internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-03-26 21:33:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8792635befe402f7ebb5f521bcdcd1e7fef9f1f9
community.crypto/tests/integration/targets/openssh_cert/tests/options_idempotency.yml
Felix Fontein 8792635bef Fix some ansible-lint issues (#907) 
* Fix fqcn[action-core].

* Fix fqcn[action].

* Fix jinja[spacing].
2025-05-30 22:03:16 +02:00

185 lines
5.3 KiB
YAML
Raw Blame History

---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
- name: Generate cert with no options
community.crypto.openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
options:
- clear
regenerate: full_idempotence
register: no_options
- name: Generate cert with no options with explicit directives
community.crypto.openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
options:
- no-user-rc
- no-x11-forwarding
- no-agent-forwarding
- no-port-forwarding
- no-pty
regenerate: full_idempotence
register: no_options_explicit_directives
- name: Generate cert with explicit extension
community.crypto.openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
options:
- clear
- permit-pty
regenerate: full_idempotence
register: explicit_extension_before
- name: Generate cert with explicit extension (idempotency)
community.crypto.openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
options:
- clear
- permit-pty
regenerate: full_idempotence
register: explicit_extension_after
- name: Generate cert with explicit extension and corresponding directive
community.crypto.openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
options:
- no-pty
- permit-pty
regenerate: full_idempotence
register: explicit_extension_and_directive
- name: Generate cert with default options
community.crypto.openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
regenerate: full_idempotence
register: default_options
- name: Generate cert with relative timestamp
community.crypto.openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: +0s
valid_to: +32w
valid_at: +2w
regenerate: full_idempotence
register: relative_timestamp
- name: Generate cert with ignore_timestamp true
community.crypto.openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: +0s
valid_to: +32w
valid_at: +2w
ignore_timestamps: true
regenerate: full_idempotence
register: relative_timestamp_true
- name: Generate cert with ignore_timestamp false
community.crypto.openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: +0s
valid_to: +32w
valid_at: +2w
ignore_timestamps: false
regenerate: full_idempotence
register: relative_timestamp_false
- name: Generate cert with ignore_timestamp true
community.crypto.openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: +0s
valid_to: +32w
valid_at: +50w
ignore_timestamps: true
regenerate: full_idempotence
register: relative_timestamp_invalid_at
- name: Generate host cert full_idempotence
community.crypto.openssh_cert:
type: host
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
regenerate: full_idempotence
- name: Generate host cert full_idempotence again
community.crypto.openssh_cert:
type: host
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
regenerate: full_idempotence
register: host_cert_full_idempotence
- name: Assert options results
ansible.builtin.assert:
that:
- no_options is changed
- no_options_explicit_directives is not changed
- explicit_extension_before is changed
- explicit_extension_after is not changed
- explicit_extension_and_directive is changed
- default_options is not changed
- relative_timestamp is changed
- relative_timestamp_true is not changed
- relative_timestamp_false is changed
- relative_timestamp_invalid_at is changed
- host_cert_full_idempotence is not changed
- name: Remove certificate
community.crypto.openssh_cert:
path: "{{ certificate_path }}"
state: absent
Reference in New Issue View Git Blame Copy Permalink