internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-07 22:03:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f82dcbea215508971b1b4a60a6c7afcf80987cc7
community.crypto/tests/integration/targets/openssh_cert/tests/options_idempotency.yml
Andrew Pantuso a307618872 openssh_cert - fix full_idempotence for host certificates (#396) 
* fixing host cert idempotence

* adding changelog fragment
2022-02-04 20:53:50 +01:00

180 lines
4.8 KiB
YAML
Raw Blame History

####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
- name: Generate cert with no options
openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
options:
- clear
regenerate: full_idempotence
register: no_options
- name: Generate cert with no options with explicit directives
openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
options:
- no-user-rc
- no-x11-forwarding
- no-agent-forwarding
- no-port-forwarding
- no-pty
regenerate: full_idempotence
register: no_options_explicit_directives
- name: Generate cert with explicit extension
openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
options:
- clear
- permit-pty
regenerate: full_idempotence
register: explicit_extension_before
- name: Generate cert with explicit extension (idempotency)
openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
options:
- clear
- permit-pty
regenerate: full_idempotence
register: explicit_extension_after
- name: Generate cert with explicit extension and corresponding directive
openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
options:
- no-pty
- permit-pty
regenerate: full_idempotence
register: explicit_extension_and_directive
- name: Generate cert with default options
openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
regenerate: full_idempotence
register: default_options
- name: Generate cert with relative timestamp
openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: +0s
valid_to: +32w
valid_at: +2w
regenerate: full_idempotence
register: relative_timestamp
- name: Generate cert with ignore_timestamp true
openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: +0s
valid_to: +32w
valid_at: +2w
ignore_timestamps: true
regenerate: full_idempotence
register: relative_timestamp_true
- name: Generate cert with ignore_timestamp false
openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: +0s
valid_to: +32w
valid_at: +2w
ignore_timestamps: false
regenerate: full_idempotence
register: relative_timestamp_false
- name: Generate cert with ignore_timestamp true
openssh_cert:
type: user
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: +0s
valid_to: +32w
valid_at: +50w
ignore_timestamps: true
regenerate: full_idempotence
register: relative_timestamp_invalid_at
- name: Generate host cert full_idempotence
openssh_cert:
type: host
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
regenerate: full_idempotence
- name: Generate host cert full_idempotence again
openssh_cert:
type: host
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
regenerate: full_idempotence
register: host_cert_full_idempotence
- name: Assert options results
assert:
that:
- no_options is changed
- no_options_explicit_directives is not changed
- explicit_extension_before is changed
- explicit_extension_after is not changed
- explicit_extension_and_directive is changed
- default_options is not changed
- relative_timestamp is changed
- relative_timestamp_true is not changed
- relative_timestamp_false is changed
- relative_timestamp_invalid_at is changed
- host_cert_full_idempotence is not changed
- name: Remove certificate
openssh_cert:
path: "{{ certificate_path }}"
state: absent
Reference in New Issue View Git Blame Copy Permalink