ansible/test/integration/targets/openssl_pkcs12/tests/validate.yml
Andrea Tartaglia 0303ea2bfa openssl_pkcs12: Add idempotency checks (#54633)
* Added idempotency logic to openssl_pkcs12

Also decoupled the 'parse' and 'generate' function from the file write
as they are now used in different places that do not need the file to be
written to disk.

* Added idempotency tests for openssl_pkcs12

Also adds a new test for pkcs12 files with multiple certificates

* Regenerate if parsed file is invalid

* pkcs12_other_certificates check was wrong

* Updated ca_certificates to other_certificates

ca_certificates is left as an alias to other_certificates;
friendlyname depends on private key, so it will be ignored while
checking for idempotency if the pkey is not set;
idempotency check only checks for correct certs in the stack

* use different keys for different certs

* Added other_certificates in module docs

* Added changelog and porting guide

* removed unrelated porting guide entry

* renamed ca_cert* occurrence with other_cert
2019-04-10 11:43:08 +01:00

55 lines
2.1 KiB
YAML

- name: 'Validate PKCS#12'
command: "openssl pkcs12 -info -in {{ output_dir }}/ansible.p12 -nodes -passin pass:''"
register: p12
- name: 'Validate PKCS#12 with no private key'
command: "openssl pkcs12 -info -in {{ output_dir }}/ansible_no_pkey.p12 -nodes -passin pass:''"
register: p12_validate_no_pkey
- name: 'Validate PKCS#12 with multiple certs'
shell: "openssl pkcs12 -info -in {{ output_dir }}/ansible_multi_certs.p12 -nodes -passin pass:'' | grep subject"
register: p12_validate_multi_certs
- name: 'Validate PKCS#12 (assert)'
assert:
that:
- p12.stdout_lines[2].split(':')[-1].strip() == 'abracadabra'
- p12_standard.mode == '0400'
- p12_no_pkey.changed
- p12_validate_no_pkey.stdout_lines[-1] == '-----END CERTIFICATE-----'
- p12_force.changed
- p12_force_and_mode.mode == '0644' and p12_force_and_mode.changed
- not p12_standard_idempotency.changed
- not p12_multiple_certs_idempotency.changed
- "'www.' in p12_validate_multi_certs.stdout"
- "'www2.' in p12_validate_multi_certs.stdout"
- "'www3.' in p12_validate_multi_certs.stdout"
- name: Check passphrase on private key
assert:
that:
- passphrase_error_1 is failed
- "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg"
- passphrase_error_2 is failed
- "'assphrase' in passphrase_error_2.msg or 'assword' in passphrase_error_2.msg or 'serializ' in passphrase_error_2.msg"
- passphrase_error_3 is failed
- "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg"
- name: "Verify that broken PKCS#12 will be regenerated"
assert:
that:
- output_broken is changed
- name: Check backup
assert:
that:
- p12_backup_1 is changed
- p12_backup_1.backup_file is undefined
- p12_backup_2 is not changed
- p12_backup_2.backup_file is undefined
- p12_backup_3 is changed
- p12_backup_3.backup_file is string
- p12_backup_4 is changed
- p12_backup_4.backup_file is string
- p12_backup_5 is not changed
- p12_backup_5.backup_file is undefined