diff --git a/test/integration/targets/acme_account/tasks/impl.yml b/test/integration/targets/acme_account/tasks/impl.yml index ee9229321b2..04bdca7cc86 100644 --- a/test/integration/targets/acme_account/tasks/impl.yml +++ b/test/integration/targets/acme_account/tasks/impl.yml @@ -56,6 +56,30 @@ - mailto:example@example.com register: account_modified_idempotent +- name: Clear contact email addresses + acme_account: + select_crypto_backend: "{{ select_crypto_backend }}" + account_key_src: "{{ output_dir }}/accountkey.pem" + acme_version: 2 + acme_directory: https://{{ acme_host }}:14000/dir + validate_certs: no + state: present + # allow_creation: no + contact: [] + register: account_modified_2 + +- name: Clear contact email addresses (idempotent) + acme_account: + select_crypto_backend: "{{ select_crypto_backend }}" + account_key_src: "{{ output_dir }}/accountkey.pem" + acme_version: 2 + acme_directory: https://{{ acme_host }}:14000/dir + validate_certs: no + state: present + # allow_creation: no + contact: [] + register: account_modified_2_idempotent + - name: Generate new account key command: openssl ecparam -name secp384r1 -genkey -out {{ output_dir }}/accountkey2.pem diff --git a/test/integration/targets/acme_account/tests/validate.yml b/test/integration/targets/acme_account/tests/validate.yml index 70bba0d6954..d8ee9950a16 100644 --- a/test/integration/targets/acme_account/tests/validate.yml +++ b/test/integration/targets/acme_account/tests/validate.yml @@ -22,6 +22,18 @@ - account_modified_idempotent is not changed - account_modified_idempotent.account_uri is not none +- name: Validate that email address was cleared + assert: + that: + - account_modified_2 is changed + - account_modified_2.account_uri is not none + +- name: Validate that email address was not cleared a second time (idempotency) + assert: + that: + - account_modified_2_idempotent is not changed + - account_modified_2_idempotent.account_uri is not none + # Note that pebble has no change key endpoint implemented yet! # When it has (and the container was updated), uncomment the # following validations, and delete the ones below the diff --git a/test/integration/targets/acme_certificate/tasks/impl.yml b/test/integration/targets/acme_certificate/tasks/impl.yml index b9c037dd29a..34f4c1d62a9 100644 --- a/test/integration/targets/acme_certificate/tasks/impl.yml +++ b/test/integration/targets/acme_certificate/tasks/impl.yml @@ -196,27 +196,27 @@ ## DISSECT CERTIFICATES ####################################################################### # Make sure certificates are valid. Root certificate for Pebble equals the chain certificate. - name: Verifying cert 1 - command: openssl verify -CAfile "{{ output_dir }}/cert-1-chain.pem" "{{ output_dir }}/cert-1.pem" + command: openssl verify -CAfile "{{ output_dir }}/cert-1-root.pem" -untrusted "{{ output_dir }}/cert-1-chain.pem" "{{ output_dir }}/cert-1.pem" ignore_errors: yes register: cert_1_valid - name: Verifying cert 2 - command: openssl verify -CAfile "{{ output_dir }}/cert-2-chain.pem" "{{ output_dir }}/cert-2.pem" + command: openssl verify -CAfile "{{ output_dir }}/cert-2-root.pem" -untrusted "{{ output_dir }}/cert-2-chain.pem" "{{ output_dir }}/cert-2.pem" ignore_errors: yes register: cert_2_valid - name: Verifying cert 3 - command: openssl verify -CAfile "{{ output_dir }}/cert-3-chain.pem" "{{ output_dir }}/cert-3.pem" + command: openssl verify -CAfile "{{ output_dir }}/cert-3-root.pem" -untrusted "{{ output_dir }}/cert-3-chain.pem" "{{ output_dir }}/cert-3.pem" ignore_errors: yes register: cert_3_valid - name: Verifying cert 4 - command: openssl verify -CAfile "{{ output_dir }}/cert-4-chain.pem" "{{ output_dir }}/cert-4.pem" + command: openssl verify -CAfile "{{ output_dir }}/cert-4-root.pem" -untrusted "{{ output_dir }}/cert-4-chain.pem" "{{ output_dir }}/cert-4.pem" ignore_errors: yes register: cert_4_valid - name: Verifying cert 5 - command: openssl verify -CAfile "{{ output_dir }}/cert-5-chain.pem" "{{ output_dir }}/cert-5.pem" + command: openssl verify -CAfile "{{ output_dir }}/cert-5-root.pem" -untrusted "{{ output_dir }}/cert-5-chain.pem" "{{ output_dir }}/cert-5.pem" ignore_errors: yes register: cert_5_valid - name: Verifying cert 6 - command: openssl verify -CAfile "{{ output_dir }}/cert-6-chain.pem" "{{ output_dir }}/cert-6.pem" + command: openssl verify -CAfile "{{ output_dir }}/cert-6-root.pem" -untrusted "{{ output_dir }}/cert-6-chain.pem" "{{ output_dir }}/cert-6.pem" ignore_errors: yes register: cert_6_valid # Dump certificate info diff --git a/test/integration/targets/setup_acme/tasks/obtain-cert.yml b/test/integration/targets/setup_acme/tasks/obtain-cert.yml index 70a93d923b6..3df3ce5c03a 100644 --- a/test/integration/targets/setup_acme/tasks/obtain-cert.yml +++ b/test/integration/targets/setup_acme/tasks/obtain-cert.yml @@ -87,7 +87,7 @@ when: "challenge_data is changed and challenge == 'dns-01'" - name: ({{ certgen_title }}) Create TLS ALPN challenges uri: - url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.value['tls-alpn-01'].resource }}" + url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.value['tls-alpn-01'].resource }}/der-value-b64" method: PUT body_format: raw body: "{{ item.value['tls-alpn-01'].resource_value }}" @@ -154,4 +154,8 @@ method: DELETE with_dict: "{{ challenge_data.challenge_data }}" when: "challenge_data is changed and challenge == 'tls-alpn-01'" +- name: ({{ certgen_title }}) Get root certificate + get_url: + url: "http://{{ acme_host }}:5000/root-certificate-for-ca" + dest: "{{ output_dir }}/{{ certificate_name }}-root.pem" ############################################################################################### diff --git a/test/runner/lib/cloud/acme.py b/test/runner/lib/cloud/acme.py index f7db4b78568..8a04c2af351 100644 --- a/test/runner/lib/cloud/acme.py +++ b/test/runner/lib/cloud/acme.py @@ -50,7 +50,7 @@ class ACMEProvider(CloudProvider): if os.environ.get('ANSIBLE_ACME_CONTAINER'): self.image = os.environ.get('ANSIBLE_ACME_CONTAINER') else: - self.image = 'quay.io/ansible/acme-test-container:1.1.0' + self.image = 'quay.io/ansible/acme-test-container:1.2.0' self.container_name = '' def _wait_for_service(self, protocol, acme_host, port, local_part, name):