ansible/test/integration/targets/openssh_keypair/tasks/main.yml

---
- name: Generate privatekey1 - standard
  openssh_keypair:
    path: '{{ output_dir }}/privatekey1'
  register: privatekey1_result

- name: Generate privatekey1 - standard (idempotent)
  openssh_keypair:
    path: '{{ output_dir }}/privatekey1'
  register: privatekey1_idem_result

- name: Generate privatekey2 - size 2048
  openssh_keypair:
    path: '{{ output_dir }}/privatekey2'
    size: 2048

- name: Generate privatekey3 - type dsa
  openssh_keypair:
    path: '{{ output_dir }}/privatekey3'
    type: dsa

- name: Generate privatekey4 - standard
  openssh_keypair:
    path: '{{ output_dir }}/privatekey4'

- name: Delete privatekey4 - standard
  openssh_keypair:
    state: absent
    path: '{{ output_dir }}/privatekey4'

- name: Generate privatekey5 - standard
  openssh_keypair:
    path: '{{ output_dir }}/privatekey5'
  register: publickey_gen

- name: Generate privatekey6
  openssh_keypair:
    path: '{{ output_dir }}/privatekey6'
    type: rsa

- name: Regenerate privatekey6 via force
  openssh_keypair:
    path: '{{ output_dir }}/privatekey6'
    type: rsa
    force: yes
  register: output_regenerated_via_force

- name: Create broken key
  copy:
    dest: '{{ item }}'
    content: ''
    mode: '0700'
  loop:
    - '{{ output_dir }}/privatekeybroken'
    - '{{ output_dir }}/privatekeybroken.pub'

- name: Regenerate broken key - should fail
  openssh_keypair:
    path: '{{ output_dir }}/privatekeybroken'
    type: rsa
  register: output_broken
  ignore_errors: yes

- name: Regenerate broken key with force
  openssh_keypair:
    path: '{{ output_dir }}/privatekeybroken'
    type: rsa
    force: yes
  register: output_broken_force

- name: Generate read-only private key
  openssh_keypair:
    path: '{{ output_dir }}/privatekeyreadonly'
    type: rsa
    mode: '0200'

- name: Regenerate read-only private key via force
  openssh_keypair:
    path: '{{ output_dir }}/privatekeyreadonly'
    type: rsa
    force: yes
  register: output_read_only

- name: Generate privatekey7 - standard with comment
  openssh_keypair:
    path: '{{ output_dir }}/privatekey7'
    comment: 'test@privatekey7'
  register: privatekey7_result

- name: Modify privatekey7 comment
  openssh_keypair:
    path: '{{ output_dir }}/privatekey7'
    comment: 'test_modified@privatekey7'
  register: privatekey7_modified_result

- name: Generate password protected key
  command: 'ssh-keygen -f {{ output_dir }}/privatekey8 -N password'

- name: Try to modify the password protected key - should fail
  openssh_keypair:
    path: '{{ output_dir }}/privatekey8'
  register: privatekey8_result
  ignore_errors: yes

- name: Try to modify the password protected key with force=yes
  openssh_keypair:
    path: '{{ output_dir }}/privatekey8'
    force: yes
  register: privatekey8_result_force

- import_tasks: ../tests/validate.yml
Do fail instead of regenerate for password protected and invalid keys. (#65638) 2020-02-02 13:54:28 +01:00			`---`
Add openssh_keypair module (#46436) * add openssh_keypair module 2018-10-24 12:51:45 +02:00			`- name: Generate privatekey1 - standard`
			`openssh_keypair:`
			`path: '{{ output_dir }}/privatekey1'`
openssh_keypair: make fingerprint result a string (#57295) The extant documentation says that the fingerprint return value is a single string, but it is currently being returned as a split list. Convert the returned value to a string as documented, and add some basic test-case coverage for the return values. 2019-06-06 15:58:51 +10:00			`register: privatekey1_result`
Add openssh_keypair module (#46436) * add openssh_keypair module 2018-10-24 12:51:45 +02:00
openssh_keypair: fix idempotence issue (#65017) * Fix idempotence issue. * Add changelog. 2019-11-20 21:02:26 +01:00			`- name: Generate privatekey1 - standard (idempotent)`
			`openssh_keypair:`
			`path: '{{ output_dir }}/privatekey1'`
			`register: privatekey1_idem_result`

