d4c16f51be
* Using ACME test container for acme_account integration test. * Removing dependency on setup_openssl. Waiting for controller and Pebble. * More tinkering. * Reducing number of tries. * One more try. * Another try. * Added acme_certificate tests. * Removed double key. * Added tests for acme_certificate_revoke. * Making task names more meaningful (during certificate generation). * Using newer test container which integrates letsencrypt/pebble#137. Adding test for revoking certificate by its private key. * Using new version of Pebble which limits the random auth delay. * Simplifying certificates for revocation tests. * Reworking acme_certificate tests (there are now more, but they are faster). * Test whether account_key_content works. * Preparing TLS-ALPN-01 support. * Using official Ansible image of testing container on quay.io. * Bumping version. * Bumping version of test container to 1.1.0. * Adjusting to new CI group names. * Pass ACME simulator IP as playbook variable. * Let test plugin wait for controller and CA endpoints to become active. * Refactor common setup parts of tests to setup_acme. * _ -> dummy * Moving common obtain-cert.yml to setup_acme.
73 lines
2.1 KiB
YAML
73 lines
2.1 KiB
YAML
---
|
|
- name: Validate that account wasn't created in the first step
|
|
assert:
|
|
that:
|
|
- account_not_created is failed
|
|
|
|
- name: Validate that account was created in the second step
|
|
assert:
|
|
that:
|
|
- account_created is changed
|
|
- account_created.account_uri is not none
|
|
|
|
- name: Validate that email address was changed
|
|
assert:
|
|
that:
|
|
- account_modified is changed
|
|
- account_modified.account_uri is not none
|
|
|
|
- name: Validate that email address was not changed a second time (idempotency)
|
|
assert:
|
|
that:
|
|
- account_modified_idempotent is not changed
|
|
- account_modified_idempotent.account_uri is not none
|
|
|
|
# Note that pebble has no change key endpoint implemented yet!
|
|
# When it has (and the container was updated), uncomment the
|
|
# following validations, and delete the ones below the
|
|
# out-commented ones:
|
|
|
|
#- name: Validate that the account key was changed
|
|
# assert:
|
|
# that:
|
|
# - account_change_key is changed
|
|
# - account_change_key.account_uri is not none
|
|
#
|
|
#- name: Validate that the account was deactivated
|
|
# assert:
|
|
# that:
|
|
# - account_deactivate is changed
|
|
# - account_deactivate.account_uri is not none
|
|
#
|
|
#- name: Validate that the account was really deactivated (idempotency)
|
|
# assert:
|
|
# that:
|
|
# - account_deactivate_idempotent is not changed
|
|
# - account_deactivate_idempotent.account_uri is not none
|
|
#
|
|
#- name: Validate that the account is gone (new account key)
|
|
# assert:
|
|
# that:
|
|
# - account_not_created_2 is failed
|
|
#
|
|
#- name: Validate that the account is gone (old account key)
|
|
# assert:
|
|
# that:
|
|
# - account_not_created_3 is failed
|
|
|
|
- name: Validate that the account was deactivated
|
|
assert:
|
|
that:
|
|
- account_deactivate is changed
|
|
- account_deactivate.account_uri is not none
|
|
|
|
- name: Validate that the account was really deactivated (idempotency)
|
|
assert:
|
|
that:
|
|
- account_deactivate_idempotent is not changed
|
|
- account_deactivate_idempotent.account_uri is not none
|
|
|
|
- name: Validate that the account is gone
|
|
assert:
|
|
that:
|
|
- account_not_created_2 is failed
|