internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-07 13:53:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow to run x509_certificate selfsigned provider without providing a CSR (#129)

Browse Source 
* Allow to run x509_certificate selfsigned provider without providing a CSR.

* Add missing prefixes (unrelated).
This commit is contained in:
Felix Fontein
2020-10-19 18:09:40 +02:00
committed by GitHub
parent b32adcce78
commit fd7871ae7d
5 changed files with 109 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/integration/targets/x509_certificate/tasks/ownca.yml
View File

@@ -245,11 +245,11 @@
ignore_errors: yes
register: passphrase_error_3
- name: Create broken certificate
- name: (OwnCA, {{select_crypto_backend}}) Create broken certificate
copy:
dest: "{{ output_dir }}/ownca_broken.pem"
content: "broken"
- name: Regenerate broken cert
- name: (OwnCA, {{select_crypto_backend}}) Regenerate broken cert
x509_certificate:
path: '{{ output_dir }}/ownca_broken.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'

34
tests/integration/targets/x509_certificate/tasks/selfsigned.yml
View File

@@ -10,6 +10,36 @@
cipher: auto
select_crypto_backend: cryptography
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR
x509_certificate:
path: '{{ output_dir }}/cert_no_csr.pem'
privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
register: selfsigned_certificate_no_csr
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR - idempotency
x509_certificate:
path: '{{ output_dir }}/cert_no_csr.pem'
privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
register: selfsigned_certificate_no_csr_idempotence
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR (check mode)
x509_certificate:
path: '{{ output_dir }}/cert_no_csr.pem'
privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
register: selfsigned_certificate_no_csr_idempotence_check
- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR
openssl_csr:
path: '{{ output_dir }}/csr.csr'
@@ -250,11 +280,11 @@
ignore_errors: yes
register: passphrase_error_3
- name: Create broken certificate
- name: (Selfsigned, {{select_crypto_backend}}) Create broken certificate
copy:
dest: "{{ output_dir }}/cert_broken.pem"
content: "broken"
- name: Regenerate broken cert
- name: (Selfsigned, {{select_crypto_backend}}) Regenerate broken cert
x509_certificate:
path: '{{ output_dir }}/cert_broken.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'

34
tests/integration/targets/x509_certificate/tests/validate_selfsigned.yml
View File

@@ -3,6 +3,40 @@
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'
register: privatekey_modulus
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate behavior for no CSR
assert:
that:
- selfsigned_certificate_no_csr is changed
- selfsigned_certificate_no_csr_idempotence is not changed
- selfsigned_certificate_no_csr_idempotence_check is not changed
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate with no CSR (test - certificate modulus)
shell: 'openssl x509 -noout -modulus -in {{ output_dir }}/cert_no_csr.pem'
register: cert_modulus
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate with no CSR (test - certficate version == default == 3)
shell: 'openssl x509 -noout -in {{ output_dir}}/cert_no_csr.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"'
register: cert_version
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate with no CSR (assert)
assert:
that:
- cert_modulus.stdout == privatekey_modulus.stdout
- cert_version.stdout == '3'
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate with no CSR idempotence
assert:
that:
- selfsigned_certificate_no_csr.serial_number == selfsigned_certificate_no_csr_idempotence.serial_number
- selfsigned_certificate_no_csr.notBefore == selfsigned_certificate_no_csr_idempotence.notBefore
- selfsigned_certificate_no_csr.notAfter == selfsigned_certificate_no_csr_idempotence.notAfter
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate data retrieval with no CSR
assert:
that:
- selfsigned_certificate_no_csr.certificate == lookup('file', output_dir ~ '/cert_no_csr.pem', rstrip=False)
- selfsigned_certificate_no_csr.certificate == selfsigned_certificate_no_csr_idempotence.certificate
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - certificate modulus)
shell: 'openssl x509 -noout -modulus -in {{ output_dir }}/cert.pem'
register: cert_modulus