Add openssh_keypair module (#46436) * add openssh_keypair module 2018-10-24 12:51:45 +02:00			`- name: Generate privatekey2 - size 2048`
			`openssh_keypair:`
			`path: '{{ output_dir }}/privatekey2'`
			`size: 2048`

			`- name: Generate privatekey3 - type dsa`
			`openssh_keypair:`
			`path: '{{ output_dir }}/privatekey3'`
			`type: dsa`

			`- name: Generate privatekey4 - standard`
			`openssh_keypair:`
			`path: '{{ output_dir }}/privatekey4'`

			`- name: Delete privatekey4 - standard`
			`openssh_keypair:`
			`state: absent`
			`path: '{{ output_dir }}/privatekey4'`

Add public key return to openssh_keypair (#53214) - The openssh_keypair module will return a public key output on the private key creation. - Add integration test in order to verify the public key output. 2019-03-05 18:07:43 +02:00			`- name: Generate privatekey5 - standard`
			`openssh_keypair:`
			`path: '{{ output_dir }}/privatekey5'`
			`register: publickey_gen`

openssh_keypair: bugfix make regenerating keypairs via force possible… (#57801) * openssh_keypair: bugfix make regenerating keypairs via force possible / add invalid file handling * openssh_keypair: change permissions of read-only file instead of deleting it for regeneration; add changelog fragment * address review feedbak, refactor * add integration tests for bigfixes * linter: fix indent * fixup integration tests: use force when regenerating an invalid file * linter: fix indent * openssh_keypair: address review feedback * openssh_keypair: fixup, remove backtick * openssh_keypair: address review feedback * Only pass 'y' into stdin of ssh-keygen when file exists. 2019-06-24 21:45:49 +02:00			`- name: Generate privatekey6`
			`openssh_keypair:`
			`path: '{{ output_dir }}/privatekey6'`
			`type: rsa`

			`- name: Regenerate privatekey6 via force`
			`openssh_keypair:`
			`path: '{{ output_dir }}/privatekey6'`
			`type: rsa`
			`force: yes`
			`register: output_regenerated_via_force`

			`- name: Create broken key`
			`copy:`
			`dest: '{{ item }}'`
			`content: ''`
			`mode: '0700'`
			`loop:`
			`- '{{ output_dir }}/privatekeybroken'`
			`- '{{ output_dir }}/privatekeybroken.pub'`

Do fail instead of regenerate for password protected and invalid keys. (#65638) 2020-02-02 13:54:28 +01:00			`- name: Regenerate broken key - should fail`
openssh_keypair: bugfix make regenerating keypairs via force possible… (#57801) * openssh_keypair: bugfix make regenerating keypairs via force possible / add invalid file handling * openssh_keypair: change permissions of read-only file instead of deleting it for regeneration; add changelog fragment * address review feedbak, refactor * add integration tests for bigfixes * linter: fix indent * fixup integration tests: use force when regenerating an invalid file * linter: fix indent * openssh_keypair: address review feedback * openssh_keypair: fixup, remove backtick * openssh_keypair: address review feedback * Only pass 'y' into stdin of ssh-keygen when file exists. 2019-06-24 21:45:49 +02:00			`openssh_keypair:`
			`path: '{{ output_dir }}/privatekeybroken'`
			`type: rsa`
			`register: output_broken`
Do fail instead of regenerate for password protected and invalid keys. (#65638) 2020-02-02 13:54:28 +01:00			`ignore_errors: yes`

