2018-12-18 10:07:36 +01:00
---
- name : Generate privatekey1 - standard
openssl_privatekey :
path : '{{ output_dir }}/privatekey1.pem'
select_crypto_backend : '{{ select_crypto_backend }}'
2020-02-02 12:42:52 +01:00
return_content : yes
register : privatekey1
- name : Generate privatekey1 - standard (idempotence)
openssl_privatekey :
path : '{{ output_dir }}/privatekey1.pem'
select_crypto_backend : '{{ select_crypto_backend }}'
return_content : yes
register : privatekey1_idempotence
2018-12-18 10:07:36 +01:00
- name : Generate privatekey2 - size 2048
openssl_privatekey :
path : '{{ output_dir }}/privatekey2.pem'
size : 2048
select_crypto_backend : '{{ select_crypto_backend }}'
- name : Generate privatekey3 - type DSA
openssl_privatekey :
path : '{{ output_dir }}/privatekey3.pem'
type : DSA
size : 3072
select_crypto_backend : '{{ select_crypto_backend }}'
- name : Generate privatekey4 - standard
openssl_privatekey :
path : '{{ output_dir }}/privatekey4.pem'
select_crypto_backend : '{{ select_crypto_backend }}'
- name : Delete privatekey4 - standard
openssl_privatekey :
state : absent
path : '{{ output_dir }}/privatekey4.pem'
select_crypto_backend : '{{ select_crypto_backend }}'
2020-02-02 12:42:52 +01:00
return_content : yes
register : privatekey4_delete
- name : Delete privatekey4 - standard (idempotence)
openssl_privatekey :
state : absent
path : '{{ output_dir }}/privatekey4.pem'
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey4_delete_idempotence
2018-12-18 10:07:36 +01:00
- name : Generate privatekey5 - standard - with passphrase
openssl_privatekey :
path : '{{ output_dir }}/privatekey5.pem'
passphrase : ansible
cipher : "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
select_crypto_backend : '{{ select_crypto_backend }}'
- name : Generate privatekey5 - standard - idempotence
openssl_privatekey :
path : '{{ output_dir }}/privatekey5.pem'
passphrase : ansible
cipher : "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey5_idempotence
- name : Generate privatekey6 - standard - with non-ASCII passphrase
openssl_privatekey :
path : '{{ output_dir }}/privatekey6.pem'
passphrase : ànsïblé
cipher : "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
select_crypto_backend : '{{ select_crypto_backend }}'
- set_fact :
ecc_types : [ ]
when : select_crypto_backend == 'pyopenssl'
- set_fact :
ecc_types :
- curve : secp384r1
openssl_name : secp384r1
min_cryptography_version : "0.5"
- curve : secp521r1
openssl_name : secp521r1
min_cryptography_version : "0.5"
- curve : secp224r1
openssl_name : secp224r1
min_cryptography_version : "0.5"
- curve : secp192r1
openssl_name : prime192v1
min_cryptography_version : "0.5"
2019-07-01 23:08:54 +02:00
- curve : secp256r1
openssl_name : secp256r1
min_cryptography_version : "0.5"
2018-12-18 10:07:36 +01:00
- curve : secp256k1
openssl_name : secp256k1
min_cryptography_version : "0.9"
- curve : brainpoolP256r1
openssl_name : brainpoolP256r1
min_cryptography_version : "2.2"
- curve : brainpoolP384r1
openssl_name : brainpoolP384r1
min_cryptography_version : "2.2"
- curve : brainpoolP512r1
openssl_name : brainpoolP512r1
min_cryptography_version : "2.2"
- curve : sect571k1
openssl_name : sect571k1
min_cryptography_version : "0.5"
- curve : sect409k1
openssl_name : sect409k1
min_cryptography_version : "0.5"
- curve : sect283k1
openssl_name : sect283k1
min_cryptography_version : "0.5"
- curve : sect233k1
openssl_name : sect233k1
min_cryptography_version : "0.5"
- curve : sect163k1
openssl_name : sect163k1
min_cryptography_version : "0.5"
- curve : sect571r1
openssl_name : sect571r1
min_cryptography_version : "0.5"
- curve : sect409r1
openssl_name : sect409r1
min_cryptography_version : "0.5"
- curve : sect283r1
openssl_name : sect283r1
min_cryptography_version : "0.5"
