'].value == 'MHQGCCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJBgRVHSUABggrBgEFBQcBAwYIKwYBBQUHAwoGCCsGAQUFBwMHBggrBgEFBQcBAg==' - name: "({{ select_crypto_backend }}) Check SubjectKeyIdentifier and AuthorityKeyIdentifier" - assert: + ansible.builtin.assert: that: - result.subject_key_identifier == "00:11:22:33" - result.authority_key_identifier == "44:55:66:77" @@ -70,18 +70,18 @@ - "IP:1.2.3.4" - name: "({{ select_crypto_backend }}) Read CSR" - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/csr_1.csr' register: slurp - name: "({{ select_crypto_backend }}) Get CSR info directly" - openssl_csr_info: + community.crypto.openssl_csr_info: content: '{{ slurp.content | b64decode }}' select_crypto_backend: '{{ select_crypto_backend }}' register: result_direct - name: "({{ select_crypto_backend }}) Compare output of direct and loaded info" - assert: + ansible.builtin.assert: that: - >- (result | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict) @@ -89,19 +89,19 @@ (result_direct | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict) - name: "({{ select_crypto_backend }}) Get CSR info" - openssl_csr_info: + community.crypto.openssl_csr_info: path: '{{ remote_tmp_dir }}/csr_2.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: result - name: "({{ select_crypto_backend }}) Get CSR info" - openssl_csr_info: + community.crypto.openssl_csr_info: path: '{{ remote_tmp_dir }}/csr_3.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: result - name: "({{ select_crypto_backend }}) Check AuthorityKeyIdentifier" - assert: + ansible.builtin.assert: that: - result.authority_key_identifier is none - result.authority_cert_issuer == expected_authority_cert_issuer @@ -112,13 +112,13 @@ - "IP:1.2.3.4" - name: "({{ select_crypto_backend }}) Get CSR info" - openssl_csr_info: + community.crypto.openssl_csr_info: path: '{{ remote_tmp_dir }}/csr_4.csr' select_crypto_backend: '{{ select_crypto_backend }}' register: result - name: "({{ select_crypto_backend }}) Check AuthorityKeyIdentifier" - assert: + ansible.builtin.assert: that: - result.authority_key_identifier == "44:55:66:77" - result.authority_cert_issuer is none diff --git a/tests/integration/targets/openssl_csr_info/tasks/main.yml b/tests/integration/targets/openssl_csr_info/tasks/main.yml index b41b8935..bf5d2466 100644 --- a/tests/integration/targets/openssl_csr_info/tasks/main.yml +++ b/tests/integration/targets/openssl_csr_info/tasks/main.yml @@ -9,24 +9,24 @@ #################################################################### - name: Make sure the Python idna library is installed - pip: + ansible.builtin.pip: name: idna state: present - name: Generate privatekey - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size }}' - name: Generate privatekey with password - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 select_crypto_backend: cryptography size: '{{ default_rsa_key_size }}' - name: Generate CSR 1 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_1.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -95,7 +95,7 @@ - "IP:1.2.3.4" - name: Generate CSR 2 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_2.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: hunter2 @@ -104,7 +104,7 @@ - "CA:TRUE" - name: Generate CSR 3 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_3.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' useCommonNameForSAN: false @@ -122,14 +122,14 @@ - "IP:1.2.3.4" - name: Generate CSR 4 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_4.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' useCommonNameForSAN: false authority_key_identifier: "44:55:66:77" - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml b/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml index f4a56741..d74cd6e6 100644 --- a/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml +++ b/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml @@ -4,12 +4,12 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: "({{ select_crypto_backend }}) Generate privatekey" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate CSR (check mode)" - openssl_csr_pipe: + community.crypto.openssl_csr_pipe: privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com @@ -18,7 +18,7 @@ register: generate_csr_check - name: "({{ select_crypto_backend }}) Generate CSR" - openssl_csr_pipe: + community.crypto.openssl_csr_pipe: privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.ansible.com @@ -26,7 +26,7 @@ register: generate_csr - name: "({{ select_crypto_backend }}) Generate CSR (idempotent)" - openssl_csr_pipe: + community.crypto.openssl_csr_pipe: content: "{{ generate_csr.csr }}" privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -35,7 +35,7 @@ register: generate_csr_idempotent - name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)" - openssl_csr_pipe: + community.crypto.openssl_csr_pipe: content: "{{ generate_csr.csr }}" privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -45,7 +45,7 @@ register: generate_csr_idempotent_check - name: "({{ select_crypto_backend }}) Generate CSR (changed)" - openssl_csr_pipe: + community.crypto.openssl_csr_pipe: content: "{{ generate_csr.csr }}" privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -54,7 +54,7 @@ register: generate_csr_changed - name: "({{ select_crypto_backend }}) Generate CSR (changed, check mode)" - openssl_csr_pipe: + community.crypto.openssl_csr_pipe: content: "{{ generate_csr.csr }}" privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -64,29 +64,29 @@ register: generate_csr_changed_check - name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)" - command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' + ansible.builtin.command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' register: privatekey_modulus - name: "({{ select_crypto_backend }}) Validate CSR (test - Common Name)" - command: "{{ openssl_binary }} req -noout -subject -in /dev/stdin -nameopt oneline,-space_eq" + ansible.builtin.command: "{{ openssl_binary }} req -noout -subject -in /dev/stdin -nameopt oneline,-space_eq" args: stdin: "{{ generate_csr.csr }}" register: csr_cn - name: "({{ select_crypto_backend }}) Validate CSR (test - csr modulus)" - command: '{{ openssl_binary }} req -noout -modulus -in /dev/stdin' + ansible.builtin.command: '{{ openssl_binary }} req -noout -modulus -in /dev/stdin' args: stdin: "{{ generate_csr.csr }}" register: csr_modulus - name: "({{ select_crypto_backend }}) Validate CSR (assert)" - assert: + ansible.builtin.assert: that: - csr_cn.stdout.split('=')[-1] == 'www.ansible.com' - csr_modulus.stdout == privatekey_modulus.stdout - name: "({{ select_crypto_backend }}) Validate CSR (check mode, idempotency)" - assert: + ansible.builtin.assert: that: - generate_csr_check is changed - generate_csr is changed diff --git a/tests/integration/targets/openssl_csr_pipe/tasks/main.yml b/tests/integration/targets/openssl_csr_pipe/tasks/main.yml index 1c49e6ee..713cb1f7 100644 --- a/tests/integration/targets/openssl_csr_pipe/tasks/main.yml +++ b/tests/integration/targets/openssl_csr_pipe/tasks/main.yml @@ -9,18 +9,18 @@ #################################################################### - name: Prepare private key for backend autodetection test - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem' size: '{{ default_rsa_key_size }}' - name: Run module with backend autodetection - openssl_csr_pipe: + community.crypto.openssl_csr_pipe: privatekey_path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem' subject: commonName: www.ansible.com - block: - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography diff --git a/tests/integration/targets/openssl_dhparam/tasks/impl.yml b/tests/integration/targets/openssl_dhparam/tasks/impl.yml index 85886e83..1df09a78 100644 --- a/tests/integration/targets/openssl_dhparam/tasks/impl.yml +++ b/tests/integration/targets/openssl_dhparam/tasks/impl.yml @@ -6,7 +6,7 @@ # The tests for this module generate unsafe parameters for testing purposes; # otherwise tests would be too slow. Use sizes of at least 2048 in production! - name: "[{{ select_crypto_backend }}] Generate parameter (check mode)" - openssl_dhparam: + community.crypto.openssl_dhparam: size: 768 path: '{{ remote_tmp_dir }}/dh768.pem' select_crypto_backend: "{{ select_crypto_backend }}" @@ -15,7 +15,7 @@ register: dhparam_check - name: "[{{ select_crypto_backend }}] Generate parameter" - openssl_dhparam: + community.crypto.openssl_dhparam: size: 768 path: '{{ remote_tmp_dir }}/dh768.pem' select_crypto_backend: "{{ select_crypto_backend }}" @@ -23,7 +23,7 @@ register: dhparam - name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change (check mode)" - openssl_dhparam: + community.crypto.openssl_dhparam: size: 768 path: '{{ remote_tmp_dir }}/dh768.pem' select_crypto_backend: "{{ select_crypto_backend }}" @@ -32,7 +32,7 @@ register: dhparam_changed_check - name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change" - openssl_dhparam: + community.crypto.openssl_dhparam: size: 768 path: '{{ remote_tmp_dir }}/dh768.pem' select_crypto_backend: "{{ select_crypto_backend }}" @@ -40,32 +40,32 @@ register: dhparam_changed - name: "[{{ select_crypto_backend }}] Generate parameters with size option" - openssl_dhparam: + community.crypto.openssl_dhparam: path: '{{ remote_tmp_dir }}/dh512.pem' size: 512 select_crypto_backend: "{{ select_crypto_backend }}" - name: "[{{ select_crypto_backend }}] Don't regenerate parameters with size option and no change" - openssl_dhparam: + community.crypto.openssl_dhparam: path: '{{ remote_tmp_dir }}/dh512.pem' size: 512 select_crypto_backend: "{{ select_crypto_backend }}" register: dhparam_changed_512 -- copy: +- ansible.builtin.copy: src: '{{ remote_tmp_dir }}/dh768.pem' remote_src: true dest: '{{ remote_tmp_dir }}/dh512.pem' - name: "[{{ select_crypto_backend }}] Re-generate if size is different" - openssl_dhparam: + community.crypto.openssl_dhparam: path: '{{ remote_tmp_dir }}/dh512.pem' size: 512 select_crypto_backend: "{{ select_crypto_backend }}" register: dhparam_changed_to_512 - name: "[{{ select_crypto_backend }}] Force re-generate parameters with size option" - openssl_dhparam: + community.crypto.openssl_dhparam: path: '{{ remote_tmp_dir }}/dh512.pem' size: 512 force: true @@ -73,11 +73,11 @@ register: dhparam_changed_force - name: "[{{ select_crypto_backend }}] Create broken params" - copy: + ansible.builtin.copy: dest: "{{ remote_tmp_dir }}/dhbroken.pem" content: "broken" - name: "[{{ select_crypto_backend }}] Regenerate broken params" - openssl_dhparam: + community.crypto.openssl_dhparam: path: '{{ remote_tmp_dir }}/dhbroken.pem' size: 512 force: true @@ -85,21 +85,21 @@ register: output_broken - name: "[{{ select_crypto_backend }}] Generate params" - openssl_dhparam: + community.crypto.openssl_dhparam: path: '{{ remote_tmp_dir }}/dh_backup.pem' size: 512 backup: true select_crypto_backend: "{{ select_crypto_backend }}" register: dhparam_backup_1 - name: "[{{ select_crypto_backend }}] Generate params (idempotent)" - openssl_dhparam: + community.crypto.openssl_dhparam: path: '{{ remote_tmp_dir }}/dh_backup.pem' size: 512 backup: true select_crypto_backend: "{{ select_crypto_backend }}" register: dhparam_backup_2 - name: "[{{ select_crypto_backend }}] Generate params (change)" - openssl_dhparam: + community.crypto.openssl_dhparam: path: '{{ remote_tmp_dir }}/dh_backup.pem' size: 512 force: true @@ -107,7 +107,7 @@ select_crypto_backend: "{{ select_crypto_backend }}" register: dhparam_backup_3 - name: "[{{ select_crypto_backend }}] Generate params (remove)" - openssl_dhparam: + community.crypto.openssl_dhparam: path: '{{ remote_tmp_dir }}/dh_backup.pem' state: absent backup: true @@ -115,7 +115,7 @@ return_content: true register: dhparam_backup_4 - name: "[{{ select_crypto_backend }}] Generate params (remove, idempotent)" - openssl_dhparam: + community.crypto.openssl_dhparam: path: '{{ remote_tmp_dir }}/dh_backup.pem' state: absent backup: true diff --git a/tests/integration/targets/openssl_dhparam/tasks/main.yml b/tests/integration/targets/openssl_dhparam/tasks/main.yml index f486f569..e4328d9a 100644 --- a/tests/integration/targets/openssl_dhparam/tasks/main.yml +++ b/tests/integration/targets/openssl_dhparam/tasks/main.yml @@ -12,35 +12,35 @@ # otherwise tests would be too slow. Use sizes of at least 2048 in production! - name: Run module with backend autodetection - openssl_dhparam: + community.crypto.openssl_dhparam: path: '{{ remote_tmp_dir }}/dh_backend_selection.pem' size: 512 - block: - name: Running tests with OpenSSL backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml - - include_tasks: ../tests/validate.yml + - ansible.builtin.include_tasks: ../tests/validate.yml vars: select_crypto_backend: openssl # when: openssl_version is version('1.0.0', '>=') - name: Remove output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: absent - name: Re-create output directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: directory - block: - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml - - include_tasks: ../tests/validate.yml + - ansible.builtin.include_tasks: ../tests/validate.yml vars: select_crypto_backend: cryptography diff --git a/tests/integration/targets/openssl_dhparam/tests/validate.yml b/tests/integration/targets/openssl_dhparam/tests/validate.yml index 708d4b0f..edbcfb22 100644 --- a/tests/integration/targets/openssl_dhparam/tests/validate.yml +++ b/tests/integration/targets/openssl_dhparam/tests/validate.yml @@ -4,31 +4,31 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: "[{{ select_crypto_backend }}] Validate generated params" - command: '{{ openssl_binary }} dhparam -in {{ remote_tmp_dir }}/{{ item }}.pem -noout -check' + ansible.builtin.command: '{{ openssl_binary }} dhparam -in {{ remote_tmp_dir }}/{{ item }}.pem -noout -check' with_items: - dh768 - dh512 - name: "[{{ select_crypto_backend }}] Get bit size of 768" - shell: '{{ openssl_binary }} dhparam -noout -in {{ remote_tmp_dir }}/dh768.pem -text | head -n1 | sed -ne "s@.*(\\([[:digit:]]\{1,\}\\) bit).*@\\1@p"' + ansible.builtin.shell: '{{ openssl_binary }} dhparam -noout -in {{ remote_tmp_dir }}/dh768.pem -text | head -n1 | sed -ne "s@.*(\\([[:digit:]]\{1,\}\\) bit).*@\\1@p"' register: bit_size_dhparam - name: "[{{ select_crypto_backend }}] Check bit size of default" - assert: + ansible.builtin.assert: that: - bit_size_dhparam.stdout == "768" - name: "[{{ select_crypto_backend }}] Get bit size of 512" - shell: '{{ openssl_binary }} dhparam -noout -in {{ remote_tmp_dir }}/dh512.pem -text | head -n1 | sed -ne "s@.*(\\([[:digit:]]\{1,\}\\) bit).*@\\1@p"' + ansible.builtin.shell: '{{ openssl_binary }} dhparam -noout -in {{ remote_tmp_dir }}/dh512.pem -text | head -n1 | sed -ne "s@.*(\\([[:digit:]]\{1,\}\\) bit).*@\\1@p"' register: bit_size_dhparam_512 - name: "[{{ select_crypto_backend }}] Check bit size of default" - assert: + ansible.builtin.assert: that: - bit_size_dhparam_512.stdout == "512" - name: "[{{ select_crypto_backend }}] Check if changed works correctly" - assert: + ansible.builtin.assert: that: - dhparam_check is changed - dhparam is changed @@ -39,23 +39,23 @@ - dhparam_changed_force is changed - name: "[{{ select_crypto_backend }}] Read result" - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/dh768.pem' register: slurp - name: "[{{ select_crypto_backend }}] Make sure correct values are returned" - assert: + ansible.builtin.assert: that: - dhparam.dhparams == (slurp.content | b64decode) - dhparam.dhparams == dhparam_changed.dhparams - name: "[{{ select_crypto_backend }}] Verify that broken params will be regenerated" - assert: + ansible.builtin.assert: that: - output_broken is changed - name: "[{{ select_crypto_backend }}] Check backup" - assert: + ansible.builtin.assert: that: - dhparam_backup_1 is changed - dhparam_backup_1.backup_file is undefined diff --git a/tests/integration/targets/openssl_pkcs12/tasks/impl.yml b/tests/integration/targets/openssl_pkcs12/tasks/impl.yml index 50e2c2bd..29c41790 100644 --- a/tests/integration/targets/openssl_pkcs12/tasks/impl.yml +++ b/tests/integration/targets/openssl_pkcs12/tasks/impl.yml @@ -5,7 +5,7 @@ - block: - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (check mode)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible.p12' friendly_name: abracadabra @@ -17,7 +17,7 @@ register: p12_standard_check - name: "({{ select_crypto_backend }}) Generate PKCS#12 file" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible.p12' friendly_name: abracadabra @@ -28,7 +28,7 @@ register: p12_standard - name: "({{ select_crypto_backend }}) Generate PKCS#12 file again, idempotency (check mode)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible.p12' friendly_name: abracadabra @@ -40,7 +40,7 @@ register: p12_standard_idempotency_check - name: "({{ select_crypto_backend }}) Generate PKCS#12 file again, idempotency" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible.p12' friendly_name: abracadabra @@ -51,7 +51,7 @@ register: p12_standard_idempotency - name: "({{ select_crypto_backend }}) Generate PKCS#12 file again, idempotency (empty other_certificates)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible.p12' friendly_name: abracadabra @@ -63,17 +63,17 @@ register: p12_standard_idempotency_no_certs - name: "({{ select_crypto_backend }}) Read ansible_pkey1.pem" - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/ansible_pkey1.pem' register: ansible_pkey_content - name: "({{ select_crypto_backend }}) Read ansible1.crt" - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/ansible1.crt' register: ansible_crt_content - name: "({{ select_crypto_backend }}) Generate PKCS#12 file again, idempotency (private key from file)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible.p12' friendly_name: abracadabra @@ -84,18 +84,18 @@ register: p12_standard_idempotency_2 - name: "({{ select_crypto_backend }}) Read ansible.p12" - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/ansible.p12' register: ansible_p12_content - name: "({{ select_crypto_backend }}) Validate PKCS#12" - assert: + ansible.builtin.assert: that: - p12_standard.pkcs12 == ansible_p12_content.content - p12_standard_idempotency.pkcs12 == p12_standard.pkcs12 - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (force)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible.p12' friendly_name: abracadabra @@ -106,7 +106,7 @@ register: p12_force - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (force + change mode)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible.p12' friendly_name: abracadabra @@ -118,7 +118,7 @@ register: p12_force_and_mode - name: "({{ select_crypto_backend }}) Dump PKCS#12" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' src: '{{ remote_tmp_dir }}/ansible.p12' path: '{{ remote_tmp_dir }}/ansible_parse.pem' @@ -127,7 +127,7 @@ register: p12_dumped - name: "({{ select_crypto_backend }}) Dump PKCS#12 file again, idempotency" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' src: '{{ remote_tmp_dir }}/ansible.p12' path: '{{ remote_tmp_dir }}/ansible_parse.pem' @@ -136,7 +136,7 @@ register: p12_dumped_idempotency - name: "({{ select_crypto_backend }}) Dump PKCS#12, check mode" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' src: '{{ remote_tmp_dir }}/ansible.p12' path: '{{ remote_tmp_dir }}/ansible_parse.pem' @@ -146,7 +146,7 @@ register: p12_dumped_check_mode - name: "({{ select_crypto_backend }}) Generate PKCS#12 file with multiple certs and passphrase" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible_multi_certs.p12' friendly_name: abracadabra @@ -160,7 +160,7 @@ register: p12_multiple_certs - name: "({{ select_crypto_backend }}) Read ansible2.crt / ansible3.crt.crt" - slurp: + ansible.builtin.slurp: src: "{{ item }}" loop: - "{{ remote_tmp_dir ~ '/ansible2.crt' }}" @@ -168,7 +168,7 @@ register: ansible_other_content - name: "({{ select_crypto_backend }}) Generate PKCS#12 file with multiple certs and passphrase, again (idempotency)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible_multi_certs.p12' friendly_name: abracadabra @@ -182,7 +182,7 @@ register: p12_multiple_certs_idempotency - name: "({{ select_crypto_backend }}) Dump PKCS#12 with multiple certs and passphrase" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' src: '{{ remote_tmp_dir }}/ansible_multi_certs.p12' path: '{{ remote_tmp_dir }}/ansible_parse_multi_certs.pem' @@ -191,7 +191,7 @@ state: present - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (password fail 1)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible_pw1.p12' friendly_name: abracadabra @@ -203,7 +203,7 @@ register: passphrase_error_1 - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (password fail 2)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible_pw2.p12' friendly_name: abracadabra @@ -215,7 +215,7 @@ register: passphrase_error_2 - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (password fail 3)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible_pw3.p12' friendly_name: abracadabra @@ -226,7 +226,7 @@ register: passphrase_error_3 - name: "({{ select_crypto_backend }}) Generate PKCS#12 file, no privatekey" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible_no_pkey.p12' friendly_name: abracadabra @@ -235,12 +235,12 @@ register: p12_no_pkey - name: "({{ select_crypto_backend }}) Create broken PKCS#12" - copy: + ansible.builtin.copy: dest: '{{ remote_tmp_dir }}/broken.p12' content: broken - name: "({{ select_crypto_backend }}) Regenerate broken PKCS#12" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/broken.p12' friendly_name: abracadabra @@ -252,7 +252,7 @@ register: output_broken - name: "({{ select_crypto_backend }}) Generate PKCS#12 file" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible_backup.p12' friendly_name: abracadabra @@ -263,7 +263,7 @@ register: p12_backup_1 - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (idempotent)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible_backup.p12' friendly_name: abracadabra @@ -274,7 +274,7 @@ register: p12_backup_2 - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (change)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible_backup.p12' friendly_name: abra @@ -286,7 +286,7 @@ register: p12_backup_3 - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (remove)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible_backup.p12' state: absent @@ -295,7 +295,7 @@ register: p12_backup_4 - name: "({{ select_crypto_backend }}) Generate PKCS#12 file (remove, idempotent)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible_backup.p12' state: absent @@ -303,7 +303,7 @@ register: p12_backup_5 - name: "({{ select_crypto_backend }}) Generate 'empty' PKCS#12 file" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible_empty.p12' friendly_name: abracadabra @@ -315,7 +315,7 @@ - name: "({{ select_crypto_backend }}) Generate 'empty' PKCS#12 file (idempotent)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible_empty.p12' friendly_name: abracadabra @@ -326,7 +326,7 @@ register: p12_empty_idem - name: "({{ select_crypto_backend }}) Generate 'empty' PKCS#12 file (idempotent, concatenated other certificates)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible_empty.p12' friendly_name: abracadabra @@ -337,12 +337,12 @@ register: p12_empty_concat_idem - name: "({{ select_crypto_backend }}) Read ansible23.crt" - slurp: + ansible.builtin.slurp: src: "{{ remote_tmp_dir ~ '/ansible23.crt' }}" register: ansible_other_content_concat - name: "({{ select_crypto_backend }}) Generate 'empty' PKCS#12 file (idempotent, concatenated other certificates)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible_empty.p12' friendly_name: abracadabra @@ -353,14 +353,14 @@ register: p12_empty_concat_content_idem - name: "({{ select_crypto_backend }}) Generate 'empty' PKCS#12 file (parse)" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' src: '{{ remote_tmp_dir }}/ansible_empty.p12' path: '{{ remote_tmp_dir }}/ansible_empty.pem' action: parse - name: "({{ select_crypto_backend }}) Generate PKCS#12 file passphrase and compatibility encryption" - openssl_pkcs12: + community.crypto.openssl_pkcs12: select_crypto_backend: '{{ select_crypto_backend }}' path: '{{ remote_tmp_dir }}/ansible_compatibility2022.p12' friendly_name: compat_fn @@ -378,11 +378,11 @@ - select_crypto_backend == 'cryptography' - cryptography_version is version('38.0.0', '>=') - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml always: - name: "({{ select_crypto_backend }}) Delete PKCS#12 file" - openssl_pkcs12: + community.crypto.openssl_pkcs12: state: absent path: '{{ remote_tmp_dir }}/{{ item }}.p12' loop: diff --git a/tests/integration/targets/openssl_pkcs12/tasks/main.yml b/tests/integration/targets/openssl_pkcs12/tasks/main.yml index a48a703e..1f708ad6 100644 --- a/tests/integration/targets/openssl_pkcs12/tasks/main.yml +++ b/tests/integration/targets/openssl_pkcs12/tasks/main.yml @@ -10,26 +10,26 @@ - block: - name: Generate private keys - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/ansible_pkey{{ item }}.pem' size: '{{ default_rsa_key_size_certificates }}' loop: "{{ range(1, 4) | list }}" - name: Generate privatekey with password - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 size: '{{ default_rsa_key_size }}' - name: Generate CSRs - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/ansible{{ item }}.csr' privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey{{ item }}.pem' commonName: www{{ item }}.ansible.com loop: "{{ range(1, 4) | list }}" - name: Generate certificate - x509_certificate: + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ansible{{ item }}.crt' privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey{{ item }}.pem' csr_path: '{{ remote_tmp_dir }}/ansible{{ item }}.csr' @@ -37,7 +37,7 @@ loop: "{{ range(1, 4) | list }}" - name: Read files - slurp: + ansible.builtin.slurp: src: '{{ item }}' loop: - "{{ remote_tmp_dir ~ '/ansible2.crt' }}" @@ -45,12 +45,12 @@ register: slurp - name: Generate concatenated PEM file - copy: + ansible.builtin.copy: dest: '{{ remote_tmp_dir }}/ansible23.crt' content: '{{ slurp.results[0].content | b64decode }}{{ slurp.results[1].content | b64decode }}' - name: Generate PKCS#12 file with backend autodetection - openssl_pkcs12: + community.crypto.openssl_pkcs12: path: '{{ remote_tmp_dir }}/ansible.p12' friendly_name: abracadabra privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem' @@ -58,12 +58,12 @@ state: present - name: Delete result - file: + ansible.builtin.file: path: '{{ remote_tmp_dir }}/ansible.p12' state: absent - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography diff --git a/tests/integration/targets/openssl_pkcs12/tests/validate.yml b/tests/integration/targets/openssl_pkcs12/tests/validate.yml index 9024cdc5..8e1ee2db 100644 --- a/tests/integration/targets/openssl_pkcs12/tests/validate.yml +++ b/tests/integration/targets/openssl_pkcs12/tests/validate.yml @@ -4,19 +4,19 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: '({{ select_crypto_backend }}) Validate PKCS#12' - command: "{{ openssl_binary }} pkcs12 -info -in {{ remote_tmp_dir }}/ansible.p12 -nodes -passin pass:''" + ansible.builtin.command: "{{ openssl_binary }} pkcs12 -info -in {{ remote_tmp_dir }}/ansible.p12 -nodes -passin pass:''" register: p12 - name: '({{ select_crypto_backend }}) Validate PKCS#12 with no private key' - command: "{{ openssl_binary }} pkcs12 -info -in {{ remote_tmp_dir }}/ansible_no_pkey.p12 -nodes -passin pass:''" + ansible.builtin.command: "{{ openssl_binary }} pkcs12 -info -in {{ remote_tmp_dir }}/ansible_no_pkey.p12 -nodes -passin pass:''" register: p12_validate_no_pkey - name: '({{ select_crypto_backend }}) Validate PKCS#12 with multiple certs' - shell: "{{ openssl_binary }} pkcs12 -info -in {{ remote_tmp_dir }}/ansible_multi_certs.p12 -nodes -passin pass:'hunter3' | grep subject" + ansible.builtin.shell: "{{ openssl_binary }} pkcs12 -info -in {{ remote_tmp_dir }}/ansible_multi_certs.p12 -nodes -passin pass:'hunter3' | grep subject" register: p12_validate_multi_certs - name: '({{ select_crypto_backend }}) Validate PKCS#12 (assert)' - assert: + ansible.builtin.assert: that: - p12_standard_check is changed - p12_standard is changed @@ -40,7 +40,7 @@ - "'www3.' in p12_validate_multi_certs.stdout" - name: '({{ select_crypto_backend }}) Check passphrase on private key' - assert: + ansible.builtin.assert: that: - passphrase_error_1 is failed - "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg" @@ -50,12 +50,12 @@ - "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg" - name: '({{ select_crypto_backend }}) Verify that broken PKCS#12 will be regenerated' - assert: + ansible.builtin.assert: that: - output_broken is changed - name: '({{ select_crypto_backend }}) Check backup' - assert: + ansible.builtin.assert: that: - p12_backup_1 is changed - p12_backup_1.backup_file is undefined @@ -70,7 +70,7 @@ - p12_backup_4.pkcs12 is none - name: '({{ select_crypto_backend }}) Read files' - slurp: + ansible.builtin.slurp: src: '{{ item }}' loop: - "{{ remote_tmp_dir ~ '/ansible_empty.pem' }}" @@ -79,12 +79,12 @@ register: slurp - name: '({{ select_crypto_backend }}) Load "empty" file' - set_fact: + ansible.builtin.set_fact: empty_contents: "{{ slurp.results[0].content | b64decode }}" empty_expected: "{{ (slurp.results[1].content | b64decode) ~ (slurp.results[2].content | b64decode) }}" - name: '({{ select_crypto_backend }}) Check "empty" file' - assert: + ansible.builtin.assert: that: - p12_empty is changed - p12_empty_idem is not changed @@ -98,11 +98,11 @@ - cryptography_version is version('38.0.0', '>=') block: - name: '({{ select_crypto_backend }}) Validate PKCS#12 with compatibility2022 settings' - command: "{{ openssl_binary }} pkcs12 -info -in {{ remote_tmp_dir }}/ansible_compatibility2022.p12 -nodes -passin pass:'magicpassword'" + ansible.builtin.command: "{{ openssl_binary }} pkcs12 -info -in {{ remote_tmp_dir }}/ansible_compatibility2022.p12 -nodes -passin pass:'magicpassword'" register: p12_validate_compatibility2022 - name: '({{ select_crypto_backend }}) Check PKCS#12 with compatibility2022 settings' - assert: + ansible.builtin.assert: that: - p12_compatibility2022 is changed - >- diff --git a/tests/integration/targets/openssl_privatekey/tasks/impl.yml b/tests/integration/targets/openssl_privatekey/tasks/impl.yml index 44a7f678..a61d0abd 100644 --- a/tests/integration/targets/openssl_privatekey/tasks/impl.yml +++ b/tests/integration/targets/openssl_privatekey/tasks/impl.