98 lines
3.2 KiB
YAML
98 lines
3.2 KiB
YAML
|
---
|
||
|
# The tests for this module generate unsafe parameters for testing purposes;
|
||
|
# otherwise tests would be too slow. Use sizes of at least 2048 in production!
|
||
|
- name: "[{{ select_crypto_backend }}] Generate parameter"
|
||
|
openssl_dhparam:
|
||
|
size: 768
|
||
|
path: '{{ output_dir }}/dh768.pem'
|
||
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
||
|
|
||
|
- name: "[{{ select_crypto_backend }}] Don't regenerate parameters with no change"
|
||
|
openssl_dhparam:
|
||
|
size: 768
|
||
|
path: '{{ output_dir }}/dh768.pem'
|
||
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
||
|
register: dhparam_changed
|
||
|
|
||
|
- name: "[{{ select_crypto_backend }}] Generate parameters with size option"
|
||
|
openssl_dhparam:
|
||
|
path: '{{ output_dir }}/dh512.pem'
|
||
|
size: 512
|
||
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
||
|
|
||
|
- name: "[{{ select_crypto_backend }}] Don't regenerate parameters with size option and no change"
|
||
|
openssl_dhparam:
|
||
|
path: '{{ output_dir }}/dh512.pem'
|
||
|
size: 512
|
||
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
||
|
register: dhparam_changed_512
|
||
|
|
||
|
- copy:
|
||
|
src: '{{ output_dir }}/dh768.pem'
|
||
|
remote_src: yes
|
||
|
dest: '{{ output_dir }}/dh512.pem'
|
||
|
|
||
|
- name: "[{{ select_crypto_backend }}] Re-generate if size is different"
|
||
|
openssl_dhparam:
|
||
|
path: '{{ output_dir }}/dh512.pem'
|
||
|
size: 512
|
||
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
||
|
register: dhparam_changed_to_512
|
||
|
|
||
|
- name: "[{{ select_crypto_backend }}] Force re-generate parameters with size option"
|
||
|
openssl_dhparam:
|
||
|
path: '{{ output_dir }}/dh512.pem'
|
||
|
size: 512
|
||
|
force: yes
|
||
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
||
|
register: dhparam_changed_force
|
||
|
|
||
|
- name: "[{{ select_crypto_backend }}] Create broken params"
|
||
|
copy:
|
||
|
dest: "{{ output_dir }}/dhbroken.pem"
|
||
|
content: "broken"
|
||
|
- name: "[{{ select_crypto_backend }}] Regenerate broken params"
|
||
|
openssl_dhparam:
|
||
|
path: '{{ output_dir }}/dhbroken.pem'
|
||
|
size: 512
|
||
|
force: yes
|
||
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
||
|
register: output_broken
|
||
|
|
||
|
- name: "[{{ select_crypto_backend }}] Generate params"
|
||
|
openssl_dhparam:
|
||
|
path: '{{ output_dir }}/dh_backup.pem'
|
||
|
size: 512
|
||
|
backup: yes
|
||
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
||
|
register: dhparam_backup_1
|
||
|
- name: "[{{ select_crypto_backend }}] Generate params (idempotent)"
|
||
|
openssl_dhparam:
|
||
|
path: '{{ output_dir }}/dh_backup.pem'
|
||
|
size: 512
|
||
|
backup: yes
|
||
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
||
|
register: dhparam_backup_2
|
||
|
- name: "[{{ select_crypto_backend }}] Generate params (change)"
|
||
|
openssl_dhparam:
|
||
|
path: '{{ output_dir }}/dh_backup.pem'
|
||
|
size: 512
|
||
|
force: yes
|
||
|
backup: yes
|
||
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
||
|
register: dhparam_backup_3
|
||
|
- name: "[{{ select_crypto_backend }}] Generate params (remove)"
|
||
|
openssl_dhparam:
|
||
|
path: '{{ output_dir }}/dh_backup.pem'
|
||
|
state: absent
|
||
|
backup: yes
|
||
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
||
|
register: dhparam_backup_4
|
||
|
- name: "[{{ select_crypto_backend }}] Generate params (remove, idempotent)"
|
||
|
openssl_dhparam:
|
||
|
path: '{{ output_dir }}/dh_backup.pem'
|
||
|
state: absent
|
||
|
backup: yes
|
||
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
||
|
register: dhparam_backup_5
|