- curve : sect233r1
openssl_name : sect233r1
min_cryptography_version : "0.5"
- curve : sect163r2
openssl_name : sect163r2
min_cryptography_version : "0.5"
when : select_crypto_backend == 'cryptography'
- name : Test ECC key generation
openssl_privatekey :
path : '{{ output_dir }}/privatekey-{{ item.curve }}.pem'
type : ECC
curve : "{{ item.curve }}"
select_crypto_backend : '{{ select_crypto_backend }}'
when : |
cryptography_version.stdout is version(item.min_cryptography_version, '>=') and
item.openssl_name in openssl_ecc_list
loop : "{{ ecc_types }}"
loop_control :
label : "{{ item.curve }}"
register : privatekey_ecc_generate
- name : Test ECC key generation (idempotency)
openssl_privatekey :
path : '{{ output_dir }}/privatekey-{{ item.curve }}.pem'
type : ECC
curve : "{{ item.curve }}"
select_crypto_backend : '{{ select_crypto_backend }}'
when : |
cryptography_version.stdout is version(item.min_cryptography_version, '>=') and
item.openssl_name in openssl_ecc_list
loop : "{{ ecc_types }}"
loop_control :
label : "{{ item.curve }}"
register : privatekey_ecc_idempotency
2019-03-08 17:21:18 +01:00
2019-04-08 10:30:05 +02:00
- block :
- name : Test other type generation
openssl_privatekey :
path : '{{ output_dir }}/privatekey-{{ item.type }}.pem'
type : "{{ item.type }}"
select_crypto_backend : '{{ select_crypto_backend }}'
when : cryptography_version.stdout is version(item.min_version, '>=')
loop : "{{ types }}"
loop_control :
label : "{{ item.type }}"
register : privatekey_t1_generate
- name : Test other type generation (idempotency)
openssl_privatekey :
path : '{{ output_dir }}/privatekey-{{ item.type }}.pem'
type : "{{ item.type }}"
select_crypto_backend : '{{ select_crypto_backend }}'
when : cryptography_version.stdout is version(item.min_version, '>=')
loop : "{{ types }}"
loop_control :
label : "{{ item.type }}"
register : privatekey_t1_idempotency
when : select_crypto_backend == 'cryptography'
vars :
types :
- type : X25519
min_version : '2.5'
- type : Ed25519
min_version : '2.6'
- type : Ed448
min_version : '2.6'
- type : X448
min_version : '2.6'
2019-03-08 17:21:18 +01:00
- name : Generate privatekey with passphrase
openssl_privatekey :
path : '{{ output_dir }}/privatekeypw.pem'
passphrase : hunter2
cipher : "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
select_crypto_backend : '{{ select_crypto_backend }}'
2019-03-18 17:34:47 +01:00
backup : yes
2019-03-08 17:21:18 +01:00
register : passphrase_1
- name : Generate privatekey with passphrase (idempotent)
openssl_privatekey :
path : '{{ output_dir }}/privatekeypw.pem'
passphrase : hunter2
cipher : "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
select_crypto_backend : '{{ select_crypto_backend }}'
2019-03-18 17:34:47 +01:00
backup : yes
2019-03-08 17:21:18 +01:00
register : passphrase_2
- name : Regenerate privatekey without passphrase
openssl_privatekey :
path : '{{ output_dir }}/privatekeypw.pem'
select_crypto_backend : '{{ select_crypto_backend }}'
2019-03-18 17:34:47 +01:00
backup : yes
2019-03-08 17:21:18 +01:00
register : passphrase_3
- name : Regenerate privatekey without passphrase (idempotent)
openssl_privatekey :
path : '{{ output_dir }}/privatekeypw.pem'
select_crypto_backend : '{{ select_crypto_backend }}'
2019-03-18 17:34:47 +01:00
backup : yes
2019-03-08 17:21:18 +01:00
register : passphrase_4
- name : Regenerate privatekey with passphrase
openssl_privatekey :
path : '{{ output_dir }}/privatekeypw.pem'
passphrase : hunter2
cipher : "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
select_crypto_backend : '{{ select_crypto_backend }}'
2019-03-18 17:34:47 +01:00
backup : yes
2019-03-08 17:21:18 +01:00
register : passphrase_5
2019-03-18 17:34:47 +01:00
2019-03-30 14:28:10 +01:00
- name : Create broken key
copy :
