--- - name: Create CRL 1 (check mode) x509_crl: path: '{{ output_dir }}/ca-crl1.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ output_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z check_mode: yes register: crl_1_check - name: Create CRL 1 x509_crl: path: '{{ output_dir }}/ca-crl1.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ output_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z register: crl_1 - name: Create CRL 1 (idempotent, check mode) x509_crl: path: '{{ output_dir }}/ca-crl1.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ output_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z check_mode: yes register: crl_1_idem_check - name: Create CRL 1 (idempotent) x509_crl: path: '{{ output_dir }}/ca-crl1.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' revocation_date: 20191013000000Z - path: '{{ output_dir }}/cert-2.pem' revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z register: crl_1_idem - name: Create CRL 1 (idempotent with content, check mode) x509_crl: path: '{{ output_dir }}/ca-crl1.crl' privatekey_content: "{{ lookup('file', output_dir ~ '/ca.key') }}" issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - content: "{{ lookup('file', output_dir ~ '/cert-1.pem') }}" revocation_date: 20191013000000Z - content: "{{ lookup('file', output_dir ~ '/cert-2.pem') }}" revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z check_mode: yes register: crl_1_idem_content_check - name: Create CRL 1 (idempotent with content) x509_crl: path: '{{ output_dir }}/ca-crl1.crl' privatekey_content: "{{ lookup('file', output_dir ~ '/ca.key') }}" issuer: CN: Ansible last_update: 20191013000000Z next_update: 20191113000000Z revoked_certificates: - content: "{{ lookup('file', output_dir ~ '/cert-1.pem') }}" revocation_date: 20191013000000Z - content: "{{ lookup('file', output_dir ~ '/cert-2.pem') }}" revocation_date: 20191013000000Z reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 revocation_date: 20191001000000Z register: crl_1_idem_content - name: Create CRL 2 (check mode) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' - path: '{{ output_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 check_mode: yes register: crl_2_check - name: Create CRL 2 x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' - path: '{{ output_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 register: crl_2 - name: Create CRL 2 (idempotent, check mode) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' - path: '{{ output_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 ignore_timestamps: yes check_mode: yes register: crl_2_idem_check - name: Create CRL 2 (idempotent) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - path: '{{ output_dir }}/cert-1.pem' - path: '{{ output_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z - serial_number: 1234 ignore_timestamps: yes register: crl_2_idem - name: Create CRL 2 (idempotent update, check mode) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - serial_number: 1235 ignore_timestamps: yes mode: update check_mode: yes register: crl_2_idem_update_change_check - name: Create CRL 2 (idempotent update) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - serial_number: 1235 ignore_timestamps: yes mode: update register: crl_2_idem_update_change - name: Create CRL 2 (idempotent update, check mode) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - path: '{{ output_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z ignore_timestamps: yes mode: update check_mode: yes register: crl_2_idem_update_check - name: Create CRL 2 (idempotent update) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - path: '{{ output_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z ignore_timestamps: yes mode: update register: crl_2_idem_update - name: Create CRL 2 (changed timestamps, check mode) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - path: '{{ output_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z ignore_timestamps: no mode: update check_mode: yes register: crl_2_change_check - name: Create CRL 2 (changed timestamps) x509_crl: path: '{{ output_dir }}/ca-crl2.crl' privatekey_path: '{{ output_dir }}/ca.key' issuer: CN: Ansible last_update: +0d next_update: +0d revoked_certificates: - path: '{{ output_dir }}/cert-2.pem' reason: key_compromise reason_critical: yes invalidity_date: 20191012000000Z ignore_timestamps: no mode: update return_content: yes register: crl_2_change