openssl: remove static dict for keyUsage (#30339)

keyUsage and extendedKeyUsage are currently statically limited via a static dict defined in modules_utils/crypto.py. If one specify a value that isn't in there, idempotency won't work. Instead of having static dict, we uses keyUsage and extendedKyeUsage values OpenSSL NID and compare those rather than comparing strings. Fixes: https://github.com/ansible/ansible/issues/30316
2026-05-08 14:22:46 +00:00 · 2017-09-14 18:03:00 +02:00
parent 1950bcc14e
commit 0648e339a7
6 changed files with 63 additions and 40 deletions
--- a/test/integration/targets/openssl_certificate/tasks/main.yml
+++ b/test/integration/targets/openssl_certificate/tasks/main.yml
@@ -51,6 +51,11 @@
        path: '{{ output_dir }}/csr2.csr'
        privatekey_path: '{{ output_dir }}/privatekey2.pem'
        CN: 'www.example.com'
+        keyUsage:
+          - digitalSignature
+        extendedKeyUsage:
+          - ipsecUser
+          - biometricInfo

    - name: Generate selfsigned certificate2
      openssl_certificate:
@@ -77,6 +82,11 @@
          L: Los Angeles
          O: ACME Inc.
          OU: Roadrunner pest control
+        keyUsage:
+          - digitalSignature
+        extendedKeyUsage:
+          - ipsecUser
+          - biometricInfo

    - import_tasks: ../tests/validate.yml