cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
ansible/test/integration/targets/openssl_privatekey_info/tasks/main.yml
Felix Fontein 7a16703dff Add openssl_privatekey_info module (#54845) 
* Add openssl_privatekey_info module.

* Addressing review feedback.

* Update docs.

* Update tests.

* Work around too broad sanity checks.

* ...

* Don't die when None is returned.

* Use OpenSSL to extract RSA and DSA key data.

* Extend tests.

* Make OpenSSL code compatible to OpenSSL < 1.1.

* Rewrite tests to use result dicts instead of result lists.

* Skip ECC for too old PyOpenSSL.

* Reformulate.

* Improve return_private_key_data docs.

* Rename path_content -> content.

* Add sample.

* Cleanup.

* Add key consistency check.

* Improve description.

* Adjust minimal version.

* Fallback code for some pyOpenSSL < 16.0 versions.

* Also support Ed25519 and Ed448 keys (or not).

* Add more consistency checks.

* Verify DSA keys manually.

* Improve DSA key validation.

* Forgot one condition.

* Make validation more robust.

* Move generic arithmetic code to module_utils/crypto.py.
2019-04-08 10:07:56 +02:00

70 lines
2 KiB
YAML
Raw Blame History

---
- name: Generate privatekey 1
openssl_privatekey:
path: '{{ output_dir }}/privatekey_1.pem'
- name: Generate privatekey 2 (less bits)
openssl_privatekey:
path: '{{ output_dir }}/privatekey_2.pem'
type: RSA
size: 2048
- name: Generate privatekey 3 (with password)
openssl_privatekey:
path: '{{ output_dir }}/privatekey_3.pem'
passphrase: hunter2
cipher: auto
select_crypto_backend: cryptography
- name: Generate privatekey 4 (ECC)
openssl_privatekey:
path: '{{ output_dir }}/privatekey_4.pem'
type: ECC
curve: "{{ (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') | ternary('secp521r1', 'secp256k1') }}"
# ^ cryptography on CentOS6 doesn't support secp256k1, so we use secp521r1 instead
select_crypto_backend: cryptography
- name: Generate privatekey 5 (DSA)
openssl_privatekey:
path: '{{ output_dir }}/privatekey_5.pem'
type: DSA
size: 1024
- name: Prepare result list
set_fact:
info_results: {}
- name: Running tests with pyOpenSSL backend
include_tasks: impl.yml
vars:
select_crypto_backend: pyopenssl
when: pyopenssl_version.stdout is version('0.15', '>=')
- name: Prepare result list
set_fact:
pyopenssl_info_results: "{{ info_results }}"
info_results: {}
- name: Running tests with cryptography backend
include_tasks: impl.yml
vars:
select_crypto_backend: cryptography
when: cryptography_version.stdout is version('1.2.3', '>=')
- name: Prepare result list
set_fact:
cryptography_info_results: "{{ info_results }}"
- block:
- name: Dump pyOpenSSL results
debug:
var: pyopenssl_info_results
- name: Dump cryptography results
debug:
var: cryptography_info_results
- name: Compare results
assert:
that:
- pyopenssl_info_results[item] == cryptography_info_results[item]
loop: "{{ pyopenssl_info_results.keys() | intersect(cryptography_info_results.keys()) | list }}"
when: pyopenssl_version.stdout is version('0.15', '>=') and cryptography_version.stdout is version('1.2.3', '>=')
Reference in a new issue View git blame Copy permalink