Add basic crypto_info module (#363)

* Add basic crypto_info module. * Improve check. * Actually test capabilities. * Also output EC curve list. * Fix detections. * Ed25519 and Ed448 are not supported on FreeBSD 12.1. * Refactor. * Also retrieve information on the OpenSSL binary. * Improve splitting. * Update plugins/modules/crypto_info.py Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com> * Replace list by tuple. Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
2026-05-07 22:03:01 +00:00 · 2022-01-05 18:19:42 +01:00
parent 3e307fe062
commit b2ea4a7ce5
4 changed files with 416 additions and 0 deletions
--- a/tests/integration/targets/crypto_info/aliases
+++ b/tests/integration/targets/crypto_info/aliases
@@ -0,0 +1,4 @@
+context/controller
+shippable/cloud/group1
+shippable/posix/group1
+destructive
--- a/tests/integration/targets/crypto_info/meta/main.yml
+++ b/tests/integration/targets/crypto_info/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+  - setup_openssl
--- a/tests/integration/targets/crypto_info/tasks/main.yml
+++ b/tests/integration/targets/crypto_info/tasks/main.yml
@@ -0,0 +1,75 @@
+---
+####################################################################
+# WARNING: These are designed specifically for Ansible tests       #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+- name: Retrieve information
+  crypto_info:
+  register: result
+
+- name: Display information
+  debug:
+    var: result
+
+- name: Register cryptography version
+  command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'"
+  register: local_cryptography_version
+
+- name: Determine complex version-based capabilities
+  set_fact:
+    supports_ed25519: >-
+      {{
+        local_cryptography_version.stdout is version("2.6", ">=")
+        and not (
+          ansible_os_family == "FreeBSD" and
+          ansible_facts.distribution_version is version("12.1", ">=") and
+          ansible_facts.distribution_version is version("12.2", "<")
+        )
+      }}
+    supports_ed448: >-
+      {{
+        local_cryptography_version.stdout is version("2.6", ">=")
+        and not (
+          ansible_os_family == "FreeBSD" and
+          ansible_facts.distribution_version is version("12.1", ">=") and
+          ansible_facts.distribution_version is version("12.2", "<")
+        )
+      }}
+
+- name: Verify cryptography information
+  assert:
+    that:
+      - result.python_cryptography_installed
+      - "'python_cryptography_import_error' not in result"
+      - result.python_cryptography_capabilities.version == local_cryptography_version.stdout
+      - "'secp256r1' in result.python_cryptography_capabilities.curves"
+      - result.python_cryptography_capabilities.has_ec == (local_cryptography_version.stdout is version('0.5', '>='))
+      - result.python_cryptography_capabilities.has_ec_sign == (local_cryptography_version.stdout is version('1.5', '>='))
+      - result.python_cryptography_capabilities.has_ed25519 == supports_ed25519
+      - result.python_cryptography_capabilities.has_ed25519_sign == supports_ed25519
+      - result.python_cryptography_capabilities.has_ed448 == supports_ed448
+      - result.python_cryptography_capabilities.has_ed448_sign == supports_ed448
+      - result.python_cryptography_capabilities.has_dsa == (local_cryptography_version.stdout is version('0.5', '>='))
+      - result.python_cryptography_capabilities.has_dsa_sign == (local_cryptography_version.stdout is version('1.5', '>='))
+      - result.python_cryptography_capabilities.has_rsa == (local_cryptography_version.stdout is version('0.5', '>='))
+      - result.python_cryptography_capabilities.has_rsa_sign == (local_cryptography_version.stdout is version('1.4', '>='))
+      - result.python_cryptography_capabilities.has_x25519 == (local_cryptography_version.stdout is version('2.0', '>='))
+      - result.python_cryptography_capabilities.has_x25519_serialization == (local_cryptography_version.stdout is version('2.5', '>='))
+      - result.python_cryptography_capabilities.has_x448 == (local_cryptography_version.stdout is version('2.5', '>='))
+
+- name: Find OpenSSL binary
+  command: which openssl
+  register: local_openssl_path
+
+- name: Find OpenSSL version
+  command: openssl version
+  register: local_openssl_version_full
+
+- name: Verify OpenSSL information
+  assert:
+    that:
+      - result.openssl_present
+      - result.openssl.path == local_openssl_path.stdout
+      - (result.openssl.version_output | trim) == local_openssl_version_full.stdout
+      - result.openssl.version == local_openssl_version_full.stdout.split(' ')[1]