ansible/test/integration/targets/x509_crl/tasks/main.yml

---
- set_fact:
    certificates:
      - name: ca
        subject:
          commonName: Ansible
        is_ca: yes
      - name: ca-2
        subject:
          commonName: Ansible Other CA
        is_ca: yes
      - name: cert-1
        subject_alt_name:
          - DNS:ansible.com
      - name: cert-2
        subject_alt_name:
          - DNS:example.com
      - name: cert-3
        subject_alt_name:
          - DNS:example.org
          - IP:1.2.3.4
      - name: cert-4
        subject_alt_name:
          - DNS:test.ansible.com
          - DNS:b64.ansible.com

- name: Generate private keys
  openssl_privatekey:
    path: '{{ output_dir }}/{{ item.name }}.key'
    type: ECC
    curve: secp256r1
  loop: "{{ certificates }}"

- name: Generate CSRs
  openssl_csr:
    path: '{{ output_dir }}/{{ item.name }}.csr'
    privatekey_path: '{{ output_dir }}/{{ item.name }}.key'
    subject: "{{ item.subject | default(omit) }}"
    subject_alt_name: "{{ item.subject_alt_name | default(omit) }}"
    basic_constraints: "{{ 'CA:TRUE' if item.is_ca | default(false) else omit }}"
    use_common_name_for_san: no
  loop: "{{ certificates }}"

- name: Generate CA certificates
  openssl_certificate:
    path: '{{ output_dir }}/{{ item.name }}.pem'
    csr_path: '{{ output_dir }}/{{ item.name }}.csr'
    privatekey_path: '{{ output_dir }}/{{ item.name }}.key'
    provider: selfsigned
  loop: "{{ certificates }}"
  when: item.is_ca | default(false)

- name: Generate other certificates
  openssl_certificate:
    path: '{{ output_dir }}/{{ item.name }}.pem'
    csr_path: '{{ output_dir }}/{{ item.name }}.csr'
    provider: ownca
    ownca_path: '{{ output_dir }}/ca.pem'
    ownca_privatekey_path: '{{ output_dir }}/ca.key'
  loop: "{{ certificates }}"
  when: not (item.is_ca | default(false))

- block:
  - name: Running tests with cryptography backend
    include_tasks: impl.yml
    vars:
      select_crypto_backend: cryptography

  - import_tasks: ../tests/validate.yml
    vars:
      select_crypto_backend: cryptography

  when: cryptography_version.stdout is version('1.2', '>=')
Add x509_crl module (#63435) * Add x509_crl module. * Add integration tests. * Fix some errors. * Fix inversion. * Compare name instead of tpye. * Fix fail_json() calls. * Work around rename of serial_number attribute for cryptography 1.4. * Don't die for non-cert loading errors. * One more. * Fix function call. * Fixed/improved descriptions. * Don't read issuer from certificate file. * Allow to ignore timestamps. * Default value for revocation_date. * Update tests. * Mention ignore_timestamps in update docs. * Support privatekey_content, and require some options only if state is present. * Allow to pass certificate in directly. * Add tests. * Fix required_if. * Forgot to encode content. * Forgot to adjust type. * Allow to return CRL's content directly. * return_crl_content -> return_content (as in #65400). * Fix elements. * Fix messages. * Use required_one_of and mutually_exclusive instead of doing the checks by hand. * Fix format. * Skip tests on AIX. * Fix typo. 2020-02-18 17:14:13 +01:00			`---`
			`- set_fact:`
			`certificates:`
			`- name: ca`
			`subject:`
			`commonName: Ansible`
			`is_ca: yes`
			`- name: ca-2`
			`subject:`
			`commonName: Ansible Other CA`
			`is_ca: yes`
			`- name: cert-1`
			`subject_alt_name:`
			`- DNS:ansible.com`
			`- name: cert-2`
			`subject_alt_name:`
			`- DNS:example.com`
			`- name: cert-3`
			`subject_alt_name:`
			`- DNS:example.org`
			`- IP:1.2.3.4`
			`- name: cert-4`
			`subject_alt_name:`
			`- DNS:test.ansible.com`
			`- DNS:b64.ansible.com`

			`- name: Generate private keys`
			`openssl_privatekey:`
			`path: '{{ output_dir }}/{{ item.name }}.key'`
			`type: ECC`
			`curve: secp256r1`
			`loop: "{{ certificates }}"`

			`- name: Generate CSRs`
			`openssl_csr:`
			`path: '{{ output_dir }}/{{ item.name }}.csr'`
			`privatekey_path: '{{ output_dir }}/{{ item.name }}.key'`
			`subject: "{{ item.subject \| default(omit) }}"`
			`subject_alt_name: "{{ item.subject_alt_name \| default(omit) }}"`
			`basic_constraints: "{{ 'CA:TRUE' if item.is_ca \| default(false) else omit }}"`
			`use_common_name_for_san: no`
			`loop: "{{ certificates }}"`

			`- name: Generate CA certificates`
			`openssl_certificate:`
			`path: '{{ output_dir }}/{{ item.name }}.pem'`
			`csr_path: '{{ output_dir }}/{{ item.name }}.csr'`
			`privatekey_path: '{{ output_dir }}/{{ item.name }}.key'`
			`provider: selfsigned`
			`loop: "{{ certificates }}"`
			`when: item.is_ca \| default(false)`

			`- name: Generate other certificates`
			`openssl_certificate:`
			`path: '{{ output_dir }}/{{ item.name }}.pem'`
			`csr_path: '{{ output_dir }}/{{ item.name }}.csr'`
			`provider: ownca`
			`ownca_path: '{{ output_dir }}/ca.pem'`
			`ownca_privatekey_path: '{{ output_dir }}/ca.key'`
			`loop: "{{ certificates }}"`
			`when: not (item.is_ca \| default(false))`

			`- block:`
			`- name: Running tests with cryptography backend`
			`include_tasks: impl.yml`
			`vars:`
			`select_crypto_backend: cryptography`

			`- import_tasks: ../tests/validate.yml`
			`vars:`
			`select_crypto_backend: cryptography`

			`when: cryptography_version.stdout is version('1.2', '>=')`