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: "({{ select_crypto_backend }}) Generate privatekey1 - standard (check mode)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey1.pem' select_crypto_backend: '{{ select_crypto_backend }}' return_content: true @@ -12,14 +12,14 @@ register: privatekey1_check - name: "({{ select_crypto_backend }}) Generate privatekey1 - standard" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey1.pem' select_crypto_backend: '{{ select_crypto_backend }}' return_content: true register: privatekey1 - name: "({{ select_crypto_backend }}) Generate privatekey1 - standard (idempotence, check mode)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey1.pem' select_crypto_backend: '{{ select_crypto_backend }}' return_content: true @@ -27,33 +27,33 @@ register: privatekey1_idempotence_check - name: "({{ select_crypto_backend }}) Generate privatekey1 - standard (idempotence)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey1.pem' select_crypto_backend: '{{ select_crypto_backend }}' return_content: true register: privatekey1_idempotence - name: "({{ select_crypto_backend }}) Generate privatekey2 - size 2048" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey2.pem' size: 2048 select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate privatekey3 - type DSA" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey3.pem' type: DSA size: 3072 select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate privatekey4 - standard" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey4.pem' size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Delete privatekey4 - standard" - openssl_privatekey: + community.crypto.openssl_privatekey: state: absent path: '{{ remote_tmp_dir }}/privatekey4.pem' select_crypto_backend: '{{ select_crypto_backend }}' @@ -61,14 +61,14 @@ register: privatekey4_delete - name: "({{ select_crypto_backend }}) Delete privatekey4 - standard (idempotence)" - openssl_privatekey: + community.crypto.openssl_privatekey: state: absent path: '{{ remote_tmp_dir }}/privatekey4.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey4_delete_idempotence - name: "({{ select_crypto_backend }}) Generate privatekey5 - standard - with passphrase" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey5.pem' passphrase: ansible cipher: auto @@ -76,7 +76,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate privatekey5 - standard - idempotence" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey5.pem' passphrase: ansible cipher: auto @@ -85,13 +85,13 @@ register: privatekey5_idempotence - name: "({{ select_crypto_backend }}) Generate privatekey6 - standard - with non-ASCII passphrase" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey6.pem' passphrase: ànsïblé size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' -- set_fact: +- ansible.builtin.set_fact: ecc_types: - curve: secp384r1 openssl_name: secp384r1 @@ -152,7 +152,7 @@ min_cryptography_version: "0.5" - name: "({{ select_crypto_backend }}) Test ECC key generation" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey-{{ item.curve }}.pem' type: ECC curve: "{{ item.curve }}" @@ -166,7 +166,7 @@ register: privatekey_ecc_generate - name: "({{ select_crypto_backend }}) Test ECC key generation (idempotency)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey-{{ item.curve }}.pem' type: ECC curve: "{{ item.curve }}" @@ -181,7 +181,7 @@ - block: - name: "({{ select_crypto_backend }}) Test other type generation" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey-{{ item.type }}.pem' type: "{{ item.type }}" select_crypto_backend: '{{ select_crypto_backend }}' @@ -193,7 +193,7 @@ register: privatekey_t1_generate - name: "({{ select_crypto_backend }}) Test other type generation (idempotency)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey-{{ item.type }}.pem' type: "{{ item.type }}" select_crypto_backend: '{{ select_crypto_backend }}' @@ -217,7 +217,7 @@ min_version: '2.6' - name: "({{ select_crypto_backend }}) Generate privatekey with passphrase" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 size: '{{ default_rsa_key_size }}' @@ -226,7 +226,7 @@ register: passphrase_1 - name: "({{ select_crypto_backend }}) Generate privatekey with passphrase (idempotent)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: auto @@ -236,7 +236,7 @@ register: passphrase_2 - name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekeypw.pem' size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' @@ -244,7 +244,7 @@ register: passphrase_3 - name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase (idempotent)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekeypw.pem' size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' @@ -252,7 +252,7 @@ register: passphrase_4 - name: "({{ select_crypto_backend }}) Regenerate privatekey with passphrase" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 size: '{{ default_rsa_key_size }}' @@ -261,18 +261,18 @@ register: passphrase_5 - name: "({{ select_crypto_backend }}) Create broken key" - copy: + ansible.builtin.copy: dest: "{{ remote_tmp_dir }}/broken" content: "broken" - name: "({{ select_crypto_backend }}) Regenerate broken key" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/broken.pem' size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' register: output_broken - name: "({{ select_crypto_backend }}) Remove module" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 size: '{{ default_rsa_key_size }}' @@ -282,7 +282,7 @@ register: remove_1 - name: "({{ select_crypto_backend }}) Remove module (idempotent)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 cipher: auto @@ -293,7 +293,7 @@ register: remove_2 - name: "({{ select_crypto_backend }}) Generate privatekey_mode (mode 0400)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_mode.pem' mode: '0400' size: '{{ default_rsa_key_size }}' @@ -301,7 +301,7 @@ register: privatekey_mode_1 - name: "({{ select_crypto_backend }}) Stat for privatekey_mode" - stat: + ansible.builtin.stat: path: '{{ remote_tmp_dir }}/privatekey_mode.pem' register: privatekey_mode_1_stat @@ -312,7 +312,7 @@ register: privatekey_mode_1_fileinfo - name: "({{ select_crypto_backend }}) Generate privatekey_mode (mode 0400, idempotency)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_mode.pem' mode: '0400' size: '{{ default_rsa_key_size }}' @@ -320,7 +320,7 @@ register: privatekey_mode_2 - name: "({{ select_crypto_backend }}) Generate privatekey_mode (mode 0400, force)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_mode.pem' mode: '0400' force: true @@ -329,7 +329,7 @@ register: privatekey_mode_3 - name: "({{ select_crypto_backend }}) Stat for privatekey_mode" - stat: + ansible.builtin.stat: path: '{{ remote_tmp_dir }}/privatekey_mode.pem' register: privatekey_mode_3_stat @@ -340,7 +340,7 @@ - block: - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - auto format" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: auto size: '{{ default_rsa_key_size }}' @@ -348,7 +348,7 @@ register: privatekey_fmt_1_step_1 - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - auto format (idempotent)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: auto size: '{{ default_rsa_key_size }}' @@ -356,7 +356,7 @@ register: privatekey_fmt_1_step_2 - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS1 format" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: pkcs1 size: '{{ default_rsa_key_size }}' @@ -364,7 +364,7 @@ register: privatekey_fmt_1_step_3 - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: pkcs8 size: '{{ default_rsa_key_size }}' @@ -372,7 +372,7 @@ register: privatekey_fmt_1_step_4 - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (idempotent)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: pkcs8 size: '{{ default_rsa_key_size }}' @@ -380,7 +380,7 @@ register: privatekey_fmt_1_step_5 - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - auto format (ignore)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: auto_ignore size: '{{ default_rsa_key_size }}' @@ -388,7 +388,7 @@ register: privatekey_fmt_1_step_6 - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - auto format (no ignore)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: auto size: '{{ default_rsa_key_size }}' @@ -396,7 +396,7 @@ register: privatekey_fmt_1_step_7 - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - raw format (fail)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: raw size: '{{ default_rsa_key_size }}' @@ -405,13 +405,13 @@ register: privatekey_fmt_1_step_8 - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)" - openssl_privatekey_info: + community.crypto.openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_9_before - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' format: pkcs8 format_mismatch: convert @@ -420,7 +420,7 @@ register: privatekey_fmt_1_step_9 - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_1 - PKCS8 format (convert)" - openssl_privatekey_info: + community.crypto.openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey_fmt_1.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey_fmt_1_step_9_after @@ -429,7 +429,7 @@ - block: - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - PKCS8 format" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_fmt_2.pem' type: X448 format: pkcs8 @@ -438,7 +438,7 @@ register: privatekey_fmt_2_step_1 - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - PKCS8 format (idempotent)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_fmt_2.pem' type: X448 format: pkcs8 @@ -447,7 +447,7 @@ register: privatekey_fmt_2_step_2 - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - raw format" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_fmt_2.pem' type: X448 format: raw @@ -457,19 +457,19 @@ register: privatekey_fmt_2_step_3 - name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem" - slurp: + ansible.builtin.slurp: src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem" ignore_errors: true register: content - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded" - assert: + ansible.builtin.assert: that: - privatekey_fmt_2_step_3.privatekey == content.content when: privatekey_fmt_2_step_1 is not failed - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - raw format (idempotent)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_fmt_2.pem' type: X448 format: raw @@ -479,19 +479,19 @@ register: privatekey_fmt_2_step_4 - name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem" - slurp: + ansible.builtin.slurp: src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem" ignore_errors: true register: content - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded" - assert: + ansible.builtin.assert: that: - privatekey_fmt_2_step_4.privatekey == content.content when: privatekey_fmt_2_step_1 is not failed - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - auto format (ignore)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_fmt_2.pem' type: X448 format: auto_ignore @@ -501,19 +501,19 @@ register: privatekey_fmt_2_step_5 - name: "({{ select_crypto_backend }}) Read privatekey_fmt_2.pem" - slurp: + ansible.builtin.slurp: src: "{{ remote_tmp_dir }}/privatekey_fmt_2.pem" ignore_errors: true register: content - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is base64 encoded" - assert: + ansible.builtin.assert: that: - privatekey_fmt_2_step_5.privatekey == content.content when: privatekey_fmt_2_step_1 is not failed - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - auto format (no ignore)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_fmt_2.pem' type: X448 format: auto @@ -523,13 +523,13 @@ register: privatekey_fmt_2_step_6 - name: "({{ select_crypto_backend }}) Read private key" - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/privatekey_fmt_2.pem' register: slurp when: privatekey_fmt_2_step_1 is not failed - name: "({{ select_crypto_backend }}) Generate privatekey_fmt_2 - verify that returned content is not base64 encoded" - assert: + ansible.builtin.assert: that: - privatekey_fmt_2_step_6.privatekey == (slurp.content | b64decode) when: privatekey_fmt_2_step_1 is not failed @@ -540,14 +540,14 @@ # Test regenerate option - name: "({{ select_crypto_backend }}) Regenerate - setup simple keys" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size }}' select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" - name: "({{ select_crypto_backend }}) Regenerate - setup password protected keys" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size }}' @@ -556,14 +556,14 @@ select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" - name: "({{ select_crypto_backend }}) Regenerate - setup broken keys" - copy: + ansible.builtin.copy: dest: '{{ remote_tmp_dir }}/regenerate-c-{{ item }}.pem' content: 'broken key' mode: '0700' loop: "{{ regenerate_values }}" - name: "({{ select_crypto_backend }}) Regenerate - modify broken keys (check mode)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/regenerate-c-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size }}' @@ -573,7 +573,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is failed - "'Unable to read the key. The key is protected with a another passphrase / no passphrase or broken. Will not proceed.' in result.results[0].msg or 'Cannot load raw key' in result.results[0].msg" @@ -585,7 +585,7 @@ - result.results[4] is changed - name: "({{ select_crypto_backend }}) Regenerate - modify broken keys" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/regenerate-c-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size }}' @@ -594,7 +594,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is failed - "'Unable to read the key. The key is protected with a another passphrase / no passphrase or broken. Will not proceed.' in result.results[0].msg or 'Cannot load raw key' in result.results[0].msg" @@ -606,7 +606,7 @@ - result.results[4] is changed - name: "({{ select_crypto_backend }}) Regenerate - modify password protected keys (check mode)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size }}' @@ -616,7 +616,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is failed - "'Unable to read the key. The key is protected with a another passphrase / no passphrase or broken. Will not proceed.' in result.results[0].msg" @@ -628,7 +628,7 @@ - result.results[4] is changed - name: "({{ select_crypto_backend }}) Regenerate - modify password protected keys" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/regenerate-b-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size }}' @@ -637,7 +637,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is failed - "'Unable to read the key. The key is protected with a another passphrase / no passphrase or broken. Will not proceed.' in result.results[0].msg" @@ -649,7 +649,7 @@ - result.results[4] is changed - name: "({{ select_crypto_backend }}) Regenerate - not modify regular keys (check mode)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size }}' @@ -658,7 +658,7 @@ check_mode: true loop: "{{ regenerate_values }}" register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is not changed - result.results[1] is not changed @@ -667,7 +667,7 @@ - result.results[4] is changed - name: "({{ select_crypto_backend }}) Regenerate - not modify regular keys" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size }}' @@ -675,7 +675,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is not changed - result.results[1] is not changed @@ -684,7 +684,7 @@ - result.results[4] is changed - name: "({{ select_crypto_backend }}) Regenerate - adjust key size (check mode)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size + 20 }}' @@ -694,7 +694,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is success and result.results[0] is not changed - result.results[1] is failed @@ -704,7 +704,7 @@ - result.results[4] is changed - name: "({{ select_crypto_backend }}) Regenerate - adjust key size" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: RSA size: '{{ default_rsa_key_size + 20 }}' @@ -713,7 +713,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is success and result.results[0] is not changed - result.results[1] is failed @@ -723,7 +723,7 @@ - result.results[4] is changed - name: "({{ select_crypto_backend }}) Regenerate - redistribute keys" - copy: + ansible.builtin.copy: src: '{{ remote_tmp_dir }}/regenerate-a-always.pem' dest: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' remote_src: true @@ -731,7 +731,7 @@ when: "item != 'always'" - name: "({{ select_crypto_backend }}) Regenerate - adjust key type (check mode)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: DSA size: '{{ default_rsa_key_size }}' @@ -741,7 +741,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is success and result.results[0] is not changed - result.results[1] is failed @@ -751,7 +751,7 @@ - result.results[4] is changed - name: "({{ select_crypto_backend }}) Regenerate - adjust key type" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: DSA size: '{{ default_rsa_key_size }}' @@ -760,7 +760,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result -- assert: +- ansible.builtin.assert: that: - result.results[0] is success and result.results[0] is not changed - result.results[1] is failed @@ -771,7 +771,7 @@ - block: - name: "({{ select_crypto_backend }}) Regenerate - redistribute keys" - copy: + ansible.builtin.copy: src: '{{ remote_tmp_dir }}/regenerate-a-always.pem' dest: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' remote_src: true @@ -779,7 +779,7 @@ when: "item != 'always'" - name: "({{ select_crypto_backend }}) Regenerate - format mismatch (check mode)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: DSA size: '{{ default_rsa_key_size }}' @@ -790,7 +790,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result - - assert: + - ansible.builtin.assert: that: - result.results[0] is success and result.results[0] is not changed - result.results[1] is failed @@ -800,7 +800,7 @@ - result.results[4] is changed - name: "({{ select_crypto_backend }}) Regenerate - format mismatch" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: DSA size: '{{ default_rsa_key_size }}' @@ -810,7 +810,7 @@ loop: "{{ regenerate_values }}" ignore_errors: true register: result - - assert: + - ansible.builtin.assert: that: - result.results[0] is success and result.results[0] is not changed - result.results[1] is failed @@ -820,7 +820,7 @@ - result.results[4] is changed - name: "({{ select_crypto_backend }}) Regenerate - redistribute keys" - copy: + ansible.builtin.copy: src: '{{ remote_tmp_dir }}/regenerate-a-always.pem' dest: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' remote_src: true @@ -828,7 +828,7 @@ when: "item != 'always'" - name: "({{ select_crypto_backend }}) Regenerate - convert format (check mode)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: DSA size: '{{ default_rsa_key_size }}' @@ -839,7 +839,7 @@ check_mode: true loop: "{{ regenerate_values }}" register: result - - assert: + - ansible.builtin.assert: that: - result.results[0] is changed - result.results[1] is changed @@ -848,7 +848,7 @@ - result.results[4] is changed - name: "({{ select_crypto_backend }}) Regenerate - convert format" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/regenerate-a-{{ item }}.pem' type: DSA size: '{{ default_rsa_key_size }}' @@ -858,7 +858,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' loop: "{{ regenerate_values }}" register: result - - assert: + - ansible.builtin.assert: that: - result.results[0] is changed - result.results[1] is changed diff --git a/tests/integration/targets/openssl_privatekey/tasks/main.yml b/tests/integration/targets/openssl_privatekey/tasks/main.yml index 19008c5f..c0983003 100644 --- a/tests/integration/targets/openssl_privatekey/tasks/main.yml +++ b/tests/integration/targets/openssl_privatekey/tasks/main.yml @@ -9,11 +9,11 @@ #################################################################### - name: Find out which elliptic curves are supported by installed OpenSSL - command: "{{ openssl_binary }} ecparam -list_curves" + ansible.builtin.command: "{{ openssl_binary }} ecparam -list_curves" register: openssl_ecc - name: Compile list of elliptic curves supported by OpenSSL - set_fact: + ansible.builtin.set_fact: openssl_ecc_list: | {{ openssl_ecc.stdout_lines @@ -25,7 +25,7 @@ when: ansible_distribution != 'CentOS' or ansible_distribution_major_version != '6' # CentOS comes with a very old jinja2 which does not include the map() filter... - name: Compile list of elliptic curves supported by OpenSSL (CentOS 6) - set_fact: + ansible.builtin.set_fact: openssl_ecc_list: - secp384r1 - secp521r1 @@ -33,20 +33,20 @@ when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6' - name: List of elliptic curves supported by OpenSSL - debug: var=openssl_ecc_list + ansible.builtin.debug: var=openssl_ecc_list - name: Run module with backend autodetection - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem' size: '{{ default_rsa_key_size }}' - block: - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml vars: select_crypto_backend: cryptography diff --git a/tests/integration/targets/openssl_privatekey/tests/validate.yml b/tests/integration/targets/openssl_privatekey/tests/validate.yml index d64cbd4b..5d004484 100644 --- a/tests/integration/targets/openssl_privatekey/tests/validate.yml +++ b/tests/integration/targets/openssl_privatekey/tests/validate.yml @@ -3,16 +3,16 @@ # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later -- set_fact: +- ansible.builtin.set_fact: system_potentially_has_no_algorithm_support: "{{ ansible_os_family == 'FreeBSD' }}" - name: "({{ select_crypto_backend }}) Read private key" - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/privatekey1.pem' register: slurp - name: "({{ select_crypto_backend }}) Validate privatekey1 idempotency and content returned" - assert: + ansible.builtin.assert: that: - privatekey1_check is changed - privatekey1 is changed @@ -23,47 +23,47 @@ - name: "({{ select_crypto_backend }}) Validate privatekey1 (test - RSA key with size 4096 bits)" - shell: "{{ openssl_binary }} rsa -noout -text -in {{ remote_tmp_dir }}/privatekey1.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" + ansible.builtin.shell: "{{ openssl_binary }} rsa -noout -text -in {{ remote_tmp_dir }}/privatekey1.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" register: privatekey1 - name: "({{ select_crypto_backend }}) Validate privatekey1 (assert - RSA key with size 4096 bits)" - assert: + ansible.builtin.assert: that: - privatekey1.stdout == '4096' - name: "({{ select_crypto_backend }}) Validate privatekey2 (test - RSA key with size 2048 bits)" - shell: "{{ openssl_binary }} rsa -noout -text -in {{ remote_tmp_dir }}/privatekey2.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" + ansible.builtin.shell: "{{ openssl_binary }} rsa -noout -text -in {{ remote_tmp_dir }}/privatekey2.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" register: privatekey2 - name: "({{ select_crypto_backend }}) Validate privatekey2 (assert - RSA key with size 2048 bits)" - assert: + ansible.builtin.assert: that: - privatekey2.stdout == '2048' - name: "({{ select_crypto_backend }}) Validate privatekey3 (test - DSA key with size 3072 bits)" - shell: "{{ openssl_binary }} dsa -noout -text -in {{ remote_tmp_dir }}/privatekey3.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" + ansible.builtin.shell: "{{ openssl_binary }} dsa -noout -text -in {{ remote_tmp_dir }}/privatekey3.pem | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" register: privatekey3 - name: Validate privatekey3 (assert - DSA key with size 3072 bits) - assert: + ansible.builtin.assert: that: - privatekey3.stdout == '3072' - name: "({{ select_crypto_backend }}) Validate privatekey4 (test - Ensure key has been removed)" - stat: + ansible.builtin.stat: path: '{{ remote_tmp_dir }}/privatekey4.pem' register: privatekey4 - name: "({{ select_crypto_backend }}) Validate privatekey4 (assert - Ensure key has been removed)" - assert: + ansible.builtin.assert: that: - privatekey4.stat.exists == False - name: "({{ select_crypto_backend }}) Validate privatekey4 removal behavior" - assert: + ansible.builtin.assert: that: - privatekey4_delete is changed - privatekey4_delete.privatekey is none @@ -71,37 +71,37 @@ - name: "({{ select_crypto_backend }}) Validate privatekey5 (test - Passphrase protected key + idempotence)" - shell: "{{ openssl_binary }} rsa -noout -text -in {{ remote_tmp_dir }}/privatekey5.pem -passin pass:ansible | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" + ansible.builtin.shell: "{{ openssl_binary }} rsa -noout -text -in {{ remote_tmp_dir }}/privatekey5.pem -passin pass:ansible | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" register: privatekey5 # Current version of OS/X that runs in the CI (10.11) does not have an up to date version of the OpenSSL library # leading to this test to fail when run in the CI. However, this test has been run for 10.12 and has returned successfully. when: openssl_version is version('0.9.8zh', '>=') - name: "({{ select_crypto_backend }}) Validate privatekey5 (assert - Passphrase protected key + idempotence)" - assert: + ansible.builtin.assert: that: - privatekey5.stdout == (default_rsa_key_size | string) when: openssl_version is version('0.9.8zh', '>=') - name: "({{ select_crypto_backend }}) Validate privatekey5 idempotence (assert - Passphrase protected key + idempotence)" - assert: + ansible.builtin.assert: that: - privatekey5_idempotence is not changed - name: "({{ select_crypto_backend }}) Validate privatekey6 (test - Passphrase protected key with non ascii character)" - shell: "{{ openssl_binary }} rsa -noout -text -in {{ remote_tmp_dir }}/privatekey6.pem -passin pass:ànsïblé | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" + ansible.builtin.shell: "{{ openssl_binary }} rsa -noout -text -in {{ remote_tmp_dir }}/privatekey6.pem -passin pass:ànsïblé | grep Private | sed 's/\\(RSA *\\)*Private-Key: (\\(.*\\) bit.*)/\\2/'" register: privatekey6 when: openssl_version is version('0.9.8zh', '>=') - name: "({{ select_crypto_backend }}) Validate privatekey6 (assert - Passphrase protected key with non ascii character)" - assert: + ansible.builtin.assert: that: - privatekey6.stdout == (default_rsa_key_size | string) when: openssl_version is version('0.9.8zh', '>=') - name: "({{ select_crypto_backend }}) Validate ECC generation (dump with OpenSSL)" - shell: "{{ openssl_binary }} ec -in {{ remote_tmp_dir }}/privatekey-{{ item.item.curve }}.pem -noout -text | grep 'ASN1 OID: ' | sed 's/ASN1 OID: \\([^ ]*\\)/\\1/'" + ansible.builtin.shell: "{{ openssl_binary }} ec -in {{ remote_tmp_dir }}/privatekey-{{ item.item.curve }}.pem -noout -text | grep 'ASN1 OID: ' | sed 's/ASN1 OID: \\([^ ]*\\)/\\1/'" loop: "{{ privatekey_ecc_generate.results }}" register: privatekey_ecc_dump when: openssl_version is version('0.9.8zh', '>=') and 'skip_reason' not in item @@ -109,7 +109,7 @@ label: "{{ item.item.curve }}" - name: "({{ select_crypto_backend }}) Validate ECC generation" - assert: + ansible.builtin.assert: that: - item is changed loop: "{{ privatekey_ecc_generate.results }}" @@ -118,7 +118,7 @@ label: "{{ item.item.curve }}" - name: "({{ select_crypto_backend }}) Validate ECC generation (curve type)" - assert: + ansible.builtin.assert: that: - "'skip_reason' in item or item.item.item.openssl_name == item.stdout" loop: "{{ privatekey_ecc_dump.results }}" @@ -127,7 +127,7 @@ label: "{{ item.item.item }} - {{ item.stdout if 'stdout' in item else '' }}" - name: "({{ select_crypto_backend }}) Validate ECC generation idempotency" - assert: + ansible.builtin.assert: that: - item is not changed loop: "{{ privatekey_ecc_idempotency.results }}" @@ -136,7 +136,7 @@ label: "{{ item.item.curve }}" - name: "({{ select_crypto_backend }}) Validate other type generation (just check changed)" - assert: + ansible.builtin.assert: that: - (item is succeeded and item is changed) or (item is failed and 'Cryptography backend does not support the algorithm required for ' in item.msg and system_potentially_has_no_algorithm_support) @@ -146,7 +146,7 @@ label: "{{ item.item.type }}" - name: "({{ select_crypto_backend }}) Validate other type generation idempotency" - assert: + ansible.builtin.assert: that: - (item is succeeded and item is not changed) or (item is failed and 'Cryptography backend does not support the algorithm required for ' in item.msg and system_potentially_has_no_algorithm_support) @@ -156,7 +156,7 @@ label: "{{ item.item.type }}" - name: "({{ select_crypto_backend }}) Validate passphrase changing" - assert: + ansible.builtin.assert: that: - passphrase_1 is changed - passphrase_2 is not changed @@ -170,12 +170,12 @@ - passphrase_5.backup_file is string - name: "({{ select_crypto_backend }}) Verify that broken key will be regenerated" - assert: + ansible.builtin.assert: that: - output_broken is changed - name: "({{ select_crypto_backend }}) Validate remove" - assert: + ansible.builtin.assert: that: - remove_1 is changed - remove_2 is not changed @@ -183,7 +183,7 @@ - remove_2.backup_file is undefined - name: "({{ select_crypto_backend }}) Validate mode" - assert: + ansible.builtin.assert: that: - privatekey_mode_1 is changed - privatekey_mode_1_stat.stat.mode == '0400' @@ -193,7 +193,7 @@ - privatekey_mode_3_file_change is changed - name: "({{ select_crypto_backend }}) Validate format 1" - assert: + ansible.builtin.assert: that: - privatekey_fmt_1_step_1 is changed - privatekey_fmt_1_step_2 is not changed @@ -208,7 +208,7 @@ when: 'select_crypto_backend == "cryptography"' - name: "({{ select_crypto_backend }}) Validate format 2 (failed)" - assert: + ansible.builtin.assert: that: - system_potentially_has_no_algorithm_support - privatekey_fmt_2_step_1 is failed @@ -216,7 +216,7 @@ when: 'select_crypto_backend == "cryptography" and privatekey_fmt_2_step_1 is failed' - name: "({{ select_crypto_backend }}) Validate format 2" - assert: + ansible.builtin.assert: that: - privatekey_fmt_2_step_1 is succeeded and privatekey_fmt_2_step_1 is changed - privatekey_fmt_2_step_2 is succeeded and privatekey_fmt_2_step_2 is not changed diff --git a/tests/integration/targets/openssl_privatekey_convert/tasks/impl.yml b/tests/integration/targets/openssl_privatekey_convert/tasks/impl.yml index b91dd5e9..44144162 100644 --- a/tests/integration/targets/openssl_privatekey_convert/tasks/impl.yml +++ b/tests/integration/targets/openssl_privatekey_convert/tasks/impl.