14bccef2c2
* Add ecs_domain module * Fixes to integration tests and module * Fixes to tests and module * Corrections to revalidation behavior, cna only revalidate domains in expiring. * Remove debugs for final test run, fix sanity check test fails. * Add checks for domain status * Add changelog fragment for new module. * Removed extra space in backtick * Minor fixes to make behavior more consistent and correct documentation. * Update lib/ansible/modules/crypto/entrust/ecs_domain.py Co-Authored-By: Felix Fontein <felix@fontein.de> * Update lib/ansible/modules/crypto/entrust/ecs_domain.py Co-Authored-By: Felix Fontein <felix@fontein.de> * Update lib/ansible/modules/crypto/entrust/ecs_domain.py Co-Authored-By: Felix Fontein <felix@fontein.de> * Apply suggestions from code review Co-Authored-By: Felix Fontein <felix@fontein.de> * Change casing of verification method enum, remove redundant changelog fragment * Return ov_eligible and ev_eligible fields even if false, as long as they're returned by ECS API
270 lines
10 KiB
YAML
270 lines
10 KiB
YAML
---
|
|
## Verify that integration_config was specified
|
|
- block:
|
|
- assert:
|
|
that:
|
|
- entrust_api_user is defined
|
|
- entrust_api_key is defined
|
|
- entrust_api_ip_address is defined
|
|
- entrust_cloud_ip_address is defined
|
|
- entrust_api_client_cert_path is defined or entrust_api_client_cert_contents is defined
|
|
- entrust_api_client_cert_key_path is defined or entrust_api_client_cert_key_contents
|
|
- cacerts_bundle_path_local is defined
|
|
|
|
## SET UP TEST ENVIRONMENT ########################################################################
|
|
- name: copy the files needed for verifying test server certificate to the host
|
|
copy:
|
|
src: '{{ cacerts_bundle_path_local }}/'
|
|
dest: '{{ cacerts_bundle_path }}'
|
|
|
|
- name: Update the CA certificates for our QA certs (collection may need updating if new QA environments used)
|
|
command: c_rehash {{ cacerts_bundle_path }}
|
|
|
|
- name: Update hosts file
|
|
lineinfile:
|
|
path: /etc/hosts
|
|
state: present
|
|
regexp: 'api.entrust.net$'
|
|
line: '{{ entrust_api_ip_address }} api.entrust.net'
|
|
|
|
- name: Update hosts file
|
|
lineinfile:
|
|
path: /etc/hosts
|
|
state: present
|
|
regexp: 'cloud.entrust.net$'
|
|
line: '{{ entrust_cloud_ip_address }} cloud.entrust.net'
|
|
|
|
- name: Clear out the temporary directory for storing the API connection information
|
|
file:
|
|
path: '{{ tmpdir_path }}'
|
|
state: absent
|
|
|
|
- name: Create a directory for storing the API connection Information
|
|
file:
|
|
path: '{{ tmpdir_path }}'
|
|
state: directory
|
|
|
|
- name: Copy the files needed for the connection to entrust API to the host
|
|
copy:
|
|
src: '{{ entrust_api_client_cert_path }}'
|
|
dest: '{{ entrust_api_cert }}'
|
|
|
|
- name: Copy the files needed for the connection to entrust API to the host
|
|
copy:
|
|
src: '{{ entrust_api_client_cert_key_path }}'
|
|
dest: '{{ entrust_api_cert_key }}'
|
|
|
|
- block:
|
|
- name: Have ECS request a domain validation via dns
|
|
ecs_domain:
|
|
domain_name: dns.{{ common_name }}
|
|
verification_method: dns
|
|
entrust_api_user: '{{ entrust_api_user }}'
|
|
entrust_api_key: '{{ entrust_api_key }}'
|
|
entrust_api_client_cert_path: '{{ entrust_api_cert }}'
|
|
entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
|
|
register: dns_result
|
|
|
|
- assert:
|
|
that:
|
|
- dns_result is not failed
|
|
- dns_result.changed
|
|
- dns_result.domain_status == 'INITIAL_VERIFICATION'
|
|
- dns_result.verification_method == 'dns'
|
|
- dns_result.dns_location is string
|
|
- dns_result.dns_contents is string
|
|
- dns_result.dns_resource_type is string
|
|
- dns_result.file_location is undefined
|
|
- dns_result.file_contents is undefined