dest : "{{ output_dir }}/broken"
content : "broken"
- name : Regenerate broken key
openssl_privatekey :
path : '{{ output_dir }}/broken.pem'
select_crypto_backend : '{{ select_crypto_backend }}'
register : output_broken
2019-03-18 17:34:47 +01:00
- name : Remove module
openssl_privatekey :
path : '{{ output_dir }}/privatekeypw.pem'
passphrase : hunter2
cipher : "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
select_crypto_backend : '{{ select_crypto_backend }}'
backup : yes
state : absent
register : remove_1
- name : Remove module (idempotent)
openssl_privatekey :
path : '{{ output_dir }}/privatekeypw.pem'
passphrase : hunter2
cipher : "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
select_crypto_backend : '{{ select_crypto_backend }}'
backup : yes
state : absent
register : remove_2
2019-03-25 14:20:53 +01:00
- name : Generate privatekey_mode (mode 0400)
openssl_privatekey :
path : '{{ output_dir }}/privatekey_mode.pem'
mode : '0400'
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey_mode_1
- name : Stat for privatekey_mode
stat :
path : '{{ output_dir }}/privatekey_mode.pem'
register : privatekey_mode_1_stat
- name : Generate privatekey_mode (mode 0400, idempotency)
openssl_privatekey :
path : '{{ output_dir }}/privatekey_mode.pem'
mode : '0400'
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey_mode_2
- name : Generate privatekey_mode (mode 0400, force)
openssl_privatekey :
path : '{{ output_dir }}/privatekey_mode.pem'
mode : '0400'
force : yes
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey_mode_3
- name : Stat for privatekey_mode
stat :
path : '{{ output_dir }}/privatekey_mode.pem'
register : privatekey_mode_3_stat
2019-10-17 10:40:13 +02:00
- block :
- name : Generate privatekey_fmt_1 - auto format
openssl_privatekey :
path : '{{ output_dir }}/privatekey_fmt_1.pem'
format : auto
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey_fmt_1_step_1
- name : Generate privatekey_fmt_1 - auto format (idempotent)
openssl_privatekey :
path : '{{ output_dir }}/privatekey_fmt_1.pem'
format : auto
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey_fmt_1_step_2
- name : Generate privatekey_fmt_1 - PKCS1 format
openssl_privatekey :
path : '{{ output_dir }}/privatekey_fmt_1.pem'
format : pkcs1
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey_fmt_1_step_3
- name : Generate privatekey_fmt_1 - PKCS8 format
openssl_privatekey :
path : '{{ output_dir }}/privatekey_fmt_1.pem'
format : pkcs8
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey_fmt_1_step_4
- name : Generate privatekey_fmt_1 - PKCS8 format (idempotent)
openssl_privatekey :
path : '{{ output_dir }}/privatekey_fmt_1.pem'
format : pkcs8
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey_fmt_1_step_5
- name : Generate privatekey_fmt_1 - auto format (ignore)
openssl_privatekey :
path : '{{ output_dir }}/privatekey_fmt_1.pem'
format : auto_ignore
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey_fmt_1_step_6
- name : Generate privatekey_fmt_1 - auto format (no ignore)
openssl_privatekey :
path : '{{ output_dir }}/privatekey_fmt_1.pem'
format : auto
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey_fmt_1_step_7
- name : Generate privatekey_fmt_1 - raw format (fail)
openssl_privatekey :
path : '{{ output_dir }}/privatekey_fmt_1.pem'
format : raw
select_crypto_backend : '{{ select_crypto_backend }}'
ignore_errors : yes
register : privatekey_fmt_1_step_8
- name : Generate privatekey_fmt_1 - PKCS8 format (convert)
openssl_privatekey_info :
path : '{{ output_dir }}/privatekey_fmt_1.pem'
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey_fmt_1_step_9_before
- name : Generate privatekey_fmt_1 - PKCS8 format (convert)
openssl_privatekey :
path : '{{ output_dir }}/privatekey_fmt_1.pem'
format : pkcs8
