internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-07 05:43:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add openssl_privatekey_convert module (#362)

Browse Source 
* Add openssl_privatekey_convert module.

* Extend tests and fix bugs.

* Fix wrong required.

* Fix condition.

* Fix bad tests.

* Fix documentation for format.

* Fix copyright lines.
This commit is contained in:
Felix Fontein
2022-01-10 21:01:52 +01:00
committed by GitHub
parent 62272296da
commit bd2bd79497
9 changed files with 972 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/integration/targets/openssl_privatekey_convert/aliases Normal file
View File

@@ -0,0 +1,4 @@
context/controller
shippable/cloud/group1
shippable/posix/group1
destructive

3
tests/integration/targets/openssl_privatekey_convert/meta/main.yml Normal file
View File

@@ -0,0 +1,3 @@
dependencies:
- setup_openssl
- setup_remote_tmp_dir

386
tests/integration/targets/openssl_privatekey_convert/tasks/impl.yml Normal file
View File

@@ -0,0 +1,386 @@
---
- name: Convert (check mode)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_1.pem'
dest_passphrase: hunter2
format: pkcs8
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_check
check_mode: true
- name: Convert
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_1.pem'
dest_passphrase: hunter2
format: pkcs8
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert
- assert:
that:
- convert_check is changed
- convert is changed
- name: "({{ select_crypto_backend }}) Collect file information"
community.internal_test_tools.files_collect:
files:
- path: '{{ remote_tmp_dir }}/output_1.pem'
register: convert_file_info_data
- name: Convert (idempotent, check mode)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_1.pem'
dest_passphrase: hunter2
format: pkcs8
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_idem_check
check_mode: true
- name: Convert (idempotent)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_1.pem'
dest_passphrase: hunter2
format: pkcs8
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_idem
- name: "({{ select_crypto_backend }}) Check whether file changed"
community.internal_test_tools.files_diff:
state: '{{ convert_file_info_data }}'
register: convert_file_info
- assert:
that:
- convert_idem_check is not changed
- convert_idem is not changed
- convert_file_info is not changed
- name: Convert (change format, check mode)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_1.pem'
dest_passphrase: hunter2
format: pkcs1
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_not_idem_check
check_mode: true
- name: Convert (change format)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_1.pem'
dest_passphrase: hunter2
format: pkcs1
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_not_idem
- name: "({{ select_crypto_backend }}) Check whether file changed"
community.internal_test_tools.files_diff:
state: '{{ convert_file_info_data }}'
register: convert_file_info
- assert:
that:
- convert_not_idem_check is changed
- convert_not_idem is changed
- convert_file_info is changed
- name: "({{ select_crypto_backend }}) Collect file information"
community.internal_test_tools.files_collect:
files:
- path: '{{ remote_tmp_dir }}/output_1.pem'
register: convert_file_info_data
- name: Convert (idempotent, check mode)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_1.pem'
dest_passphrase: hunter2
format: pkcs1
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_idem_check
check_mode: true
- name: Convert (idempotent)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_1.pem'
dest_passphrase: hunter2
format: pkcs1
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_idem
- name: "({{ select_crypto_backend }}) Check whether file changed"
community.internal_test_tools.files_diff:
state: '{{ convert_file_info_data }}'
register: convert_file_info
- assert:
that:
- convert_idem_check is not changed
- convert_idem is not changed
- convert_file_info is not changed
- name: Convert (change password, check mode)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_1.pem'
dest_passphrase: hunter3
format: pkcs1
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_not_idem_check
check_mode: true
- name: Convert (change password)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_1.pem'
dest_passphrase: hunter3
format: pkcs1
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_not_idem
- name: "({{ select_crypto_backend }}) Check whether file changed"
community.internal_test_tools.files_diff:
state: '{{ convert_file_info_data }}'
register: convert_file_info
- assert:
that:
- convert_not_idem_check is changed
- convert_not_idem is changed
- convert_file_info is changed
- name: "({{ select_crypto_backend }}) Collect file information"
community.internal_test_tools.files_collect:
files:
- path: '{{ remote_tmp_dir }}/output_1.pem'
register: convert_file_info_data
- name: Convert (idempotent, check mode)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_1.pem'
dest_passphrase: hunter3
format: pkcs1
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_idem_check
check_mode: true
- name: Convert (idempotent)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_1.pem'
dest_passphrase: hunter3
format: pkcs1
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_idem
- name: "({{ select_crypto_backend }}) Check whether file changed"
community.internal_test_tools.files_diff:
state: '{{ convert_file_info_data }}'
register: convert_file_info
- assert:
that:
- convert_idem_check is not changed
- convert_idem is not changed
- convert_file_info is not changed
- name: Convert (remove password, check mode)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_1.pem'
format: pkcs1
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_not_idem_check
check_mode: true
- name: Convert (remove password)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_1.pem'
format: pkcs1
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_not_idem
- name: "({{ select_crypto_backend }}) Check whether file changed"
community.internal_test_tools.files_diff:
state: '{{ convert_file_info_data }}'
register: convert_file_info
- assert:
that:
- convert_not_idem_check is changed
- convert_not_idem is changed
- convert_file_info is changed
- name: "({{ select_crypto_backend }}) Collect file information"
community.internal_test_tools.files_collect:
files:
- path: '{{ remote_tmp_dir }}/output_1.pem'
register: convert_file_info_data
- name: Convert (idempotent, check mode)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_1.pem'
format: pkcs1
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_idem_check
check_mode: true
- name: Convert (idempotent)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_1.pem'
format: pkcs1
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_idem
- name: "({{ select_crypto_backend }}) Check whether file changed"
community.internal_test_tools.files_diff:
state: '{{ convert_file_info_data }}'
register: convert_file_info
- assert:
that:
- convert_idem_check is not changed
- convert_idem is not changed
- convert_file_info is not changed
- when: supports_ed25519 | bool
block:
- name: Convert (change format to raw, check mode)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_ed25519.pem'
dest_path: '{{ remote_tmp_dir }}/output_2.pem'
format: raw
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_not_idem_check
check_mode: true
- name: Convert (change format to raw)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_ed25519.pem'
dest_path: '{{ remote_tmp_dir }}/output_2.pem'
format: raw
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_not_idem
- assert:
that:
- convert_not_idem_check is changed
- convert_not_idem is changed
- name: "({{ select_crypto_backend }}) Collect file information"
community.internal_test_tools.files_collect:
files:
- path: '{{ remote_tmp_dir }}/output_2.pem'
register: convert_file_info_data
- name: Convert (idempotent, check mode)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_ed25519.pem'
dest_path: '{{ remote_tmp_dir }}/output_2.pem'
format: raw
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_idem_check
check_mode: true
- name: Convert (idempotent)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_ed25519.pem'
dest_path: '{{ remote_tmp_dir }}/output_2.pem'
format: raw
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_idem
- name: "({{ select_crypto_backend }}) Check whether file changed"
community.internal_test_tools.files_diff:
state: '{{ convert_file_info_data }}'
register: convert_file_info
- assert:
that:
- convert_idem_check is not changed
- convert_idem is not changed
- convert_file_info is not changed
- when: supports_x25519 | bool
block:
- name: Convert (change format to raw, check mode)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_x25519.pem'
dest_path: '{{ remote_tmp_dir }}/output_3.pem'
format: raw
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_not_idem_check
check_mode: true
- name: Convert (change format to raw)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_x25519.pem'
dest_path: '{{ remote_tmp_dir }}/output_3.pem'
format: raw
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_not_idem
- assert:
that:
- convert_not_idem_check is changed
- convert_not_idem is changed
- name: "({{ select_crypto_backend }}) Collect file information"
community.internal_test_tools.files_collect:
files:
- path: '{{ remote_tmp_dir }}/output_3.pem'
register: convert_file_info_data
- name: Convert (idempotent, check mode)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_x25519.pem'
dest_path: '{{ remote_tmp_dir }}/output_3.pem'
format: raw
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_idem_check
check_mode: true
- name: Convert (idempotent)
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_x25519.pem'
dest_path: '{{ remote_tmp_dir }}/output_3.pem'
format: raw
# select_crypto_backend: '{{ select_crypto_backend }}'
register: convert_idem
- name: "({{ select_crypto_backend }}) Check whether file changed"
community.internal_test_tools.files_diff:
state: '{{ convert_file_info_data }}'
register: convert_file_info
- assert:
that:
- convert_idem_check is not changed
- convert_idem is not changed
- convert_file_info is not changed

