Revert "openssl_csr: Allow to use cryptography as backend (#50324)"

This reverts commit 409f8a15bd.
2026-05-06 13:22:48 +00:00 · 2019-01-14 14:33:51 +01:00
parent 53437e80d9
commit bbd2e31e9f
4 changed files with 212 additions and 686 deletions
--- a/test/integration/targets/openssl_csr/tasks/impl.yml
+++ b/test/integration/targets/openssl_csr/tasks/impl.yml
@@ -1,148 +0,0 @@
---
- name: Generate privatekey
-  openssl_privatekey:
-    path: '{{ output_dir }}/privatekey.pem'
-
- name: Generate CSR (check mode)
-  openssl_csr:
-    path: '{{ output_dir }}/csr.csr'
-    privatekey_path: '{{ output_dir }}/privatekey.pem'
-    subject:
-      commonName: www.ansible.com
-    select_crypto_backend: '{{ select_crypto_backend }}'
-  check_mode: yes
-  register: generate_csr_check
-
- name: Generate CSR
-  openssl_csr:
-    path: '{{ output_dir }}/csr.csr'
-    privatekey_path: '{{ output_dir }}/privatekey.pem'
-    subject:
-      commonName: www.ansible.com
-    select_crypto_backend: '{{ select_crypto_backend }}'
-  register: generate_csr
-
- name: Generate CSR (idempotent)
-  openssl_csr:
-    path: '{{ output_dir }}/csr.csr'
-    privatekey_path: '{{ output_dir }}/privatekey.pem'
-    subject:
-      commonName: www.ansible.com
-    select_crypto_backend: '{{ select_crypto_backend }}'
-  register: generate_csr_check_idempotent
-
- name: Generate CSR (idempotent, check mode)
-  openssl_csr:
-    path: '{{ output_dir }}/csr.csr'
-    privatekey_path: '{{ output_dir }}/privatekey.pem'
-    subject:
-      commonName: www.ansible.com
-    select_crypto_backend: '{{ select_crypto_backend }}'
-  check_mode: yes
-  register: generate_csr_check_idempotent_check
-
-# keyUsage longname and shortname should be able to be used
-# interchangeably. Hence the long name is specified here
-# but the short name is used to test idempotency for ipsecuser
-# and vice-versa for biometricInfo
- name: Generate CSR with KU and XKU
-  openssl_csr:
-    path: '{{ output_dir }}/csr_ku_xku.csr'
-    privatekey_path: '{{ output_dir }}/privatekey.pem'
-    subject:
-      CN: www.ansible.com
-    keyUsage:
-      - digitalSignature
-      - keyAgreement
-    extendedKeyUsage:
-      - qcStatements
-      - DVCS
-      - IPSec User
-      - biometricInfo
-    select_crypto_backend: '{{ select_crypto_backend }}'
-
- name: Generate CSR with KU and XKU (test idempotency)
-  openssl_csr:
-    path: '{{ output_dir }}/csr_ku_xku.csr'
-    privatekey_path: '{{ output_dir }}/privatekey.pem'
-    subject:
-      commonName: 'www.ansible.com'
-    keyUsage:
-      - Key Agreement
-      - digitalSignature
-    extendedKeyUsage:
-      - ipsecUser
-      - qcStatements
-      - DVCS
-      - Biometric Info
-    select_crypto_backend: '{{ select_crypto_backend }}'
-  register: csr_ku_xku
-
- name: Generate CSR with KU and XKU (test XKU change)
-  openssl_csr:
-    path: '{{ output_dir }}/csr_ku_xku.csr'
-    privatekey_path: '{{ output_dir }}/privatekey.pem'
-    subject:
-      commonName: 'www.ansible.com'
-    keyUsage:
-      - digitalSignature
-      - keyAgreement
-    extendedKeyUsage:
-      - ipsecUser
-      - qcStatements
-      - Biometric Info
-    select_crypto_backend: '{{ select_crypto_backend }}'
-  register: csr_ku_xku_change
-
- name: Generate CSR with KU and XKU (test KU change)
-  openssl_csr:
-    path: '{{ output_dir }}/csr_ku_xku.csr'
-    privatekey_path: '{{ output_dir }}/privatekey.pem'