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Convert (check mode) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_1.pem' @@ -15,7 +15,7 @@ check_mode: true - name: Convert - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_1.pem' @@ -24,7 +24,7 @@ # select_crypto_backend: '{{ select_crypto_backend }}' register: convert -- assert: +- ansible.builtin.assert: that: - convert_check is changed - convert is changed @@ -36,7 +36,7 @@ register: convert_file_info_data - name: Convert (idempotent, check mode) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_1.pem' @@ -47,7 +47,7 @@ check_mode: true - name: Convert (idempotent) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_1.pem' @@ -61,14 +61,14 @@ state: '{{ convert_file_info_data }}' register: convert_file_info -- assert: +- ansible.builtin.assert: that: - convert_idem_check is not changed - convert_idem is not changed - convert_file_info is not changed - name: Convert (change format, check mode) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_1.pem' @@ -79,7 +79,7 @@ check_mode: true - name: Convert (change format) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_1.pem' @@ -93,7 +93,7 @@ state: '{{ convert_file_info_data }}' register: convert_file_info -- assert: +- ansible.builtin.assert: that: - convert_not_idem_check is changed - convert_not_idem is changed @@ -106,7 +106,7 @@ register: convert_file_info_data - name: Convert (idempotent, check mode) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_1.pem' @@ -117,7 +117,7 @@ check_mode: true - name: Convert (idempotent) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_1.pem' @@ -131,14 +131,14 @@ state: '{{ convert_file_info_data }}' register: convert_file_info -- assert: +- ansible.builtin.assert: that: - convert_idem_check is not changed - convert_idem is not changed - convert_file_info is not changed - name: Convert (change password, check mode) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_1.pem' @@ -149,7 +149,7 @@ check_mode: true - name: Convert (change password) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_1.pem' @@ -163,7 +163,7 @@ state: '{{ convert_file_info_data }}' register: convert_file_info -- assert: +- ansible.builtin.assert: that: - convert_not_idem_check is changed - convert_not_idem is changed @@ -176,7 +176,7 @@ register: convert_file_info_data - name: Convert (idempotent, check mode) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_1.pem' @@ -187,7 +187,7 @@ check_mode: true - name: Convert (idempotent) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_1.pem' @@ -201,14 +201,14 @@ state: '{{ convert_file_info_data }}' register: convert_file_info -- assert: +- ansible.builtin.assert: that: - convert_idem_check is not changed - convert_idem is not changed - convert_file_info is not changed - name: Convert (remove password, check mode) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_1.pem' @@ -218,7 +218,7 @@ check_mode: true - name: Convert (remove password) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_1.pem' @@ -231,7 +231,7 @@ state: '{{ convert_file_info_data }}' register: convert_file_info -- assert: +- ansible.builtin.assert: that: - convert_not_idem_check is changed - convert_not_idem is changed @@ -244,7 +244,7 @@ register: convert_file_info_data - name: Convert (idempotent, check mode) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_1.pem' @@ -254,7 +254,7 @@ check_mode: true - name: Convert (idempotent) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_1.pem' @@ -267,7 +267,7 @@ state: '{{ convert_file_info_data }}' register: convert_file_info -- assert: +- ansible.builtin.assert: that: - convert_idem_check is not changed - convert_idem is not changed @@ -276,7 +276,7 @@ - when: supports_ed25519 | bool block: - name: Convert (change format to raw, check mode) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_ed25519.pem' dest_path: '{{ remote_tmp_dir }}/output_2.pem' format: raw @@ -285,14 +285,14 @@ check_mode: true - name: Convert (change format to raw) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_ed25519.pem' dest_path: '{{ remote_tmp_dir }}/output_2.pem' format: raw # select_crypto_backend: '{{ select_crypto_backend }}' register: convert_not_idem - - assert: + - ansible.builtin.assert: that: - convert_not_idem_check is changed - convert_not_idem is changed @@ -304,7 +304,7 @@ register: convert_file_info_data - name: Convert (idempotent, check mode) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_ed25519.pem' dest_path: '{{ remote_tmp_dir }}/output_2.pem' format: raw @@ -313,7 +313,7 @@ check_mode: true - name: Convert (idempotent) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_ed25519.pem' dest_path: '{{ remote_tmp_dir }}/output_2.pem' format: raw @@ -325,14 +325,14 @@ state: '{{ convert_file_info_data }}' register: convert_file_info - - assert: + - ansible.builtin.assert: that: - convert_idem_check is not changed - convert_idem is not changed - convert_file_info is not changed - name: Convert (change format to raw, check mode) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_x25519.pem' dest_path: '{{ remote_tmp_dir }}/output_3.pem' format: raw @@ -341,14 +341,14 @@ check_mode: true - name: Convert (change format to raw) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_x25519.pem' dest_path: '{{ remote_tmp_dir }}/output_3.pem' format: raw # select_crypto_backend: '{{ select_crypto_backend }}' register: convert_not_idem -- assert: +- ansible.builtin.assert: that: - convert_not_idem_check is changed - convert_not_idem is changed @@ -360,7 +360,7 @@ register: convert_file_info_data - name: Convert (idempotent, check mode) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_x25519.pem' dest_path: '{{ remote_tmp_dir }}/output_3.pem' format: raw @@ -369,7 +369,7 @@ check_mode: true - name: Convert (idempotent) - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_x25519.pem' dest_path: '{{ remote_tmp_dir }}/output_3.pem' format: raw @@ -381,7 +381,7 @@ state: '{{ convert_file_info_data }}' register: convert_file_info -- assert: +- ansible.builtin.assert: that: - convert_idem_check is not changed - convert_idem is not changed diff --git a/tests/integration/targets/openssl_privatekey_convert/tasks/main.yml b/tests/integration/targets/openssl_privatekey_convert/tasks/main.yml index a57ed41a..d0ef7fa0 100644 --- a/tests/integration/targets/openssl_privatekey_convert/tasks/main.yml +++ b/tests/integration/targets/openssl_privatekey_convert/tasks/main.yml @@ -9,7 +9,7 @@ #################################################################### - name: Determine capabilities - set_fact: + ansible.builtin.set_fact: supports_ed25519: >- {{ not ( @@ -20,7 +20,7 @@ }} - name: Create keys - openssl_privatekey: + community.crypto.openssl_privatekey: size: '{{ item.size | default(omit) }}' path: '{{ remote_tmp_dir }}/privatekey_{{ item.name }}.pem' type: '{{ item.type | default(omit) }}' @@ -45,7 +45,7 @@ size: '{{ default_rsa_key_size }}' - name: Run module with backend autodetection - openssl_privatekey_convert: + community.crypto.openssl_privatekey_convert: src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem' src_passphrase: secret dest_path: '{{ remote_tmp_dir }}/output_backend_selection.pem' @@ -54,7 +54,7 @@ - block: - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography diff --git a/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml b/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml index dfaad5b7..740c5957 100644 --- a/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml +++ b/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml @@ -3,17 +3,17 @@ # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later -- debug: +- ansible.builtin.debug: msg: "Executing tests with backend {{ select_crypto_backend }}" -- name: ({{select_crypto_backend}}) Get key 1 info - openssl_privatekey_info: +- name: ({{ select_crypto_backend }}) Get key 1 info + community.crypto.openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey_1.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result - name: Check that RSA key info is ok - assert: + ansible.builtin.assert: that: - "'public_key' in result" - "'public_key_fingerprints' in result" @@ -24,34 +24,34 @@ - "result.public_data.exponent > 5" - "'private_data' not in result" -- name: ({{select_crypto_backend}}) Read private key - slurp: +- name: ({{ select_crypto_backend }}) Read private key + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/privatekey_1.pem' register: slurp -- name: ({{select_crypto_backend}}) Get key 1 info directly - openssl_privatekey_info: +- name: ({{ select_crypto_backend }}) Get key 1 info directly + community.crypto.openssl_privatekey_info: content: '{{ slurp.content | b64decode }}' select_crypto_backend: '{{ select_crypto_backend }}' register: result_direct -- name: ({{select_crypto_backend}}) Compare output of direct and loaded info - assert: +- name: ({{ select_crypto_backend }}) Compare output of direct and loaded info + ansible.builtin.assert: that: - >- (result | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict) == (result_direct | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict) -- name: ({{select_crypto_backend}}) Get key 2 info - openssl_privatekey_info: +- name: ({{ select_crypto_backend }}) Get key 2 info + community.crypto.openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey_2.pem' return_private_key_data: true select_crypto_backend: '{{ select_crypto_backend }}' register: result - name: Check that RSA key info is ok - assert: + ansible.builtin.assert: that: - "'public_key' in result" - "'public_key_fingerprints' in result" @@ -65,8 +65,8 @@ - "result.public_data.modulus == result.private_data.p * result.private_data.q" - "result.private_data.exponent > 5" -- name: ({{select_crypto_backend}}) Get key 3 info (without passphrase) - openssl_privatekey_info: +- name: ({{ select_crypto_backend }}) Get key 3 info (without passphrase) + community.crypto.openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey_3.pem' return_private_key_data: true select_crypto_backend: '{{ select_crypto_backend }}' @@ -74,7 +74,7 @@ register: result - name: Check that loading passphrase protected key without passphrase failed - assert: + ansible.builtin.assert: that: - result is failed # Check that return values are there @@ -90,8 +90,8 @@ - "'public_data' not in result" - "'private_data' not in result" -- name: ({{select_crypto_backend}}) Get key 3 info (with passphrase) - openssl_privatekey_info: +- name: ({{ select_crypto_backend }}) Get key 3 info (with passphrase) + community.crypto.openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey_3.pem' passphrase: hunter2 return_private_key_data: true @@ -99,7 +99,7 @@ register: result - name: Check that RSA key info is ok - assert: + ansible.builtin.assert: that: - "'public_key' in result" - "'public_key_fingerprints' in result" @@ -112,15 +112,15 @@ - "result.public_data.modulus == result.private_data.p * result.private_data.q" - "result.private_data.exponent > 5" -- name: ({{select_crypto_backend}}) Get key 4 info - openssl_privatekey_info: +- name: ({{ select_crypto_backend }}) Get key 4 info + community.crypto.openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey_4.pem' return_private_key_data: true select_crypto_backend: '{{ select_crypto_backend }}' register: result - name: Check that ECC key info is ok - assert: + ansible.builtin.assert: that: - "'public_key' in result" - "'public_key_fingerprints' in result" @@ -134,15 +134,15 @@ - "'private_data' in result" - "result.private_data.multiplier > 1024" -- name: ({{select_crypto_backend}}) Get key 5 info - openssl_privatekey_info: +- name: ({{ select_crypto_backend }}) Get key 5 info + community.crypto.openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey_5.pem' return_private_key_data: true select_crypto_backend: '{{ select_crypto_backend }}' register: result - name: Check that DSA key info is ok - assert: + ansible.builtin.assert: that: - "'public_key' in result" - "'public_key_fingerprints' in result" diff --git a/tests/integration/targets/openssl_privatekey_info/tasks/main.yml b/tests/integration/targets/openssl_privatekey_info/tasks/main.yml index 5cbf3ba0..124b8263 100644 --- a/tests/integration/targets/openssl_privatekey_info/tasks/main.yml +++ b/tests/integration/targets/openssl_privatekey_info/tasks/main.yml @@ -9,24 +9,24 @@ #################################################################### - name: Generate privatekey 1 - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_1.pem' - name: Generate privatekey 2 (less bits) - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_2.pem' type: RSA size: '{{ default_rsa_key_size }}' - name: Generate privatekey 3 (with password) - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_3.pem' passphrase: hunter2 size: '{{ default_rsa_key_size }}' select_crypto_backend: cryptography - name: Generate privatekey 4 (ECC) - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_4.pem' type: ECC curve: "{{ (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') | ternary('secp521r1', 'secp256k1') }}" @@ -34,13 +34,13 @@ select_crypto_backend: cryptography - name: Generate privatekey 5 (DSA) - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_5.pem' type: DSA size: 1024 - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/openssl_privatekey_pipe/tasks/impl.yml b/tests/integration/targets/openssl_privatekey_pipe/tasks/impl.yml index e11e4064..852b0ac7 100644 --- a/tests/integration/targets/openssl_privatekey_pipe/tasks/impl.yml +++ b/tests/integration/targets/openssl_privatekey_pipe/tasks/impl.yml @@ -3,17 +3,17 @@ # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later -- name: ({{select_crypto_backend}}) Create key - openssl_privatekey_pipe: +- name: ({{ select_crypto_backend }}) Create key + community.crypto.openssl_privatekey_pipe: select_crypto_backend: '{{ select_crypto_backend }}' register: result -- name: ({{select_crypto_backend}}) Get key info - openssl_privatekey_info: +- name: ({{ select_crypto_backend }}) Get key info + community.crypto.openssl_privatekey_info: content: "{{ result.privatekey }}" register: result_info -- assert: +- ansible.builtin.assert: that: - result is changed - result.privatekey.startswith('----') @@ -21,22 +21,22 @@ - result_info.public_data.size == 4096 - result_info.public_data.exponent >= 5 -- assert: +- ansible.builtin.assert: that: - result_info.public_key_fingerprints.sha256 | length > 10 - result.fingerprint.sha256 == result_info.public_key_fingerprints.sha256 when: result.fingerprint is not none -- name: ({{select_crypto_backend}}) Update key (check mode) - openssl_privatekey_pipe: +- name: ({{ select_crypto_backend }}) Update key (check mode) + community.crypto.openssl_privatekey_pipe: select_crypto_backend: '{{ select_crypto_backend }}' content: "{{ result.privatekey }}" size: '{{ default_rsa_key_size }}' register: update_check check_mode: true -- name: ({{select_crypto_backend}}) Update key (check mode, with return_current_key=true) - openssl_privatekey_pipe: +- name: ({{ select_crypto_backend }}) Update key (check mode, with return_current_key=true) + community.crypto.openssl_privatekey_pipe: select_crypto_backend: '{{ select_crypto_backend }}' content: "{{ result.privatekey }}" size: '{{ default_rsa_key_size }}' @@ -44,30 +44,30 @@ register: update_check_return check_mode: true -- name: ({{select_crypto_backend}}) Update key - openssl_privatekey_pipe: +- name: ({{ select_crypto_backend }}) Update key + community.crypto.openssl_privatekey_pipe: select_crypto_backend: '{{ select_crypto_backend }}' content: "{{ result.privatekey }}" size: '{{ default_rsa_key_size }}' register: update -- name: ({{select_crypto_backend}}) Update key (idempotent, check mode) - openssl_privatekey_pipe: +- name: ({{ select_crypto_backend }}) Update key (idempotent, check mode) + community.crypto.openssl_privatekey_pipe: select_crypto_backend: '{{ select_crypto_backend }}' content: "{{ update.privatekey }}" size: '{{ default_rsa_key_size }}' register: update_idempotent_check check_mode: true -- name: ({{select_crypto_backend}}) Update key (idempotent) - openssl_privatekey_pipe: +- name: ({{ select_crypto_backend }}) Update key (idempotent) + community.crypto.openssl_privatekey_pipe: select_crypto_backend: '{{ select_crypto_backend }}' content: "{{ update.privatekey }}" size: '{{ default_rsa_key_size }}' register: update_idempotent -- name: ({{select_crypto_backend}}) Update key (idempotent, check mode, with return_current_key=true) - openssl_privatekey_pipe: +- name: ({{ select_crypto_backend }}) Update key (idempotent, check mode, with return_current_key=true) + community.crypto.openssl_privatekey_pipe: select_crypto_backend: '{{ select_crypto_backend }}' content: "{{ update.privatekey }}" size: '{{ default_rsa_key_size }}' @@ -75,20 +75,20 @@ register: update_idempotent_return_check check_mode: true -- name: ({{select_crypto_backend}}) Update key (idempotent, with return_current_key=true) - openssl_privatekey_pipe: +- name: ({{ select_crypto_backend }}) Update key (idempotent, with return_current_key=true) + community.crypto.openssl_privatekey_pipe: select_crypto_backend: '{{ select_crypto_backend }}' content: "{{ update.privatekey }}" size: '{{ default_rsa_key_size }}' return_current_key: true register: update_idempotent_return -- name: ({{select_crypto_backend}}) Get key info - openssl_privatekey_info: +- name: ({{ select_crypto_backend }}) Get key info + community.crypto.openssl_privatekey_info: content: "{{ update.privatekey }}" register: update_info -- assert: +- ansible.builtin.assert: that: - update_check is changed - update_check.privatekey != 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER' diff --git a/tests/integration/targets/openssl_privatekey_pipe/tasks/main.yml b/tests/integration/targets/openssl_privatekey_pipe/tasks/main.yml index 05498225..2e1dc472 100644 --- a/tests/integration/targets/openssl_privatekey_pipe/tasks/main.yml +++ b/tests/integration/targets/openssl_privatekey_pipe/tasks/main.yml @@ -9,12 +9,12 @@ #################################################################### - name: Run module with backend autodetection - openssl_privatekey_pipe: + community.crypto.openssl_privatekey_pipe: size: '{{ default_rsa_key_size }}' - block: - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography diff --git a/tests/integration/targets/openssl_publickey/tasks/impl.yml b/tests/integration/targets/openssl_publickey/tasks/impl.yml index ec0007cc..a2b57031 100644 --- a/tests/integration/targets/openssl_publickey/tasks/impl.yml +++ b/tests/integration/targets/openssl_publickey/tasks/impl.yml @@ -4,12 +4,12 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: "({{ select_crypto_backend }}) Generate privatekey" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (check mode)" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' @@ -18,7 +18,7 @@ register: publickey_check - name: "({{ select_crypto_backend }}) Generate publickey - PEM format" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' @@ -26,7 +26,7 @@ register: publickey - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (check mode, idempotence)" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' @@ -35,7 +35,7 @@ register: publickey_check2 - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (idempotence)" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' @@ -43,7 +43,7 @@ register: publickey_idempotence - name: "({{ select_crypto_backend }}) Verify check mode" - assert: + ansible.builtin.assert: that: - publickey_check is changed - publickey is changed @@ -51,7 +51,7 @@ - publickey_idempotence is not changed - name: "({{ select_crypto_backend }}) Generate publickey - OpenSSH format" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey-ssh.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' format: OpenSSH @@ -59,7 +59,7 @@ when: select_crypto_backend == 'cryptography' - name: "({{ select_crypto_backend }}) Generate publickey - OpenSSH format - test idempotence (issue 33256)" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey-ssh.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' format: OpenSSH @@ -68,13 +68,13 @@ register: publickey_ssh_idempotence - name: "({{ select_crypto_backend }}) Generate publickey2 - standard" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey2.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Delete publickey2 - standard" - openssl_publickey: + community.crypto.openssl_publickey: state: absent path: '{{ remote_tmp_dir }}/publickey2.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -83,7 +83,7 @@ register: publickey2_absent - name: "({{ select_crypto_backend }}) Delete publickey2 - standard (idempotence)" - openssl_publickey: + community.crypto.openssl_publickey: state: absent path: '{{ remote_tmp_dir }}/publickey2.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -91,20 +91,20 @@ register: publickey2_absent_idempotence - name: "({{ select_crypto_backend }}) Generate privatekey3 - with passphrase" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey3.pem' passphrase: ansible size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate publickey3 - with passphrase protected privatekey" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey3.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey3.pem' privatekey_passphrase: ansible select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate publickey3 - with passphrase protected privatekey - idempotence" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey3.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey3.pem' privatekey_passphrase: ansible @@ -112,39 +112,39 @@ register: publickey3_idempotence - name: "({{ select_crypto_backend }}) Generate empty file that will hold a public key (issue 33072)" - file: + ansible.builtin.file: path: '{{ remote_tmp_dir }}/publickey4.pub' state: touch - name: "({{ select_crypto_backend }}) Generate publickey in empty existing file (issue 33072)" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey4.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate privatekey 5 (ECC)" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey5.pem' type: ECC curve: secp256r1 size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey5.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey5_1 - name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (idempotent)" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey5.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: privatekey5_2 - name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format (different private key)" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey5.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey5.pem' backup: true @@ -152,14 +152,14 @@ register: privatekey5_3 - name: "({{ select_crypto_backend }}) Generate privatekey with password" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 select_crypto_backend: cryptography size: '{{ default_rsa_key_size }}' - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 1)" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey_pw1.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' privatekey_passphrase: hunter2 @@ -168,7 +168,7 @@ register: passphrase_error_1 - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 2)" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey_pw2.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: wrong_password @@ -177,7 +177,7 @@ register: passphrase_error_2 - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 3)" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey_pw3.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' select_crypto_backend: '{{ select_crypto_backend }}' @@ -185,23 +185,23 @@ register: passphrase_error_3 - name: "({{ select_crypto_backend }}) Create broken key" - copy: + ansible.builtin.copy: dest: "{{ remote_tmp_dir }}/publickeybroken.pub" content: "broken" - name: "({{ select_crypto_backend }}) Regenerate broken key" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickeybroken.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey5.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: output_broken - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (for removal)" - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/publickey_removal.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (removal)" - openssl_publickey: + community.crypto.openssl_publickey: state: absent path: '{{ remote_tmp_dir }}/publickey_removal.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -209,7 +209,7 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: remove_1 - name: "({{ select_crypto_backend }}) Generate publickey - PEM format (removal, idempotent)" - openssl_publickey: + community.crypto.openssl_publickey: state: absent path: '{{ remote_tmp_dir }}/publickey_removal.pub' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' diff --git a/tests/integration/targets/openssl_publickey/tasks/main.yml b/tests/integration/targets/openssl_publickey/tasks/main.yml index eb789d84..000a7f38 100644 --- a/tests/integration/targets/openssl_publickey/tasks/main.yml +++ b/tests/integration/targets/openssl_publickey/tasks/main.yml @@ -10,21 +10,21 @@ - block: - name: Generate privatekey1 - standard - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_autodetect.pem' size: '{{ default_rsa_key_size }}' - name: Run module with backend autodetection - openssl_publickey: + community.crypto.openssl_publickey: path: '{{ remote_tmp_dir }}/privatekey_autodetect_public.