mirror of
https://github.com/ansible-collections/community.crypto.git
synced 2026-05-06 13:22:58 +00:00
02ee3fb974
* Remove superfluous remote_src. * Use temp dir twice instead of output_dir. * Use remote temp directory instead of output_dir. * Fix syntax error. * Add some fixes. * Copy more files to remote. * More fixes. * Fixing ACME/'cloud' tests. * Forgot when. * Try to fix filters. * Skip unnecessary steps. * Avoid collision.
93 lines
3.2 KiB
YAML
93 lines
3.2 KiB
YAML
---
|
|
- name: "({{ select_crypto_backend }}) Generate privatekey"
|
|
openssl_privatekey:
|
|
path: '{{ remote_tmp_dir }}/privatekey.pem'
|
|
size: '{{ default_rsa_key_size }}'
|
|
|
|
- name: "({{ select_crypto_backend }}) Generate CSR (check mode)"
|
|
openssl_csr_pipe:
|
|
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
|
|
subject:
|
|
commonName: www.ansible.com
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
check_mode: yes
|
|
register: generate_csr_check
|
|
|
|
- name: "({{ select_crypto_backend }}) Generate CSR"
|
|
openssl_csr_pipe:
|
|
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
|
|
subject:
|
|
commonName: www.ansible.com
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: generate_csr
|
|
|
|
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
|
|
openssl_csr_pipe:
|
|
content: "{{ generate_csr.csr }}"
|
|
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
|
|
subject:
|
|
commonName: www.ansible.com
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: generate_csr_idempotent
|
|
|
|
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)"
|
|
openssl_csr_pipe:
|
|
content: "{{ generate_csr.csr }}"
|
|
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
|
|
subject:
|
|
commonName: www.ansible.com
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
check_mode: yes
|
|
register: generate_csr_idempotent_check
|
|
|
|
- name: "({{ select_crypto_backend }}) Generate CSR (changed)"
|
|
openssl_csr_pipe:
|
|
content: "{{ generate_csr.csr }}"
|
|
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
|
|
subject:
|
|
commonName: ansible.com
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: generate_csr_changed
|
|
|
|
- name: "({{ select_crypto_backend }}) Generate CSR (changed, check mode)"
|
|
openssl_csr_pipe:
|
|
content: "{{ generate_csr.csr }}"
|
|
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
|
|
subject:
|
|
commonName: ansible.com
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
check_mode: yes
|
|
register: generate_csr_changed_check
|
|
|
|
- name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)"
|
|
shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem'
|
|
register: privatekey_modulus
|
|
|
|
- name: "({{ select_crypto_backend }}) Validate CSR (test - Common Name)"
|
|
shell: "{{ openssl_binary }} req -noout -subject -in /dev/stdin -nameopt oneline,-space_eq"
|
|
args:
|
|
stdin: "{{ generate_csr.csr }}"
|
|
register: csr_cn
|
|
|
|
- name: "({{ select_crypto_backend }}) Validate CSR (test - csr modulus)"
|
|
shell: '{{ openssl_binary }} req -noout -modulus -in /dev/stdin'
|
|
args:
|
|
stdin: "{{ generate_csr.csr }}"
|
|
register: csr_modulus
|
|
|
|
- name: "({{ select_crypto_backend }}) Validate CSR (assert)"
|
|
assert:
|
|
that:
|
|
- csr_cn.stdout.split('=')[-1] == 'www.ansible.com'
|
|
- csr_modulus.stdout == privatekey_modulus.stdout
|
|
|
|
- name: "({{ select_crypto_backend }}) Validate CSR (check mode, idempotency)"
|
|
assert:
|
|
that:
|
|
- generate_csr_check is changed
|
|
- generate_csr is changed
|
|
- generate_csr_idempotent is not changed
|
|
- generate_csr_idempotent_check is not changed
|
|
- generate_csr_changed is changed
|
|
- generate_csr_changed_check is changed
|