			`- name: Regenerate broken key with force`
			`openssh_keypair:`
			`path: '{{ output_dir }}/privatekeybroken'`
			`type: rsa`
			`force: yes`
			`register: output_broken_force`
openssh_keypair: bugfix make regenerating keypairs via force possible… (#57801) * openssh_keypair: bugfix make regenerating keypairs via force possible / add invalid file handling * openssh_keypair: change permissions of read-only file instead of deleting it for regeneration; add changelog fragment * address review feedbak, refactor * add integration tests for bigfixes * linter: fix indent * fixup integration tests: use force when regenerating an invalid file * linter: fix indent * openssh_keypair: address review feedback * openssh_keypair: fixup, remove backtick * openssh_keypair: address review feedback * Only pass 'y' into stdin of ssh-keygen when file exists. 2019-06-24 21:45:49 +02:00
			`- name: Generate read-only private key`
			`openssh_keypair:`
			`path: '{{ output_dir }}/privatekeyreadonly'`
			`type: rsa`
			`mode: '0200'`

			`- name: Regenerate read-only private key via force`
			`openssh_keypair:`
			`path: '{{ output_dir }}/privatekeyreadonly'`
			`type: rsa`
			`force: yes`
			`register: output_read_only`

openssh_keypair - Add public key and key comment validation (#57993) - Split the key validation to separate private and public. - In case public key does not exist, recreate it. - Validate comment of the key. - In case comment changed, update the private and public keys. 2019-08-11 01:57:35 +03:00			`- name: Generate privatekey7 - standard with comment`
			`openssh_keypair:`
			`path: '{{ output_dir }}/privatekey7'`
			`comment: 'test@privatekey7'`
			`register: privatekey7_result`

			`- name: Modify privatekey7 comment`
			`openssh_keypair:`
			`path: '{{ output_dir }}/privatekey7'`
			`comment: 'test_modified@privatekey7'`
			`register: privatekey7_modified_result`

openssh_keypair - Add logic to handle password protected or broken key (#64436) * The ssh key may be created manually prior the task execution with a passphrase. And the task will be executed on the same key. * The ssh key may be broken and not usable. The module will check the private key and if the key is password protected or broken, it will be overridden. The check of the ssh key performed by retrieve the public key from the private key. Set the "self.force" check before the "isPrivateKeyValid" check. In case of any issue with the "isPrivateKeyValid" function, the user will be able to force the regeneration of the key with the "force: yes" argument. 2019-12-02 09:12:38 +02:00			`- name: Generate password protected key`
			`command: 'ssh-keygen -f {{ output_dir }}/privatekey8 -N password'`

Do fail instead of regenerate for password protected and invalid keys. (#65638) 2020-02-02 13:54:28 +01:00			`- name: Try to modify the password protected key - should fail`
openssh_keypair - Add logic to handle password protected or broken key (#64436) * The ssh key may be created manually prior the task execution with a passphrase. And the task will be executed on the same key. * The ssh key may be broken and not usable. The module will check the private key and if the key is password protected or broken, it will be overridden. The check of the ssh key performed by retrieve the public key from the private key. Set the "self.force" check before the "isPrivateKeyValid" check. In case of any issue with the "isPrivateKeyValid" function, the user will be able to force the regeneration of the key with the "force: yes" argument. 2019-12-02 09:12:38 +02:00			`openssh_keypair:`
			`path: '{{ output_dir }}/privatekey8'`
			`register: privatekey8_result`
Do fail instead of regenerate for password protected and invalid keys. (#65638) 2020-02-02 13:54:28 +01:00			`ignore_errors: yes`

			`- name: Try to modify the password protected key with force=yes`
			`openssh_keypair:`
			`path: '{{ output_dir }}/privatekey8'`
			`force: yes`
			`register: privatekey8_result_force`
openssh_keypair - Add logic to handle password protected or broken key (#64436) * The ssh key may be created manually prior the task execution with a passphrase. And the task will be executed on the same key. * The ssh key may be broken and not usable. The module will check the private key and if the key is password protected or broken, it will be overridden. The check of the ssh key performed by retrieve the public key from the private key. Set the "self.force" check before the "isPrivateKeyValid" check. In case of any issue with the "isPrivateKeyValid" function, the user will be able to force the regeneration of the key with the "force: yes" argument. 2019-12-02 09:12:38 +02:00
Add openssh_keypair module (#46436) * add openssh_keypair module 2018-10-24 12:51:45 +02:00			`- import_tasks: ../tests/validate.yml`