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey_autodetect.pem' - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml vars: select_crypto_backend: cryptography diff --git a/tests/integration/targets/openssl_publickey/tests/validate.yml b/tests/integration/targets/openssl_publickey/tests/validate.yml index 5dad3a1d..cd8c504a 100644 --- a/tests/integration/targets/openssl_publickey/tests/validate.yml +++ b/tests/integration/targets/openssl_publickey/tests/validate.yml @@ -4,12 +4,12 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: "({{ select_crypto_backend }}) Read publickey 1" - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/publickey.pub' register: slurp - name: "({{ select_crypto_backend }}) Validate publickey 1 idempotence and result behavior" - assert: + ansible.builtin.assert: that: - publickey is changed - publickey_idempotence is not changed @@ -17,7 +17,7 @@ - publickey.publickey == publickey_idempotence.publickey - name: "({{ select_crypto_backend }}) Validate public key (test - privatekey modulus)" - command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' + ansible.builtin.command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' register: privatekey_modulus - name: "({{ select_crypto_backend }}) Fetch public key" @@ -26,51 +26,51 @@ register: slurp - name: "({{ select_crypto_backend }}) Validate public key (test - publickey modulus)" - command: + ansible.builtin.command: cmd: '{{ openssl_binary }} rsa -pubin -noout -modulus' stdin: '{{ slurp.content | b64decode }}' register: publickey_modulus - name: "({{ select_crypto_backend }}) Validate public key (assert)" - assert: + ansible.builtin.assert: that: - publickey_modulus.stdout == privatekey_modulus.stdout - name: "({{ select_crypto_backend }}) Validate public key - OpenSSH format (test - privatekey's publickey)" - command: 'ssh-keygen -y -f {{ remote_tmp_dir }}/privatekey.pem' + ansible.builtin.command: 'ssh-keygen -y -f {{ remote_tmp_dir }}/privatekey.pem' register: privatekey_publickey when: select_crypto_backend == 'cryptography' - name: "({{ select_crypto_backend }}) Validate public key - OpenSSH format (test - publickey)" - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/publickey-ssh.pub' register: publickey when: select_crypto_backend == 'cryptography' - name: "({{ select_crypto_backend }}) Validate public key - OpenSSH format (assert)" - assert: + ansible.builtin.assert: that: - privatekey_publickey.stdout == publickey.content | b64decode when: select_crypto_backend == 'cryptography' - name: "({{ select_crypto_backend }}) Validate public key - OpenSSH format - test idempotence (issue 33256)" - assert: + ansible.builtin.assert: that: - publickey_ssh_idempotence is not changed when: select_crypto_backend == 'cryptography' - name: "({{ select_crypto_backend }}) Validate publickey2 (test - Ensure key has been removed)" - stat: + ansible.builtin.stat: path: '{{ remote_tmp_dir }}/publickey2.pub' register: publickey2 - name: "({{ select_crypto_backend }}) Validate publickey2 (assert - Ensure key has been removed)" - assert: + ansible.builtin.assert: that: - publickey2.stat.exists == False - name: "({{ select_crypto_backend }}) Validate publickey2 removal behavior" - assert: + ansible.builtin.assert: that: - publickey2_absent is changed - publickey2_absent_idempotence is not changed @@ -78,7 +78,7 @@ - name: "({{ select_crypto_backend }}) Validate publickey3 (test - privatekey modulus)" - command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey3.pem -passin pass:ansible' + ansible.builtin.command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey3.pem -passin pass:ansible' register: privatekey3_modulus when: openssl_version is version('0.9.8zh', '>=') @@ -88,25 +88,25 @@ register: slurp - name: "({{ select_crypto_backend }}) Validate publickey3 (test - publickey modulus)" - command: + ansible.builtin.command: cmd: '{{ openssl_binary }} rsa -pubin -noout -modulus' stdin: '{{ slurp.content | b64decode }}' register: publickey3_modulus when: openssl_version is version('0.9.8zh', '>=') - name: "({{ select_crypto_backend }}) Validate publickey3 (assert)" - assert: + ansible.builtin.assert: that: - publickey3_modulus.stdout == privatekey3_modulus.stdout when: openssl_version is version('0.9.8zh', '>=') - name: "({{ select_crypto_backend }}) Validate publickey3 idempotence (assert)" - assert: + ansible.builtin.assert: that: - publickey3_idempotence is not changed - name: "({{ select_crypto_backend }}) Validate publickey4 (test - privatekey modulus)" - command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' + ansible.builtin.command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' register: privatekey4_modulus when: openssl_version is version('0.9.8zh', '>=') @@ -116,20 +116,20 @@ register: slurp - name: "({{ select_crypto_backend }}) Validate publickey4 (test - publickey modulus)" - command: + ansible.builtin.command: cmd: '{{ openssl_binary }} rsa -pubin -noout -modulus' stdin: '{{ slurp.content | b64decode }}' register: publickey4_modulus when: openssl_version is version('0.9.8zh', '>=') - name: "({{ select_crypto_backend }}) Validate publickey4 (assert)" - assert: + ansible.builtin.assert: that: - publickey4_modulus.stdout == privatekey4_modulus.stdout when: openssl_version is version('0.9.8zh', '>=') - name: "({{ select_crypto_backend }}) Validate idempotency and backup" - assert: + ansible.builtin.assert: that: - privatekey5_1 is changed - privatekey5_1.backup_file is undefined @@ -139,21 +139,21 @@ - privatekey5_3.backup_file is string - name: "({{ select_crypto_backend }}) Validate public key 5 (test - privatekey's pubkey)" - command: '{{ openssl_binary }} ec -in {{ remote_tmp_dir }}/privatekey5.pem -pubout' + ansible.builtin.command: '{{ openssl_binary }} ec -in {{ remote_tmp_dir }}/privatekey5.pem -pubout' register: privatekey5_pubkey - name: "({{ select_crypto_backend }}) Validate public key 5 (test - publickey pubkey)" # Fancy way of writing "cat {{ remote_tmp_dir }}/publickey5.pub" - command: '{{ openssl_binary }} ec -pubin -in {{ remote_tmp_dir }}/publickey5.pub -pubout' + ansible.builtin.command: '{{ openssl_binary }} ec -pubin -in {{ remote_tmp_dir }}/publickey5.pub -pubout' register: publickey5_pubkey - name: "({{ select_crypto_backend }}) Validate public key 5 (assert)" - assert: + ansible.builtin.assert: that: - publickey5_pubkey.stdout == privatekey5_pubkey.stdout - name: "({{ select_crypto_backend }}) Verify bad passphrase errors" - assert: + ansible.builtin.assert: that: - passphrase_error_1 is failed - "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg" @@ -163,12 +163,12 @@ - "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg" - name: "({{ select_crypto_backend }}) Verify that broken key will be regenerated" - assert: + ansible.builtin.assert: that: - output_broken is changed - name: "({{ select_crypto_backend }}) Validate remove" - assert: + ansible.builtin.assert: that: - remove_1 is changed - remove_2 is not changed diff --git a/tests/integration/targets/openssl_publickey_info/tasks/impl.yml b/tests/integration/targets/openssl_publickey_info/tasks/impl.yml index 3df236e0..0b582b00 100644 --- a/tests/integration/targets/openssl_publickey_info/tasks/impl.yml +++ b/tests/integration/targets/openssl_publickey_info/tasks/impl.yml @@ -3,17 +3,17 @@ # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later -- debug: +- ansible.builtin.debug: msg: "Executing tests with backend {{ select_crypto_backend }}" -- name: ({{select_crypto_backend}}) Get key 1 info - openssl_publickey_info: +- name: ({{ select_crypto_backend }}) Get key 1 info + community.crypto.openssl_publickey_info: path: '{{ remote_tmp_dir }}/publickey_1.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result - name: Check that RSA key info is ok - assert: + ansible.builtin.assert: that: - "'fingerprints' in result" - "'type' in result" @@ -22,33 +22,33 @@ - "2 ** (result.public_data.size - 1) < result.public_data.modulus < 2 ** result.public_data.size" - "result.public_data.exponent > 5" -- name: ({{select_crypto_backend}}) Read file - slurp: +- name: ({{ select_crypto_backend }}) Read file + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/publickey_1.pem' register: slurp -- name: ({{select_crypto_backend}}) Get key 1 info directly - openssl_publickey_info: +- name: ({{ select_crypto_backend }}) Get key 1 info directly + community.crypto.openssl_publickey_info: content: '{{ slurp.content | b64decode }}' select_crypto_backend: '{{ select_crypto_backend }}' register: result_direct -- name: ({{select_crypto_backend}}) Compare output of direct and loaded info - assert: +- name: ({{ select_crypto_backend }}) Compare output of direct and loaded info + ansible.builtin.assert: that: - >- (result | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict) == (result_direct | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict) -- name: ({{select_crypto_backend}}) Get key 2 info - openssl_publickey_info: +- name: ({{ select_crypto_backend }}) Get key 2 info + community.crypto.openssl_publickey_info: path: '{{ remote_tmp_dir }}/publickey_2.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result - name: Check that RSA key info is ok - assert: + ansible.builtin.assert: that: - "'fingerprints' in result" - "'type' in result" @@ -58,14 +58,14 @@ - "2 ** (result.public_data.size - 1) < result.public_data.modulus < 2 ** result.public_data.size" - "result.public_data.exponent > 5" -- name: ({{select_crypto_backend}}) Get key 3 info - openssl_publickey_info: +- name: ({{ select_crypto_backend }}) Get key 3 info + community.crypto.openssl_publickey_info: path: '{{ remote_tmp_dir }}/publickey_3.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result - name: Check that ECC key info is ok - assert: + ansible.builtin.assert: that: - "'fingerprints' in result" - "'type' in result" @@ -76,14 +76,14 @@ - "result.public_data.y != 0" - "result.public_data.exponent_size == (521 if (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') else 256)" -- name: ({{select_crypto_backend}}) Get key 4 info - openssl_publickey_info: +- name: ({{ select_crypto_backend }}) Get key 4 info + community.crypto.openssl_publickey_info: path: '{{ remote_tmp_dir }}/publickey_4.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result - name: Check that DSA key info is ok - assert: + ansible.builtin.assert: that: - "'fingerprints' in result" - "'type' in result" diff --git a/tests/integration/targets/openssl_publickey_info/tasks/main.yml b/tests/integration/targets/openssl_publickey_info/tasks/main.yml index c3053ac5..9c018001 100644 --- a/tests/integration/targets/openssl_publickey_info/tasks/main.yml +++ b/tests/integration/targets/openssl_publickey_info/tasks/main.yml @@ -9,17 +9,17 @@ #################################################################### - name: Generate privatekey 1 - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_1.pem' - name: Generate privatekey 2 (less bits) - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_2.pem' type: RSA size: '{{ default_rsa_key_size }}' - name: Generate privatekey 3 (ECC) - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_3.pem' type: ECC curve: "{{ (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') | ternary('secp521r1', 'secp256k1') }}" @@ -27,13 +27,13 @@ select_crypto_backend: cryptography - name: Generate privatekey 4 (DSA) - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_4.pem' type: DSA size: 1024 - name: Generate public keys - openssl_publickey: + community.crypto.openssl_publickey: privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' path: '{{ remote_tmp_dir }}/publickey_{{ item }}.pem' loop: @@ -43,7 +43,7 @@ - 4 - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/openssl_signature/tasks/loop.yml b/tests/integration/targets/openssl_signature/tasks/loop.yml index d86b7ca5..9a7b51b9 100644 --- a/tests/integration/targets/openssl_signature/tasks/loop.yml +++ b/tests/integration/targets/openssl_signature/tasks/loop.yml @@ -5,28 +5,28 @@ # This file is intended to be included in a loop statement - name: Sign statement with {{ item.type }} key - {{ item.passwd }} using {{ item.backend }} - openssl_signature: - privatekey_path: '{{ remote_tmp_dir }}/{{item.backend}}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' + community.crypto.openssl_signature: + privatekey_path: '{{ remote_tmp_dir }}/{{ item.backend }}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' privatekey_passphrase: '{{ item.privatekey_passphrase | default(omit) }}' path: '{{ remote_tmp_dir }}/statement.txt' select_crypto_backend: '{{ item.backend }}' register: sign_result -- debug: +- ansible.builtin.debug: var: sign_result - name: Verify {{ item.type }} signature - {{ item.passwd }} using {{ item.backend }} - openssl_signature_info: - certificate_path: '{{ remote_tmp_dir }}/{{item.backend}}_certificate_{{ item.type }}_{{ item.passwd }}.pem' + community.crypto.openssl_signature_info: + certificate_path: '{{ remote_tmp_dir }}/{{ item.backend }}_certificate_{{ item.type }}_{{ item.passwd }}.pem' path: '{{ remote_tmp_dir }}/statement.txt' signature: '{{ sign_result.signature }}' select_crypto_backend: '{{ item.backend }}' register: verify_result - name: Make sure the signature is valid - assert: + ansible.builtin.assert: that: - verify_result.valid -- debug: +- ansible.builtin.debug: var: verify_result diff --git a/tests/integration/targets/openssl_signature/tasks/main.yml b/tests/integration/targets/openssl_signature/tasks/main.yml index 3aa590b9..1b1dfe39 100644 --- a/tests/integration/targets/openssl_signature/tasks/main.yml +++ b/tests/integration/targets/openssl_signature/tasks/main.yml @@ -14,7 +14,7 @@ # * password protected private key or not - name: Set up test combinations - set_fact: + ansible.builtin.set_fact: all_tests: [] backends: [] key_types: [] @@ -24,34 +24,34 @@ privatekey_passphrase: hunter2 - name: Add cryptography backend - set_fact: - backends: "{{ backends + [ { 'backend': 'cryptography' } ] }}" + ansible.builtin.set_fact: + backends: "{{ backends + [{'backend': 'cryptography'}] }}" - name: Add RSA tests - set_fact: - key_types: "{{ key_types + [ { 'type': 'RSA', 'size': default_rsa_key_size } ] }}" + ansible.builtin.set_fact: + key_types: "{{ key_types + [{'type': 'RSA', 'size': default_rsa_key_size}] }}" - name: Add DSA + ECDSA tests - set_fact: - key_types: "{{ key_types + [ { 'type': 'DSA', 'size': 2048 }, { 'type': 'ECC', 'curve': 'secp256r1' } ] }}" + ansible.builtin.set_fact: + key_types: "{{ key_types + [{'type': 'DSA', 'size': 2048}, {'type': 'ECC', 'curve': 'secp256r1'}] }}" when: # FreeBSD 11 fails on secp256r1 keys - not ansible_os_family == 'FreeBSD' - name: Add Ed25519 + Ed448 tests - set_fact: - key_types: "{{ key_types + [ { 'type': 'Ed25519' }, { 'type': 'Ed448' } ] }}" + ansible.builtin.set_fact: + key_types: "{{ key_types + [{'type': 'Ed25519'}, {'type': 'Ed448'}] }}" when: # FreeBSD doesn't have support for Ed448/25519 - not ansible_os_family == 'FreeBSD' - name: Create all test combinations - set_fact: + ansible.builtin.set_fact: all_tests: "{{ [backends, key_types, key_password] | openssl_signatures_combiner }}" - name: Generate private keys - openssl_privatekey: - path: '{{ remote_tmp_dir }}/{{item.backend}}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' + community.crypto.openssl_privatekey: + path: '{{ remote_tmp_dir }}/{{ item.backend }}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' type: '{{ item.type }}' curve: '{{ item.curve | default(omit) }}' size: '{{ item.size | default(omit) }}' @@ -60,33 +60,33 @@ loop: '{{ all_tests }}' - name: Generate public keys - openssl_publickey: - path: '{{ remote_tmp_dir }}/{{item.backend}}_publickey_{{ item.type }}_{{ item.passwd }}.pem' - privatekey_path: '{{ remote_tmp_dir }}/{{item.backend}}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' + community.crypto.openssl_publickey: + path: '{{ remote_tmp_dir }}/{{ item.backend }}_publickey_{{ item.type }}_{{ item.passwd }}.pem' + privatekey_path: '{{ remote_tmp_dir }}/{{ item.backend }}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' privatekey_passphrase: '{{ item.privatekey_passphrase | default(omit) }}' loop: '{{ all_tests }}' - name: Generate CSRs - openssl_csr: - path: '{{ remote_tmp_dir }}/{{item.backend}}_{{ item.type }}_{{ item.passwd }}.csr' - privatekey_path: '{{ remote_tmp_dir }}/{{item.backend}}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' + community.crypto.openssl_csr: + path: '{{ remote_tmp_dir }}/{{ item.backend }}_{{ item.type }}_{{ item.passwd }}.csr' + privatekey_path: '{{ remote_tmp_dir }}/{{ item.backend }}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' privatekey_passphrase: '{{ item.privatekey_passphrase | default(omit) }}' loop: '{{ all_tests }}' - name: Generate selfsigned certificates - x509_certificate: + community.crypto.x509_certificate: provider: selfsigned - path: '{{ remote_tmp_dir }}/{{item.backend}}_certificate_{{ item.type }}_{{ item.passwd }}.pem' - privatekey_path: '{{ remote_tmp_dir }}/{{item.backend}}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' + path: '{{ remote_tmp_dir }}/{{ item.backend }}_certificate_{{ item.type }}_{{ item.passwd }}.pem' + privatekey_path: '{{ remote_tmp_dir }}/{{ item.backend }}_privatekey_{{ item.type }}_{{ item.passwd }}.pem' privatekey_passphrase: '{{ item.privatekey_passphrase | default(omit) }}' - csr_path: '{{ remote_tmp_dir }}/{{item.backend}}_{{ item.type }}_{{ item.passwd }}.csr' + csr_path: '{{ remote_tmp_dir }}/{{ item.backend }}_{{ item.type }}_{{ item.passwd }}.csr' loop: '{{ all_tests }}' - name: Create statement to be signed - copy: + ansible.builtin.copy: content: "Erst wenn der Subwoofer die Katze inhaliert, fickt der Bass richtig übel. -- W.A. Mozart" dest: '{{ remote_tmp_dir }}/statement.txt' - name: Loop over all variants - include_tasks: loop.yml + ansible.builtin.include_tasks: loop.yml loop: '{{ all_tests }}' diff --git a/tests/integration/targets/prepare_http_tests/tasks/default.yml b/tests/integration/targets/prepare_http_tests/tasks/default.yml index 63084774..321933d8 100644 --- a/tests/integration/targets/prepare_http_tests/tasks/default.yml +++ b/tests/integration/targets/prepare_http_tests/tasks/default.yml @@ -4,21 +4,21 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: RedHat - Enable the dynamic CA configuration feature (RHEL up to 9) - command: update-ca-trust force-enable + ansible.builtin.command: update-ca-trust force-enable when: ansible_os_family == 'RedHat' and ansible_distribution != "Fedora" and (ansible_distribution_major_version | int) < 10 - name: RedHat - Enable the dynamic CA configuration feature (RHEL 10+) - command: update-ca-trust + ansible.builtin.command: update-ca-trust when: ansible_os_family == 'RedHat' and ansible_distribution != "Fedora" and (ansible_distribution_major_version | int) >= 10 - name: RedHat - Retrieve test cacert - get_url: + ansible.builtin.get_url: url: "http://ansible.http.tests/cacert.pem" dest: "/etc/pki/ca-trust/source/anchors/ansible.pem" when: ansible_os_family == 'RedHat' - name: Get client cert/key - get_url: + ansible.builtin.get_url: url: "http://ansible.http.tests/{{ item }}" dest: "{{ remote_tmp_dir }}/{{ item }}" with_items: @@ -26,39 +26,39 @@ - client.key - name: Suse - Retrieve test cacert - get_url: + ansible.builtin.get_url: url: "http://ansible.http.tests/cacert.pem" dest: "/etc/pki/trust/anchors/ansible.pem" when: ansible_os_family == 'Suse' - name: Debian - Retrieve test cacert - get_url: + ansible.builtin.get_url: url: "http://ansible.http.tests/cacert.pem" dest: "/usr/local/share/ca-certificates/ansible.crt" when: ansible_os_family == 'Debian' - name: Redhat - Update ca trust - command: update-ca-trust extract + ansible.builtin.command: update-ca-trust extract when: ansible_os_family == 'RedHat' - name: Debian/Suse - Update ca certificates - command: update-ca-certificates + ansible.builtin.command: update-ca-certificates when: ansible_os_family == 'Debian' or ansible_os_family == 'Suse' - name: FreeBSD - Retrieve test cacert - get_url: + ansible.builtin.get_url: url: "http://ansible.http.tests/cacert.pem" dest: "/tmp/ansible.pem" when: ansible_os_family == 'FreeBSD' - name: FreeBSD - Read test cacert - slurp: + ansible.builtin.slurp: src: "/tmp/ansible.pem" register: slurp when: ansible_os_family == 'FreeBSD' - name: FreeBSD - Add cacert to root certificate store - blockinfile: + ansible.builtin.blockinfile: path: "/etc/ssl/cert.pem" block: "{{ slurp.content | b64decode }}" when: ansible_os_family == 'FreeBSD' @@ -66,14 +66,14 @@ - name: MacOS - Retrieve test cacert when: ansible_os_family == 'Darwin' block: - - uri: + - ansible.builtin.uri: url: "http://ansible.http.tests/cacert.pem" return_content: true register: cacert_pem - - raw: '{{ ansible_python_interpreter }} -c "import ssl; print(ssl.get_default_verify_paths().cafile)"' + - ansible.builtin.raw: '{{ ansible_python_interpreter }} -c "import ssl; print(ssl.get_default_verify_paths().cafile)"' register: macos_cafile - - blockinfile: - path: "{{ macos_cafile.stdout_lines|first }}" + - ansible.builtin.blockinfile: + path: "{{ macos_cafile.stdout_lines | first }}" block: "{{ cacert_pem.content }}" diff --git a/tests/integration/targets/prepare_http_tests/tasks/main.yml b/tests/integration/targets/prepare_http_tests/tasks/main.yml index ac005966..91cdfcf3 100644 --- a/tests/integration/targets/prepare_http_tests/tasks/main.yml +++ b/tests/integration/targets/prepare_http_tests/tasks/main.yml @@ -10,20 +10,20 @@ # The docker --link functionality gives us an ENV var we can key off of to see if we have access to # the httptester container -- set_fact: +- ansible.builtin.set_fact: has_httptester: "{{ lookup('env', 'HTTPTESTER') != '' }}" - name: make sure we have the ansible_os_family and ansible_distribution_version facts - setup: + ansible.builtin.setup: gather_subset: distribution when: ansible_facts == {} # If we are running with access to a httptester container, grab it's cacert and install it - block: # Override hostname defaults with httptester linked names - - include_vars: httptester.yml + - ansible.builtin.include_vars: httptester.yml - - include_tasks: "{{ lookup('first_found', files)}}" + - ansible.builtin.include_tasks: "{{ lookup('first_found', files) }}" vars: files: - "{{ ansible_os_family | lower }}.yml" diff --git a/tests/integration/targets/setup_acme/tasks/main.yml b/tests/integration/targets/setup_acme/tasks/main.yml index 761a2d1e..65fb136f 100644 --- a/tests/integration/targets/setup_acme/tasks/main.yml +++ b/tests/integration/targets/setup_acme/tasks/main.yml @@ -9,7 +9,7 @@ #################################################################### - name: Set ACME server information - set_fact: + ansible.builtin.set_fact: # ARI and profiles have been added in https://github.com/ansible/ansible/pull/84547 # See also https://github.com/ansible/acme-test-container/pull/25 acme_supports_ari: "{{ ansible_version.full is version('2.19', '>=') }}" @@ -17,7 +17,7 @@ acme_directory_url: "https://{{ acme_host }}:14000/dir" - name: Print ACME server information - debug: + ansible.builtin.debug: msg: |- ACME test container IP is {{ acme_host }} ACME directory: {{ acme_directory_url }} diff --git a/tests/integration/targets/setup_acme/tasks/obtain-cert.yml b/tests/integration/targets/setup_acme/tasks/obtain-cert.yml index 41b5f0af..98c9a056 100644 --- a/tests/integration/targets/setup_acme/tasks/obtain-cert.yml +++ b/tests/integration/targets/setup_acme/tasks/obtain-cert.yml @@ -5,7 +5,7 @@ ## PRIVATE KEY ################################################################################ - name: ({{ certgen_title }}) Create cert private key - openssl_privatekey: + community.crypto.openssl_privatekey: path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key" type: "{{ 'RSA' if key_type == 'rsa' else 'ECC' }}" size: "{{ rsa_bits if key_type == 'rsa' else omit }}" @@ -19,7 +19,7 @@ force: true ## CSR ######################################################################################## - name: ({{ certgen_title }}) Create cert CSR - openssl_csr: + community.crypto.openssl_csr: path: "{{ remote_tmp_dir }}/{{ certificate_name }}.csr" privatekey_path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key" privatekey_passphrase: "{{ certificate_passphrase | default(omit) | default(omit, true) }}" @@ -29,7 +29,7 @@ register: csr_result ## ACME STEP 1 ################################################################################ - name: ({{ certgen_title }}) Obtain cert, step 1 - acme_certificate: + community.crypto.acme_certificate: select_crypto_backend: "{{ select_crypto_backend }}" acme_version: 2 acme_directory: "{{ acme_directory_url }}" @@ -53,11 +53,11 @@ include_renewal_cert_id: "{{ acme_certificate_include_renewal_cert_id | default(omit) }}" register: challenge_data - name: ({{ certgen_title }}) Print challenge data - debug: + ansible.builtin.debug: var: challenge_data - name: ({{ certgen_title }}) Create HTTP challenges - uri: - url: "http://{{ acme_host }}:5000/http/{{ item.key }}/{{ item.value['http-01'].resource[('.well-known/acme-challenge/'|length):] }}" + ansible.builtin.uri: + url: "http://{{ acme_host }}:5000/http/{{ item.key }}/{{ item.value['http-01'].resource[('.well-known/acme-challenge/' | length) :] }}" method: PUT body_format: raw body: "{{ item.value['http-01'].resource_value }}" @@ -66,7 +66,7 @@ with_dict: "{{ challenge_data.challenge_data }}" when: "challenge_data is changed and challenge == 'http-01'" - name: ({{ certgen_title }}) Create DNS challenges - uri: + ansible.builtin.uri: url: "http://{{ acme_host }}:5000/dns/{{ item.key }}" method: PUT body_format: json @@ -74,7 +74,7 @@ with_dict: "{{ challenge_data.challenge_data_dns }}" when: "challenge_data is changed and challenge == 'dns-01'" - name: ({{ certgen_title }}) Create TLS ALPN challenges (acme_challenge_cert_helper) - acme_challenge_cert_helper: + community.crypto.acme_challenge_cert_helper: challenge: tls-alpn-01 challenge_data: "{{ item.value['tls-alpn-01'] }}" private_key_src: "{{ remote_tmp_dir }}/{{ certificate_name }}.key" @@ -83,12 +83,12 @@ register: tls_alpn_challenges when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls | default('der-value-b64') == 'acme_challenge_cert_helper')" - name: ({{ certgen_title }}) Read private key - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/{{ certificate_name }}.key' register: slurp when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls | default('der-value-b64') == 'acme_challenge_cert_helper')" - name: ({{ certgen_title }}) Set TLS ALPN challenges (acme_challenge_cert_helper) - uri: + ansible.builtin.uri: url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.domain }}/{{ item.identifier }}/certificate-and-key" method: PUT body_format: raw @@ -98,7 +98,7 @@ with_items: "{{ tls_alpn_challenges.results if challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls | default('der-value-b64') == 'acme_challenge_cert_helper') else [] }}" when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls | default('der-value-b64') == 'acme_challenge_cert_helper')" - name: ({{ certgen_title }}) Create TLS ALPN challenges (der-value-b64) - uri: + ansible.builtin.uri: url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.value['tls-alpn-01'].resource }}/{{ item.value['tls-alpn-01'].resource_original }}/der-value-b64" method: PUT body_format: raw @@ -109,7 +109,7 @@ when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls | default('der-value-b64') == 'der-value-b64')" ## ACME STEP 2 ################################################################################ - name: ({{ certgen_title }}) Obtain cert, step 2 - acme_certificate: + community.crypto.acme_certificate: select_crypto_backend: "{{ select_crypto_backend }}" acme_version: 2 acme_directory: "{{ acme_directory_url }}" @@ -136,25 +136,25 @@ register: certificate_obtain_result when: challenge_data is changed - name: ({{ certgen_title }}) Deleting HTTP challenges - uri: - url: "http://{{ acme_host }}:5000/http/{{ item.key }}/{{ item.value['http-01'].resource[('.well-known/acme-challenge/'|length):] }}" + ansible.builtin.uri: + url: "http://{{ acme_host }}:5000/http/{{ item.key }}/{{ item.value['http-01'].resource[('.well-known/acme-challenge/' | length) :] }}" method: DELETE with_dict: "{{ challenge_data.challenge_data }}" when: "challenge_data is changed and challenge == 'http-01'" - name: ({{ certgen_title }}) Deleting DNS challenges - uri: + ansible.builtin.uri: url: "http://{{ acme_host }}:5000/dns/{{ item.key }}" method: DELETE with_dict: "{{ challenge_data.challenge_data_dns }}" when: "challenge_data is changed and challenge == 'dns-01'" - name: ({{ certgen_title }}) Deleting TLS ALPN challenges - uri: + ansible.builtin.uri: url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.value['tls-alpn-01'].resource }}" method: DELETE with_dict: "{{ challenge_data.challenge_data }}" when: "challenge_data is changed and challenge == 'tls-alpn-01'" - name: ({{ certgen_title }}) Get root certificate - get_url: + ansible.builtin.get_url: url: "http://{{ acme_host }}:5000/root-certificate-for-ca/{{ acme_expected_root_number | default(0) if select_crypto_backend == 'cryptography' else 0 }}" dest: "{{ remote_tmp_dir }}/{{ certificate_name }}-root.pem" ############################################################################################### diff --git a/tests/integration/targets/setup_bcrypt/tasks/main.yml b/tests/integration/targets/setup_bcrypt/tasks/main.yml index 0e599684..b06ed827 100644 --- a/tests/integration/targets/setup_bcrypt/tasks/main.yml +++ b/tests/integration/targets/setup_bcrypt/tasks/main.yml @@ -12,17 +12,17 @@ block: - name: Ensure bcrypt 3.1.5 available become: true - pip: + ansible.builtin.pip: name: bcrypt==3.1.5 extra_args: "-c {{ remote_constraints }}" - name: Register bcrypt version - command: "{{ ansible_python.executable }} -c 'import bcrypt; print(bcrypt.__version__)'" + ansible.builtin.command: "{{ ansible_python.executable }} -c 'import bcrypt; print(bcrypt.