fa70690e5c
* Add support for SubjectKeyIdentifier and AuthorityKeyIdentifier to _info modules. * Adding SubjectKeyIdentifier and AuthorityKeyIdentifier support to openssl_certificate and openssl_csr. * Fix type of authority_cert_issuer. * Add basic tests. * Add changelog. * Added proper tests for _info modules. * Fix docs bug. * Make sure new features are only used when cryptography backend for openssl_csr is available. * Work around jinja2 being too old on some CI hosts. * Add tests for openssl_csr. * Add openssl_certificate tests. * Fix idempotence test. * Move one level up. * Add ownca_create_authority_key_identifier option. * Add ownca_create_authority_key_identifier option. * Add idempotency check. * Apparently the function call expected different args for cryptography < 2.7. * Fix copy'n'paste errors and typos. * string -> general name. * Add disclaimer. * Implement always_create / create_if_not_provided / never_create for openssl_certificate. * Update changelog and porting guide. * Add comments for defaults.
83 lines
2.7 KiB
YAML
83 lines
2.7 KiB
YAML
---
|
|
- debug:
|
|
msg: "Executing tests with backend {{ select_crypto_backend }}"
|
|
|
|
- name: ({{select_crypto_backend}}) Get CSR info
|
|
openssl_csr_info:
|
|
path: '{{ output_dir }}/csr_1.csr'
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: result
|
|
|
|
- name: Check whether subject behaves as expected
|
|
assert:
|
|
that:
|
|
- result.subject.organizationalUnitName == 'ACME Department'
|
|
- "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
|
|
- "['organizationalUnitName', 'ACME Department'] in result.subject_ordered"
|
|
|
|
- name: Check SubjectKeyIdentifier and AuthorityKeyIdentifier
|
|
assert:
|
|
that:
|
|
- result.subject_key_identifier == "00:11:22:33"
|
|
- result.authority_key_identifier == "44:55:66:77"
|
|
- result.authority_cert_issuer == expected_authority_cert_issuer
|
|
- result.authority_cert_serial_number == 12345
|
|
vars:
|
|
expected_authority_cert_issuer:
|
|
- "DNS:ca.example.org"
|
|
- "IP:1.2.3.4"
|
|
when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')
|
|
|
|
- name: Update result list
|
|
set_fact:
|
|
info_results: "{{ info_results + [result] }}"
|
|
|
|
- name: ({{select_crypto_backend}}) Get CSR info
|
|
openssl_csr_info:
|
|
path: '{{ output_dir }}/csr_2.csr'
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: result
|
|
|
|
- name: Update result list
|
|
set_fact:
|
|
info_results: "{{ info_results + [result] }}"
|
|
|
|
- name: ({{select_crypto_backend}}) Get CSR info
|
|
openssl_csr_info:
|
|
path: '{{ output_dir }}/csr_3.csr'
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: result
|
|
|
|
- name: Check AuthorityKeyIdentifier
|
|
assert:
|
|
that:
|
|
- result.authority_key_identifier is none
|
|
- result.authority_cert_issuer == expected_authority_cert_issuer
|
|
- result.authority_cert_serial_number == 12345
|
|
vars:
|
|
expected_authority_cert_issuer:
|
|
- "DNS:ca.example.org"
|
|
- "IP:1.2.3.4"
|
|
when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')
|
|
|
|
- name: Update result list
|
|
set_fact:
|
|
info_results: "{{ info_results + [result] }}"
|
|
|
|
- name: ({{select_crypto_backend}}) Get CSR info
|
|
openssl_csr_info:
|
|
path: '{{ output_dir }}/csr_4.csr'
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: result
|
|
|
|
- name: Check AuthorityKeyIdentifier
|
|
assert:
|
|
that:
|
|
- result.authority_key_identifier == "44:55:66:77"
|
|
- result.authority_cert_issuer is none
|
|
- result.authority_cert_serial_number is none
|
|
when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')
|
|
|
|
- name: Update result list
|
|
set_fact:
|
|
info_results: "{{ info_results + [result] }}"
|