ansible/test/integration/targets/x509_crl/tasks/main.yml

---
- set_fact:
    certificates:
      - name: ca
        subject:
          commonName: Ansible
        is_ca: yes
      - name: ca-2
        subject:
          commonName: Ansible Other CA
        is_ca: yes
      - name: cert-1
        subject_alt_name:
          - DNS:ansible.com
      - name: cert-2
        subject_alt_name:
          - DNS:example.com
      - name: cert-3
        subject_alt_name:
          - DNS:example.org
          - IP:1.2.3.4
      - name: cert-4
        subject_alt_name:
          - DNS:test.ansible.com
          - DNS:b64.ansible.com

- name: Generate private keys
  openssl_privatekey:
    path: '{{ output_dir }}/{{ item.name }}.key'
    type: ECC
    curve: secp256r1
  loop: "{{ certificates }}"

- name: Generate CSRs
  openssl_csr:
    path: '{{ output_dir }}/{{ item.name }}.csr'
    privatekey_path: '{{ output_dir }}/{{ item.name }}.key'
    subject: "{{ item.subject | default(omit) }}"
    subject_alt_name: "{{ item.subject_alt_name | default(omit) }}"
    basic_constraints: "{{ 'CA:TRUE' if item.is_ca | default(false) else omit }}"
    use_common_name_for_san: no
  loop: "{{ certificates }}"

- name: Generate CA certificates
  openssl_certificate:
    path: '{{ output_dir }}/{{ item.name }}.pem'
    csr_path: '{{ output_dir }}/{{ item.name }}.csr'
    privatekey_path: '{{ output_dir }}/{{ item.name }}.key'
    provider: selfsigned
  loop: "{{ certificates }}"
  when: item.is_ca | default(false)

- name: Generate other certificates
  openssl_certificate:
    path: '{{ output_dir }}/{{ item.name }}.pem'
    csr_path: '{{ output_dir }}/{{ item.name }}.csr'
    provider: ownca
    ownca_path: '{{ output_dir }}/ca.pem'
    ownca_privatekey_path: '{{ output_dir }}/ca.key'
  loop: "{{ certificates }}"
  when: not (item.is_ca | default(false))

- block:
  - name: Running tests with cryptography backend
    include_tasks: impl.yml
    vars:
      select_crypto_backend: cryptography

  - import_tasks: ../tests/validate.yml
    vars:
      select_crypto_backend: cryptography

  when: cryptography_version.stdout is version('1.2', '>=')