|
|
- dns_result.emails is undefined
|
|
|
|
- name: Have ECS request a domain validation via web_server
|
|
ecs_domain:
|
|
domain_name: FILE.{{ common_name }}
|
|
verification_method: web_server
|
|
entrust_api_user: '{{ entrust_api_user }}'
|
|
entrust_api_key: '{{ entrust_api_key }}'
|
|
entrust_api_client_cert_path: '{{ entrust_api_cert }}'
|
|
entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
|
|
register: file_result
|
|
|
|
- assert:
|
|
that:
|
|
- file_result is not failed
|
|
- file_result.changed
|
|
- file_result.domain_status == 'INITIAL_VERIFICATION'
|
|
- file_result.verification_method == 'web_server'
|
|
- file_result.dns_location is undefined
|
|
- file_result.dns_contents is undefined
|
|
- file_result.dns_resource_type is undefined
|
|
- file_result.file_location is string
|
|
- file_result.file_contents is string
|
|
- file_result.emails is undefined
|
|
|
|
- name: Have ECS request a domain validation via email
|
|
ecs_domain:
|
|
domain_name: email.{{ common_name }}
|
|
verification_method: email
|
|
verification_email: admin@testcertificates.com
|
|
entrust_api_user: '{{ entrust_api_user }}'
|
|
entrust_api_key: '{{ entrust_api_key }}'
|
|
entrust_api_client_cert_path: '{{ entrust_api_cert }}'
|
|
entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
|
|
register: email_result
|
|
|
|
- assert:
|
|
that:
|
|
- email_result is not failed
|
|
- email_result.changed
|
|
- email_result.domain_status == 'INITIAL_VERIFICATION'
|
|
- email_result.verification_method == 'email'
|
|
- email_result.dns_location is undefined
|
|
- email_result.dns_contents is undefined
|
|
- email_result.dns_resource_type is undefined
|
|
- email_result.file_location is undefined
|
|
- email_result.file_contents is undefined
|
|
- email_result.emails[0] == 'admin@testcertificates.com'
|
|
|
|
- name: Have ECS request a domain validation via email with no address provided
|
|
ecs_domain:
|
|
domain_name: email2.{{ common_name }}
|
|
verification_method: email
|
|
entrust_api_user: '{{ entrust_api_user }}'
|
|
entrust_api_key: '{{ entrust_api_key }}'
|
|
entrust_api_client_cert_path: '{{ entrust_api_cert }}'
|
|
entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
|
|
register: email_result2
|
|
|
|
- assert:
|
|
that:
|
|
- email_result2 is not failed
|
|
- email_result2.changed
|
|
- email_result2.domain_status == 'INITIAL_VERIFICATION'
|
|
- email_result2.verification_method == 'email'
|
|
- email_result2.dns_location is undefined
|
|
- email_result2.dns_contents is undefined
|
|
- email_result2.dns_resource_type is undefined
|
|
- email_result2.file_location is undefined
|
|
- email_result2.file_contents is undefined
|
|
- email_result2.emails is defined
|
|
|
|
- name: Have ECS request a domain validation via manual
|
|
ecs_domain:
|
|
domain_name: manual.{{ common_name }}
|
|
verification_method: manual
|
|
entrust_api_user: '{{ entrust_api_user }}'
|
|
entrust_api_key: '{{ entrust_api_key }}'
|
|
entrust_api_client_cert_path: '{{ entrust_api_cert }}'
|
|
entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
|
|
register: manual_result
|
|
|
|
- assert:
|
|
that:
|
|
- manual_result is not failed
|
|
- manual_result.changed
|
|
- manual_result.domain_status == 'INITIAL_VERIFICATION'
|
|
- manual_result.verification_method == 'manual'
|
|
- manual_result.dns_location is undefined
|
|
- manual_result.dns_contents is undefined
|
|
- manual_result.dns_resource_type is undefined
|
|
- manual_result.file_location is undefined
|
|
- manual_result.file_contents is undefined
|
|
- manual_result.emails is undefined
|
|
|
|
- name: Have ECS request a domain validation via dns that remains unchanged
|
|
ecs_domain:
|
|
domain_name: dns.{{ common_name }}
|
|
verification_method: dns
|