61
tests/integration/targets/openssl_privatekey_convert/tasks/main.yml Normal file
View File

@@ -0,0 +1,61 @@
---
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
- name: Determine capabilities
set_fact:
supports_x25519: '{{ cryptography_version.stdout is version("2.5", ">=") }}'
supports_ed25519: >-
{{
cryptography_version.stdout is version("2.6", ">=")
and not (
ansible_os_family == "FreeBSD" and
ansible_facts.distribution_version is version("12.1", ">=") and
ansible_facts.distribution_version is version("12.2", "<")
)
}}
- name: Create keys
openssl_privatekey:
size: '{{ item.size | default(omit) }}'
path: '{{ remote_tmp_dir }}/privatekey_{{ item.name }}.pem'
type: '{{ item.type | default(omit) }}'
curve: '{{ item.curve | default(omit) }}'
passphrase: '{{ item.passphrase | default(omit) }}'
cipher: '{{ "auto" if item.passphrase is defined else omit }}'
format: '{{ item.format }}'
when: item.condition | default(true)
loop:
- name: rsa_pass1
format: pkcs1
type: RSA
size: '{{ default_rsa_key_size }}'
passphrase: secret
- name: ed25519
format: pkcs8
type: Ed25519
size: '{{ default_rsa_key_size }}'
condition: '{{ supports_ed25519 }}'
- name: x25519
format: pkcs8
type: X25519
size: '{{ default_rsa_key_size }}'
condition: '{{ supports_x25519 }}'
- name: Run module with backend autodetection
openssl_privatekey_convert:
src_path: '{{ remote_tmp_dir }}/privatekey_rsa_pass1.pem'
src_passphrase: secret
dest_path: '{{ remote_tmp_dir }}/output_backend_selection.pem'
dest_passphrase: hunter2
format: pkcs8
- block:
- name: Running tests with cryptography backend
include_tasks: impl.yml
vars:
select_crypto_backend: cryptography
when: cryptography_version.stdout is version('1.2.3', '>=')