format_mismatch : convert
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey_fmt_1_step_9
- name : Generate privatekey_fmt_1 - PKCS8 format (convert)
openssl_privatekey_info :
path : '{{ output_dir }}/privatekey_fmt_1.pem'
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey_fmt_1_step_9_after
when : 'select_crypto_backend == "cryptography"'
- block :
- name : Generate privatekey_fmt_2 - PKCS8 format
openssl_privatekey :
path : '{{ output_dir }}/privatekey_fmt_2.pem'
type : X448
format : pkcs8
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey_fmt_2_step_1
- name : Generate privatekey_fmt_2 - PKCS8 format (idempotent)
openssl_privatekey :
path : '{{ output_dir }}/privatekey_fmt_2.pem'
type : X448
format : pkcs8
select_crypto_backend : '{{ select_crypto_backend }}'
register : privatekey_fmt_2_step_2
- name : Generate privatekey_fmt_2 - raw format
openssl_privatekey :
path : '{{ output_dir }}/privatekey_fmt_2.pem'
type : X448
format : raw
select_crypto_backend : '{{ select_crypto_backend }}'
2020-02-02 12:42:52 +01:00
return_content : yes
2019-10-17 10:40:13 +02:00
register : privatekey_fmt_2_step_3
2020-02-02 12:42:52 +01:00
- name : Read privatekey_fmt_2.pem
slurp :
src : "{{ output_dir }}/privatekey_fmt_2.pem"
register : content
- name : Generate privatekey_fmt_2 - verify that returned content is base64 encoded
assert :
that :
- privatekey_fmt_2_step_3.privatekey == content.content
2019-10-17 10:40:13 +02:00
- name : Generate privatekey_fmt_2 - raw format (idempotent)
openssl_privatekey :
path : '{{ output_dir }}/privatekey_fmt_2.pem'
type : X448
format : raw
select_crypto_backend : '{{ select_crypto_backend }}'
2020-02-02 12:42:52 +01:00
return_content : yes
2019-10-17 10:40:13 +02:00
register : privatekey_fmt_2_step_4
2020-02-02 12:42:52 +01:00
- name : Read privatekey_fmt_2.pem
slurp :
src : "{{ output_dir }}/privatekey_fmt_2.pem"
register : content
- name : Generate privatekey_fmt_2 - verify that returned content is base64 encoded
assert :
that :
- privatekey_fmt_2_step_4.privatekey == content.content
2019-10-17 10:40:13 +02:00
- name : Generate privatekey_fmt_2 - auto format (ignore)
openssl_privatekey :
path : '{{ output_dir }}/privatekey_fmt_2.pem'
2019-12-09 14:26:15 +01:00
type : X448
2019-10-17 10:40:13 +02:00
format : auto_ignore
select_crypto_backend : '{{ select_crypto_backend }}'
2020-02-02 12:42:52 +01:00
return_content : yes
2019-12-09 14:26:15 +01:00
register : privatekey_fmt_2_step_5
2019-10-17 10:40:13 +02:00
2020-02-02 12:42:52 +01:00
- name : Read privatekey_fmt_2.pem
slurp :
src : "{{ output_dir }}/privatekey_fmt_2.pem"
register : content
- name : Generate privatekey_fmt_2 - verify that returned content is base64 encoded
assert :
that :
- privatekey_fmt_2_step_5.privatekey == content.content
2019-10-17 10:40:13 +02:00
- name : Generate privatekey_fmt_2 - auto format (no ignore)
openssl_privatekey :
path : '{{ output_dir }}/privatekey_fmt_2.pem'
2019-12-09 14:26:15 +01:00
type : X448
2019-10-17 10:40:13 +02:00
format : auto
select_crypto_backend : '{{ select_crypto_backend }}'
2020-02-02 12:42:52 +01:00
return_content : yes
2019-12-09 14:26:15 +01:00
register : privatekey_fmt_2_step_6
2019-10-17 10:40:13 +02:00
2020-02-02 12:42:52 +01:00
- name : Generate privatekey_fmt_2 - verify that returned content is not base64 encoded
assert :
that :
- privatekey_fmt_2_step_6.privatekey == lookup('file', output_dir ~ '/privatekey_fmt_2.pem', rstrip=False)
2019-10-17 10:40:13 +02:00
when : 'select_crypto_backend == "cryptography" and cryptography_version.stdout is version("2.6", ">=")'
2020-02-15 15:39:36 +01:00
# Test regenerate option
- name : Regenerate - setup simple keys
openssl_privatekey :
path : '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type : RSA
size : 1024
