|
|
|
|
---
|
|
|
|
|
- name: Validate public key (test - privatekey modulus)
|
|
|
|
|
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'
|
|
|
|
|
register: privatekey_modulus
|
|
|
|
|
|
|
|
|
|
- name: Validate public key (test - publickey modulus)
|
|
|
|
|
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey.pub'
|
|
|
|
|
register: publickey_modulus
|
|
|
|
|
|
|
|
|
|
- name: Validate public key (assert)
|
|
|
|
|
assert:
|
|
|
|
|
that:
|
|
|
|
|
- publickey_modulus.stdout == privatekey_modulus.stdout
|
|
|
|
|
|
|
|
|
|
- name: Validate public key - OpenSSH format (test - privatekey's publickey)
|
|
|
|
|
shell: 'ssh-keygen -y -f {{ output_dir }}/privatekey.pem'
|
|
|
|
|
register: privatekey_publickey
|
|
|
|
|
when: cryptography_version.stdout is version('1.4.0', '>=')
|
|
|
|
|
|
|
|
|
|
- name: Validate public key - OpenSSH format (test - publickey)
|
|
|
|
|
slurp:
|
|
|
|
|
src: '{{ output_dir }}/publickey-ssh.pub'
|
|
|
|
|
register: publickey
|
|
|
|
|
when: cryptography_version.stdout is version('1.4.0', '>=')
|
|
|
|
|
|
|
|
|
|
- name: Validate public key - OpenSSH format (assert)
|
|
|
|
|
assert:
|
|
|
|
|
that:
|
|
|
|
|
- privatekey_publickey.stdout == '{{ publickey.content|b64decode }}'
|
|
|
|
|
when: cryptography_version.stdout is version('1.4.0', '>=')
|
|
|
|
|
|
|
|
|
|
- name: Validate public key - OpenSSH format - test idempotence (issue 33256)
|
|
|
|
|
assert:
|
|
|
|
|
that:
|
|
|
|
|
- publickey_ssh_idempotence is not changed
|
|
|
|
|
when: cryptography_version.stdout is version('1.4.0', '>=')
|
|
|
|
|
|
|
|
|
|
- name: Validate publickey2 (test - Ensure key has been removed)
|
|
|
|
|
stat:
|
|
|
|
|
path: '{{ output_dir }}/publickey2.pub'
|
|
|
|
|
register: publickey2
|
|
|
|
|
|
|
|
|
|
- name: Validate publickey2 (assert - Ensure key has been removed)
|
|
|
|
|
assert:
|
|
|
|
|
that:
|
|
|
|
|
- publickey2.stat.exists == False
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Validate publickey3 (test - privatekey modulus)
|
|
|
|
|
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey3.pem -passin pass:ansible'
|
|
|
|
|
register: privatekey3_modulus
|
|
|
|
|
when: openssl_version.stdout is version('0.9.8zh', '>=')
|
|
|
|
|
|
|
|
|
|
- name: Validate publickey3 (test - publickey modulus)
|
|
|
|
|
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey3.pub'
|
|
|
|
|
register: publickey3_modulus
|
|
|
|
|
when: openssl_version.stdout is version('0.9.8zh', '>=')
|
|
|
|
|
|
|
|
|
|
- name: Validate publickey3 (assert)
|
|
|
|
|
assert:
|
|
|
|
|
that:
|
|
|
|
|
- publickey3_modulus.stdout == privatekey3_modulus.stdout
|
|
|
|
|
when: openssl_version.stdout is version('0.9.8zh', '>=')
|
|
|
|
|
|
|
|
|
|
- name: Validate publickey3 idempotence (assert)
|
|
|
|
|
assert:
|
|
|
|
|
that:
|
|
|
|
|
- publickey3_idempotence is not changed
|
|
|
|
|
|
|
|
|
|
- name: Validate publickey4 (test - privatekey modulus)
|
|
|
|
|
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'
|
|
|
|
|
register: privatekey4_modulus
|
|
|
|
|
when: openssl_version.stdout is version('0.9.8zh', '>=')
|
|
|
|
|
|
|
|
|
|
- name: Validate publickey4 (test - publickey modulus)
|
|
|
|
|
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey4.pub'
|
|
|
|
|
register: publickey4_modulus
|
|
|
|
|
when: openssl_version.stdout is version('0.9.8zh', '>=')
|
|
|
|
|
|
|
|
|
|
- name: Validate publickey4 (assert)
|
|
|
|
|
assert:
|
|
|
|
|
that:
|
|
|
|
|
- publickey4_modulus.stdout == privatekey4_modulus.stdout
|
|
|
|
|
when: openssl_version.stdout is version('0.9.8zh', '>=')
|
|
|
|
|
|
|
|
|
|
- name: Validate idempotency and backup
|
|
|
|
|
assert:
|
|
|
|
|
that:
|
|
|
|
|
- privatekey5_1 is changed
|
|
|
|
|
- privatekey5_1.backup_file is undefined
|
|
|
|
|
- privatekey5_2 is not changed
|
|
|
|
|
- privatekey5_2.backup_file is undefined
|
|
|
|
|
- privatekey5_3 is changed
|
|
|
|
|
- privatekey5_3.backup_file is string
|
|
|
|
|
|
|
|
|
|
- name: Validate public key 5 (test - privatekey's pubkey)
|
|
|
|
|
command: 'openssl ec -in {{ output_dir }}/privatekey5.pem -pubout'
|
|
|
|
|
register: privatekey5_pubkey
|
|
|
|
|
|
|
|
|
|
- name: Validate public key 5 (test - publickey pubkey)
|
|
|
|
|
# Fancy way of writing "cat {{ output_dir }}/publickey5.pub"
|
|
|
|
|
command: 'openssl ec -pubin -in {{ output_dir }}/publickey5.pub -pubout'
|
|
|
|
|
register: publickey5_pubkey
|
|
|
|
|
|
|
|
|
|
- name: Validate public key 5 (assert)
|
|
|
|
|
assert:
|
|
|
|
|
that:
|
|
|
|
|
- publickey5_pubkey.stdout == privatekey5_pubkey.stdout
|
|
|
|
|
|
|
|
|
|
- name:
|
|
|
|
|
assert:
|
|
|
|
|
that:
|
|
|
|
|
- passphrase_error_1 is failed
|
|
|
|
|
- "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg"
|
|
|
|
|
- passphrase_error_2 is failed
|
|
|
|
|
- "'assphrase' in passphrase_error_2.msg or 'assword' in passphrase_error_2.msg or 'serializ' in passphrase_error_2.msg"
|
|
|
|
|
- passphrase_error_3 is failed
|
|
|
|
|
- "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg"
|
|
|
|
|
|
|
|
|
|
- name: Verify that broken key will be regenerated
|
|
|
|
|
assert:
|
|
|
|
|
that:
|
|
|
|
|
- output_broken is changed
|
|
|
|
|
|
|
|
|
|
- name: Validate remove
|
|
|
|
|
assert:
|
|
|
|
|
that:
|
|
|
|
|
- remove_1 is changed
|
|
|
|
|
- remove_2 is not changed
|
|
|
|
|
- remove_1.backup_file is string
|
|
|
|
|
- remove_2.backup_file is undefined
|
