ansible/test/integration/targets/openssl_pkcs12/tasks/impl.yml
Felix Fontein d6fb9da8ed
openssl_* modules: allow direct input and output for some files (#65400)
* Allow to return generated object.

* Use slurp module instead of file lookup + b64encode.

* Rename return_xxx_content -> return_content.
2020-02-02 12:42:52 +01:00

254 lines
7.9 KiB
YAML

---
- block:
- name: 'Generate privatekey'
openssl_privatekey:
path: "{{ output_dir }}/ansible_pkey.pem"
- name: 'Generate privatekey2'
openssl_privatekey:
path: "{{ output_dir }}/ansible_pkey2.pem"
- name: 'Generate privatekey3'
openssl_privatekey:
path: "{{ output_dir }}/ansible_pkey3.pem"
- name: 'Generate CSR'
openssl_csr:
path: "{{ output_dir }}/ansible.csr"
privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
commonName: 'www.ansible.com'
- name: 'Generate CSR 2'
openssl_csr:
path: "{{ output_dir }}/ansible2.csr"
privatekey_path: "{{ output_dir }}/ansible_pkey2.pem"
commonName: 'www2.ansible.com'
- name: 'Generate CSR 3'
openssl_csr:
path: "{{ output_dir }}/ansible3.csr"
privatekey_path: "{{ output_dir }}/ansible_pkey3.pem"
commonName: 'www3.ansible.com'
- name: 'Generate certificate'
openssl_certificate:
path: "{{ output_dir }}/{{ item.name }}.crt"
privatekey_path: "{{ output_dir }}/{{ item.pkey }}"
csr_path: "{{ output_dir }}/{{ item.name }}.csr"
provider: selfsigned
loop:
- name: ansible
pkey: ansible_pkey.pem
- name: ansible2
pkey: ansible_pkey2.pem
- name: ansible3
pkey: ansible_pkey3.pem
- name: 'Generate PKCS#12 file'
openssl_pkcs12:
path: "{{ output_dir }}/ansible.p12"
friendly_name: 'abracadabra'
privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
certificate_path: "{{ output_dir }}/ansible.crt"
state: present
return_content: yes
register: p12_standard
- name: 'Generate PKCS#12 file again, idempotency'
openssl_pkcs12:
path: "{{ output_dir }}/ansible.p12"
friendly_name: 'abracadabra'
privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
certificate_path: "{{ output_dir }}/ansible.crt"
state: present
return_content: yes
register: p12_standard_idempotency
- name: Read ansible.p12
slurp:
src: "{{ output_dir }}/ansible.p12"
register: ansible_p12_content
- name: 'Validate PKCS#12'
assert:
that:
- p12_standard.pkcs12 == ansible_p12_content.content
- p12_standard_idempotency.pkcs12 == p12_standard.pkcs12
- name: 'Generate PKCS#12 file (force)'
openssl_pkcs12:
path: "{{ output_dir }}/ansible.p12"
friendly_name: 'abracadabra'
privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
certificate_path: "{{ output_dir }}/ansible.crt"
state: present
force: True
register: p12_force
- name: 'Generate PKCS#12 file (force + change mode)'
openssl_pkcs12:
path: "{{ output_dir }}/ansible.p12"
friendly_name: 'abracadabra'
privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
certificate_path: "{{ output_dir }}/ansible.crt"
state: present
force: True
mode: 0644
register: p12_force_and_mode
- name: 'Dump PKCS#12'
openssl_pkcs12:
src: "{{ output_dir }}/ansible.p12"
path: "{{ output_dir }}/ansible_parse.pem"
action: 'parse'
state: 'present'
- name: 'Generate PKCS#12 file with multiple certs'
openssl_pkcs12:
path: "{{ output_dir }}/ansible_multi_certs.p12"
friendly_name: 'abracadabra'
privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
certificate_path: "{{ output_dir }}/ansible.crt"
ca_certificates:
- "{{ output_dir }}/ansible2.crt"
- "{{ output_dir }}/ansible3.crt"
state: present
register: p12_multiple_certs
- name: 'Generate PKCS#12 file with multiple certs, again (idempotency)'
openssl_pkcs12:
path: "{{ output_dir }}/ansible_multi_certs.p12"
friendly_name: 'abracadabra'
privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
