ansible/test/integration/targets/openssl_publickey/tests/validate.yml
Felix Fontein 6a786d0d93
openssl_publickey: add cryptography backend (#60387)
* Add cryptography backend.

* Add changelog.

* Make sure requirements are satisfied.

* Use more compatible elliptic curve.

* Decrease required version numbers.

* PyOpenSSL >= 16.0.0 is really needed.

* Update lib/ansible/modules/crypto/openssl_publickey.py

Co-Authored-By: MarkusTeufelberger <mteufelberger@mgit.at>
2019-08-17 18:52:14 +02:00

131 lines
4.6 KiB
YAML

---
- name: Validate public key (test - privatekey modulus)
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'
register: privatekey_modulus
- name: Validate public key (test - publickey modulus)
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey.pub'
register: publickey_modulus
- name: Validate public key (assert)
assert:
that:
- publickey_modulus.stdout == privatekey_modulus.stdout
- name: Validate public key - OpenSSH format (test - privatekey's publickey)
shell: 'ssh-keygen -y -f {{ output_dir }}/privatekey.pem'
register: privatekey_publickey
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=')
- name: Validate public key - OpenSSH format (test - publickey)
slurp:
src: '{{ output_dir }}/publickey-ssh.pub'
register: publickey
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=')
- name: Validate public key - OpenSSH format (assert)
assert:
that:
- privatekey_publickey.stdout == '{{ publickey.content|b64decode }}'
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=')
- name: Validate public key - OpenSSH format - test idempotence (issue 33256)
assert:
that:
- publickey_ssh_idempotence is not changed
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.4.0', '>=')
- name: Validate publickey2 (test - Ensure key has been removed)
stat:
path: '{{ output_dir }}/publickey2.pub'
register: publickey2
- name: Validate publickey2 (assert - Ensure key has been removed)
assert:
that:
- publickey2.stat.exists == False
- name: Validate publickey3 (test - privatekey modulus)
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey3.pem -passin pass:ansible'
register: privatekey3_modulus
when: openssl_version.stdout is version('0.9.8zh', '>=')
- name: Validate publickey3 (test - publickey modulus)
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey3.pub'
register: publickey3_modulus
when: openssl_version.stdout is version('0.9.8zh', '>=')
- name: Validate publickey3 (assert)
assert:
that:
- publickey3_modulus.stdout == privatekey3_modulus.stdout
when: openssl_version.stdout is version('0.9.8zh', '>=')
- name: Validate publickey3 idempotence (assert)
assert:
that:
- publickey3_idempotence is not changed
- name: Validate publickey4 (test - privatekey modulus)
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'
register: privatekey4_modulus
when: openssl_version.stdout is version('0.9.8zh', '>=')
- name: Validate publickey4 (test - publickey modulus)
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey4.pub'
register: publickey4_modulus
when: openssl_version.stdout is version('0.9.8zh', '>=')
- name: Validate publickey4 (assert)
assert:
that:
- publickey4_modulus.stdout == privatekey4_modulus.stdout
when: openssl_version.stdout is version('0.9.8zh', '>=')
- name: Validate idempotency and backup
assert:
that:
- privatekey5_1 is changed
- privatekey5_1.backup_file is undefined
- privatekey5_2 is not changed
- privatekey5_2.backup_file is undefined
- privatekey5_3 is changed
- privatekey5_3.backup_file is string
- name: Validate public key 5 (test - privatekey's pubkey)
command: 'openssl ec -in {{ output_dir }}/privatekey5.pem -pubout'
register: privatekey5_pubkey
- name: Validate public key 5 (test - publickey pubkey)
# Fancy way of writing "cat {{ output_dir }}/publickey5.pub"
command: 'openssl ec -pubin -in {{ output_dir }}/publickey5.pub -pubout'
register: publickey5_pubkey
- name: Validate public key 5 (assert)
assert:
that:
- publickey5_pubkey.stdout == privatekey5_pubkey.stdout
- name:
assert:
that:
- passphrase_error_1 is failed
- "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg"
- passphrase_error_2 is failed
- "'assphrase' in passphrase_error_2.msg or 'assword' in passphrase_error_2.msg or 'serializ' in passphrase_error_2.msg"
- passphrase_error_3 is failed
- "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg"
- name: Verify that broken key will be regenerated
assert:
that:
- output_broken is changed
- name: Validate remove
assert:
that:
- remove_1 is changed
- remove_2 is not changed
- remove_1.backup_file is string
- remove_2.backup_file is undefined