6469baf460
* Added get_certificate module. * Fixed test against bogus_ca.pem file
99 lines
2.4 KiB
YAML
99 lines
2.4 KiB
YAML
- name: Get servers certificate
|
|
get_certificate:
|
|
host: "{{ httpbin_host }}"
|
|
port: 443
|
|
register: result
|
|
|
|
- debug: var=result
|
|
|
|
- assert:
|
|
that:
|
|
# This module should never change anything
|
|
- result is not changed
|
|
- result is not failed
|
|
# We got the correct ST from the cert
|
|
- "'North Carolina' == result.subject.ST"
|
|
|
|
- name: Connect to http port (will fail because there is no SSL cert to get)
|
|
get_certificate:
|
|
host: "{{ httpbin_host }}"
|
|
port: 80
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- assert:
|
|
that:
|
|
- result is not changed
|
|
- result is failed
|
|
# We got the expected error message
|
|
- "'The handshake operation timed out' in result.msg or 'unknown protocol' in result.msg or 'wrong version number' in result.msg"
|
|
|
|
- name: Test timeout option
|
|
get_certificate:
|
|
host: "{{ httpbin_host }}"
|
|
port: 1234
|
|
timeout: 1
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- assert:
|
|
that:
|
|
- result is not changed
|
|
- result is failed
|
|
# We got the expected error message
|
|
- "'Failed to get cert from port with error: timed out' == result.msg or 'Connection refused' in result.msg"
|
|
|
|
- name: Test failure if ca_certs is not a valid file
|
|
get_certificate:
|
|
host: "{{ httpbin_host }}"
|
|
port: 443
|
|
ca_certs: dn.e
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- assert:
|
|
that:
|
|
- result is not changed
|
|
- result is failed
|
|
# We got the correct response from the module
|
|
- "'ca_certs file does not exist' == result.msg"
|
|
|
|
- name: Download CA Cert as pem from server
|
|
get_url:
|
|
url: "http://ansible.http.tests/cacert.pem"
|
|
dest: "{{ output_dir }}/temp.pem"
|
|
|
|
- name: Get servers certificate comparing it to its own ca_cert file
|
|
get_certificate:
|
|
ca_certs: '{{ output_dir }}/temp.pem'
|
|
host: "{{ httpbin_host }}"
|
|
port: 443
|
|
register: result
|
|
|
|
- assert:
|
|
that:
|
|
- result is not changed
|
|
- result is not failed
|
|
|
|
- name: Get a temp directory
|
|
tempfile:
|
|
state: directory
|
|
register: my_temp_dir
|
|
|
|
- name: Deploy the bogus_ca.pem file
|
|
copy:
|
|
src: "bogus_ca.pem"
|
|
dest: "{{ my_temp_dir.path }}/bogus_ca.pem"
|
|
|
|
- name: Get servers certificate comparing it to an invalid ca_cert file
|
|
get_certificate:
|
|
ca_certs: '{{ my_temp_dir.path }}/bogus_ca.pem'
|
|
host: "{{ httpbin_host }}"
|
|
port: 443
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- assert:
|
|
that:
|
|
- result is not changed
|
|
- result.failed
|