certificate_path: "{{ output_dir }}/ansible.crt"
ca_certificates:
- "{{ output_dir }}/ansible2.crt"
- "{{ output_dir }}/ansible3.crt"
state: present
register: p12_multiple_certs_idempotency
- name: 'Dump PKCS#12 with multiple certs'
openssl_pkcs12:
src: "{{ output_dir }}/ansible_multi_certs.p12"
path: "{{ output_dir }}/ansible_parse_multi_certs.pem"
action: 'parse'
state: 'present'
- name: Generate privatekey with password
openssl_privatekey:
path: '{{ output_dir }}/privatekeypw.pem'
passphrase: hunter2
cipher: auto
select_crypto_backend: cryptography
- name: 'Generate PKCS#12 file (password fail 1)'
openssl_pkcs12:
path: "{{ output_dir }}/ansible_pw1.p12"
friendly_name: 'abracadabra'
privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
privatekey_passphrase: hunter2
certificate_path: "{{ output_dir }}/ansible.crt"
state: present
ignore_errors: yes
register: passphrase_error_1
- name: 'Generate PKCS#12 file (password fail 2)'
openssl_pkcs12:
path: "{{ output_dir }}/ansible_pw2.p12"
friendly_name: 'abracadabra'
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
privatekey_passphrase: wrong_password
certificate_path: "{{ output_dir }}/ansible.crt"
state: present
ignore_errors: yes
register: passphrase_error_2
- name: 'Generate PKCS#12 file (password fail 3)'
openssl_pkcs12:
path: "{{ output_dir }}/ansible_pw3.p12"
friendly_name: 'abracadabra'
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
certificate_path: "{{ output_dir }}/ansible.crt"
state: present
ignore_errors: yes
register: passphrase_error_3
- name: 'Generate PKCS#12 file, no privatekey'
openssl_pkcs12:
path: "{{ output_dir }}/ansible_no_pkey.p12"
friendly_name: 'abracadabra'
certificate_path: "{{ output_dir }}/ansible.crt"
state: present
register: p12_no_pkey
- name: 'Create broken PKCS#12'
copy:
dest: "{{ output_dir }}/broken.p12"
content: "broken"
- name: 'Regenerate broken PKCS#12'
openssl_pkcs12:
path: "{{ output_dir }}/broken.p12"
friendly_name: 'abracadabra'
privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
certificate_path: "{{ output_dir }}/ansible.crt"
state: present
force: True
mode: 0644
register: output_broken
- name: 'Generate PKCS#12 file'
openssl_pkcs12:
path: "{{ output_dir }}/ansible_backup.p12"
friendly_name: 'abracadabra'
privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
certificate_path: "{{ output_dir }}/ansible.crt"
state: present
backup: yes
register: p12_backup_1
- name: 'Generate PKCS#12 file (idempotent)'
openssl_pkcs12:
path: "{{ output_dir }}/ansible_backup.p12"
friendly_name: 'abracadabra'
privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
certificate_path: "{{ output_dir }}/ansible.crt"
state: present
backup: yes
register: p12_backup_2
- name: 'Generate PKCS#12 file (change)'
openssl_pkcs12:
path: "{{ output_dir }}/ansible_backup.p12"
friendly_name: 'abra'
privatekey_path: "{{ output_dir }}/ansible_pkey.pem"
certificate_path: "{{ output_dir }}/ansible.crt"
state: present
force: yes # FIXME: idempotency does not work, so we have to force! (https://github.com/ansible/ansible/issues/53221)
backup: yes
register: p12_backup_3
- name: 'Generate PKCS#12 file (remove)'
openssl_pkcs12:
path: "{{ output_dir }}/ansible_backup.p12"
state: absent
backup: yes
return_content: yes
register: p12_backup_4
- name: 'Generate PKCS#12 file (remove, idempotent)'
openssl_pkcs12:
path: "{{ output_dir }}/ansible_backup.p12"
state: absent
backup: yes
register: p12_backup_5
- import_tasks: ../tests/validate.yml
always:
- name: 'Delete PKCS#12 file'
openssl_pkcs12:
state: absent
path: '{{ output_dir }}/{{ item }}.p12'
loop:
- 'ansible'
- 'ansible_no_pkey'
- 'ansible_multi_certs'
- 'ansible_pw1'
- 'ansible_pw2'
- 'ansible_pw3'