Extend test coverage for openssl modules (#27548)

* openssl_privatekey: Extend test coverage Extend the coverage of the integration test for the module openssl_privatekey. New tests have been added: * passphrase * idempotence * removal Co-Authored-By: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr> * openssl_publickey: Extend test coverage Extend the coverage on the integration test for the module openssl_publickey. New tests have been added: * OpenSSH format * passphrase * idempotence * removal
2026-05-08 06:12:51 +00:00 · 2017-08-21 13:19:41 +02:00
parent 4653f892c8
commit d4e7b045b7
7 changed files with 183 additions and 15 deletions
--- a/test/integration/targets/openssl_publickey/tasks/main.yml
+++ b/test/integration/targets/openssl_publickey/tasks/main.yml
@@ -3,11 +3,51 @@
      openssl_privatekey:
        path: '{{ output_dir }}/privatekey.pem'

-    - name: Generate publickey
+    - name: Generate publickey - PEM format
      openssl_publickey:
        path: '{{ output_dir }}/publickey.pub'
        privatekey_path: '{{ output_dir }}/privatekey.pem'

+    - name: Generate publickey - OpenSSH format
+      openssl_publickey:
+        path: '{{ output_dir }}/publickey-ssh.pub'
+        privatekey_path: '{{ output_dir }}/privatekey.pem'
+        format: OpenSSH
+      # cryptography.hazmat.primitives import serialization.Encoding.OpenSSH and
+      # cryptography.hazmat.primitives import serialization.PublicFormat.OpenSSH constants
+      # appeared in version 1.4 of cryptography
+      when: cryptography_version.stdout|version_compare('1.4.0', '>=')
+
+    - name: Generate publickey2 - standard
+      openssl_publickey:
+        path: '{{ output_dir }}/publickey2.pub'
+        privatekey_path: '{{ output_dir }}/privatekey.pem'
+
+    - name: Delete publickey2 - standard
+      openssl_publickey:
+        state: absent
+        path: '{{ output_dir }}/publickey2.pub'
+        privatekey_path: '{{ output_dir }}/privatekey.pem'
+
+    - name: Generate privatekey3 - with passphrase
+      openssl_privatekey:
+        path: '{{ output_dir }}/privatekey3.pem'
+        passphrase: ansible
+        cipher: aes256
+
+    - name: Generate publickey3 - with passphrase protected privatekey
+      openssl_publickey:
+        path: '{{ output_dir }}/publickey3.pub'
+        privatekey_path: '{{ output_dir }}/privatekey3.pem'
+        privatekey_passphrase: ansible
+
+    - name: Generate publickey3 - with passphrase protected privatekey - idempotence
+      openssl_publickey:
+        path: '{{ output_dir }}/publickey3.pub'
+        privatekey_path: '{{ output_dir }}/privatekey3.pem'
+        privatekey_passphrase: ansible
+      register: publickey3_idempotence
+
    - import_tasks: ../tests/validate.yml

  when: pyopenssl_version.stdout|version_compare('16.0.0', '>=')
--- a/test/integration/targets/openssl_publickey/tests/validate.yml
+++ b/test/integration/targets/openssl_publickey/tests/validate.yml
@@ -10,3 +10,52 @@
  assert:
    that:
      - publickey_modulus.stdout == privatekey_modulus.stdout
+
+- name: Validate public key - OpenSSH format (test - privatekey's publickey)
+  shell: 'ssh-keygen -y -f {{ output_dir }}/privatekey.pem'
+  register: privatekey_publickey
+  when: cryptography_version.stdout|version_compare('1.4.0', '>=')
+
+- name: Validate public key - OpenSSH format  (test - publickey)
+  slurp:
+    src: '{{ output_dir }}/publickey-ssh.pub'
+  register: publickey
+  when: cryptography_version.stdout|version_compare('1.4.0', '>=')
+
+- name: Validate public key - OpenSSH format (assert)
+  assert:
+    that:
+      - privatekey_publickey.stdout == '{{ publickey.content|b64decode }}'
+  when: cryptography_version.stdout|version_compare('1.4.0', '>=')
+
+- name: Validate publickey2 (test - Ensure key has been removed)
+  stat:
+    path: '{{ output_dir }}/publickey2.pub'
+  register: publickey2
+
+- name: Validate publickey2 (assert - Ensure key has been removed)
+  assert:
+    that:
+      - publickey2.stat.exists == False
+
+
+- name: Validate publickey3 (test - privatekey modulus)
+  shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey3.pem -passin pass:ansible | openssl md5'
+  register: privatekey3_modulus
+  when: openssl_version.stdout|version_compare('0.9.8zh', '>=')
+
+- name: Validate publickey3 (test - publickey modulus)
+  shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey3.pub  | openssl md5'
+  register: publickey3_modulus
+  when: openssl_version.stdout|version_compare('0.9.8zh', '>=')
+
+- name: Validate publickey3 (assert)
+  assert:
+    that:
+      - publickey3_modulus.stdout == privatekey3_modulus.stdout
+  when: openssl_version.stdout|version_compare('0.9.8zh', '>=')
+
+- name: Validate publickey3 idempotence (assert)
+  assert:
+    that:
+      - not publickey3_idempotence|changed