mirror of
https://github.com/ansible-collections/community.crypto.git
synced 2026-05-08 06:13:03 +00:00
Fix some ansible-lint issues (#907)
* Fix fqcn[action-core]. * Fix fqcn[action]. * Fix jinja[spacing].
This commit is contained in:
Felix Fontein
GitHub
@@ -6,7 +6,7 @@
|
||||
# The tests for this module generate unsafe parameters for testing purposes;
|
||||
# otherwise tests would be too slow. Use sizes of at least 2048 in production!
|
||||
- name: "[{{ select_crypto_backend }}] Generate parameter (check mode)"
|
||||
openssl_dhparam:
|
||||
community.crypto.openssl_dhparam:
|
||||
size: 768
|
||||
path: '{{ remote_tmp_dir }}/dh768.pem'
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
@@ -15,7 +15,7 @@
|
||||
register: dhparam_check
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Generate parameter"
|
||||
openssl_dhparam:
|
||||
community.crypto.openssl_dhparam:
|
||||
size: 768
|
||||
path: '{{ remote_tmp_dir }}/dh768.pem'
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
@@ -23,7 +23,7 @@
|
||||
register: dhparam
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change (check mode)"
|
||||
openssl_dhparam:
|
||||
community.crypto.openssl_dhparam:
|
||||
size: 768
|
||||
path: '{{ remote_tmp_dir }}/dh768.pem'
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
@@ -32,7 +32,7 @@
|
||||
register: dhparam_changed_check
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change"
|
||||
openssl_dhparam:
|
||||
community.crypto.openssl_dhparam:
|
||||
size: 768
|
||||
path: '{{ remote_tmp_dir }}/dh768.pem'
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
@@ -40,32 +40,32 @@
|
||||
register: dhparam_changed
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Generate parameters with size option"
|
||||
openssl_dhparam:
|
||||
community.crypto.openssl_dhparam:
|
||||
path: '{{ remote_tmp_dir }}/dh512.pem'
|
||||
size: 512
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Don't regenerate parameters with size option and no change"
|
||||
openssl_dhparam:
|
||||
community.crypto.openssl_dhparam:
|
||||
path: '{{ remote_tmp_dir }}/dh512.pem'
|
||||
size: 512
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
register: dhparam_changed_512
|
||||
|
||||
- copy:
|
||||
- ansible.builtin.copy:
|
||||
src: '{{ remote_tmp_dir }}/dh768.pem'
|
||||
remote_src: true
|
||||
dest: '{{ remote_tmp_dir }}/dh512.pem'
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Re-generate if size is different"
|
||||
openssl_dhparam:
|
||||
community.crypto.openssl_dhparam:
|
||||
path: '{{ remote_tmp_dir }}/dh512.pem'
|
||||
size: 512
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
register: dhparam_changed_to_512
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Force re-generate parameters with size option"
|
||||
openssl_dhparam:
|
||||
community.crypto.openssl_dhparam:
|
||||
path: '{{ remote_tmp_dir }}/dh512.pem'
|
||||
size: 512
|
||||
force: true
|
||||
@@ -73,11 +73,11 @@
|
||||
register: dhparam_changed_force
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Create broken params"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
dest: "{{ remote_tmp_dir }}/dhbroken.pem"
|
||||
content: "broken"
|
||||
- name: "[{{ select_crypto_backend }}] Regenerate broken params"
|
||||
openssl_dhparam:
|
||||
community.crypto.openssl_dhparam:
|
||||
path: '{{ remote_tmp_dir }}/dhbroken.pem'
|
||||
size: 512
|
||||
force: true
|
||||
@@ -85,21 +85,21 @@
|
||||
register: output_broken
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Generate params"
|
||||
openssl_dhparam:
|
||||
community.crypto.openssl_dhparam:
|
||||
path: '{{ remote_tmp_dir }}/dh_backup.pem'
|
||||
size: 512
|
||||
backup: true
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
register: dhparam_backup_1
|
||||
- name: "[{{ select_crypto_backend }}] Generate params (idempotent)"
|
||||
openssl_dhparam:
|
||||
community.crypto.openssl_dhparam:
|
||||
path: '{{ remote_tmp_dir }}/dh_backup.pem'
|
||||
size: 512
|
||||
backup: true
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
register: dhparam_backup_2
|
||||
- name: "[{{ select_crypto_backend }}] Generate params (change)"
|
||||
openssl_dhparam:
|
||||
community.crypto.openssl_dhparam:
|
||||
path: '{{ remote_tmp_dir }}/dh_backup.pem'
|
||||
size: 512
|
||||
force: true
|
||||
@@ -107,7 +107,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
register: dhparam_backup_3
|
||||
- name: "[{{ select_crypto_backend }}] Generate params (remove)"
|
||||
openssl_dhparam:
|
||||
community.crypto.openssl_dhparam:
|
||||
path: '{{ remote_tmp_dir }}/dh_backup.pem'
|
||||
state: absent
|
||||
backup: true
|
||||
@@ -115,7 +115,7 @@
|
||||
return_content: true
|
||||
register: dhparam_backup_4
|
||||
- name: "[{{ select_crypto_backend }}] Generate params (remove, idempotent)"
|
||||
openssl_dhparam:
|
||||
community.crypto.openssl_dhparam:
|
||||
path: '{{ remote_tmp_dir }}/dh_backup.pem'