|
entrust_api_user: '{{ entrust_api_user }}'
|
|
entrust_api_key: '{{ entrust_api_key }}'
|
|
entrust_api_client_cert_path: '{{ entrust_api_cert }}'
|
|
entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
|
|
register: dns_result2
|
|
|
|
- assert:
|
|
that:
|
|
- dns_result2 is not failed
|
|
- not dns_result2.changed
|
|
- dns_result2.domain_status == 'INITIAL_VERIFICATION'
|
|
- dns_result2.verification_method == 'dns'
|
|
- dns_result2.dns_location is string
|
|
- dns_result2.dns_contents is string
|
|
- dns_result2.dns_resource_type is string
|
|
- dns_result2.file_location is undefined
|
|
- dns_result2.file_contents is undefined
|
|
- dns_result2.emails is undefined
|
|
|
|
- name: Have ECS request a domain validation via FILE for dns, to change verification method
|
|
ecs_domain:
|
|
domain_name: dns.{{ common_name }}
|
|
verification_method: web_server
|
|
entrust_api_user: '{{ entrust_api_user }}'
|
|
entrust_api_key: '{{ entrust_api_key }}'
|
|
entrust_api_client_cert_path: '{{ entrust_api_cert }}'
|
|
entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
|
|
register: dns_result_now_file
|
|
|
|
- assert:
|
|
that:
|
|
- dns_result_now_file is not failed
|
|
- dns_result_now_file.changed
|
|
- dns_result_now_file.domain_status == 'INITIAL_VERIFICATION'
|
|
- dns_result_now_file.verification_method == 'web_server'
|
|
- dns_result_now_file.dns_location is undefined
|
|
- dns_result_now_file.dns_contents is undefined
|
|
- dns_result_now_file.dns_resource_type is undefined
|
|
- dns_result_now_file.file_location is string
|
|
- dns_result_now_file.file_contents is string
|
|
- dns_result_now_file.emails is undefined
|
|
|
|
- name: Request revalidation of an approved domain
|
|
ecs_domain:
|
|
domain_name: '{{ existing_domain_common_name }}'
|
|
verification_method: manual
|
|
entrust_api_user: '{{ entrust_api_user }}'
|
|
entrust_api_key: '{{ entrust_api_key }}'
|
|
entrust_api_client_cert_path: '{{ entrust_api_cert }}'
|
|
entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
|
|
register: manual_existing_domain
|
|
|
|
- assert:
|
|
that:
|
|
- manual_existing_domain is not failed
|
|
- not manual_existing_domain.changed
|
|
- manual_existing_domain.domain_status == 'RE_VERIFICATION'
|
|
- manual_existing_domain.dns_location is undefined
|
|
- manual_existing_domain.dns_contents is undefined
|
|
- manual_existing_domain.dns_resource_type is undefined
|
|
- manual_existing_domain.file_location is undefined
|
|
- manual_existing_domain.file_contents is undefined
|
|
- manual_existing_domain.emails is undefined
|
|
|
|
- name: Request revalidation of an approved domain
|
|
ecs_domain:
|
|
domain_name: '{{ existing_domain_common_name }}'
|
|
verification_method: web_server
|
|
entrust_api_user: '{{ entrust_api_user }}'
|
|
entrust_api_key: '{{ entrust_api_key }}'
|
|
entrust_api_client_cert_path: '{{ entrust_api_cert }}'
|
|
entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}'
|
|
register: file_existing_domain_revalidate
|
|
|
|
- assert:
|
|
that:
|
|
- file_existing_domain_revalidate is not failed
|
|
- file_existing_domain_revalidate.changed
|
|
- file_existing_domain_revalidate.domain_status == 'RE_VERIFICATION'
|
|
- file_existing_domain_revalidate.verification_method == 'web_server'
|
|
- file_existing_domain_revalidate.dns_location is undefined
|
|
- file_existing_domain_revalidate.dns_contents is undefined
|
|
- file_existing_domain_revalidate.dns_resource_type is undefined
|
|
- file_existing_domain_revalidate.file_location is string
|
|
- file_existing_domain_revalidate.file_contents is string
|
|
- file_existing_domain_revalidate.emails is undefined
|
|
|
|
|
|
always:
|
|
- name: clean-up temporary folder
|
|
file:
|
|
path: '{{ tmpdir_path }}'
|
|
state: absent
|