ansible/test/integration/targets/openssl_csr/tests/validate.yml
Yanis Guenane 0648e339a7 openssl: remove static dict for keyUsage (#30339)
keyUsage and extendedKeyUsage are currently statically limited via a
static dict defined in modules_utils/crypto.py. If one specify a value
that isn't in there, idempotency won't work.

Instead of having static dict, we uses keyUsage and extendedKyeUsage
values OpenSSL NID and compare those rather than comparing strings.

Fixes: https://github.com/ansible/ansible/issues/30316
2017-09-14 12:03:00 -04:00

22 lines
746 B
YAML

- name: Validate CSR (test - privatekey modulus)
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem | openssl md5'
register: privatekey_modulus
- name: Validate CSR (test - Common Name)
shell: "openssl req -noout -subject -in {{ output_dir }}/csr.csr -nameopt oneline,-space_eq"
register: csr_cn
- name: Validate CSR (test - csr modulus)
shell: 'openssl req -noout -modulus -in {{ output_dir }}/csr.csr | openssl md5'
register: csr_modulus
- name: Validate CSR (assert)
assert:
that:
- csr_cn.stdout.split('=')[-1] == 'www.ansible.com'
- csr_modulus.stdout == privatekey_modulus.stdout
- name: Validate CSR_KU_XKU (assert idempotency)
assert:
that:
- csr_ku_xku.changed == False