mirror of
https://github.com/ansible-collections/community.crypto.git
synced 2026-05-07 05:43:06 +00:00
6bf3ef47e1
* Add SPDX license identifiers, mention all licenses in galaxy.yml. * Add default copyright headers. * Add headers for documents. * Fix/add more copyright statements. * Add copyright / license info for vendored code. * Add extra sanity test. * Add changelog fragment. * Comment PSF-2.0 license out in galaxy.yml for now. * Remove colon after 'Copyright'. * Avoid colon after 'Copyright' in lint script. * Mention correct filename. * Add BSD-3-Clause. * Improve lint script. * Update README. * Symlinks...
97 lines
3.4 KiB
YAML
97 lines
3.4 KiB
YAML
---
|
|
# Copyright (c) Ansible Project
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
- name: "({{ select_crypto_backend }}) Generate privatekey"
|
|
openssl_privatekey:
|
|
path: '{{ remote_tmp_dir }}/privatekey.pem'
|
|
size: '{{ default_rsa_key_size }}'
|
|
|
|
- name: "({{ select_crypto_backend }}) Generate CSR (check mode)"
|
|
openssl_csr_pipe:
|
|
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
|
|
subject:
|
|
commonName: www.ansible.com
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
check_mode: yes
|
|
register: generate_csr_check
|
|
|
|
- name: "({{ select_crypto_backend }}) Generate CSR"
|
|
openssl_csr_pipe:
|
|
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
|
|
subject:
|
|
commonName: www.ansible.com
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: generate_csr
|
|
|
|
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
|
|
openssl_csr_pipe:
|
|
content: "{{ generate_csr.csr }}"
|
|
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
|
|
subject:
|
|
commonName: www.ansible.com
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: generate_csr_idempotent
|
|
|
|
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)"
|
|
openssl_csr_pipe:
|
|
content: "{{ generate_csr.csr }}"
|
|
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
|
|
subject:
|
|
commonName: www.ansible.com
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
check_mode: yes
|
|
register: generate_csr_idempotent_check
|
|
|
|
- name: "({{ select_crypto_backend }}) Generate CSR (changed)"
|
|
openssl_csr_pipe:
|
|
content: "{{ generate_csr.csr }}"
|
|
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
|
|
subject:
|
|
commonName: ansible.com
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: generate_csr_changed
|
|
|
|
- name: "({{ select_crypto_backend }}) Generate CSR (changed, check mode)"
|
|
openssl_csr_pipe:
|
|
content: "{{ generate_csr.csr }}"
|
|
privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
|
|
subject:
|
|
commonName: ansible.com
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
check_mode: yes
|
|
register: generate_csr_changed_check
|
|
|
|
- name: "({{ select_crypto_backend }}) Validate CSR (test - privatekey modulus)"
|
|
shell: '{{ openssl_binary }} rsa -noout -modulus -in {{ remote_tmp_dir }}/privatekey.pem'
|
|
register: privatekey_modulus
|
|
|
|
- name: "({{ select_crypto_backend }}) Validate CSR (test - Common Name)"
|
|
shell: "{{ openssl_binary }} req -noout -subject -in /dev/stdin -nameopt oneline,-space_eq"
|
|
args:
|
|
stdin: "{{ generate_csr.csr }}"
|
|
register: csr_cn
|
|
|
|
- name: "({{ select_crypto_backend }}) Validate CSR (test - csr modulus)"
|
|
shell: '{{ openssl_binary }} req -noout -modulus -in /dev/stdin'
|
|
args:
|
|
stdin: "{{ generate_csr.csr }}"
|
|
register: csr_modulus
|
|
|
|
- name: "({{ select_crypto_backend }}) Validate CSR (assert)"
|
|
assert:
|
|
that:
|
|
- csr_cn.stdout.split('=')[-1] == 'www.ansible.com'
|
|
- csr_modulus.stdout == privatekey_modulus.stdout
|
|
|
|
- name: "({{ select_crypto_backend }}) Validate CSR (check mode, idempotency)"
|
|
assert:
|
|
that:
|
|
- generate_csr_check is changed
|
|
- generate_csr is changed
|
|
- generate_csr_idempotent is not changed
|
|
- generate_csr_idempotent_check is not changed
|
|
- generate_csr_changed is changed
|
|
- generate_csr_changed_check is changed
|