__version__)'" register: bcrypt_version ignore_errors: true - name: Ensure bcrypt_version is defined - set_fact: + ansible.builtin.set_fact: bcrypt_version: stdout: "0.0" when: bcrypt_version is failed diff --git a/tests/integration/targets/setup_openssl/tasks/main.yml b/tests/integration/targets/setup_openssl/tasks/main.yml index 4e964b9c..406dc790 100644 --- a/tests/integration/targets/setup_openssl/tasks/main.yml +++ b/tests/integration/targets/setup_openssl/tasks/main.yml @@ -9,84 +9,84 @@ #################################################################### - name: Register system environment - command: "{{ ansible_python.executable }} -c 'import os; print(dict(os.environ))'" + ansible.builtin.command: "{{ ansible_python.executable }} -c 'import os; print(dict(os.environ))'" register: sys_environment - name: Show system environment - debug: + ansible.builtin.debug: var: sys_environment.stdout_lines - name: Default value for OpenSSL binary path - set_fact: + ansible.builtin.set_fact: openssl_binary: openssl - name: Include OS-specific variables - include_vars: '{{ ansible_os_family }}.yml' + ansible.builtin.include_vars: '{{ ansible_os_family }}.yml' when: not ansible_os_family == "Darwin" - name: Check whether OpenSSL is there - command: "{{ openssl_binary }} version" + ansible.builtin.command: "{{ openssl_binary }} version" register: openssl_version_full ignore_errors: true - name: Install OpenSSL become: true - package: + ansible.builtin.package: name: '{{ openssl_package_name }}' when: not ansible_os_family == 'Darwin' and openssl_version_full is failed - name: Register openssl version (full) - command: "{{ openssl_binary }} version" + ansible.builtin.command: "{{ openssl_binary }} version" register: openssl_version_full - name: Show openssl version (full) - debug: + ansible.builtin.debug: var: openssl_version_full.stdout_lines - when: ansible_os_family == "Darwin" and "LibreSSL" in openssl_version_full.stdout # In case LibreSSL is installed on macOS, we need to install a more modern OpenSSL block: - name: MACOS | Find brew binary - command: which brew + ansible.builtin.command: which brew register: brew_which - name: MACOS | Get owner of brew binary - stat: + ansible.builtin.stat: path: "{{ brew_which.stdout }}" register: brew_stat - name: MACOS | Install openssl - homebrew: + community.general.homebrew: name: openssl state: present become: true become_user: "{{ brew_stat.stat.pw_name }}" - name: MACOS | Locale openssl binary - command: brew --prefix openssl + ansible.builtin.command: brew --prefix openssl become: true become_user: "{{ brew_stat.stat.pw_name }}" register: brew_openssl_prefix - name: MACOS | Point to OpenSSL binary - set_fact: + ansible.builtin.set_fact: openssl_binary: "{{ brew_openssl_prefix.stdout }}/bin/openssl" - name: MACOS | Register openssl version (full) - command: "{{ openssl_binary }} version" + ansible.builtin.command: "{{ openssl_binary }} version" register: openssl_version_full_again # We must use a different variable to prevent the 'when' condition of the surrounding block to fail - name: MACOS | Show openssl version (full) - debug: + ansible.builtin.debug: var: openssl_version_full_again.stdout_lines - name: Register openssl version - shell: "{{ openssl_binary }} version | cut -d' ' -f2" + ansible.builtin.shell: "{{ openssl_binary }} version | cut -d' ' -f2" register: openssl_version - name: Make openssl version a string - set_fact: + ansible.builtin.set_fact: openssl_version: "{{ openssl_version.stdout }}" - when: ansible_facts.distribution ~ ansible_facts.distribution_major_version not in ['CentOS6', 'RedHat6'] @@ -98,13 +98,13 @@ - name: Install cryptography (Python 3 from system packages) become: true - package: + ansible.builtin.package: name: '{{ cryptography_package_name_python3 }}' when: ansible_python_version is version('3.0', '>=') - name: Install cryptography (Python 2 from system packages) become: true - package: + ansible.builtin.package: name: '{{ cryptography_package_name }}' when: ansible_python_version is version('3.0', '<') @@ -114,7 +114,7 @@ - name: Install cryptography (PyPi) become: true - pip: + ansible.builtin.pip: name: 'cryptography{% if ansible_os_family == "Darwin" %}>=3.3{% endif %}' state: "{{ 'latest' if not target_system_python_cannot_upgrade_cryptography else omit }}" extra_args: "-c {{ remote_constraints }}" @@ -124,9 +124,9 @@ register: crypto_info - name: Register cryptography version - set_fact: + ansible.builtin.set_fact: cryptography_version: "{{ crypto_info.python_cryptography_capabilities.version }}" - name: Print default key sizes - debug: + ansible.builtin.debug: msg: "Default RSA key size: {{ default_rsa_key_size }} (for certificates: {{ default_rsa_key_size_certificates }})" diff --git a/tests/integration/targets/setup_pkg_mgr/tasks/main.yml b/tests/integration/targets/setup_pkg_mgr/tasks/main.yml index 0f51726b..f15dac46 100644 --- a/tests/integration/targets/setup_pkg_mgr/tasks/main.yml +++ b/tests/integration/targets/setup_pkg_mgr/tasks/main.yml @@ -8,13 +8,13 @@ # and should not be used as examples of how to write Ansible roles # #################################################################### -- set_fact: +- ansible.builtin.set_fact: pkg_mgr: community.general.pkgng ansible_pkg_mgr: community.general.pkgng cacheable: true when: ansible_os_family == 'FreeBSD' -- set_fact: +- ansible.builtin.set_fact: pkg_mgr: community.general.zypper ansible_pkg_mgr: community.general.zypper cacheable: true diff --git a/tests/integration/targets/setup_python_info/tasks/main.yml b/tests/integration/targets/setup_python_info/tasks/main.yml index 1b539515..a1b2c199 100644 --- a/tests/integration/targets/setup_python_info/tasks/main.yml +++ b/tests/integration/targets/setup_python_info/tasks/main.yml @@ -4,13 +4,13 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Gather facts on controller - setup: + ansible.builtin.setup: gather_subset: '!all' delegate_to: localhost delegate_facts: true run_once: true - name: Show variables - debug: + ansible.builtin.debug: msg: |- Target: Python: {{ ansible_facts.python.version.major ~ '.' ~ ansible_facts.python.version.minor }} @@ -26,7 +26,7 @@ Distribution version: {{ hostvars['localhost'].ansible_facts.distribution_version | internal__get_major_minor_version }} Distribution major version: {{ hostvars['localhost'].ansible_facts.distribution_major_version }} - name: Record information - set_fact: + ansible.builtin.set_fact: target_system_python: >- {{ system_python_version_data | diff --git a/tests/integration/targets/setup_remote_constraints/tasks/main.yml b/tests/integration/targets/setup_remote_constraints/tasks/main.yml index 7e913fc9..169a128f 100644 --- a/tests/integration/targets/setup_remote_constraints/tasks/main.yml +++ b/tests/integration/targets/setup_remote_constraints/tasks/main.yml @@ -9,10 +9,10 @@ #################################################################### - name: record constraints.txt path on remote host - set_fact: + ansible.builtin.set_fact: remote_constraints: "{{ remote_tmp_dir }}/constraints.txt" - name: copy constraints.txt to remote host - copy: + ansible.builtin.copy: src: "{{ role_path }}/../../../utils/constraints.txt" dest: "{{ remote_constraints }}" diff --git a/tests/integration/targets/setup_remote_tmp_dir/handlers/main.yml b/tests/integration/targets/setup_remote_tmp_dir/handlers/main.yml index 237db0fa..69302bf8 100644 --- a/tests/integration/targets/setup_remote_tmp_dir/handlers/main.yml +++ b/tests/integration/targets/setup_remote_tmp_dir/handlers/main.yml @@ -4,4 +4,4 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: delete temporary directory - include_tasks: default-cleanup.yml + ansible.builtin.include_tasks: default-cleanup.yml diff --git a/tests/integration/targets/setup_remote_tmp_dir/tasks/default-cleanup.yml b/tests/integration/targets/setup_remote_tmp_dir/tasks/default-cleanup.yml index cc74b70a..ab9a8787 100644 --- a/tests/integration/targets/setup_remote_tmp_dir/tasks/default-cleanup.yml +++ b/tests/integration/targets/setup_remote_tmp_dir/tasks/default-cleanup.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: delete temporary directory - file: + ansible.builtin.file: path: "{{ remote_tmp_dir }}" state: absent no_log: true diff --git a/tests/integration/targets/setup_remote_tmp_dir/tasks/default.yml b/tests/integration/targets/setup_remote_tmp_dir/tasks/default.yml index 95c51319..af8bb431 100644 --- a/tests/integration/targets/setup_remote_tmp_dir/tasks/default.yml +++ b/tests/integration/targets/setup_remote_tmp_dir/tasks/default.yml @@ -4,12 +4,12 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: create ~/tmp - file: + ansible.builtin.file: path: '~/tmp' state: directory - name: create temporary directory - tempfile: + ansible.builtin.tempfile: state: directory suffix: .test path: '~/tmp' @@ -18,5 +18,5 @@ - delete temporary directory - name: record temporary directory - set_fact: + ansible.builtin.set_fact: remote_tmp_dir: "{{ remote_tmp_dir.path }}" diff --git a/tests/integration/targets/setup_remote_tmp_dir/tasks/main.yml b/tests/integration/targets/setup_remote_tmp_dir/tasks/main.yml index babbdad0..51e4b800 100644 --- a/tests/integration/targets/setup_remote_tmp_dir/tasks/main.yml +++ b/tests/integration/targets/setup_remote_tmp_dir/tasks/main.yml @@ -9,11 +9,11 @@ #################################################################### - name: make sure we have the ansible_os_family and ansible_distribution_version facts - setup: + ansible.builtin.setup: gather_subset: distribution when: ansible_facts == {} -- include_tasks: "{{ lookup('first_found', files)}}" +- ansible.builtin.include_tasks: "{{ lookup('first_found', files) }}" vars: files: - "{{ ansible_os_family | lower }}.yml" diff --git a/tests/integration/targets/setup_ssh_agent/tasks/main.yml b/tests/integration/targets/setup_ssh_agent/tasks/main.yml index 70699002..a60ae762 100644 --- a/tests/integration/targets/setup_ssh_agent/tasks/main.yml +++ b/tests/integration/targets/setup_ssh_agent/tasks/main.yml @@ -9,11 +9,11 @@ #################################################################### - name: Start an ssh agent to use for tests - shell: ssh-agent -c | grep "^setenv" + ansible.builtin.shell: ssh-agent -c | grep "^setenv" register: openssh_agent_stdout - name: Convert output to dictionary - set_fact: + ansible.builtin.set_fact: openssh_agent_env: >- {{ openssh_agent_stdout.stdout_lines | map('regex_replace', '^setenv ([^ ]+) ([^ ]+);', '\1') @@ -22,24 +22,24 @@ }} - name: Register ssh agent facts - set_fact: + ansible.builtin.set_fact: openssh_agent_pid: "{{ openssh_agent_env.SSH_AGENT_PID }}" openssh_agent_sock: "{{ openssh_agent_env.SSH_AUTH_SOCK }}" - name: stat agent socket - stat: + ansible.builtin.stat: path: "{{ openssh_agent_sock }}" register: openssh_agent_socket_stat - name: Assert agent socket file is a socket - assert: + ansible.builtin.assert: that: - openssh_agent_socket_stat.stat.issock is defined - openssh_agent_socket_stat.stat.issock fail_msg: "{{ openssh_agent_sock }} is not a socket" - name: Verify agent responds - command: ssh-add -l + ansible.builtin.command: ssh-add -l register: rc_openssh_agent_ssh_add_check environment: SSH_AUTH_SOCK: "{{ openssh_agent_sock }}" @@ -47,10 +47,10 @@ failed_when: rc_openssh_agent_ssh_add_check.rc == 2 - name: Get ssh version - shell: ssh -Vq 2>&1|sed 's/^.*OpenSSH_\([0-9]\{1,\}\.[0-9]\{1,\}\).*$/\1/' + ansible.builtin.shell: ssh -Vq 2>&1|sed 's/^.*OpenSSH_\([0-9]\{1,\}\.[0-9]\{1,\}\).*$/\1/' register: rc_openssh_version_output - name: Set ssh version facts - set_fact: + ansible.builtin.set_fact: openssh_version: "{{ rc_openssh_version_output.stdout.strip() }}" diff --git a/tests/integration/targets/setup_ssh_keygen/tasks/main.yml b/tests/integration/targets/setup_ssh_keygen/tasks/main.yml index 3798388a..6b8edabf 100644 --- a/tests/integration/targets/setup_ssh_keygen/tasks/main.yml +++ b/tests/integration/targets/setup_ssh_keygen/tasks/main.yml @@ -9,23 +9,23 @@ #################################################################### - name: Include OS-specific variables - include_vars: '{{ ansible_os_family }}.yml' + ansible.builtin.include_vars: '{{ ansible_os_family }}.yml' when: not ansible_os_family == "Darwin" and not ansible_os_family == "FreeBSD" - name: Install ssh-keygen - package: + ansible.builtin.package: name: '{{ openssh_client_package_name }}' when: not ansible_os_family == "Darwin" and not ansible_os_family == "FreeBSD" - name: Get ssh version - shell: ssh -Vq 2>&1|sed 's/^.*OpenSSH_\([0-9]\{1,\}\.[0-9]\{1,\}\).*$/\1/' + ansible.builtin.shell: ssh -Vq 2>&1|sed 's/^.*OpenSSH_\([0-9]\{1,\}\.[0-9]\{1,\}\).*$/\1/' register: rc_openssh_version_output - name: Set ssh version facts - set_fact: + ansible.builtin.set_fact: openssh_version: "{{ rc_openssh_version_output.stdout.strip() }}" - name: Set ssh support facts - set_fact: + ansible.builtin.set_fact: openssh_supports_dsa: "{{ openssh_version is version('9.8', '<') }}" diff --git a/tests/integration/targets/x509_certificate-acme/tasks/impl.yml b/tests/integration/targets/x509_certificate-acme/tasks/impl.yml index cef59660..fd228212 100644 --- a/tests/integration/targets/x509_certificate-acme/tasks/impl.yml +++ b/tests/integration/targets/x509_certificate-acme/tasks/impl.yml @@ -4,17 +4,17 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Generate account key - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/account.key' size: '{{ default_rsa_key_size }}' - name: Generate privatekey - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size }}' - name: Generate CSRs - openssl_csr: + community.crypto.openssl_csr: privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' path: '{{ remote_tmp_dir }}/{{ item.name }}.csr' subject_alt_name: '{{ item.sans }}' @@ -28,7 +28,7 @@ - DNS:example.org - name: Retrieve certificate 1 - x509_certificate: + community.crypto.x509_certificate: provider: acme path: '{{ remote_tmp_dir }}/cert-1.pem' csr_path: '{{ remote_tmp_dir }}/cert-1.csr' @@ -39,18 +39,18 @@ PATH: '{{ lookup("env", "PATH") }}:{{ remote_tmp_dir }}' - name: Get certificate information - x509_certificate_info: + community.crypto.x509_certificate_info: path: '{{ remote_tmp_dir }}/cert-1.pem' register: result - name: Validate certificate information - assert: + ansible.builtin.assert: that: - result.subject_alt_name | length == 1 - "'DNS:example.com' in result.subject_alt_name" - name: Retrieve certificate 2 - x509_certificate: + community.crypto.x509_certificate: provider: acme path: '{{ remote_tmp_dir }}/cert-2.pem' csr_path: '{{ remote_tmp_dir }}/cert-2.csr' @@ -61,12 +61,12 @@ PATH: '{{ lookup("env", "PATH") }}:{{ remote_tmp_dir }}' - name: Get certificate information - x509_certificate_info: + community.crypto.x509_certificate_info: path: '{{ remote_tmp_dir }}/cert-2.pem' register: result - name: Validate certificate information - assert: + ansible.builtin.assert: that: - result.subject_alt_name | length == 2 - "'DNS:example.com' in result.subject_alt_name" diff --git a/tests/integration/targets/x509_certificate-acme/tasks/main.yml b/tests/integration/targets/x509_certificate-acme/tasks/main.yml index c268a80a..5926a36f 100644 --- a/tests/integration/targets/x509_certificate-acme/tasks/main.yml +++ b/tests/integration/targets/x509_certificate-acme/tasks/main.yml @@ -10,46 +10,46 @@ - block: - name: Obtain root and intermediate certificates - get_url: + ansible.builtin.get_url: url: "http://{{ acme_host }}:5000/{{ item.0 }}-certificate-for-ca/{{ item.1 }}" dest: "{{ remote_tmp_dir }}/acme-{{ item.0 }}-{{ item.1 }}.pem" loop: "{{ query('nested', types, root_numbers) }}" - name: Analyze root certificates - x509_certificate_info: + community.crypto.x509_certificate_info: path: "{{ remote_tmp_dir }}/acme-root-{{ item }}.pem" loop: "{{ root_numbers }}" register: acme_roots - name: Analyze intermediate certificates - x509_certificate_info: + community.crypto.x509_certificate_info: path: "{{ remote_tmp_dir }}/acme-intermediate-{{ item }}.pem" loop: "{{ root_numbers }}" register: acme_intermediates - name: Read root certificates - slurp: + ansible.builtin.slurp: src: "{{ remote_tmp_dir ~ '/acme-root-' ~ item ~ '.pem' }}" loop: "{{ root_numbers }}" register: slurp_roots - - set_fact: + - ansible.builtin.set_fact: x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}" loop: "{{ acme_roots.results }}" register: acme_roots_tmp - name: Read intermediate certificates - slurp: + ansible.builtin.slurp: src: "{{ remote_tmp_dir ~ '/acme-intermediate-' ~ item ~ '.pem' }}" loop: "{{ root_numbers }}" register: slurp_intermediates - - set_fact: + - ansible.builtin.set_fact: x__: "{{ item | dict2items | selectattr('key', 'in', interesting_keys) | list | items2dict }}" loop: "{{ acme_intermediates.results }}" register: acme_intermediates_tmp - - set_fact: + - ansible.builtin.set_fact: acme_roots: "{{ acme_roots_tmp.results | map(attribute='ansible_facts.x__') | list }}" acme_root_certs: "{{ slurp_roots.results | map(attribute='content') | map('b64decode') | list }}" acme_intermediates: "{{ acme_intermediates_tmp.results | map(attribute='ansible_facts.x__') | list }}" @@ -68,13 +68,13 @@ - subject - name: Get hold of acme-tiny executable - get_url: + ansible.builtin.get_url: url: https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py dest: "{{ remote_tmp_dir }}/acme-tiny" mode: "0755" - name: "Monkey-patch acme-tiny: Disable certificate validation" - blockinfile: + ansible.builtin.blockinfile: path: "{{ remote_tmp_dir }}/acme-tiny" marker: "# {mark} ANSIBLE MANAGED BLOCK: DISABLE CERTIFICATE VALIDATION FOR HTTPS REQUESTS" insertafter: '^#!.*' @@ -92,42 +92,42 @@ from urllib2 import Request # Python 2 - name: "Monkey-patch acme-tiny: adjust shebang" - replace: + ansible.builtin.replace: path: "{{ remote_tmp_dir }}/acme-tiny" regexp: '^\#\!/usr/bin/env .*$' replace: '#!{{ ansible_python_interpreter }}' - name: "Monkey-patch acme-tiny: Disable check that challenge file is reachable via HTTP" - replace: + ansible.builtin.replace: path: "{{ remote_tmp_dir }}/acme-tiny" regexp: 'parser\.add_argument\("--disable-check", default=False,' replace: 'parser.add_argument("--disable-check", default=True,' - name: "Monkey-patch acme-tiny: Instead of writing challenge files to disk, post them to challenge server" - replace: + ansible.builtin.replace: path: "{{ remote_tmp_dir }}/acme-tiny" regexp: 'with open\(wellknown_path, "w"\) as [^:]+:\n\s+[^. ]+\.write\(([^)]+)\)' replace: 'r = Request(url="http://{{ acme_host }}:5000/http/" + domain + "/" + token, data=\1.encode("utf8"), headers={"content-type": "application/octet-stream"}) ; r.get_method = lambda: "PUT" ; urlopen(r).close()' - name: "Monkey-patch acme-tiny: Remove file cleanup" - replace: + ansible.builtin.replace: path: "{{ remote_tmp_dir }}/acme-tiny" regexp: 'os\.remove\(wellknown_path\)' replace: 'pass' - name: "Monkey-patch acme-tiny: Allow to run with Python 2" - replace: + ansible.builtin.replace: path: "{{ remote_tmp_dir }}/acme-tiny" regexp: '#!/usr/bin/env python3' replace: '#!/usr/bin/env python' when: ansible_facts.python.version.major == 2 - name: Create challenges directory - file: + ansible.builtin.file: path: '{{ remote_tmp_dir }}/challenges' state: directory - name: Running tests - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml # Make x509_certificate module happy when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/x509_certificate/tasks/impl.yml b/tests/integration/targets/x509_certificate/tasks/impl.yml index 593de050..04122462 100644 --- a/tests/integration/targets/x509_certificate/tasks/impl.yml +++ b/tests/integration/targets/x509_certificate/tasks/impl.yml @@ -3,8 +3,8 @@ # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later -- debug: +- ansible.builtin.debug: msg: "Executing tests with backend {{ select_crypto_backend }}" -- import_tasks: selfsigned.yml -- import_tasks: ownca.yml -- import_tasks: removal.yml +- ansible.builtin.import_tasks: selfsigned.yml +- ansible.builtin.import_tasks: ownca.yml +- ansible.builtin.import_tasks: removal.yml diff --git a/tests/integration/targets/x509_certificate/tasks/main.yml b/tests/integration/targets/x509_certificate/tasks/main.yml index fdeadb1d..f5ccfd5b 100644 --- a/tests/integration/targets/x509_certificate/tasks/main.yml +++ b/tests/integration/targets/x509_certificate/tasks/main.yml @@ -9,7 +9,7 @@ #################################################################### - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/x509_certificate/tasks/ownca.yml b/tests/integration/targets/x509_certificate/tasks/ownca.yml index b80e34e4..4b2fb754 100644 --- a/tests/integration/targets/x509_certificate/tasks/ownca.yml +++ b/tests/integration/targets/x509_certificate/tasks/ownca.yml @@ -3,20 +3,20 @@ # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later -- name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey - openssl_privatekey: +- name: (OwnCA, {{ select_crypto_backend }}) Generate CA privatekey + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/ca_privatekey.pem' size: '{{ default_rsa_key_size_certificates }}' -- name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey with passphrase - openssl_privatekey: +- name: (OwnCA, {{ select_crypto_backend }}) Generate CA privatekey with passphrase + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/ca_privatekey_pw.pem' passphrase: hunter2 select_crypto_backend: cryptography size: '{{ default_rsa_key_size_certificates }}' -- name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR - openssl_csr: +- name: (OwnCA, {{ select_crypto_backend }}) Generate CA CSR + community.crypto.openssl_csr: path: '{{ item.path }}' privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' subject: '{{ item.subject }}' @@ -32,8 +32,8 @@ subject: commonName: Example CA 2 -- name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR (privatekey passphrase) - openssl_csr: +- name: (OwnCA, {{ select_crypto_backend }}) Generate CA CSR (privatekey passphrase) + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/ca_csr_pw.csr' privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey_pw.pem' privatekey_passphrase: hunter2 @@ -44,8 +44,8 @@ - 'CA:TRUE' basic_constraints_critical: true -- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate (check mode) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Generate selfsigned CA certificate (check mode) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ca_cert.pem' csr_path: '{{ remote_tmp_dir }}/ca_csr.csr' privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' @@ -55,8 +55,8 @@ check_mode: true register: result_check_mode -- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Generate selfsigned CA certificate + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ca_cert.pem' csr_path: '{{ remote_tmp_dir }}/ca_csr.csr' privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' @@ -65,14 +65,14 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: result -- name: (OwnCA, {{select_crypto_backend}}) Verify changed - assert: +- name: (OwnCA, {{ select_crypto_backend }}) Verify changed + ansible.builtin.assert: that: - result_check_mode is changed - result is changed -- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate with different commonName - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Generate selfsigned CA certificate with different commonName + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ca_cert2.pem' csr_path: '{{ remote_tmp_dir }}/ca_csr2.csr' privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' @@ -80,8 +80,8 @@ selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' -- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate (privatekey passphrase) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Generate selfsigned CA certificate (privatekey passphrase) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ca_cert_pw.pem' csr_path: '{{ remote_tmp_dir }}/ca_csr_pw.csr' privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey_pw.pem' @@ -90,8 +90,8 @@ selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' -- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Generate ownca certificate + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert.pem' csr_path: '{{ remote_tmp_dir }}/csr.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -103,8 +103,8 @@ return_content: true register: ownca_certificate -- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Generate ownca certificate (idempotent) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert.pem' csr_path: '{{ remote_tmp_dir }}/csr.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -116,8 +116,8 @@ return_content: true register: ownca_certificate_idempotence -- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (check mode) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Generate ownca certificate (check mode) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert.pem' csr_path: '{{ remote_tmp_dir }}/csr.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -128,8 +128,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' check_mode: true -- name: (OwnCA, {{select_crypto_backend}}) Copy ownca certificate to new file to check regeneration - copy: +- name: (OwnCA, {{ select_crypto_backend }}) Copy ownca certificate to new file to check regeneration + ansible.builtin.copy: src: '{{ remote_tmp_dir }}/ownca_cert.pem' dest: '{{ item }}' remote_src: true @@ -137,8 +137,8 @@ - '{{ remote_tmp_dir }}/ownca_cert_ca_cn.pem' - '{{ remote_tmp_dir }}/ownca_cert_ca_key.pem' -- name: (OwnCA, {{select_crypto_backend}}) Regenerate ownca certificate with different CA subject - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Regenerate ownca certificate with different CA subject + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_ca_cn.pem' csr_path: '{{ remote_tmp_dir }}/csr.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -150,8 +150,8 @@ return_content: true register: ownca_certificate_ca_subject_changed -- name: (OwnCA, {{select_crypto_backend}}) Regenerate ownca certificate with different CA key - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Regenerate ownca certificate with different CA key + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_ca_key.pem' csr_path: '{{ remote_tmp_dir }}/csr.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -164,20 +164,20 @@ return_content: true register: ownca_certificate_ca_key_changed -- name: (OwnCA, {{select_crypto_backend}}) Get certificate information +- name: (OwnCA, {{ select_crypto_backend }}) Get certificate information community.crypto.x509_certificate_info: path: '{{ remote_tmp_dir }}/ownca_cert.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result -- name: (OwnCA, {{select_crypto_backend}}) Get private key information +- name: (OwnCA, {{ select_crypto_backend }}) Get private key information community.crypto.openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result_privatekey -- name: (OwnCA, {{select_crypto_backend}}) Check ownca certificate - assert: +- name: (OwnCA, {{ select_crypto_backend }}) Check ownca certificate + ansible.builtin.assert: that: - result.public_key == result_privatekey.public_key - "result.signature_algorithm == 'sha256WithRSAEncryption' or result.signature_algorithm == 'sha256WithECDSAEncryption'" @@ -186,8 +186,8 @@ - not result.expired - result.version == 3 -- name: (OwnCA, {{select_crypto_backend}}) Generate ownca v2 certificate - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Generate ownca v2 certificate + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_v2.pem' csr_path: '{{ remote_tmp_dir }}/csr.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -200,8 +200,8 @@ register: ownca_v2_certificate ignore_errors: true -- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate2 - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Generate ownca certificate2 + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert2.pem' csr_path: '{{ remote_tmp_dir }}/csr2.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' @@ -211,20 +211,20 @@ ownca_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' -- name: (OwnCA, {{select_crypto_backend}}) Get certificate information +- name: (OwnCA, {{ select_crypto_backend }}) Get certificate information community.crypto.x509_certificate_info: path: '{{ remote_tmp_dir }}/ownca_cert2.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result -- name: (OwnCA, {{select_crypto_backend}}) Get private key information +- name: (OwnCA, {{ select_crypto_backend }}) Get private key information community.crypto.openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey2.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result_privatekey -- name: (OwnCA, {{select_crypto_backend}}) Check ownca certificate2 - assert: +- name: (OwnCA, {{ select_crypto_backend }}) Check ownca certificate2 + ansible.builtin.assert: that: - result.public_key == result_privatekey.public_key - "result.signature_algorithm == 'sha256WithRSAEncryption' or result.signature_algorithm == 'sha256WithECDSAEncryption'" @@ -241,8 +241,8 @@ - "'IPSec User' in result.extended_key_usage" - "'Biometric Info' in result.extended_key_usage" -- name: (OwnCA, {{select_crypto_backend}}) Create ownca certificate with notBefore and notAfter - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Create ownca certificate with notBefore and notAfter + community.crypto.x509_certificate: provider: ownca ownca_not_before: 20181023133742Z ownca_not_after: 20191023133742Z @@ -253,8 +253,8 @@ ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' -- name: (OwnCA, {{select_crypto_backend}}) Create ownca certificate with notBefore and notAfter (idempotent) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Create ownca certificate with notBefore and notAfter (idempotent) + community.crypto.x509_certificate: provider: ownca ownca_not_before: 20181023133742Z ownca_not_after: 20191023133742Z @@ -267,8 +267,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_cert3_idem -- name: (OwnCA, {{select_crypto_backend}}) Create ownca certificate with relative notBefore and notAfter - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Create ownca certificate with relative notBefore and notAfter + community.crypto.x509_certificate: provider: ownca ownca_not_before: +1s ownca_not_after: +52w @@ -279,8 +279,8 @@ ownca_privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' -- name: (OwnCA, {{select_crypto_backend}}) Generate ownca ECC certificate - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Generate ownca ECC certificate + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_ecc.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' @@ -291,8 +291,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_certificate_ecc -- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned certificate (privatekey passphrase) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Generate selfsigned certificate (privatekey passphrase) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_ecc_2.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert_pw.pem' @@ -303,8 +303,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_certificate_passphrase -- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 1) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Generate ownca certificate (failed passphrase 1) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_pw1.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -316,8 +316,8 @@ ignore_errors: true register: passphrase_error_1 -- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 2) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Generate ownca certificate (failed passphrase 2) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_pw2.