Refactor openssl_csr module, add openssl_csr_pipe module (#123)

* Extract doc fragment from openssl_csr. * Refactor openssl_csr module into backend + module. * Add openssl_csr_pipe module. * Add seealso references. * ... * Use /dev/stdin instead of -, which seems to be only supported by newer openssl versions. * Bump version. * DRY: use select_message_digest. * Fix deprecation version in docs. * Docs improvements. * Improve argument spec handling for module backends. * Linting. * Fix linting problems by using kwargs.
2026-05-06 13:22:58 +00:00 · 2020-10-27 12:37:40 +01:00
parent fd7871ae7d
commit 9792188b0e
10 changed files with 1424 additions and 1002 deletions
--- a/tests/integration/targets/openssl_csr_pipe/aliases
+++ b/tests/integration/targets/openssl_csr_pipe/aliases
@@ -0,0 +1,2 @@
+shippable/posix/group1
+destructive
--- a/tests/integration/targets/openssl_csr_pipe/meta/main.yml
+++ b/tests/integration/targets/openssl_csr_pipe/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+  - setup_openssl
--- a/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml
+++ b/tests/integration/targets/openssl_csr_pipe/tasks/impl.yml
@@ -0,0 +1,91 @@
+---
+- name: "({{ select_crypto_backend }}) Generate privatekey"
+  openssl_privatekey:
+    path: '{{ output_dir }}/privatekey.pem'
+
+- name: "({{ select_crypto_backend }}) Generate CSR (check mode)"
+  openssl_csr_pipe:
+    privatekey_path: '{{ output_dir }}/privatekey.pem'
+    subject:
+      commonName: www.ansible.com
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  check_mode: yes
+  register: generate_csr_check
+
+- name: "({{ select_crypto_backend }}) Generate CSR"
+  openssl_csr_pipe:
+    privatekey_path: '{{ output_dir }}/privatekey.pem'
+    subject:
+      commonName: www.ansible.com
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: generate_csr
+
+- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
+  openssl_csr_pipe:
+    content: "{{ generate_csr.csr }}"
+    privatekey_path: '{{ output_dir }}/privatekey.pem'
+    subject:
+      commonName: www.ansible.com
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: generate_csr_idempotent
+
+- name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)"
+  openssl_csr_pipe:
+    content: "{{ generate_csr.csr }}"
+    privatekey_path: '{{ output_dir }}/privatekey.pem'
+    subject:
+      commonName: www.ansible.com
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  check_mode: yes
+  register: generate_csr_idempotent_check
+
+- name: "({{ select_crypto_backend }}) Generate CSR (changed)"
+  openssl_csr_pipe:
+    content: "{{ generate_csr.csr }}"
+    privatekey_path: '{{ output_dir }}/privatekey.pem'
+    subject:
+      commonName: ansible.com
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: generate_csr_changed
+
+- name: "({{ select_crypto_backend }}) Generate CSR (changed, check mode)"
+  openssl_csr_pipe:
+    content: "{{ generate_csr.csr }}"
+    privatekey_path: '{{ output_dir }}/privatekey.pem'
+    subject:
+      commonName: ansible.com
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  check_mode: yes
+  register: generate_csr_changed_check
+
+- name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)"
+  shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'
+  register: privatekey_modulus
+
+- name: "({{ select_crypto_backend }}) Validate CSR (test - Common Name)"
+  shell: "openssl req -noout -subject -in /dev/stdin -nameopt oneline,-space_eq"
+  args:
+    stdin: "{{ generate_csr.csr }}"
+  register: csr_cn
+
+- name: "({{ select_crypto_backend }}) Validate CSR (test - csr modulus)"
+  shell: 'openssl req -noout -modulus -in /dev/stdin'
+  args:
+    stdin: "{{ generate_csr.csr }}"
+  register: csr_modulus
+
+- name: "({{ select_crypto_backend }}) Validate CSR (assert)"
+  assert:
+    that:
+      - csr_cn.stdout.split('=')[-1] == 'www.ansible.com'
+      - csr_modulus.stdout == privatekey_modulus.stdout
+
+- name: "({{ select_crypto_backend }}) Validate CSR (check mode, idempotency)"
+  assert:
+    that:
+      - generate_csr_check is changed
+      - generate_csr is changed
+      - generate_csr_idempotent is not changed
+      - generate_csr_idempotent_check is not changed
+      - generate_csr_changed is changed
+      - generate_csr_changed_check is changed
--- a/tests/integration/targets/openssl_csr_pipe/tasks/main.yml
+++ b/tests/integration/targets/openssl_csr_pipe/tasks/main.yml
@@ -0,0 +1,40 @@
+---
+####################################################################
+# WARNING: These are designed specifically for Ansible tests       #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+- name: Prepare private key for backend autodetection test
+  openssl_privatekey:
+    path: '{{ output_dir }}/privatekey_backend_selection.pem'
+- name: Run module with backend autodetection
+  openssl_csr_pipe:
+    privatekey_path: '{{ output_dir }}/privatekey_backend_selection.pem'
+    subject:
+      commonName: www.ansible.com
+
+- block:
+  - name: Running tests with pyOpenSSL backend
+    include_tasks: impl.yml
+    vars:
+      select_crypto_backend: pyopenssl
+
+  when: pyopenssl_version.stdout is version('0.15', '>=')
+
+- name: Remove output directory
+  file:
+    path: "{{ output_dir }}"
+    state: absent
+
+- name: Re-create output directory
+  file:
+    path: "{{ output_dir }}"
+    state: directory
+
+- block:
+  - name: Running tests with cryptography backend
+    include_tasks: impl.yml
+    vars:
+      select_crypto_backend: cryptography
+
+  when: cryptography_version.stdout is version('1.3', '>=')