132 lines
3.7 KiB
YAML
132 lines
3.7 KiB
YAML
---
|
|
- name: Log privatekey1 return values
|
|
debug:
|
|
var: privatekey1_result
|
|
|
|
- name: Validate privatekey1 return fingerprint
|
|
assert:
|
|
that:
|
|
- privatekey1_result["fingerprint"] is string
|
|
- privatekey1_result["fingerprint"].startswith("SHA256:")
|
|
# only distro old enough that it still gives md5 with no prefix
|
|
when: ansible_distribution != 'CentOS' and ansible_distribution_major_version != '6'
|
|
|
|
- name: Validate privatekey1 return public_key
|
|
assert:
|
|
that:
|
|
- privatekey1_result["public_key"] is string
|
|
- privatekey1_result["public_key"].startswith("ssh-rsa ")
|
|
|
|
- name: Validate privatekey1 return size value
|
|
assert:
|
|
that:
|
|
- privatekey1_result["size"]|type_debug == 'int'
|
|
- privatekey1_result["size"] == 4096
|
|
|
|
- name: Validate privatekey1 return key type
|
|
assert:
|
|
that:
|
|
- privatekey1_result["type"] is string
|
|
- privatekey1_result["type"] == "rsa"
|
|
|
|
- name: Validate privatekey1 (test - RSA key with size 4096 bits)
|
|
shell: "ssh-keygen -lf {{ output_dir }}/privatekey1 | grep -o -E '^[0-9]+'"
|
|
register: privatekey1
|
|
|
|
- name: Validate privatekey1 (assert - RSA key with size 4096 bits)
|
|
assert:
|
|
that:
|
|
- privatekey1.stdout == '4096'
|
|
|
|
- name: Validate privatekey1 idempotence
|
|
assert:
|
|
that:
|
|
- privatekey1_idem_result is not changed
|
|
|
|
|
|
- name: Validate privatekey2 (test - RSA key with size 2048 bits)
|
|
shell: "ssh-keygen -lf {{ output_dir }}/privatekey2 | grep -o -E '^[0-9]+'"
|
|
register: privatekey2
|
|
|
|
- name: Validate privatekey2 (assert - RSA key with size 2048 bits)
|
|
assert:
|
|
that:
|
|
- privatekey2.stdout == '2048'
|
|
|
|
|
|
- name: Validate privatekey3 (test - DSA key with size 1024 bits)
|
|
shell: "ssh-keygen -lf {{ output_dir }}/privatekey3 | grep -o -E '^[0-9]+'"
|
|
register: privatekey3
|
|
|
|
- name: Validate privatekey3 (assert - DSA key with size 4096 bits)
|
|
assert:
|
|
that:
|
|
- privatekey3.stdout == '1024'
|
|
|
|
|
|
- name: Validate privatekey4 (test - Ensure key has been removed)
|
|
stat:
|
|
path: '{{ output_dir }}/privatekey4'
|
|
register: privatekey4
|
|
|
|
- name: Validate privatekey4 (assert - Ensure key has been removed)
|
|
assert:
|
|
that:
|
|
- privatekey4.stat.exists == False
|
|
|
|
|
|
- name: Validate privatekey5 (assert - Public key module output equal to the public key on host)
|
|
assert:
|
|
that:
|
|
- "publickey_gen.public_key == lookup('file', output_dir ~ '/privatekey5.pub').strip('\n')"
|
|
|
|
- name: Verify that privatekey6 will be regenerated via force
|
|
assert:
|
|
that:
|
|
- output_regenerated_via_force is changed
|
|
|
|
|
|
- name: Verify that broken key will cause failure
|
|
assert:
|
|
that:
|
|
- output_broken is failed
|
|
- "'Unable to read the key. The key is protected with a passphrase or broken.' in output_broken.msg"
|
|
|
|
|
|
- name: Verify that broken key will be regenerated if force=yes is specified
|
|
assert:
|
|
that:
|
|
- output_broken_force is changed
|
|
|
|
|
|
- name: Verify that read-only key will be regenerated
|
|
assert:
|
|
that:
|
|
- output_read_only is changed
|
|
|
|
|
|
- name: Validate privatekey7 (assert - Public key remains the same after comment change)
|
|
assert:
|
|
that:
|
|
- privatekey7_result.public_key == privatekey7_modified_result.public_key
|
|
|
|
- name: Validate privatekey7 comment on creation
|
|
assert:
|
|
that:
|
|
- privatekey7_result.comment == 'test@privatekey7'
|
|
|
|
- name: Validate privatekey7 comment update
|
|
assert:
|
|
that:
|
|
- privatekey7_modified_result.comment == 'test_modified@privatekey7'
|
|
|
|
- name: Check that password protected key made module fail
|
|
assert:
|
|
that:
|
|
- privatekey8_result is failed
|
|
- "'Unable to read the key. The key is protected with a passphrase or broken.' in privatekey8_result.msg"
|
|
|
|
- name: Check that password protected key was regenerated with force=yes
|
|
assert:
|
|
that:
|
|
- privatekey8_result_force is changed
|