ansible/test/integration/targets/x509_crl/tasks/impl.yml

---
- name: Create CRL 1 (check mode)
  x509_crl:
    path: '{{ output_dir }}/ca-crl1.crl'
    privatekey_path: '{{ output_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: 20191013000000Z
    next_update: 20191113000000Z
    revoked_certificates:
      - path: '{{ output_dir }}/cert-1.pem'
        revocation_date: 20191013000000Z
      - path: '{{ output_dir }}/cert-2.pem'
        revocation_date: 20191013000000Z
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
        revocation_date: 20191001000000Z
  check_mode: yes
  register: crl_1_check
- name: Create CRL 1
  x509_crl:
    path: '{{ output_dir }}/ca-crl1.crl'
    privatekey_path: '{{ output_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: 20191013000000Z
    next_update: 20191113000000Z
    revoked_certificates:
      - path: '{{ output_dir }}/cert-1.pem'
        revocation_date: 20191013000000Z
      - path: '{{ output_dir }}/cert-2.pem'
        revocation_date: 20191013000000Z
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
        revocation_date: 20191001000000Z
  register: crl_1
- name: Create CRL 1 (idempotent, check mode)
  x509_crl:
    path: '{{ output_dir }}/ca-crl1.crl'
    privatekey_path: '{{ output_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: 20191013000000Z
    next_update: 20191113000000Z
    revoked_certificates:
      - path: '{{ output_dir }}/cert-1.pem'
        revocation_date: 20191013000000Z
      - path: '{{ output_dir }}/cert-2.pem'
        revocation_date: 20191013000000Z
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
        revocation_date: 20191001000000Z
  check_mode: yes
  register: crl_1_idem_check
- name: Create CRL 1 (idempotent)
  x509_crl:
    path: '{{ output_dir }}/ca-crl1.crl'
    privatekey_path: '{{ output_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: 20191013000000Z
    next_update: 20191113000000Z
    revoked_certificates:
      - path: '{{ output_dir }}/cert-1.pem'
        revocation_date: 20191013000000Z
      - path: '{{ output_dir }}/cert-2.pem'
        revocation_date: 20191013000000Z
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
        revocation_date: 20191001000000Z
  register: crl_1_idem
- name: Create CRL 1 (idempotent with content, check mode)
  x509_crl:
    path: '{{ output_dir }}/ca-crl1.crl'
    privatekey_content: "{{ lookup('file', output_dir ~ '/ca.key') }}"
    issuer:
      CN: Ansible
    last_update: 20191013000000Z
    next_update: 20191113000000Z
    revoked_certificates:
      - content: "{{ lookup('file', output_dir ~ '/cert-1.pem') }}"
        revocation_date: 20191013000000Z
      - content: "{{ lookup('file', output_dir ~ '/cert-2.pem') }}"
        revocation_date: 20191013000000Z
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
        revocation_date: 20191001000000Z
  check_mode: yes
  register: crl_1_idem_content_check
- name: Create CRL 1 (idempotent with content)
  x509_crl:
    path: '{{ output_dir }}/ca-crl1.crl'
    privatekey_content: "{{ lookup('file', output_dir ~ '/ca.key') }}"
    issuer:
      CN: Ansible
    last_update: 20191013000000Z
    next_update: 20191113000000Z
    revoked_certificates:
      - content: "{{ lookup('file', output_dir ~ '/cert-1.pem') }}"
        revocation_date: 20191013000000Z
      - content: "{{ lookup('file', output_dir ~ '/cert-2.pem') }}"
        revocation_date: 20191013000000Z
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
        revocation_date: 20191001000000Z
  register: crl_1_idem_content

- name: Create CRL 2 (check mode)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
    privatekey_path: '{{ output_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ output_dir }}/cert-1.pem'
      - path: '{{ output_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
  check_mode: yes
  register: crl_2_check
- name: Create CRL 2
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
    privatekey_path: '{{ output_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ output_dir }}/cert-1.pem'
      - path: '{{ output_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
  register: crl_2
- name: Create CRL 2 (idempotent, check mode)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
    privatekey_path: '{{ output_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ output_dir }}/cert-1.pem'
      - path: '{{ output_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
    ignore_timestamps: yes
  check_mode: yes
  register: crl_2_idem_check
- name: Create CRL 2 (idempotent)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
    privatekey_path: '{{ output_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ output_dir }}/cert-1.pem'
      - path: '{{ output_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
      - serial_number: 1234
    ignore_timestamps: yes
  register: crl_2_idem
- name: Create CRL 2 (idempotent update, check mode)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
    privatekey_path: '{{ output_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - serial_number: 1235
    ignore_timestamps: yes
    mode: update
  check_mode: yes
  register: crl_2_idem_update_change_check
- name: Create CRL 2 (idempotent update)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
    privatekey_path: '{{ output_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - serial_number: 1235
    ignore_timestamps: yes
    mode: update
  register: crl_2_idem_update_change
- name: Create CRL 2 (idempotent update, check mode)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
    privatekey_path: '{{ output_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ output_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
    ignore_timestamps: yes
    mode: update
  check_mode: yes
  register: crl_2_idem_update_check
- name: Create CRL 2 (idempotent update)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
    privatekey_path: '{{ output_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ output_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
    ignore_timestamps: yes
    mode: update
  register: crl_2_idem_update
- name: Create CRL 2 (changed timestamps, check mode)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
    privatekey_path: '{{ output_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ output_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
    ignore_timestamps: no
    mode: update
  check_mode: yes
  register: crl_2_change_check
- name: Create CRL 2 (changed timestamps)
  x509_crl:
    path: '{{ output_dir }}/ca-crl2.crl'
    privatekey_path: '{{ output_dir }}/ca.key'
    issuer:
      CN: Ansible
    last_update: +0d
    next_update: +0d
    revoked_certificates:
      - path: '{{ output_dir }}/cert-2.pem'
        reason: key_compromise
        reason_critical: yes
        invalidity_date: 20191012000000Z
    ignore_timestamps: no
    mode: update
    return_content: yes
  register: crl_2_change