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -329,8 +329,8 @@ ignore_errors: true register: passphrase_error_2 -- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 3) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Generate ownca certificate (failed passphrase 3) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_pw3.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -341,12 +341,12 @@ ignore_errors: true register: passphrase_error_3 -- name: (OwnCA, {{select_crypto_backend}}) Create broken certificate - copy: +- name: (OwnCA, {{ select_crypto_backend }}) Create broken certificate + ansible.builtin.copy: dest: "{{ remote_tmp_dir }}/ownca_broken.pem" content: "broken" -- name: (OwnCA, {{select_crypto_backend}}) Regenerate broken cert - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Regenerate broken cert + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_broken.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' @@ -356,8 +356,8 @@ ownca_digest: sha256 register: ownca_broken -- name: (OwnCA, {{select_crypto_backend}}) Backup test - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Backup test + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -367,8 +367,8 @@ backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_backup_1 -- name: (OwnCA, {{select_crypto_backend}}) Backup test (idempotent) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Backup test (idempotent) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -378,8 +378,8 @@ backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_backup_2 -- name: (OwnCA, {{select_crypto_backend}}) Backup test (change) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Backup test (change) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem' csr_path: '{{ remote_tmp_dir }}/csr.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -389,16 +389,16 @@ backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_backup_3 -- name: (OwnCA, {{select_crypto_backend}}) Backup test (remove) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Backup test (remove) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem' state: absent provider: ownca backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_backup_4 -- name: (OwnCA, {{select_crypto_backend}}) Backup test (remove, idempotent) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Backup test (remove, idempotent) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_backup.pem' state: absent provider: ownca @@ -406,8 +406,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_backup_5 -- name: (OwnCA, {{select_crypto_backend}}) Create subject key identifier - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Create subject key identifier + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_ski.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -418,8 +418,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_subject_key_identifier_1 -- name: (OwnCA, {{select_crypto_backend}}) Create subject key identifier (idempotency) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Create subject key identifier (idempotency) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_ski.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -430,8 +430,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_subject_key_identifier_2 -- name: (OwnCA, {{select_crypto_backend}}) Create subject key identifier (remove) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Create subject key identifier (remove) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_ski.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -442,8 +442,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_subject_key_identifier_3 -- name: (OwnCA, {{select_crypto_backend}}) Create subject key identifier (remove idempotency) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Create subject key identifier (remove idempotency) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_ski.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -454,8 +454,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_subject_key_identifier_4 -- name: (OwnCA, {{select_crypto_backend}}) Create subject key identifier (re-enable) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Create subject key identifier (re-enable) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_ski.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -466,8 +466,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_subject_key_identifier_5 -- name: (OwnCA, {{select_crypto_backend}}) Create authority key identifier - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Create authority key identifier + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_aki.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -478,8 +478,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_authority_key_identifier_1 -- name: (OwnCA, {{select_crypto_backend}}) Create authority key identifier (idempotency) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Create authority key identifier (idempotency) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_aki.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -490,8 +490,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_authority_key_identifier_2 -- name: (OwnCA, {{select_crypto_backend}}) Create authority key identifier (remove) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Create authority key identifier (remove) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_aki.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -502,8 +502,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_authority_key_identifier_3 -- name: (OwnCA, {{select_crypto_backend}}) Create authority key identifier (remove idempotency) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Create authority key identifier (remove idempotency) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_aki.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -514,8 +514,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_authority_key_identifier_4 -- name: (OwnCA, {{select_crypto_backend}}) Create authority key identifier (re-add) - x509_certificate: +- name: (OwnCA, {{ select_crypto_backend }}) Create authority key identifier (re-add) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_aki.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -526,10 +526,10 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: ownca_authority_key_identifier_5 -- name: (OwnCA, {{select_crypto_backend}}) Ed25519 and Ed448 tests (for cryptography >= 2.6) +- name: (OwnCA, {{ select_crypto_backend }}) Ed25519 and Ed448 tests (for cryptography >= 2.6) block: - - name: (OwnCA, {{select_crypto_backend}}) Generate privatekeys - openssl_privatekey: + - name: (OwnCA, {{ select_crypto_backend }}) Generate privatekeys + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' type: '{{ item }}' loop: @@ -538,12 +538,12 @@ register: ownca_certificate_ed25519_ed448_privatekey ignore_errors: true - - name: (OwnCA, {{select_crypto_backend}}) Generate CSR etc. if private key generation succeeded + - name: (OwnCA, {{ select_crypto_backend }}) Generate CSR etc. if private key generation succeeded when: ownca_certificate_ed25519_ed448_privatekey is not failed block: - - name: (OwnCA, {{select_crypto_backend}}) Generate CSR - openssl_csr: + - name: (OwnCA, {{ select_crypto_backend }}) Generate CSR + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' subject: @@ -554,8 +554,8 @@ - Ed448 ignore_errors: true - - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate - x509_certificate: + - name: (OwnCA, {{ select_crypto_backend }}) Generate ownca certificate + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_{{ item }}.pem' csr_path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -569,8 +569,8 @@ register: ownca_certificate_ed25519_ed448 ignore_errors: true - - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent) - x509_certificate: + - name: (OwnCA, {{ select_crypto_backend }}) Generate ownca certificate (idempotent) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_{{ item }}.pem' csr_path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert.pem' @@ -584,8 +584,8 @@ register: ownca_certificate_ed25519_ed448_idempotence ignore_errors: true - - name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey - openssl_privatekey: + - name: (OwnCA, {{ select_crypto_backend }}) Generate CA privatekey + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/ca_privatekey_{{ item }}.pem' type: '{{ item }}' passphrase: Test123 @@ -594,8 +594,8 @@ - Ed25519 - Ed448 - - name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR - openssl_csr: + - name: (OwnCA, {{ select_crypto_backend }}) Generate CA CSR + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/ca_csr_{{ item }}.csr' privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey_{{ item }}.pem' privatekey_passphrase: Test123 @@ -613,8 +613,8 @@ - Ed448 ignore_errors: true - - name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate - x509_certificate: + - name: (OwnCA, {{ select_crypto_backend }}) Generate selfsigned CA certificate + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ca_cert_{{ item }}.pem' csr_path: '{{ remote_tmp_dir }}/ca_csr_{{ item }}.csr' privatekey_path: '{{ remote_tmp_dir }}/ca_privatekey_{{ item }}.pem' @@ -626,8 +626,8 @@ - Ed448 ignore_errors: true - - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate - x509_certificate: + - name: (OwnCA, {{ select_crypto_backend }}) Generate ownca certificate + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_{{ item }}_2.pem' csr_path: '{{ remote_tmp_dir }}/csr.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert_{{ item }}.pem' @@ -642,8 +642,8 @@ register: ownca_certificate_ed25519_ed448_2 ignore_errors: true - - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent) - x509_certificate: + - name: (OwnCA, {{ select_crypto_backend }}) Generate ownca certificate (idempotent) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/ownca_cert_{{ item }}_2.pem' csr_path: '{{ remote_tmp_dir }}/csr.csr' ownca_path: '{{ remote_tmp_dir }}/ca_cert_{{ item }}.pem' @@ -660,4 +660,4 @@ when: select_crypto_backend == 'cryptography' and cryptography_version is version('3.3', '>=') -- import_tasks: ../tests/validate_ownca.yml +- ansible.builtin.import_tasks: ../tests/validate_ownca.yml diff --git a/tests/integration/targets/x509_certificate/tasks/removal.yml b/tests/integration/targets/x509_certificate/tasks/removal.yml index d7bdbfcb..1e08f8a7 100644 --- a/tests/integration/targets/x509_certificate/tasks/removal.yml +++ b/tests/integration/targets/x509_certificate/tasks/removal.yml @@ -3,18 +3,18 @@ # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later -- name: (Removal, {{select_crypto_backend}}) Generate privatekey - openssl_privatekey: +- name: (Removal, {{ select_crypto_backend }}) Generate privatekey + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/removal_privatekey.pem' size: '{{ default_rsa_key_size_certificates }}' -- name: (Removal, {{select_crypto_backend}}) Generate CSR - openssl_csr: +- name: (Removal, {{ select_crypto_backend }}) Generate CSR + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/removal_csr.csr' privatekey_path: '{{ remote_tmp_dir }}/removal_privatekey.pem' -- name: (Removal, {{select_crypto_backend}}) Generate selfsigned certificate - x509_certificate: +- name: (Removal, {{ select_crypto_backend }}) Generate selfsigned certificate + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/removal_cert.pem' csr_path: '{{ remote_tmp_dir }}/removal_csr.csr' privatekey_path: '{{ remote_tmp_dir }}/removal_privatekey.pem' @@ -22,33 +22,33 @@ selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' -- name: "(Removal, {{select_crypto_backend}}) Check that file is not gone" - stat: +- name: "(Removal, {{ select_crypto_backend }}) Check that file is not gone" + ansible.builtin.stat: path: "{{ remote_tmp_dir }}/removal_cert.pem" register: removal_1_prestat -- name: "(Removal, {{select_crypto_backend}}) Remove certificate" - x509_certificate: +- name: "(Removal, {{ select_crypto_backend }}) Remove certificate" + community.crypto.x509_certificate: path: "{{ remote_tmp_dir }}/removal_cert.pem" state: absent select_crypto_backend: '{{ select_crypto_backend }}' return_content: true register: removal_1 -- name: "(Removal, {{select_crypto_backend}}) Check that file is gone" - stat: +- name: "(Removal, {{ select_crypto_backend }}) Check that file is gone" + ansible.builtin.stat: path: "{{ remote_tmp_dir }}/removal_cert.pem" register: removal_1_poststat -- name: "(Removal, {{select_crypto_backend}}) Remove certificate (idempotent)" - x509_certificate: +- name: "(Removal, {{ select_crypto_backend }}) Remove certificate (idempotent)" + community.crypto.x509_certificate: path: "{{ remote_tmp_dir }}/removal_cert.pem" state: absent select_crypto_backend: '{{ select_crypto_backend }}' register: removal_2 -- name: (Removal, {{select_crypto_backend}}) Ensure removal worked - assert: +- name: (Removal, {{ select_crypto_backend }}) Ensure removal worked + ansible.builtin.assert: that: - removal_1_prestat.stat.exists - removal_1 is changed diff --git a/tests/integration/targets/x509_certificate/tasks/selfsigned.yml b/tests/integration/targets/x509_certificate/tasks/selfsigned.yml index f872859d..644e0c7e 100644 --- a/tests/integration/targets/x509_certificate/tasks/selfsigned.yml +++ b/tests/integration/targets/x509_certificate/tasks/selfsigned.yml @@ -3,20 +3,20 @@ # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later -- name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey - openssl_privatekey: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate privatekey + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size_certificates }}' -- name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey with password - openssl_privatekey: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate privatekey with password + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 select_crypto_backend: cryptography size: '{{ default_rsa_key_size_certificates }}' -- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate selfsigned certificate without CSR + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert_no_csr.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: selfsigned @@ -25,8 +25,8 @@ return_content: true register: selfsigned_certificate_no_csr -- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR - idempotency - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate selfsigned certificate without CSR - idempotency + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert_no_csr.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: selfsigned @@ -35,8 +35,8 @@ return_content: true register: selfsigned_certificate_no_csr_idempotence -- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR (check mode) - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate selfsigned certificate without CSR (check mode) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert_no_csr.pem' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' provider: selfsigned @@ -45,22 +45,22 @@ check_mode: true register: selfsigned_certificate_no_csr_idempotence_check -- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR - openssl_csr: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate CSR + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.example.com -- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR - openssl_csr: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate CSR + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_minimal_change.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: commonName: www.example.org -- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate selfsigned certificate + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert.pem' csr_path: '{{ remote_tmp_dir }}/csr.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -70,8 +70,8 @@ return_content: true register: selfsigned_certificate -- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - idempotency - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate selfsigned certificate - idempotency + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert.pem' csr_path: '{{ remote_tmp_dir }}/csr.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -81,8 +81,8 @@ return_content: true register: selfsigned_certificate_idempotence -- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (check mode) - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate selfsigned certificate (check mode) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert.pem' csr_path: '{{ remote_tmp_dir }}/csr.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -91,8 +91,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' check_mode: true -- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (check mode, other CSR) - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate selfsigned certificate (check mode, other CSR) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert.pem' csr_path: '{{ remote_tmp_dir }}/csr_minimal_change.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -102,20 +102,20 @@ check_mode: true register: selfsigned_certificate_csr_minimal_change -- name: (Selfsigned, {{select_crypto_backend}}) Get certificate information +- name: (Selfsigned, {{ select_crypto_backend }}) Get certificate information community.crypto.x509_certificate_info: path: '{{ remote_tmp_dir }}/cert.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result -- name: (Selfsigned, {{select_crypto_backend}}) Get private key information +- name: (Selfsigned, {{ select_crypto_backend }}) Get private key information community.crypto.openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result_privatekey -- name: (Selfsigned, {{select_crypto_backend}}) Check selfsigned certificate - assert: +- name: (Selfsigned, {{ select_crypto_backend }}) Check selfsigned certificate + ansible.builtin.assert: that: - result.public_key == result_privatekey.public_key - "result.signature_algorithm == 'sha256WithRSAEncryption' or result.signature_algorithm == 'sha256WithECDSAEncryption'" @@ -123,8 +123,8 @@ - not result.expired - result.version == 3 -- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned v2 certificate - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate selfsigned v2 certificate + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert_v2.pem' csr_path: '{{ remote_tmp_dir }}/csr.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -135,13 +135,13 @@ register: selfsigned_v2_cert ignore_errors: true -- name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey2 - openssl_privatekey: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate privatekey2 + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey2.pem' size: '{{ default_rsa_key_size_certificates }}' -- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR2 - openssl_csr: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate CSR2 + community.crypto.openssl_csr: subject: CN: www.example.com C: US @@ -159,8 +159,8 @@ - ipsecUser - biometricInfo -- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate2 - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate selfsigned certificate2 + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert2.pem' csr_path: '{{ remote_tmp_dir }}/csr2.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey2.pem' @@ -168,20 +168,20 @@ selfsigned_digest: sha256 select_crypto_backend: '{{ select_crypto_backend }}' -- name: (Selfsigned, {{select_crypto_backend}}) Get certificate information +- name: (Selfsigned, {{ select_crypto_backend }}) Get certificate information community.crypto.x509_certificate_info: path: '{{ remote_tmp_dir }}/cert2.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result -- name: (Selfsigned, {{select_crypto_backend}}) Get private key information +- name: (Selfsigned, {{ select_crypto_backend }}) Get private key information community.crypto.openssl_privatekey_info: path: '{{ remote_tmp_dir }}/privatekey2.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result_privatekey -- name: (Selfsigned, {{select_crypto_backend}}) Check selfsigned certificate2 - assert: +- name: (Selfsigned, {{ select_crypto_backend }}) Check selfsigned certificate2 + ansible.builtin.assert: that: - result.public_key == result_privatekey.public_key - "result.signature_algorithm == 'sha256WithRSAEncryption' or result.signature_algorithm == 'sha256WithECDSAEncryption'" @@ -197,20 +197,20 @@ - "'IPSec User' in result.extended_key_usage" - "'Biometric Info' in result.extended_key_usage" -- name: (Selfsigned, {{select_crypto_backend}}) Create private key 3 - openssl_privatekey: +- name: (Selfsigned, {{ select_crypto_backend }}) Create private key 3 + community.crypto.openssl_privatekey: path: "{{ remote_tmp_dir }}/privatekey3.pem" size: '{{ default_rsa_key_size_certificates }}' -- name: (Selfsigned, {{select_crypto_backend}}) Create CSR 3 - openssl_csr: +- name: (Selfsigned, {{ select_crypto_backend }}) Create CSR 3 + community.crypto.openssl_csr: subject: CN: www.example.com privatekey_path: "{{ remote_tmp_dir }}/privatekey3.pem" path: "{{ remote_tmp_dir }}/csr3.pem" -- name: (Selfsigned, {{select_crypto_backend}}) Create certificate3 with notBefore and notAfter - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Create certificate3 with notBefore and notAfter + community.crypto.x509_certificate: provider: selfsigned selfsigned_not_before: 20181023133742Z selfsigned_not_after: 20191023133742Z @@ -219,8 +219,8 @@ privatekey_path: "{{ remote_tmp_dir }}/privatekey3.pem" select_crypto_backend: '{{ select_crypto_backend }}' -- name: (Selfsigned, {{select_crypto_backend}}) Create certificate3 with notBefore and notAfter (idempotent) - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Create certificate3 with notBefore and notAfter (idempotent) + community.crypto.x509_certificate: provider: selfsigned selfsigned_not_before: 20181023133742Z selfsigned_not_after: 20191023133742Z @@ -231,22 +231,22 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: cert3_selfsigned_idem -- name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey - openssl_privatekey: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate privatekey + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' type: ECC curve: "{{ (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') | ternary('secp521r1', 'secp256k1') }}" # ^ cryptography on CentOS6 doesn't support secp256k1, so we use secp521r1 instead -- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR - openssl_csr: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate CSR + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_ecc.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' subject: commonName: www.example.com -- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate selfsigned certificate + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert_ecc.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' @@ -255,16 +255,16 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_certificate_ecc -- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR (privatekey passphrase) - openssl_csr: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate CSR (privatekey passphrase) + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_pass.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: hunter2 subject: commonName: www.example.com -- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (privatekey passphrase) - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate selfsigned certificate (privatekey passphrase) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert_pass.pem' csr_path: '{{ remote_tmp_dir }}/csr_pass.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' @@ -274,8 +274,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_certificate_passphrase -- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 1) - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate selfsigned certificate (failed passphrase 1) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert_pw1.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -286,8 +286,8 @@ ignore_errors: true register: passphrase_error_1 -- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 2) - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate selfsigned certificate (failed passphrase 2) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert_pw2.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' @@ -298,8 +298,8 @@ ignore_errors: true register: passphrase_error_2 -- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 3) - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Generate selfsigned certificate (failed passphrase 3) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert_pw3.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' @@ -309,12 +309,12 @@ ignore_errors: true register: passphrase_error_3 -- name: (Selfsigned, {{select_crypto_backend}}) Create broken certificate - copy: +- name: (Selfsigned, {{ select_crypto_backend }}) Create broken certificate + ansible.builtin.copy: dest: "{{ remote_tmp_dir }}/cert_broken.pem" content: "broken" -- name: (Selfsigned, {{select_crypto_backend}}) Regenerate broken cert - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Regenerate broken cert + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert_broken.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' @@ -322,8 +322,8 @@ selfsigned_digest: sha256 register: selfsigned_broken -- name: (Selfsigned, {{select_crypto_backend}}) Backup test - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Backup test + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' @@ -332,8 +332,8 @@ backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_backup_1 -- name: (Selfsigned, {{select_crypto_backend}}) Backup test (idempotent) - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Backup test (idempotent) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' @@ -342,8 +342,8 @@ backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_backup_2 -- name: (Selfsigned, {{select_crypto_backend}}) Backup test (change) - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Backup test (change) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem' csr_path: '{{ remote_tmp_dir }}/csr.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -352,16 +352,16 @@ backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_backup_3 -- name: (Selfsigned, {{select_crypto_backend}}) Backup test (remove) - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Backup test (remove) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem' state: absent provider: selfsigned backup: true select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_backup_4 -- name: (Selfsigned, {{select_crypto_backend}}) Backup test (remove, idempotent) - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Backup test (remove, idempotent) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/selfsigned_cert_backup.pem' state: absent provider: selfsigned @@ -369,8 +369,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_backup_5 -- name: (Selfsigned, {{select_crypto_backend}}) Create subject key identifier test - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Create subject key identifier test + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/selfsigned_cert_ski.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' @@ -380,8 +380,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_subject_key_identifier_1 -- name: (Selfsigned, {{select_crypto_backend}}) Create subject key identifier test (idempotency) - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Create subject key identifier test (idempotency) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/selfsigned_cert_ski.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' @@ -391,8 +391,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_subject_key_identifier_2 -- name: (Selfsigned, {{select_crypto_backend}}) Create subject key identifier test (remove) - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Create subject key identifier test (remove) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/selfsigned_cert_ski.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' @@ -402,8 +402,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_subject_key_identifier_3 -- name: (Selfsigned, {{select_crypto_backend}}) Create subject key identifier test (remove idempotency) - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Create subject key identifier test (remove idempotency) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/selfsigned_cert_ski.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' @@ -413,8 +413,8 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_subject_key_identifier_4 -- name: (Selfsigned, {{select_crypto_backend}}) Create subject key identifier test (re-enable) - x509_certificate: +- name: (Selfsigned, {{ select_crypto_backend }}) Create subject key identifier test (re-enable) + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/selfsigned_cert_ski.pem' csr_path: '{{ remote_tmp_dir }}/csr_ecc.