-    subject:
-      commonName: 'www.ansible.com'
-    keyUsage:
-      - digitalSignature
-    extendedKeyUsage:
-      - ipsecUser
-      - qcStatements
-      - Biometric Info
-    select_crypto_backend: '{{ select_crypto_backend }}'
-  register: csr_ku_xku_change_2
-
- name: Generate CSR with old API
-  openssl_csr:
-    path: '{{ output_dir }}/csr_oldapi.csr'
-    privatekey_path: '{{ output_dir }}/privatekey.pem'
-    commonName: www.ansible.com
-    select_crypto_backend: '{{ select_crypto_backend }}'
-
- name: Generate CSR with OCSP Must Staple
-  openssl_csr:
-    path: '{{ output_dir }}/csr_ocsp.csr'
-    privatekey_path: '{{ output_dir }}/privatekey.pem'
-    subject_alt_name: "DNS:www.ansible.com"
-    ocsp_must_staple: true
-    select_crypto_backend: '{{ select_crypto_backend }}'
-
- name: Generate CSR with OCSP Must Staple (test idempotency)
-  openssl_csr:
-    path: '{{ output_dir }}/csr_ocsp.csr'
-    privatekey_path: '{{ output_dir }}/privatekey.pem'
-    subject_alt_name: "DNS:www.ansible.com"
-    ocsp_must_staple: true
-    select_crypto_backend: '{{ select_crypto_backend }}'
-  register: csr_ocsp_idempotency
-
- name: Generate ECC privatekey
-  openssl_privatekey:
-    path: '{{ output_dir }}/privatekey2.pem'
-    type: ECC
-    curve: secp384r1
-
- name: Generate CSR with ECC privatekey
-  openssl_csr:
-    path: '{{ output_dir }}/csr2.csr'
-    privatekey_path: '{{ output_dir }}/privatekey2.pem'
-    subject:
-      commonName: www.ansible.com
-    select_crypto_backend: '{{ select_crypto_backend }}'
--- a/test/integration/targets/openssl_csr/tasks/main.yml
+++ b/test/integration/targets/openssl_csr/tasks/main.yml
@@ -1,30 +1,141 @@
 ---
 - block:
-  - name: Running tests with pyOpenSSL backend
-    include_tasks: impl.yml
-    vars:
-      select_crypto_backend: pyopenssl
+    - name: Generate privatekey
+      openssl_privatekey:
+        path: '{{ output_dir }}/privatekey.pem'

-  - import_tasks: ../tests/validate.yml
+    - name: Generate CSR (check mode)
+      openssl_csr:
+        path: '{{ output_dir }}/csr.csr'
+        privatekey_path: '{{ output_dir }}/privatekey.pem'
+        subject:
+          commonName: www.ansible.com
+      check_mode: yes
+      register: generate_csr_check
+
+    - name: Generate CSR
+      openssl_csr:
+        path: '{{ output_dir }}/csr.csr'
+        privatekey_path: '{{ output_dir }}/privatekey.pem'
+        subject:
+          commonName: www.ansible.com
+      register: generate_csr
+
+    - name: Generate CSR (idempotent)
+      openssl_csr:
+        path: '{{ output_dir }}/csr.csr'
+        privatekey_path: '{{ output_dir }}/privatekey.pem'
+        subject:
+          commonName: www.ansible.com
+      register: generate_csr_check_idempotent
+
+    - name: Generate CSR (idempotent, check mode)
+      openssl_csr:
+        path: '{{ output_dir }}/csr.csr'
+        privatekey_path: '{{ output_dir }}/privatekey.pem'
+        subject:
+          commonName: www.ansible.com
+      check_mode: yes
+      register: generate_csr_check_idempotent_check
+
+    # keyUsage longname and shortname should be able to be used
+    # interchangeably. Hence the long name is specified here
+    # but the short name is used to test idempotency for ipsecuser
+    # and vice-versa for biometricInfo
+    - name: Generate CSR with KU and XKU
+      openssl_csr:
+        path: '{{ output_dir }}/csr_ku_xku.csr'