|
||||
state: absent
|
||||
backup: true
|
||||
|
||||
@@ -12,35 +12,35 @@
|
||||
# otherwise tests would be too slow. Use sizes of at least 2048 in production!
|
||||
|
||||
- name: Run module with backend autodetection
|
||||
openssl_dhparam:
|
||||
community.crypto.openssl_dhparam:
|
||||
path: '{{ remote_tmp_dir }}/dh_backend_selection.pem'
|
||||
size: 512
|
||||
|
||||
- block:
|
||||
- name: Running tests with OpenSSL backend
|
||||
include_tasks: impl.yml
|
||||
ansible.builtin.include_tasks: impl.yml
|
||||
|
||||
- include_tasks: ../tests/validate.yml
|
||||
- ansible.builtin.include_tasks: ../tests/validate.yml
|
||||
|
||||
vars:
|
||||
select_crypto_backend: openssl
|
||||
# when: openssl_version is version('1.0.0', '>=')
|
||||
|
||||
- name: Remove output directory
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ remote_tmp_dir }}"
|
||||
state: absent
|
||||
|
||||
- name: Re-create output directory
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ remote_tmp_dir }}"
|
||||
state: directory
|
||||
|
||||
- block:
|
||||
- name: Running tests with cryptography backend
|
||||
include_tasks: impl.yml
|
||||
ansible.builtin.include_tasks: impl.yml
|
||||
|
||||
- include_tasks: ../tests/validate.yml
|
||||
- ansible.builtin.include_tasks: ../tests/validate.yml
|
||||
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
|
||||
@@ -4,31 +4,31 @@
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Validate generated params"
|
||||
command: '{{ openssl_binary }} dhparam -in {{ remote_tmp_dir }}/{{ item }}.pem -noout -check'
|
||||
ansible.builtin.command: '{{ openssl_binary }} dhparam -in {{ remote_tmp_dir }}/{{ item }}.pem -noout -check'
|
||||
with_items:
|
||||
- dh768
|
||||
- dh512
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Get bit size of 768"
|
||||
shell: '{{ openssl_binary }} dhparam -noout -in {{ remote_tmp_dir }}/dh768.pem -text | head -n1 | sed -ne "s@.*(\\([[:digit:]]\{1,\}\\) bit).*@\\1@p"'
|
||||
ansible.builtin.shell: '{{ openssl_binary }} dhparam -noout -in {{ remote_tmp_dir }}/dh768.pem -text | head -n1 | sed -ne "s@.*(\\([[:digit:]]\{1,\}\\) bit).*@\\1@p"'
|
||||
register: bit_size_dhparam
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Check bit size of default"
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- bit_size_dhparam.stdout == "768"
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Get bit size of 512"
|
||||
shell: '{{ openssl_binary }} dhparam -noout -in {{ remote_tmp_dir }}/dh512.pem -text | head -n1 | sed -ne "s@.*(\\([[:digit:]]\{1,\}\\) bit).*@\\1@p"'
|
||||
ansible.builtin.shell: '{{ openssl_binary }} dhparam -noout -in {{ remote_tmp_dir }}/dh512.pem -text | head -n1 | sed -ne "s@.*(\\([[:digit:]]\{1,\}\\) bit).*@\\1@p"'
|
||||
register: bit_size_dhparam_512
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Check bit size of default"
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- bit_size_dhparam_512.stdout == "512"
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Check if changed works correctly"
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- dhparam_check is changed
|
||||
- dhparam is changed
|
||||
@@ -39,23 +39,23 @@
|
||||
- dhparam_changed_force is changed
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Read result"
|
||||
slurp:
|
||||
ansible.builtin.slurp:
|
||||
src: '{{ remote_tmp_dir }}/dh768.pem'
|
||||
register: slurp
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Make sure correct values are returned"
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- dhparam.dhparams == (slurp.content | b64decode)
|
||||
- dhparam.dhparams == dhparam_changed.dhparams
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Verify that broken params will be regenerated"
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- output_broken is changed
|
||||
|
||||
- name: "[{{ select_crypto_backend }}] Check backup"
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- dhparam_backup_1 is changed
|
||||
- dhparam_backup_1.backup_file is undefined
|
||||
|
||||
Reference in New Issue
Block a user