select_crypto_backend : '{{ select_crypto_backend }}'
loop : "{{ regenerate_values }}"
- name : Regenerate - setup password protected keys
openssl_privatekey :
path : '{{ output_dir }}/regenerate-b-{{ item }}.pem'
type : RSA
size : 1024
passphrase : hunter2
cipher : "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
select_crypto_backend : '{{ select_crypto_backend }}'
loop : "{{ regenerate_values }}"
- name : Regenerate - setup broken keys
copy :
dest : '{{ output_dir }}/regenerate-c-{{ item }}.pem'
content : 'broken key'
mode : '0700'
loop : "{{ regenerate_values }}"
- name : Regenerate - modify broken keys (check mode)
openssl_privatekey :
path : '{{ output_dir }}/regenerate-c-{{ item }}.pem'
type : RSA
size : 1024
regenerate : '{{ item }}'
select_crypto_backend : '{{ select_crypto_backend }}'
check_mode : yes
loop : "{{ regenerate_values }}"
ignore_errors : yes
register : result
- assert :
that :
- result.results[0] is failed
- "'Unable to read the key. The key is protected with a another passphrase / no passphrase or broken. Will not proceed.' in result.results[0].msg or 'Cannot load raw key' in result.results[0].msg"
- result.results[1] is failed
- "'Unable to read the key. The key is protected with a another passphrase / no passphrase or broken. Will not proceed.' in result.results[1].msg or 'Cannot load raw key' in result.results[1].msg"
- result.results[2] is failed
- "'Unable to read the key. The key is protected with a another passphrase / no passphrase or broken. Will not proceed.' in result.results[2].msg or 'Cannot load raw key' in result.results[2].msg"
- result.results[3] is changed
- result.results[4] is changed
- name : Regenerate - modify broken keys
openssl_privatekey :
path : '{{ output_dir }}/regenerate-c-{{ item }}.pem'
type : RSA
size : 1024
regenerate : '{{ item }}'
select_crypto_backend : '{{ select_crypto_backend }}'
loop : "{{ regenerate_values }}"
ignore_errors : yes
register : result
- assert :
that :
- result.results[0] is failed
- "'Unable to read the key. The key is protected with a another passphrase / no passphrase or broken. Will not proceed.' in result.results[0].msg or 'Cannot load raw key' in result.results[0].msg"
- result.results[1] is failed
- "'Unable to read the key. The key is protected with a another passphrase / no passphrase or broken. Will not proceed.' in result.results[1].msg or 'Cannot load raw key' in result.results[1].msg"
- result.results[2] is failed
- "'Unable to read the key. The key is protected with a another passphrase / no passphrase or broken. Will not proceed.' in result.results[2].msg or 'Cannot load raw key' in result.results[2].msg"
- result.results[3] is changed
- result.results[4] is changed
- name : Regenerate - modify password protected keys (check mode)
openssl_privatekey :
path : '{{ output_dir }}/regenerate-b-{{ item }}.pem'
type : RSA
size : 1024
regenerate : '{{ item }}'
select_crypto_backend : '{{ select_crypto_backend }}'
check_mode : yes
loop : "{{ regenerate_values }}"
ignore_errors : yes
register : result
- assert :
that :
- result.results[0] is failed
- "'Unable to read the key. The key is protected with a another passphrase / no passphrase or broken. Will not proceed.' in result.results[0].msg"
- result.results[1] is failed
- "'Unable to read the key. The key is protected with a another passphrase / no passphrase or broken. Will not proceed.' in result.results[1].msg"
- result.results[2] is failed
- "'Unable to read the key. The key is protected with a another passphrase / no passphrase or broken. Will not proceed.' in result.results[2].msg"
- result.results[3] is changed
- result.results[4] is changed
- name : Regenerate - modify password protected keys
openssl_privatekey :
path : '{{ output_dir }}/regenerate-b-{{ item }}.pem'