+        privatekey_path: '{{ output_dir }}/privatekey.pem'
+        subject:
+          CN: www.ansible.com
+        keyUsage:
+          - digitalSignature
+          - keyAgreement
+        extendedKeyUsage:
+          - qcStatements
+          - DVCS
+          - IPSec User
+          - biometricInfo
+
+    - name: Generate CSR with KU and XKU (test idempotency)
+      openssl_csr:
+        path: '{{ output_dir }}/csr_ku_xku.csr'
+        privatekey_path: '{{ output_dir }}/privatekey.pem'
+        subject:
+          commonName: 'www.ansible.com'
+        keyUsage:
+          - Key Agreement
+          - digitalSignature
+        extendedKeyUsage:
+          - ipsecUser
+          - qcStatements
+          - DVCS
+          - Biometric Info
+      register: csr_ku_xku
+
+    - name: Generate CSR with KU and XKU (test XKU change)
+      openssl_csr:
+        path: '{{ output_dir }}/csr_ku_xku.csr'
+        privatekey_path: '{{ output_dir }}/privatekey.pem'
+        subject:
+          commonName: 'www.ansible.com'
+        keyUsage:
+          - digitalSignature
+          - keyAgreement
+        extendedKeyUsage:
+          - ipsecUser
+          - qcStatements
+          - Biometric Info
+      register: csr_ku_xku_change
+
+    - name: Generate CSR with KU and XKU (test KU change)
+      openssl_csr:
+        path: '{{ output_dir }}/csr_ku_xku.csr'
+        privatekey_path: '{{ output_dir }}/privatekey.pem'
+        subject:
+          commonName: 'www.ansible.com'
+        keyUsage:
+          - digitalSignature
+        extendedKeyUsage:
+          - ipsecUser
+          - qcStatements
+          - Biometric Info
+      register: csr_ku_xku_change_2
+
+    - name: Generate CSR with old API
+      openssl_csr:
+        path: '{{ output_dir }}/csr_oldapi.csr'
+        privatekey_path: '{{ output_dir }}/privatekey.pem'
+        commonName: www.ansible.com
+
+    - name: Generate CSR with OCSP Must Staple
+      openssl_csr:
+        path: '{{ output_dir }}/csr_ocsp.csr'
+        privatekey_path: '{{ output_dir }}/privatekey.pem'
+        subject_alt_name: "DNS:www.ansible.com"
+        ocsp_must_staple: true
+
+    - name: Generate CSR with OCSP Must Staple (test idempotency)
+      openssl_csr:
+        path: '{{ output_dir }}/csr_ocsp.csr'
+        privatekey_path: '{{ output_dir }}/privatekey.pem'
+        subject_alt_name: "DNS:www.ansible.com"
+        ocsp_must_staple: true
+      register: csr_ocsp_idempotency
+
+    - name: Generate ECC privatekey
+      openssl_privatekey:
+        path: '{{ output_dir }}/privatekey2.pem'
+        type: ECC
+        curve: secp256k1
+
+    - name: Generate CSR with ECC privatekey
+      openssl_csr:
+        path: '{{ output_dir }}/csr2.csr'
+        privatekey_path: '{{ output_dir }}/privatekey2.pem'
+        subject:
+          commonName: www.ansible.com
+
+    - import_tasks: ../tests/validate.yml

  when: pyopenssl_version.stdout is version('0.15', '>=')
-
- name: Remove output directory
-  file:
-    path: "{{ output_dir }}"
-    state: absent
-
- name: Re-create output directory
-  file:
-    path: "{{ output_dir }}"
-    state: directory
-
- block:
-  - name: Running tests with cryptography backend
-    include_tasks: impl.yml
-    vars:
-      select_crypto_backend: cryptography
-
-  - import_tasks: ../tests/validate.yml
-
-  when: cryptography_version.stdout is version('1.3', '>=')