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_ecc.pem' @@ -424,10 +424,10 @@ select_crypto_backend: '{{ select_crypto_backend }}' register: selfsigned_subject_key_identifier_5 -- name: (Selfsigned, {{select_crypto_backend}}) Ed25519 and Ed448 tests (for cryptography >= 2.6) +- name: (Selfsigned, {{ select_crypto_backend }}) Ed25519 and Ed448 tests (for cryptography >= 2.6) block: - - name: (Selfsigned, {{select_crypto_backend}}) Generate privatekeys - openssl_privatekey: + - name: (Selfsigned, {{ select_crypto_backend }}) Generate privatekeys + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' type: '{{ item }}' loop: @@ -436,12 +436,12 @@ register: selfsigned_certificate_ed25519_ed448_privatekey ignore_errors: true - - name: (Selfsigned, {{select_crypto_backend}}) Generate CSR etc. if private key generation succeeded + - name: (Selfsigned, {{ select_crypto_backend }}) Generate CSR etc. if private key generation succeeded when: selfsigned_certificate_ed25519_ed448_privatekey is not failed block: - - name: (Selfsigned, {{select_crypto_backend}}) Generate CSR - openssl_csr: + - name: (Selfsigned, {{ select_crypto_backend }}) Generate CSR + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' subject: @@ -452,8 +452,8 @@ - Ed448 ignore_errors: true - - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - x509_certificate: + - name: (Selfsigned, {{ select_crypto_backend }}) Generate selfsigned certificate + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert_{{ item }}.pem' csr_path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' @@ -466,8 +466,8 @@ register: selfsigned_certificate_ed25519_ed448 ignore_errors: true - - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - idempotency - x509_certificate: + - name: (Selfsigned, {{ select_crypto_backend }}) Generate selfsigned certificate - idempotency + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert_{{ item }}.pem' csr_path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey_{{ item }}.pem' @@ -482,4 +482,4 @@ when: select_crypto_backend == 'cryptography' and cryptography_version is version('3.3', '>=') -- import_tasks: ../tests/validate_selfsigned.yml +- ansible.builtin.import_tasks: ../tests/validate_selfsigned.yml diff --git a/tests/integration/targets/x509_certificate/tests/validate_ownca.yml b/tests/integration/targets/x509_certificate/tests/validate_ownca.yml index 4a59ed95..7e1cba7c 100644 --- a/tests/integration/targets/x509_certificate/tests/validate_ownca.yml +++ b/tests/integration/targets/x509_certificate/tests/validate_ownca.yml @@ -3,24 +3,24 @@ # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate (test - verify CA) - shell: '{{ openssl_binary }} verify -CAfile {{ remote_tmp_dir }}/ca_cert.pem {{ remote_tmp_dir }}/ownca_cert.pem | sed "s/.*: \(.*\)/\1/g"' +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca certificate (test - verify CA) + ansible.builtin.shell: '{{ openssl_binary }} verify -CAfile {{ remote_tmp_dir }}/ca_cert.pem {{ remote_tmp_dir }}/ownca_cert.pem | sed "s/.*: \(.*\)/\1/g"' register: ownca_verify_ca -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate (test - ownca certificate modulus) - command: '{{ openssl_binary }} x509 -noout -modulus -in {{ remote_tmp_dir }}/ownca_cert.pem' +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca certificate (test - ownca certificate modulus) + ansible.builtin.command: '{{ openssl_binary }} x509 -noout -modulus -in {{ remote_tmp_dir }}/ownca_cert.pem' register: ownca_cert_modulus -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate (test - ownca issuer value) - shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir}}/ownca_cert.pem -text | grep "Issuer" | sed "s/.*: \(.*\)/\1/g"' +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca certificate (test - ownca issuer value) + ansible.builtin.shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/ownca_cert.pem -text | grep "Issuer" | sed "s/.*: \(.*\)/\1/g"' register: ownca_cert_issuer -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate (test - ownca certificate version == default == 3) - shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir}}/ownca_cert.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca certificate (test - ownca certificate version == default == 3) + ansible.builtin.shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/ownca_cert.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' register: ownca_cert_version -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate (assert) - assert: +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca certificate (assert) + ansible.builtin.assert: that: - ownca_verify_ca.stdout == 'OK' - ownca_cert_modulus.stdout == privatekey_modulus.stdout @@ -28,97 +28,97 @@ # openssl 1.1.x adds a space between the output - ownca_cert_issuer.stdout in ['CN=Example CA', 'CN = Example CA'] -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate idempotence - assert: +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca certificate idempotence + ansible.builtin.assert: that: - ownca_certificate.serial_number == ownca_certificate_idempotence.serial_number - ownca_certificate.notBefore == ownca_certificate_idempotence.notBefore - ownca_certificate.notAfter == ownca_certificate_idempotence.notAfter -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate regeneration - assert: +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca certificate regeneration + ansible.builtin.assert: that: - ownca_certificate_ca_subject_changed is changed - ownca_certificate_ca_key_changed is changed -- name: (OwnCA validation, {{select_crypto_backend}}) Read certificate - slurp: +- name: (OwnCA validation, {{ select_crypto_backend }}) Read certificate + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/ownca_cert.pem' register: slurp -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca data return - assert: +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca data return + ansible.builtin.assert: that: - ownca_certificate.certificate == (slurp.content | b64decode) - ownca_certificate.certificate == ownca_certificate_idempotence.certificate - block: - - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate v2 (test - ownca certificate version == 2) - shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir}}/ownca_cert_v2.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' + - name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca certificate v2 (test - ownca certificate version == 2) + ansible.builtin.shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/ownca_cert_v2.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' register: ownca_cert_v2_version - - name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate version 2 (assert) - assert: + - name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca certificate version 2 (assert) + ansible.builtin.assert: that: - ownca_cert_v2_version.stdout == '2' when: "select_crypto_backend != 'cryptography'" -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate v2 (test - ownca certificate version == 2) - assert: +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca certificate v2 (test - ownca certificate version == 2) + ansible.builtin.assert: that: - ownca_v2_certificate is failed when: "select_crypto_backend == 'cryptography'" -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate2 (test - ownca certificate modulus) - command: '{{ openssl_binary }} x509 -noout -modulus -in {{ remote_tmp_dir }}/ownca_cert2.pem' +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca certificate2 (test - ownca certificate modulus) + ansible.builtin.command: '{{ openssl_binary }} x509 -noout -modulus -in {{ remote_tmp_dir }}/ownca_cert2.pem' register: ownca_cert2_modulus -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate2 (assert) - assert: +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca certificate2 (assert) + ansible.builtin.assert: that: - ownca_cert2_modulus.stdout == privatekey2_modulus.stdout -- name: (OwnCA validation, {{select_crypto_backend}}) Validate owncal certificate3 (test - notBefore) - shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/ownca_cert3.pem -text | grep "Not Before" | sed "s/.*: \(.*\) .*/\1/g"' +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate owncal certificate3 (test - notBefore) + ansible.builtin.shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/ownca_cert3.pem -text | grep "Not Before" | sed "s/.*: \(.*\) .*/\1/g"' register: ownca_cert3_notBefore -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate3 (test - notAfter) - shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/ownca_cert3.pem -text | grep "Not After" | sed "s/.*: \(.*\) .*/\1/g"' +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca certificate3 (test - notAfter) + ansible.builtin.shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/ownca_cert3.pem -text | grep "Not After" | sed "s/.*: \(.*\) .*/\1/g"' register: ownca_cert3_notAfter -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate3 (assert - notBefore) - assert: +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca certificate3 (assert - notBefore) + ansible.builtin.assert: that: - ownca_cert3_notBefore.stdout == 'Oct 23 13:37:42 2018' -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca certificate3 (assert - notAfter) - assert: +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca certificate3 (assert - notAfter) + ansible.builtin.assert: that: - ownca_cert3_notAfter.stdout == 'Oct 23 13:37:42 2019' -- name: (OwnCA validation, {{select_crypto_backend}}) Validate idempotency - assert: +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate idempotency + ansible.builtin.assert: that: - ownca_cert3_idem is not changed -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca ECC certificate (test - ownca certificate pubkey) - command: '{{ openssl_binary }} x509 -noout -pubkey -in {{ remote_tmp_dir }}/ownca_cert_ecc.pem' +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca ECC certificate (test - ownca certificate pubkey) + ansible.builtin.command: '{{ openssl_binary }} x509 -noout -pubkey -in {{ remote_tmp_dir }}/ownca_cert_ecc.pem' register: ownca_cert_ecc_pubkey -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca ECC certificate (test - ownca issuer value) - shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir}}/ownca_cert_ecc.pem -text | grep "Issuer" | sed "s/.*: \(.*\)/\1/g"' +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca ECC certificate (test - ownca issuer value) + ansible.builtin.shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/ownca_cert_ecc.pem -text | grep "Issuer" | sed "s/.*: \(.*\)/\1/g"' register: ownca_cert_ecc_issuer -- name: (OwnCA validation, {{select_crypto_backend}}) Validate ownca ECC certificate (assert) - assert: +- name: (OwnCA validation, {{ select_crypto_backend }}) Validate ownca ECC certificate (assert) + ansible.builtin.assert: that: - ownca_cert_ecc_pubkey.stdout == privatekey_ecc_pubkey.stdout # openssl 1.1.x adds a space between the output - ownca_cert_ecc_issuer.stdout in ['CN=Example CA', 'CN = Example CA'] -- name: (OwnCA validation, {{select_crypto_backend}}) - assert: +- name: (OwnCA validation, {{ select_crypto_backend }}) + ansible.builtin.assert: that: - passphrase_error_1 is failed - "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg" @@ -127,13 +127,13 @@ - passphrase_error_3 is failed - "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg" -- name: (OwnCA validation, {{select_crypto_backend}})Verify that broken certificate will be regenerated - assert: +- name: (OwnCA validation, {{ select_crypto_backend }})Verify that broken certificate will be regenerated + ansible.builtin.assert: that: - ownca_broken is changed -- name: (OwnCA validation, {{select_crypto_backend}}) Check backup - assert: +- name: (OwnCA validation, {{ select_crypto_backend }}) Check backup + ansible.builtin.assert: that: - ownca_backup_1 is changed - ownca_backup_1.backup_file is undefined @@ -146,8 +146,8 @@ - ownca_backup_5 is not changed - ownca_backup_5.backup_file is undefined -- name: (OwnCA validation, {{select_crypto_backend}}) Check create subject key identifier - assert: +- name: (OwnCA validation, {{ select_crypto_backend }}) Check create subject key identifier + ansible.builtin.assert: that: - ownca_subject_key_identifier_1 is changed - ownca_subject_key_identifier_2 is not changed @@ -155,8 +155,8 @@ - ownca_subject_key_identifier_4 is not changed - ownca_subject_key_identifier_5 is changed -- name: (OwnCA validation, {{select_crypto_backend}}) Check create authority key identifier - assert: +- name: (OwnCA validation, {{ select_crypto_backend }}) Check create authority key identifier + ansible.builtin.assert: that: - ownca_authority_key_identifier_1 is changed - ownca_authority_key_identifier_2 is not changed @@ -164,8 +164,8 @@ - ownca_authority_key_identifier_4 is not changed - ownca_authority_key_identifier_5 is changed -- name: (OwnCA validation, {{select_crypto_backend}}) Verify Ed25519 and Ed448 tests - assert: +- name: (OwnCA validation, {{ select_crypto_backend }}) Verify Ed25519 and Ed448 tests + ansible.builtin.assert: that: - ownca_certificate_ed25519_ed448 is succeeded - ownca_certificate_ed25519_ed448.results[0] is changed diff --git a/tests/integration/targets/x509_certificate/tests/validate_selfsigned.yml b/tests/integration/targets/x509_certificate/tests/validate_selfsigned.yml index 8740d2ee..b6f5580e 100644 --- a/tests/integration/targets/x509_certificate/tests/validate_selfsigned.yml +++ b/tests/integration/targets/x509_certificate/tests/validate_selfsigned.yml @@ -3,161 +3,161 @@ # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - privatekey modulus) - command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate (test - privatekey modulus) + ansible.builtin.command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' register: privatekey_modulus -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate behavior for no CSR - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate behavior for no CSR + ansible.builtin.assert: that: - selfsigned_certificate_no_csr is changed - selfsigned_certificate_no_csr_idempotence is not changed - selfsigned_certificate_no_csr_idempotence_check is not changed -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate with no CSR (test - certificate modulus) - command: '{{ openssl_binary }} x509 -noout -modulus -in {{ remote_tmp_dir }}/cert_no_csr.pem' +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate with no CSR (test - certificate modulus) + ansible.builtin.command: '{{ openssl_binary }} x509 -noout -modulus -in {{ remote_tmp_dir }}/cert_no_csr.pem' register: cert_modulus -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate with no CSR (test - certificate version == default == 3) - shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir}}/cert_no_csr.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate with no CSR (test - certificate version == default == 3) + ansible.builtin.shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/cert_no_csr.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' register: cert_version -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate with no CSR (assert) - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate with no CSR (assert) + ansible.builtin.assert: that: - cert_modulus.stdout == privatekey_modulus.stdout - cert_version.stdout == '3' -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate with no CSR idempotence - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate with no CSR idempotence + ansible.builtin.assert: that: - selfsigned_certificate_no_csr.serial_number == selfsigned_certificate_no_csr_idempotence.serial_number - selfsigned_certificate_no_csr.notBefore == selfsigned_certificate_no_csr_idempotence.notBefore - selfsigned_certificate_no_csr.notAfter == selfsigned_certificate_no_csr_idempotence.notAfter -- name: (Selfsigned validation, {{select_crypto_backend}}) Read certificate with no CSR - slurp: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Read certificate with no CSR + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/cert_no_csr.pem' register: slurp -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate data retrieval with no CSR - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate data retrieval with no CSR + ansible.builtin.assert: that: - selfsigned_certificate_no_csr.certificate == (slurp.content | b64decode) - selfsigned_certificate_no_csr.certificate == selfsigned_certificate_no_csr_idempotence.certificate -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - certificate modulus) - command: '{{ openssl_binary }} x509 -noout -modulus -in {{ remote_tmp_dir }}/cert.pem' +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate (test - certificate modulus) + ansible.builtin.command: '{{ openssl_binary }} x509 -noout -modulus -in {{ remote_tmp_dir }}/cert.pem' register: cert_modulus -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - issuer value) - shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir}}/cert.pem -text | grep "Issuer" | sed "s/.*: \(.*\)/\1/g; s/ //g;"' +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate (test - issuer value) + ansible.builtin.shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/cert.pem -text | grep "Issuer" | sed "s/.*: \(.*\)/\1/g; s/ //g;"' register: cert_issuer -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - certificate version == default == 3) - shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir}}/cert.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate (test - certificate version == default == 3) + ansible.builtin.shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/cert.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' register: cert_version -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (assert) - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate (assert) + ansible.builtin.assert: that: - cert_modulus.stdout == privatekey_modulus.stdout - cert_version.stdout == '3' - cert_issuer.stdout == 'CN=www.example.com' -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate idempotence - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate idempotence + ansible.builtin.assert: that: - selfsigned_certificate.serial_number == selfsigned_certificate_idempotence.serial_number - selfsigned_certificate.notBefore == selfsigned_certificate_idempotence.notBefore - selfsigned_certificate.notAfter == selfsigned_certificate_idempotence.notAfter -- name: (Selfsigned validation, {{select_crypto_backend}}) Read certificate - slurp: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Read certificate + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/cert.pem' register: slurp -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate data retrieval - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate data retrieval + ansible.builtin.assert: that: - selfsigned_certificate.certificate == (slurp.content | b64decode) - selfsigned_certificate.certificate == selfsigned_certificate_idempotence.certificate - name: Make sure that changes in CSR are detected even if private key is specified - assert: + ansible.builtin.assert: that: - selfsigned_certificate_csr_minimal_change is changed - block: - - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate v2 (test - certificate version == 2) - shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir}}/cert_v2.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' + - name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate v2 (test - certificate version == 2) + ansible.builtin.shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/cert_v2.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' register: cert_v2_version - - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate version 2 (assert) - assert: + - name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate version 2 (assert) + ansible.builtin.assert: that: - cert_v2_version.stdout == '2' when: select_crypto_backend != 'cryptography' - block: - name: (Selfsigned validation, {{ select_crypto_backend }} Validate certificate v2 is failed - assert: + ansible.builtin.assert: that: - selfsigned_v2_cert is failed when: select_crypto_backend == 'cryptography' -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate2 (test - privatekey modulus) - command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey2.pem' +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate2 (test - privatekey modulus) + ansible.builtin.command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey2.pem' register: privatekey2_modulus -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate2 (test - certificate modulus) - command: '{{ openssl_binary }} x509 -noout -modulus -in {{ remote_tmp_dir }}/cert2.pem' +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate2 (test - certificate modulus) + ansible.builtin.command: '{{ openssl_binary }} x509 -noout -modulus -in {{ remote_tmp_dir }}/cert2.pem' register: cert2_modulus -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate2 (assert) - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate2 (assert) + ansible.builtin.assert: that: - cert2_modulus.stdout == privatekey2_modulus.stdout -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate3 (test - notBefore) - shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/cert3.pem -text | grep "Not Before" | sed "s/.*: \(.*\) .*/\1/g"' +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate3 (test - notBefore) + ansible.builtin.shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/cert3.pem -text | grep "Not Before" | sed "s/.*: \(.*\) .*/\1/g"' register: cert3_notBefore -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate3 (test - notAfter) - shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/cert3.pem -text | grep "Not After" | sed "s/.*: \(.*\) .*/\1/g"' +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate3 (test - notAfter) + ansible.builtin.shell: '{{ openssl_binary }} x509 -noout -in {{ remote_tmp_dir }}/cert3.pem -text | grep "Not After" | sed "s/.*: \(.*\) .*/\1/g"' register: cert3_notAfter -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate3 (assert - notBefore) - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate3 (assert - notBefore) + ansible.builtin.assert: that: - cert3_notBefore.stdout == 'Oct 23 13:37:42 2018' -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate3 (assert - notAfter) - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate certificate3 (assert - notAfter) + ansible.builtin.assert: that: - cert3_notAfter.stdout == 'Oct 23 13:37:42 2019' -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate idempotency - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate idempotency + ansible.builtin.assert: that: - cert3_selfsigned_idem is not changed -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate ECC certificate (test - privatekey's pubkey) - command: '{{ openssl_binary }} ec -pubout -in {{ remote_tmp_dir }}/privatekey_ecc.pem' +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate ECC certificate (test - privatekey's pubkey) + ansible.builtin.command: '{{ openssl_binary }} ec -pubout -in {{ remote_tmp_dir }}/privatekey_ecc.pem' register: privatekey_ecc_pubkey -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate ECC certificate (test - certificate pubkey) - command: '{{ openssl_binary }} x509 -noout -pubkey -in {{ remote_tmp_dir }}/cert_ecc.pem' +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate ECC certificate (test - certificate pubkey) + ansible.builtin.command: '{{ openssl_binary }} x509 -noout -pubkey -in {{ remote_tmp_dir }}/cert_ecc.pem' register: cert_ecc_pubkey -- name: (Selfsigned validation, {{select_crypto_backend}}) Validate ECC certificate (assert) - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Validate ECC certificate (assert) + ansible.builtin.assert: that: - cert_ecc_pubkey.stdout == privatekey_ecc_pubkey.stdout -- name: (Selfsigned validation, {{select_crypto_backend}}) - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) + ansible.builtin.assert: that: - passphrase_error_1 is failed - "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg" @@ -166,13 +166,13 @@ - passphrase_error_3 is failed - "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg" -- name: (Selfsigned validation, {{select_crypto_backend}}) Verify that broken certificate will be regenerated - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Verify that broken certificate will be regenerated + ansible.builtin.assert: that: - selfsigned_broken is changed -- name: (Selfsigned validation, {{select_crypto_backend}}) Check backup - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Check backup + ansible.builtin.assert: that: - selfsigned_backup_1 is changed - selfsigned_backup_1.backup_file is undefined @@ -185,8 +185,8 @@ - selfsigned_backup_5 is not changed - selfsigned_backup_5.backup_file is undefined -- name: (Selfsigned validation, {{select_crypto_backend}}) Check create subject key identifier - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Check create subject key identifier + ansible.builtin.assert: that: - selfsigned_subject_key_identifier_1 is changed - selfsigned_subject_key_identifier_2 is not changed @@ -194,8 +194,8 @@ - selfsigned_subject_key_identifier_4 is not changed - selfsigned_subject_key_identifier_5 is changed -- name: (Selfsigned validation, {{select_crypto_backend}}) Verify Ed25519 and Ed448 tests - assert: +- name: (Selfsigned validation, {{ select_crypto_backend }}) Verify Ed25519 and Ed448 tests + ansible.builtin.assert: that: - selfsigned_certificate_ed25519_ed448 is succeeded - selfsigned_certificate_ed25519_ed448.results[0] is changed diff --git a/tests/integration/targets/x509_certificate_convert/tasks/impl.yml b/tests/integration/targets/x509_certificate_convert/tasks/impl.yml index bd31aae4..c9bc7646 100644 --- a/tests/integration/targets/x509_certificate_convert/tasks/impl.yml +++ b/tests/integration/targets/x509_certificate_convert/tasks/impl.yml @@ -4,17 +4,17 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Read PEM cert - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/cert_2.pem' register: slurp_pem - name: Read DER cert - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/cert_2.der' register: slurp_der - name: Convert PEM cert (check mode) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_path: '{{ remote_tmp_dir }}/cert_1.pem' format: pem strict: true @@ -23,7 +23,7 @@ check_mode: true - name: Convert PEM cert - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_path: '{{ remote_tmp_dir }}/cert_1.pem' format: pem strict: true @@ -31,7 +31,7 @@ register: result_2 - name: Convert PEM cert (idempotent, check mode) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_path: '{{ remote_tmp_dir }}/cert_1.pem' format: pem strict: true @@ -40,7 +40,7 @@ check_mode: true - name: Convert PEM cert (idempotent) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_path: '{{ remote_tmp_dir }}/cert_1.pem' format: pem strict: true @@ -48,7 +48,7 @@ register: result_4 - name: Convert PEM cert (overwrite, check mode) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_path: '{{ remote_tmp_dir }}/cert_2.pem' format: pem strict: true @@ -57,7 +57,7 @@ check_mode: true - name: Convert PEM cert (overwrite) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_path: '{{ remote_tmp_dir }}/cert_2.pem' format: pem strict: true @@ -65,7 +65,7 @@ register: result_6 - name: Convert PEM cert (idempotent, content) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_content: '{{ slurp_pem.content | b64decode }}' format: pem strict: true @@ -73,7 +73,7 @@ register: result_7 - name: Convert PEM cert (idempotent, content, base64) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_content: '{{ slurp_pem.content }}' src_content_base64: true format: pem @@ -82,7 +82,7 @@ register: result_8 - name: Convert PEM cert (idempotent, content, base64, from DER) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_content: '{{ slurp_der.content }}' src_content_base64: true format: pem @@ -91,7 +91,7 @@ register: result_9 - name: Convert PEM cert (idempotent, from DER) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_path: '{{ remote_tmp_dir }}/cert_2.der' format: pem strict: true @@ -99,7 +99,7 @@ register: result_10 - name: Check conditions - assert: + ansible.builtin.assert: that: - result_1 is changed - result_2 is changed @@ -113,7 +113,7 @@ - result_10 is not changed - name: Convert DER cert (check mode) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_path: '{{ remote_tmp_dir }}/cert_1.der' format: der strict: true @@ -122,7 +122,7 @@ check_mode: true - name: Convert DER cert - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_path: '{{ remote_tmp_dir }}/cert_1.der' format: der strict: true @@ -130,7 +130,7 @@ register: result_2 - name: Convert DER cert (idempotent, check mode) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_path: '{{ remote_tmp_dir }}/cert_1.der' format: der strict: true @@ -139,7 +139,7 @@ check_mode: true - name: Convert DER cert (idempotent) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_path: '{{ remote_tmp_dir }}/cert_1.der' format: der strict: true @@ -147,7 +147,7 @@ register: result_4 - name: Convert DER cert (overwrite, check mode) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_path: '{{ remote_tmp_dir }}/cert_2.der' format: der strict: true @@ -156,7 +156,7 @@ check_mode: true - name: Convert DER cert (overwrite) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_path: '{{ remote_tmp_dir }}/cert_2.der' format: der strict: true @@ -164,7 +164,7 @@ register: result_6 - name: Convert DER cert (idempotent, content, base64) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_content: '{{ slurp_der.content }}' src_content_base64: true format: der @@ -173,7 +173,7 @@ register: result_7 - name: Convert DER cert (idempotent, content, from PEM) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_content: '{{ slurp_pem.content | b64decode }}' format: der strict: true @@ -181,7 +181,7 @@ register: result_8 - name: Convert DER cert (idempotent, content, base64, from PEM) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_content: '{{ slurp_pem.content }}' src_content_base64: true format: der @@ -190,7 +190,7 @@ register: result_9 - name: Convert DER cert (idempotent, from PEM) - x509_certificate_convert: + community.crypto.x509_certificate_convert: src_path: '{{ remote_tmp_dir }}/cert_2.pem' format: der strict: true @@ -198,7 +198,7 @@ register: result_10 - name: Check conditions - assert: + ansible.builtin.assert: that: - result_1 is changed - result_2 is changed @@ -234,7 +234,7 @@ ignore_errors: true - name: Check conditions - assert: + ansible.builtin.assert: that: - result_1 is changed - result_2 is failed diff --git a/tests/integration/targets/x509_certificate_convert/tasks/main.yml b/tests/integration/targets/x509_certificate_convert/tasks/main.yml index 1542caf6..09395924 100644 --- a/tests/integration/targets/x509_certificate_convert/tasks/main.yml +++ b/tests/integration/targets/x509_certificate_convert/tasks/main.yml @@ -9,17 +9,17 @@ #################################################################### - name: Make sure the Python idna library is installed - pip: + ansible.builtin.pip: name: idna state: present - name: Generate privatekey - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size_certificates }}' - name: Generate CSR 1 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_1.