type : RSA
size : 1024
regenerate : '{{ item }}'
select_crypto_backend : '{{ select_crypto_backend }}'
loop : "{{ regenerate_values }}"
ignore_errors : yes
register : result
- assert :
that :
- result.results[0] is failed
- "'Unable to read the key. The key is protected with a another passphrase / no passphrase or broken. Will not proceed.' in result.results[0].msg"
- result.results[1] is failed
- "'Unable to read the key. The key is protected with a another passphrase / no passphrase or broken. Will not proceed.' in result.results[1].msg"
- result.results[2] is failed
- "'Unable to read the key. The key is protected with a another passphrase / no passphrase or broken. Will not proceed.' in result.results[2].msg"
- result.results[3] is changed
- result.results[4] is changed
- name : Regenerate - not modify regular keys (check mode)
openssl_privatekey :
path : '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type : RSA
size : 1024
regenerate : '{{ item }}'
select_crypto_backend : '{{ select_crypto_backend }}'
check_mode : yes
loop : "{{ regenerate_values }}"
register : result
- assert :
that :
- result.results[0] is not changed
- result.results[1] is not changed
- result.results[2] is not changed
- result.results[3] is not changed
- result.results[4] is changed
- name : Regenerate - not modify regular keys
openssl_privatekey :
path : '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type : RSA
size : 1024
regenerate : '{{ item }}'
select_crypto_backend : '{{ select_crypto_backend }}'
loop : "{{ regenerate_values }}"
register : result
- assert :
that :
- result.results[0] is not changed
- result.results[1] is not changed
- result.results[2] is not changed
- result.results[3] is not changed
- result.results[4] is changed
- name : Regenerate - adjust key size (check mode)
openssl_privatekey :
path : '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type : RSA
size : 1048
regenerate : '{{ item }}'
select_crypto_backend : '{{ select_crypto_backend }}'
check_mode : yes
loop : "{{ regenerate_values }}"
ignore_errors : yes
register : result
- assert :
that :
- result.results[0] is success and result.results[0] is not changed
- result.results[1] is failed
- "'Key has wrong type and/or size. Will not proceed.' in result.results[1].msg"
- result.results[2] is changed
- result.results[3] is changed
- result.results[4] is changed
- name : Regenerate - adjust key size
openssl_privatekey :
path : '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type : RSA
size : 1048
regenerate : '{{ item }}'
select_crypto_backend : '{{ select_crypto_backend }}'
loop : "{{ regenerate_values }}"
ignore_errors : yes
register : result
- assert :
that :
- result.results[0] is success and result.results[0] is not changed
- result.results[1] is failed
- "'Key has wrong type and/or size. Will not proceed.' in result.results[1].msg"
- result.results[2] is changed
- result.results[3] is changed
- result.results[4] is changed
- name : Regenerate - redistribute keys
copy :
src : '{{ output_dir }}/regenerate-a-always.pem'
dest : '{{ output_dir }}/regenerate-a-{{ item }}.pem'
remote_src : true
loop : "{{ regenerate_values }}"
when : "item != 'always'"
- name : Regenerate - adjust key type (check mode)
openssl_privatekey :
path : '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type : DSA
size : 1024
regenerate : '{{ item }}'
select_crypto_backend : '{{ select_crypto_backend }}'
check_mode : yes
loop : "{{ regenerate_values }}"
ignore_errors : yes
register : result
- assert :
that :
- result.results[0] is success and result.results[0] is not changed
- result.results[1] is failed
- "'Key has wrong type and/or size. Will not proceed.' in result.results[1].msg"
- result.results[2] is changed
- result.results[3] is changed
