ansible/test/integration/targets/openssl_csr/tests/validate.yml

- name: Validate CSR (test - privatekey modulus)
  shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'
  register: privatekey_modulus

- name: Validate CSR (test - Common Name)
  shell: "openssl req -noout -subject -in {{ output_dir }}/csr.csr -nameopt oneline,-space_eq"
  register: csr_cn

- name: Validate CSR (test - csr modulus)
  shell: 'openssl req -noout -modulus -in {{ output_dir }}/csr.csr'
  register: csr_modulus

- name: Validate CSR (assert)
  assert:
    that:
      - csr_cn.stdout.split('=')[-1] == 'www.ansible.com'
      - csr_modulus.stdout == privatekey_modulus.stdout

- name: Validate CSR_KU_XKU (assert idempotency)
  assert:
    that:
      - csr_ku_xku.changed == False

- name: Validate old_API CSR (test - Common Name)
  shell: "openssl req -noout -subject -in {{ output_dir }}/csr_oldapi.csr -nameopt oneline,-space_eq"
  register: csr_oldapi_cn

- name: Validate old_API CSR (test - csr modulus)
  shell: 'openssl req -noout -modulus -in {{ output_dir }}/csr_oldapi.csr'
  register: csr_oldapi_modulus

- name: Validate old_API CSR (assert)
  assert:
    that:
      - csr_oldapi_cn.stdout.split('=')[-1] == 'www.ansible.com'
      - csr_oldapi_modulus.stdout == privatekey_modulus.stdout
Enable integration tests for the crypto/ namespace (#26684) Crypto namespace contains the openssl modules. It has no integration testing as of now. This commits aims to add integration tests for the crypto namespace. This will make it easier to spot breaking changes in the future. This tests currently apply to: * openssl_privatekey * openssl_publickey * openssl_csr 2017-07-25 13:18:18 +02:00			`- name: Validate CSR (test - privatekey modulus)`
Allow multiple values per key in name fields in openssl_certificate/csr (#30338) * allow multiple values per key in name fields in openssl_certificate * check correct side of comparison * trigger only on lists * add subject parameter to openssl_csr * fix key: value mapping not skipping None elements * temporary fix for undefined "subject" field * fix iteration over subject entries * fix docs * quote sample string * allow csr with only subject defined * fix integration test * look up NIDs before comparing, add hidden _strict params * deal with empty issuer/subject fields * adapt integration tests * also normalize output from pyopenssl * fix issue with _sanitize_inputs * don't convert empty lists * workaround for pyopenssl limitations * properly encode the input to the txt2nid function * another to_bytes fix * make subject, commonname and subjecAltName completely optional * don't compare hashes of keys in openssl_csr integration tests * add integration test for old API in openssl_csr * compare keys directly in certificate and publickey integration tests * fix typo 2017-12-12 13:35:22 +01:00			`shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'`
Enable integration tests for the crypto/ namespace (#26684) Crypto namespace contains the openssl modules. It has no integration testing as of now. This commits aims to add integration tests for the crypto namespace. This will make it easier to spot breaking changes in the future. This tests currently apply to: * openssl_privatekey * openssl_publickey * openssl_csr 2017-07-25 13:18:18 +02:00			`register: privatekey_modulus`

			`- name: Validate CSR (test - Common Name)`
			`shell: "openssl req -noout -subject -in {{ output_dir }}/csr.csr -nameopt oneline,-space_eq"`
			`register: csr_cn`

			`- name: Validate CSR (test - csr modulus)`
Allow multiple values per key in name fields in openssl_certificate/csr (#30338) * allow multiple values per key in name fields in openssl_certificate * check correct side of comparison * trigger only on lists * add subject parameter to openssl_csr * fix key: value mapping not skipping None elements * temporary fix for undefined "subject" field * fix iteration over subject entries * fix docs * quote sample string * allow csr with only subject defined * fix integration test * look up NIDs before comparing, add hidden _strict params * deal with empty issuer/subject fields * adapt integration tests * also normalize output from pyopenssl * fix issue with _sanitize_inputs * don't convert empty lists * workaround for pyopenssl limitations * properly encode the input to the txt2nid function * another to_bytes fix * make subject, commonname and subjecAltName completely optional * don't compare hashes of keys in openssl_csr integration tests * add integration test for old API in openssl_csr * compare keys directly in certificate and publickey integration tests * fix typo 2017-12-12 13:35:22 +01:00			`shell: 'openssl req -noout -modulus -in {{ output_dir }}/csr.csr'`
Enable integration tests for the crypto/ namespace (#26684) Crypto namespace contains the openssl modules. It has no integration testing as of now. This commits aims to add integration tests for the crypto namespace. This will make it easier to spot breaking changes in the future. This tests currently apply to: * openssl_privatekey * openssl_publickey * openssl_csr 2017-07-25 13:18:18 +02:00			`register: csr_modulus`

			`- name: Validate CSR (assert)`
			`assert:`
			`that:`
			`- csr_cn.stdout.split('=')[-1] == 'www.ansible.com'`
			`- csr_modulus.stdout == privatekey_modulus.stdout`
openssl: remove static dict for keyUsage (#30339) keyUsage and extendedKeyUsage are currently statically limited via a static dict defined in modules_utils/crypto.py. If one specify a value that isn't in there, idempotency won't work. Instead of having static dict, we uses keyUsage and extendedKyeUsage values OpenSSL NID and compare those rather than comparing strings. Fixes: https://github.com/ansible/ansible/issues/30316 2017-09-14 18:03:00 +02:00
			`- name: Validate CSR_KU_XKU (assert idempotency)`
			`assert:`
			`that:`
			`- csr_ku_xku.changed == False`
Allow multiple values per key in name fields in openssl_certificate/csr (#30338) * allow multiple values per key in name fields in openssl_certificate * check correct side of comparison * trigger only on lists * add subject parameter to openssl_csr * fix key: value mapping not skipping None elements * temporary fix for undefined "subject" field * fix iteration over subject entries * fix docs * quote sample string * allow csr with only subject defined * fix integration test * look up NIDs before comparing, add hidden _strict params * deal with empty issuer/subject fields * adapt integration tests * also normalize output from pyopenssl * fix issue with _sanitize_inputs * don't convert empty lists * workaround for pyopenssl limitations * properly encode the input to the txt2nid function * another to_bytes fix * make subject, commonname and subjecAltName completely optional * don't compare hashes of keys in openssl_csr integration tests * add integration test for old API in openssl_csr * compare keys directly in certificate and publickey integration tests * fix typo 2017-12-12 13:35:22 +01:00
			`- name: Validate old_API CSR (test - Common Name)`
			`shell: "openssl req -noout -subject -in {{ output_dir }}/csr_oldapi.csr -nameopt oneline,-space_eq"`
			`register: csr_oldapi_cn`

			`- name: Validate old_API CSR (test - csr modulus)`
			`shell: 'openssl req -noout -modulus -in {{ output_dir }}/csr_oldapi.csr'`
			`register: csr_oldapi_modulus`

			`- name: Validate old_API CSR (assert)`
			`assert:`
			`that:`
			`- csr_oldapi_cn.stdout.split('=')[-1] == 'www.ansible.com'`
			`- csr_oldapi_modulus.stdout == privatekey_modulus.stdout`