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -90,7 +90,7 @@ - "IP:1.2.3.4" - name: Generate CSR 2 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_2.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' useCommonNameForSAN: false @@ -98,7 +98,7 @@ - "CA:TRUE" - name: Generate CSR 3 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_3.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' useCommonNameForSAN: false @@ -116,7 +116,7 @@ - "IP:1.2.3.4" - name: Generate selfsigned certificates - x509_certificate: + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert_{{ item }}.pem' csr_path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -130,7 +130,7 @@ - 3 - name: Convert PEM files to DER - command: + ansible.builtin.command: cmd: openssl x509 -inform PEM -outform DER -in {{ remote_tmp_dir }}/cert_{{ item }}.pem -out {{ remote_tmp_dir }}/cert_{{ item }}.der loop: - 1 @@ -138,4 +138,4 @@ - 3 - name: Running tests - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml diff --git a/tests/integration/targets/x509_certificate_info/tasks/impl.yml b/tests/integration/targets/x509_certificate_info/tasks/impl.yml index f1d67779..0a3ef227 100644 --- a/tests/integration/targets/x509_certificate_info/tasks/impl.yml +++ b/tests/integration/targets/x509_certificate_info/tasks/impl.yml @@ -3,31 +3,31 @@ # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later -- debug: +- ansible.builtin.debug: msg: "Executing tests with backend {{ select_crypto_backend }}" -- name: ({{select_crypto_backend}}) Get certificate info - x509_certificate_info: +- name: ({{ select_crypto_backend }}) Get certificate info + community.crypto.x509_certificate_info: path: '{{ remote_tmp_dir }}/cert_1.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result -- name: ({{select_crypto_backend}}) Get certificate info (IDNA encoding) - x509_certificate_info: +- name: ({{ select_crypto_backend }}) Get certificate info (IDNA encoding) + community.crypto.x509_certificate_info: path: '{{ remote_tmp_dir }}/cert_1.pem' name_encoding: idna select_crypto_backend: '{{ select_crypto_backend }}' register: result_idna -- name: ({{select_crypto_backend}}) Get certificate info (Unicode encoding) - x509_certificate_info: +- name: ({{ select_crypto_backend }}) Get certificate info (Unicode encoding) + community.crypto.x509_certificate_info: path: '{{ remote_tmp_dir }}/cert_1.pem' name_encoding: unicode select_crypto_backend: '{{ select_crypto_backend }}' register: result_unicode - name: Check whether issuer and subject and extensions behave as expected - assert: + ansible.builtin.assert: that: - result.issuer.organizationalUnitName == 'ACME Department' - "['organizationalUnitName', 'Crypto Department'] in result.issuer_ordered" @@ -84,7 +84,7 @@ - result.extensions_by_oid['2.5.29.37'].value == 'MHQGCCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJBgRVHSUABggrBgEFBQcBAwYIKwYBBQUHAwoGCCsGAQUFBwMHBggrBgEFBQcBAg==' - name: Check SubjectKeyIdentifier and AuthorityKeyIdentifier - assert: + ansible.builtin.assert: that: - result.subject_key_identifier == "00:11:22:33" - result.authority_key_identifier == "44:55:66:77" @@ -99,27 +99,27 @@ - "DNS:ca.example.org" - "IP:1.2.3.4" -- name: ({{select_crypto_backend}}) Read file - slurp: +- name: ({{ select_crypto_backend }}) Read file + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/cert_1.pem' register: slurp -- name: ({{select_crypto_backend}}) Get certificate info directly - x509_certificate_info: +- name: ({{ select_crypto_backend }}) Get certificate info directly + community.crypto.x509_certificate_info: content: '{{ slurp.content | b64decode }}' select_crypto_backend: '{{ select_crypto_backend }}' register: result_direct -- name: ({{select_crypto_backend}}) Compare output of direct and loaded info - assert: +- name: ({{ select_crypto_backend }}) Compare output of direct and loaded info + ansible.builtin.assert: that: - >- (result | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict) == (result_direct | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict) -- name: ({{select_crypto_backend}}) Get certificate info - x509_certificate_info: +- name: ({{ select_crypto_backend }}) Get certificate info + community.crypto.x509_certificate_info: path: '{{ remote_tmp_dir }}/cert_2.pem' select_crypto_backend: '{{ select_crypto_backend }}' valid_at: @@ -127,20 +127,20 @@ past: "20190101235901Z" twentydays: "+20d" register: result -- assert: +- ansible.builtin.assert: that: - result.valid_at.today - not result.valid_at.past - not result.valid_at.twentydays -- name: ({{select_crypto_backend}}) Get certificate info - x509_certificate_info: +- name: ({{ select_crypto_backend }}) Get certificate info + community.crypto.x509_certificate_info: path: '{{ remote_tmp_dir }}/cert_3.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result - name: Check AuthorityKeyIdentifier - assert: + ansible.builtin.assert: that: - result.authority_key_identifier is none - result.authority_cert_issuer == expected_authority_cert_issuer @@ -150,31 +150,31 @@ - "DNS:ca.example.org" - "IP:1.2.3.4" -- name: ({{select_crypto_backend}}) Get certificate info - x509_certificate_info: +- name: ({{ select_crypto_backend }}) Get certificate info + community.crypto.x509_certificate_info: path: '{{ remote_tmp_dir }}/cert_4.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result - name: Check AuthorityKeyIdentifier - assert: + ansible.builtin.assert: that: - result.authority_key_identifier == "44:55:66:77" - result.authority_cert_issuer is none - result.authority_cert_serial_number is none - name: Copy packed cert 1 to remote - copy: + ansible.builtin.copy: src: cert1.pem dest: '{{ remote_tmp_dir }}/packed-cert-1.pem' -- name: ({{select_crypto_backend}}) Get certificate info for packaged cert 1 - x509_certificate_info: +- name: ({{ select_crypto_backend }}) Get certificate info for packaged cert 1 + community.crypto.x509_certificate_info: path: '{{ remote_tmp_dir }}/packed-cert-1.pem' select_crypto_backend: '{{ select_crypto_backend }}' register: result - name: Check extensions - assert: + ansible.builtin.assert: that: - "'ocsp_uri' in result" - "result.ocsp_uri == 'http://ocsp.foobarbaz.example.com'" @@ -211,7 +211,7 @@ - result.extensions_by_oid['2.5.29.37'].critical == false - result.extensions_by_oid['2.5.29.37'].value == 'MBQGCCsGAQUFBwMBBggrBgEFBQcDAg==' - name: Check fingerprints - assert: + ansible.builtin.assert: that: - (result.fingerprints.sha256 == '08:26:60:3d:29:11:f2:88:09:3f:40:71:bb:67:cb:59:9c:6e:cf:e0:49:22:ab:e8:60:bd:f6:9a:01:e3:0e:2c' if result.fingerprints.sha256 is defined else true) - (result.fingerprints.sha1 == '5a:32:7f:22:61:f3:2e:ad:a7:d8:77:07:1c:7f:08:cd:ab:7f:bc:11' if result.fingerprints.sha1 is defined else true) diff --git a/tests/integration/targets/x509_certificate_info/tasks/main.yml b/tests/integration/targets/x509_certificate_info/tasks/main.yml index 9f9892c0..b49c8f8d 100644 --- a/tests/integration/targets/x509_certificate_info/tasks/main.yml +++ b/tests/integration/targets/x509_certificate_info/tasks/main.yml @@ -9,24 +9,24 @@ #################################################################### - name: Make sure the Python idna library is installed - pip: + ansible.builtin.pip: name: idna state: present - name: Generate privatekey - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey.pem' size: '{{ default_rsa_key_size_certificates }}' - name: Generate privatekey with password - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekeypw.pem' passphrase: hunter2 select_crypto_backend: cryptography size: '{{ default_rsa_key_size_certificates }}' - name: Generate CSR 1 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_1.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' subject: @@ -97,7 +97,7 @@ - "IP:1.2.3.4" - name: Generate CSR 2 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_2.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekeypw.pem' privatekey_passphrase: hunter2 @@ -106,7 +106,7 @@ - "CA:TRUE" - name: Generate CSR 3 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_3.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' useCommonNameForSAN: false @@ -124,14 +124,14 @@ - "IP:1.2.3.4" - name: Generate CSR 4 - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/csr_4.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' useCommonNameForSAN: false authority_key_identifier: "44:55:66:77" - name: Generate selfsigned certificates - x509_certificate: + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/cert_{{ item }}.pem' csr_path: '{{ remote_tmp_dir }}/csr_{{ item }}.csr' privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -146,7 +146,7 @@ - 4 - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml b/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml index 99bf61cd..99c53d32 100644 --- a/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml +++ b/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: "({{ select_crypto_backend }}) Generate privatekey" - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/{{ item }}.pem' size: '{{ default_rsa_key_size_certificates }}' loop: @@ -12,7 +12,7 @@ - privatekey2 - name: "({{ select_crypto_backend }}) Generate CSRs" - openssl_csr: + community.crypto.openssl_csr: privatekey_path: '{{ remote_tmp_dir }}/{{ item.key }}.pem' path: '{{ remote_tmp_dir }}/{{ item.name }}.csr' subject: @@ -35,7 +35,7 @@ ## Self Signed - name: "({{ select_crypto_backend }}) Generate self-signed certificate (check mode)" - x509_certificate_pipe: + community.crypto.x509_certificate_pipe: provider: selfsigned privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' selfsigned_not_before: 20181023133742Z @@ -46,7 +46,7 @@ register: generate_certificate_check - name: "({{ select_crypto_backend }}) Generate self-signed certificate" - x509_certificate_pipe: + community.crypto.x509_certificate_pipe: provider: selfsigned privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' selfsigned_not_before: 20181023133742Z @@ -56,7 +56,7 @@ register: generate_certificate - name: "({{ select_crypto_backend }}) Generate self-signed certificate (idempotent)" - x509_certificate_pipe: + community.crypto.x509_certificate_pipe: provider: selfsigned content: "{{ generate_certificate.certificate }}" privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -67,7 +67,7 @@ register: generate_certificate_idempotent - name: "({{ select_crypto_backend }}) Generate self-signed certificate (idempotent, check mode)" - x509_certificate_pipe: + community.crypto.x509_certificate_pipe: provider: selfsigned content: "{{ generate_certificate.certificate }}" privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -79,7 +79,7 @@ register: generate_certificate_idempotent_check - name: "({{ select_crypto_backend }}) Generate self-signed certificate (changed)" - x509_certificate_pipe: + community.crypto.x509_certificate_pipe: provider: selfsigned content: "{{ generate_certificate.certificate }}" privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -90,7 +90,7 @@ register: generate_certificate_changed - name: "({{ select_crypto_backend }}) Generate self-signed certificate (changed, check mode)" - x509_certificate_pipe: + community.crypto.x509_certificate_pipe: provider: selfsigned content: "{{ generate_certificate.certificate }}" privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -102,29 +102,29 @@ register: generate_certificate_changed_check - name: "({{ select_crypto_backend }}) Validate certificate (test - privatekey modulus)" - command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' + ansible.builtin.command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem' register: privatekey_modulus - name: "({{ select_crypto_backend }}) Validate certificate (test - Common Name)" - command: "{{ openssl_binary }} x509 -noout -subject -in /dev/stdin -nameopt oneline,-space_eq" + ansible.builtin.command: "{{ openssl_binary }} x509 -noout -subject -in /dev/stdin -nameopt oneline,-space_eq" args: stdin: "{{ generate_certificate.certificate }}" register: certificate_cn - name: "({{ select_crypto_backend }}) Validate certificate (test - certificate modulus)" - command: '{{ openssl_binary }} x509 -noout -modulus -in /dev/stdin' + ansible.builtin.command: '{{ openssl_binary }} x509 -noout -modulus -in /dev/stdin' args: stdin: "{{ generate_certificate.certificate }}" register: certificate_modulus - name: "({{ select_crypto_backend }}) Validate certificate (assert)" - assert: + ansible.builtin.assert: that: - certificate_cn.stdout.split('=')[-1] == 'www.ansible.com' - certificate_modulus.stdout == privatekey_modulus.stdout - name: "({{ select_crypto_backend }}) Validate certificate (check mode, idempotency)" - assert: + ansible.builtin.assert: that: - generate_certificate_check is changed - generate_certificate is changed @@ -136,7 +136,7 @@ ## Own CA - name: "({{ select_crypto_backend }}) Generate own CA certificate (check mode)" - x509_certificate_pipe: + community.crypto.x509_certificate_pipe: provider: ownca ownca_content: '{{ generate_certificate.certificate }}' ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -148,7 +148,7 @@ register: ownca_generate_certificate_check - name: "({{ select_crypto_backend }}) Generate own CA certificate" - x509_certificate_pipe: + community.crypto.x509_certificate_pipe: provider: ownca ownca_content: '{{ generate_certificate.certificate }}' ownca_privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem' @@ -159,7 +159,7 @@ register: ownca_generate_certificate - name: "({{ select_crypto_backend }}) Generate own CA certificate (idempotent)" - x509_certificate_pipe: + community.crypto.x509_certificate_pipe: provider: ownca content: "{{ ownca_generate_certificate.certificate }}" ownca_content: '{{ generate_certificate.certificate }}' @@ -171,7 +171,7 @@ register: ownca_generate_certificate_idempotent - name: "({{ select_crypto_backend }}) Generate own CA certificate (idempotent, check mode)" - x509_certificate_pipe: + community.crypto.x509_certificate_pipe: provider: ownca content: "{{ ownca_generate_certificate.certificate }}" ownca_content: '{{ generate_certificate.certificate }}' @@ -184,7 +184,7 @@ register: ownca_generate_certificate_idempotent_check - name: "({{ select_crypto_backend }}) Generate own CA certificate (changed)" - x509_certificate_pipe: + community.crypto.x509_certificate_pipe: provider: ownca content: "{{ ownca_generate_certificate.certificate }}" ownca_content: '{{ generate_certificate.certificate }}' @@ -196,7 +196,7 @@ register: ownca_generate_certificate_changed - name: "({{ select_crypto_backend }}) Generate own CA certificate (changed, check mode)" - x509_certificate_pipe: + community.crypto.x509_certificate_pipe: provider: ownca content: "{{ ownca_generate_certificate.certificate }}" ownca_content: '{{ generate_certificate.certificate }}' @@ -209,29 +209,29 @@ register: ownca_generate_certificate_changed_check - name: "({{ select_crypto_backend }}) Validate certificate (test - privatekey modulus)" - command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey2.pem' + ansible.builtin.command: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey2.pem' register: privatekey_modulus - name: "({{ select_crypto_backend }}) Validate certificate (test - Common Name)" - command: "{{ openssl_binary }} x509 -noout -subject -in /dev/stdin -nameopt oneline,-space_eq" + ansible.builtin.command: "{{ openssl_binary }} x509 -noout -subject -in /dev/stdin -nameopt oneline,-space_eq" args: stdin: "{{ ownca_generate_certificate.certificate }}" register: certificate_cn - name: "({{ select_crypto_backend }}) Validate certificate (test - certificate modulus)" - command: '{{ openssl_binary }} x509 -noout -modulus -in /dev/stdin' + ansible.builtin.command: '{{ openssl_binary }} x509 -noout -modulus -in /dev/stdin' args: stdin: "{{ ownca_generate_certificate.certificate }}" register: certificate_modulus - name: "({{ select_crypto_backend }}) Validate certificate (assert)" - assert: + ansible.builtin.assert: that: - certificate_cn.stdout.split('=')[-1] == 'example.com' - certificate_modulus.stdout == privatekey_modulus.stdout - name: "({{ select_crypto_backend }}) Validate certificate (check mode, idempotency)" - assert: + ansible.builtin.assert: that: - ownca_generate_certificate_check is changed - ownca_generate_certificate is changed diff --git a/tests/integration/targets/x509_certificate_pipe/tasks/main.yml b/tests/integration/targets/x509_certificate_pipe/tasks/main.yml index b7762ba1..51cc5748 100644 --- a/tests/integration/targets/x509_certificate_pipe/tasks/main.yml +++ b/tests/integration/targets/x509_certificate_pipe/tasks/main.yml @@ -9,17 +9,17 @@ #################################################################### - name: Prepare private key for backend autodetection test - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem' size: '{{ default_rsa_key_size_certificates }}' - name: Run module with backend autodetection - x509_certificate_pipe: + community.crypto.x509_certificate_pipe: provider: selfsigned privatekey_path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem' - block: - name: Running tests with cryptography backend - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml vars: select_crypto_backend: cryptography diff --git a/tests/integration/targets/x509_crl/tasks/impl.yml b/tests/integration/targets/x509_crl/tasks/impl.yml index 966cdfdb..f2f6a427 100644 --- a/tests/integration/targets/x509_crl/tasks/impl.yml +++ b/tests/integration/targets/x509_crl/tasks/impl.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Create CRL 1 (check mode) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: @@ -25,7 +25,7 @@ register: crl_1_check - name: Create CRL 1 - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: @@ -44,33 +44,33 @@ revocation_date: 20191001000000Z register: crl_1 -- assert: +- ansible.builtin.assert: that: - crl_1_check is changed - crl_1 is changed - name: Retrieve CRL 1 infos - x509_crl_info: + community.crypto.x509_crl_info: path: '{{ remote_tmp_dir }}/ca-crl1.crl' register: crl_1_info_1 - name: Read ca-crl1.crl - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/ca-crl1.crl' register: slurp - name: Retrieve CRL 1 infos via file content - x509_crl_info: + community.crypto.x509_crl_info: content: '{{ slurp.content | b64decode }}' register: crl_1_info_2 - name: Retrieve CRL 1 infos via file content (Base64) - x509_crl_info: + community.crypto.x509_crl_info: content: '{{ slurp.content }}' register: crl_1_info_3 - name: Create CRL 1 (idempotent, check mode) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: @@ -91,7 +91,7 @@ register: crl_1_idem_check - name: Create CRL 1 (idempotent) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: @@ -111,7 +111,7 @@ register: crl_1_idem - name: Read file - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/{{ item }}' loop: - ca.key @@ -120,7 +120,7 @@ register: slurp - name: Create CRL 1 (idempotent with content and octet string serial, check mode) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_content: "{{ slurp.results[0].content | b64decode }}" issuer: @@ -142,7 +142,7 @@ register: crl_1_idem_content_check - name: Create CRL 1 (idempotent with content and octet string serial) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_content: "{{ slurp.results[0].content | b64decode }}" issuer: @@ -163,7 +163,7 @@ register: crl_1_idem_content - name: Create CRL 1 (format, check mode) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' format: der @@ -185,7 +185,7 @@ register: crl_1_format_check - name: Create CRL 1 (format) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' format: der @@ -206,7 +206,7 @@ register: crl_1_format - name: Create CRL 1 (format, idempotent, check mode) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' format: der @@ -228,7 +228,7 @@ register: crl_1_format_idem_check - name: Create CRL 1 (format, idempotent) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl1.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' format: der @@ -250,22 +250,22 @@ register: crl_1_format_idem - name: Retrieve CRL 1 infos via file - x509_crl_info: + community.crypto.x509_crl_info: path: '{{ remote_tmp_dir }}/ca-crl1.crl' register: crl_1_info_4 - name: Read ca-crl1.crl - slurp: + ansible.builtin.slurp: src: "{{ remote_tmp_dir }}/ca-crl1.crl" register: content - name: Retrieve CRL 1 infos via file content (Base64) - x509_crl_info: + community.crypto.x509_crl_info: content: '{{ content.content }}' register: crl_1_info_5 - name: Create CRL 2 (check mode) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: @@ -286,7 +286,7 @@ register: crl_2_check - name: Create CRL 2 - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: @@ -306,7 +306,7 @@ register: crl_2 - name: Create CRL 2 (idempotent, check mode) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: @@ -328,7 +328,7 @@ register: crl_2_idem_check - name: Create CRL 2 (idempotent) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: @@ -349,7 +349,7 @@ register: crl_2_idem - name: Create CRL 2 (idempotent update, check mode) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: @@ -367,7 +367,7 @@ register: crl_2_idem_update_change_check - name: Create CRL 2 (idempotent update) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: @@ -384,7 +384,7 @@ register: crl_2_idem_update_change - name: Create CRL 2 (idempotent update, check mode) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: @@ -405,7 +405,7 @@ register: crl_2_idem_update_check - name: Create CRL 2 (idempotent update) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: @@ -425,7 +425,7 @@ register: crl_2_idem_update - name: Create CRL 2 (changed timestamps, check mode) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: @@ -446,7 +446,7 @@ register: crl_2_change_check - name: Create CRL 2 (changed timestamps) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: @@ -467,18 +467,18 @@ register: crl_2_change - name: Read ca-crl2.crl - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/ca-crl2.crl' register: slurp_crl2_1 - name: Retrieve CRL 2 infos - x509_crl_info: + community.crypto.x509_crl_info: path: '{{ remote_tmp_dir }}/ca-crl2.crl' list_revoked_certificates: false register: crl_2_info_1 - name: Create CRL 2 (changed order, should be ignored) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: @@ -500,7 +500,7 @@ register: crl_2_change_order_ignore - name: Create CRL 2 (changed order) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl2.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer_ordered: @@ -521,18 +521,18 @@ register: crl_2_change_order - name: Read ca-crl2.crl - slurp: + ansible.builtin.slurp: src: '{{ remote_tmp_dir }}/ca-crl2.crl' register: slurp_crl2_2 - name: Retrieve CRL 2 infos again - x509_crl_info: + community.crypto.x509_crl_info: path: '{{ remote_tmp_dir }}/ca-crl2.crl' list_revoked_certificates: false register: crl_2_info_2 - name: Create CRL 3 - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl3.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: @@ -562,7 +562,7 @@ register: crl_3 - name: Create CRL 3 (IDNA encoding) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl3.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: @@ -587,7 +587,7 @@ register: crl_3_idna - name: Create CRL 3 (Unicode encoding) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl3.crl' privatekey_path: '{{ remote_tmp_dir }}/ca.key' issuer: @@ -612,20 +612,20 @@ register: crl_3_unicode - name: Retrieve CRL 3 infos - x509_crl_info: + community.crypto.x509_crl_info: path: '{{ remote_tmp_dir }}/ca-crl3.crl' list_revoked_certificates: true register: crl_3_info - name: Retrieve CRL 3 infos (IDNA encoding) - x509_crl_info: + community.crypto.x509_crl_info: path: '{{ remote_tmp_dir }}/ca-crl3.crl' name_encoding: idna list_revoked_certificates: true register: crl_3_info_idna - name: Retrieve CRL 3 infos (Unicode encoding) - x509_crl_info: + community.crypto.x509_crl_info: path: '{{ remote_tmp_dir }}/ca-crl3.crl' name_encoding: unicode list_revoked_certificates: true @@ -634,7 +634,7 @@ - name: Ed25519 and Ed448 tests (for cryptography >= 2.6) block: - name: Generate private keys - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/ca-{{ item }}.key' type: '{{ item }}' loop: @@ -647,7 +647,7 @@ block: - name: Create CRL - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl-{{ item }}.crl' privatekey_path: '{{ remote_tmp_dir }}/ca-{{ item }}.key' issuer: @@ -671,7 +671,7 @@ ignore_errors: true - name: Create CRL (idempotence) - x509_crl: + community.crypto.x509_crl: path: '{{ remote_tmp_dir }}/ca-crl-{{ item }}.crl' privatekey_path: '{{ remote_tmp_dir }}/ca-{{ item }}.key' issuer: diff --git a/tests/integration/targets/x509_crl/tasks/main.yml b/tests/integration/targets/x509_crl/tasks/main.yml index b7b48426..6383f605 100644 --- a/tests/integration/targets/x509_crl/tasks/main.yml +++ b/tests/integration/targets/x509_crl/tasks/main.yml @@ -9,11 +9,11 @@ #################################################################### - name: Make sure the Python idna library is installed - pip: + ansible.builtin.pip: name: idna state: present -- set_fact: +- ansible.builtin.set_fact: certificates: - name: ca subject: @@ -39,14 +39,14 @@ - DNS:b64.ansible.com - name: Generate private keys - openssl_privatekey: + community.crypto.openssl_privatekey: path: '{{ remote_tmp_dir }}/{{ item.name }}.key' type: ECC curve: secp256r1 loop: "{{ certificates }}" - name: Generate CSRs - openssl_csr: + community.crypto.openssl_csr: path: '{{ remote_tmp_dir }}/{{ item.name }}.csr' privatekey_path: '{{ remote_tmp_dir }}/{{ item.name }}.key' subject: "{{ item.subject | default(omit) }}" @@ -56,7 +56,7 @@ loop: "{{ certificates }}" - name: Generate CA certificates - x509_certificate: + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/{{ item.name }}.pem' csr_path: '{{ remote_tmp_dir }}/{{ item.name }}.csr' privatekey_path: '{{ remote_tmp_dir }}/{{ item.name }}.key' @@ -65,7 +65,7 @@ when: item.is_ca | default(false) - name: Generate other certificates - x509_certificate: + community.crypto.x509_certificate: path: '{{ remote_tmp_dir }}/{{ item.name }}.pem' csr_path: '{{ remote_tmp_dir }}/{{ item.name }}.csr' provider: ownca @@ -75,7 +75,7 @@ when: not (item.is_ca | default(false)) - name: Get certificate infos - x509_certificate_info: + community.crypto.x509_certificate_info: path: '{{ remote_tmp_dir }}/{{ item }}.pem' loop: - cert-1 @@ -86,8 +86,8 @@ - block: - name: Running tests - include_tasks: impl.yml + ansible.builtin.include_tasks: impl.yml - - import_tasks: ../tests/validate.yml + - ansible.builtin.import_tasks: ../tests/validate.yml when: cryptography_version is version('3.3', '>=') diff --git a/tests/integration/targets/x509_crl/tests/validate.yml b/tests/integration/targets/x509_crl/tests/validate.yml index 052210d8..bc269f3f 100644 --- a/tests/integration/targets/x509_crl/tests/validate.yml +++ b/tests/integration/targets/x509_crl/tests/validate.yml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later - name: Validate CRL 1 - assert: + ansible.builtin.assert: that: - crl_1_check is changed - crl_1 is changed @@ -14,7 +14,7 @@ - crl_1_idem_content is not changed - name: Validate CRL 1 info - assert: + ansible.builtin.assert: that: - crl_1_info_1.format == 'pem' - crl_1_info_1.digest == 'ecdsa-with-SHA256' @@ -52,7 +52,7 @@ - crl_1_info_1 == crl_1_info_3 - name: Validate CRL 1 - assert: + ansible.builtin.assert: that: - crl_1_format_check is changed - crl_1_format is changed @@ -62,16 +62,16 @@ - crl_1_info_5.format == 'der' - name: Read ca-crl1.crl - slurp: + ansible.builtin.slurp: src: "{{ remote_tmp_dir }}/ca-crl1.crl" register: content - name: Validate CRL 1 Base64 content - assert: + ansible.builtin.assert: that: - crl_1_format_idem.crl | b64decode == content.content | b64decode - name: Validate CRL 2 - assert: + ansible.builtin.assert: that: - crl_2_check is changed - crl_2 is changed @@ -89,7 +89,7 @@ - crl_2_change_order.crl == (slurp_crl2_2.content | b64decode) - name: Validate CRL 2 info - assert: + ansible.builtin.assert: that: - "'revoked_certificates' not in crl_2_info_1" - > @@ -108,7 +108,7 @@ ] - name: Validate CRL 3 info - assert: + ansible.builtin.assert: that: - crl_3.revoked_certificates == crl_3_info.revoked_certificates - crl_3.revoked_certificates[0].issuer == [ @@ -147,7 +147,7 @@ ] - name: Verify Ed25519 and Ed448 tests - assert: + ansible.builtin.assert: that: - ed25519_ed448_crl is succeeded - ed25519_ed448_crl.results[0] is changed