- result.results[4] is changed
- name : Regenerate - adjust key type
openssl_privatekey :
path : '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type : DSA
size : 1024
regenerate : '{{ item }}'
select_crypto_backend : '{{ select_crypto_backend }}'
loop : "{{ regenerate_values }}"
ignore_errors : yes
register : result
- assert :
that :
- result.results[0] is success and result.results[0] is not changed
- result.results[1] is failed
- "'Key has wrong type and/or size. Will not proceed.' in result.results[1].msg"
- result.results[2] is changed
- result.results[3] is changed
- result.results[4] is changed
- block :
- name : Regenerate - redistribute keys
copy :
src : '{{ output_dir }}/regenerate-a-always.pem'
dest : '{{ output_dir }}/regenerate-a-{{ item }}.pem'
remote_src : true
loop : "{{ regenerate_values }}"
when : "item != 'always'"
- name : Regenerate - format mismatch (check mode)
openssl_privatekey :
path : '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type : DSA
size : 1024
format : pkcs8
regenerate : '{{ item }}'
select_crypto_backend : '{{ select_crypto_backend }}'
check_mode : yes
loop : "{{ regenerate_values }}"
ignore_errors : yes
register : result
- assert :
that :
- result.results[0] is success and result.results[0] is not changed
- result.results[1] is failed
- "'Key has wrong format. Will not proceed.' in result.results[1].msg"
- result.results[2] is changed
- result.results[3] is changed
- result.results[4] is changed
- name : Regenerate - format mismatch
openssl_privatekey :
path : '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type : DSA
size : 1024
format : pkcs8
regenerate : '{{ item }}'
select_crypto_backend : '{{ select_crypto_backend }}'
loop : "{{ regenerate_values }}"
ignore_errors : yes
register : result
- assert :
that :
- result.results[0] is success and result.results[0] is not changed
- result.results[1] is failed
- "'Key has wrong format. Will not proceed.' in result.results[1].msg"
- result.results[2] is changed
- result.results[3] is changed
- result.results[4] is changed
- name : Regenerate - redistribute keys
copy :
src : '{{ output_dir }}/regenerate-a-always.pem'
dest : '{{ output_dir }}/regenerate-a-{{ item }}.pem'
remote_src : true
loop : "{{ regenerate_values }}"
when : "item != 'always'"
- name : Regenerate - convert format (check mode)
openssl_privatekey :
path : '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type : DSA
size : 1024
format : pkcs1
format_mismatch : convert
regenerate : '{{ item }}'
select_crypto_backend : '{{ select_crypto_backend }}'
check_mode : yes
loop : "{{ regenerate_values }}"
register : result
- assert :
that :
- result.results[0] is changed
- result.results[1] is changed
- result.results[2] is changed
- result.results[3] is changed
- result.results[4] is changed
- name : Regenerate - convert format
openssl_privatekey :
path : '{{ output_dir }}/regenerate-a-{{ item }}.pem'
type : DSA
size : 1024
format : pkcs1
format_mismatch : convert
regenerate : '{{ item }}'
select_crypto_backend : '{{ select_crypto_backend }}'
loop : "{{ regenerate_values }}"
register : result
- assert :
that :
- result.results[0] is changed
- result.results[1] is changed
- result.results[2] is changed
- result.results[3] is changed
- result.results[4] is changed
# for all values but 'always', the key should have not been regenerated.
# verify this by comparing fingerprints:
- result.results[0].fingerprint == result.results[1].fingerprint
- result.results[0].fingerprint == result.results[2].fingerprint
- result.results[0].fingerprint == result.results[3].fingerprint
- result.results[0].fingerprint != result.results[4].fingerprint
when : 'select_crypto_backend == "cryptography" and cryptography_version.stdout is version("2.6", ">=")'