ansible/test/integration/targets/openssl_certificate_info/tasks/impl.yml

---
- debug:
    msg: "Executing tests with backend {{ select_crypto_backend }}"

- name: ({{select_crypto_backend}}) Get certificate info
  openssl_certificate_info:
    path: '{{ output_dir }}/cert_1.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result

- name: Check whether issuer and subject behave as expected
  assert:
    that:
      - result.issuer.organizationalUnitName == 'ACME Department'
      - "['organizationalUnitName', 'Crypto Department'] in result.issuer_ordered"
      - "['organizationalUnitName', 'ACME Department'] in result.issuer_ordered"
      - result.subject.organizationalUnitName == 'ACME Department'
      - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
      - "['organizationalUnitName', 'ACME Department'] in result.subject_ordered"

- name: Check SubjectKeyIdentifier and AuthorityKeyIdentifier
  assert:
    that:
      - result.subject_key_identifier == "00:11:22:33"
      - result.authority_key_identifier == "44:55:66:77"
      - result.authority_cert_issuer == expected_authority_cert_issuer
      - result.authority_cert_serial_number == 12345
  vars:
    expected_authority_cert_issuer:
      - "DNS:ca.example.org"
      - "IP:1.2.3.4"
  when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')

- name: Update result list
  set_fact:
    info_results: "{{ info_results + [result] }}"

- name: ({{select_crypto_backend}}) Get certificate info
  openssl_certificate_info:
    path: '{{ output_dir }}/cert_2.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
    valid_at:
      today: "+0d"
      past: "20190101235901Z"
      twentydays: "+20d"
  register: result
- assert:
    that:
    - result.valid_at.today
    - not result.valid_at.past
    - not result.valid_at.twentydays

- name: Update result list
  set_fact:
    info_results: "{{ info_results + [result] }}"

- name: ({{select_crypto_backend}}) Get certificate info
  openssl_certificate_info:
    path: '{{ output_dir }}/cert_3.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result

- name: Check AuthorityKeyIdentifier
  assert:
    that:
      - result.authority_key_identifier is none
      - result.authority_cert_issuer == expected_authority_cert_issuer
      - result.authority_cert_serial_number == 12345
  vars:
    expected_authority_cert_issuer:
      - "DNS:ca.example.org"
      - "IP:1.2.3.4"
  when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')

- name: Update result list
  set_fact:
    info_results: "{{ info_results + [result] }}"

- name: ({{select_crypto_backend}}) Get certificate info
  openssl_certificate_info:
    path: '{{ output_dir }}/cert_4.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result

- name: Check AuthorityKeyIdentifier
  assert:
    that:
      - result.authority_key_identifier == "44:55:66:77"
      - result.authority_cert_issuer is none
      - result.authority_cert_serial_number is none
  when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')

- name: Update result list
  set_fact:
    info_results: "{{ info_results + [result] }}"

- name: ({{select_crypto_backend}}) Get certificate info for packaged cert 1
  openssl_certificate_info:
    path: '{{ role_path }}/files/cert1.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result
- assert:
    that:
      - "'ocsp_uri' in result"
      - "result.ocsp_uri == 'http://ocsp.int-x3.letsencrypt.org'"

- name: Update result list
  set_fact:
    info_results: "{{ info_results + [result] }}"
Add openssl_certificate_info module (#54709) * Add certificate_info module. * Improve normalization. * Add extension dump. * Add support for basic_constraints and ocsp_must_staple. * Update docs. * Add serial number. * Remove superfluous code. * Fix formulation. * Improve examples. * Improve result docs. * Forgot to add tests. * Adjust when no fingerprints can be computed. 6 years ago			`---`
			`- debug:`
			`msg: "Executing tests with backend {{ select_crypto_backend }}"`

			`- name: ({{select_crypto_backend}}) Get certificate info`
			`openssl_certificate_info:`
			`path: '{{ output_dir }}/cert_1.pem'`
			`select_crypto_backend: '{{ select_crypto_backend }}'`
			`register: result`

openssl_certificate/csr_info: add ordered issuer/subject return value (#60708) * Add ordered issuer/subject return value. * Add changelog. 5 years ago			`- name: Check whether issuer and subject behave as expected`
			`assert:`
			`that:`
			`- result.issuer.organizationalUnitName == 'ACME Department'`
			`- "['organizationalUnitName', 'Crypto Department'] in result.issuer_ordered"`
			`- "['organizationalUnitName', 'ACME Department'] in result.issuer_ordered"`
			`- result.subject.organizationalUnitName == 'ACME Department'`
			`- "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"`
			`- "['organizationalUnitName', 'ACME Department'] in result.subject_ordered"`

openssl_certificate/csr(_info): add support for SubjectKeyIdentifier and AuthorityKeyIdentifier (#60741) * Add support for SubjectKeyIdentifier and AuthorityKeyIdentifier to _info modules. * Adding SubjectKeyIdentifier and AuthorityKeyIdentifier support to openssl_certificate and openssl_csr. * Fix type of authority_cert_issuer. * Add basic tests. * Add changelog. * Added proper tests for _info modules. * Fix docs bug. * Make sure new features are only used when cryptography backend for openssl_csr is available. * Work around jinja2 being too old on some CI hosts. * Add tests for openssl_csr. * Add openssl_certificate tests. * Fix idempotence test. * Move one level up. * Add ownca_create_authority_key_identifier option. * Add ownca_create_authority_key_identifier option. * Add idempotency check. * Apparently the function call expected different args for cryptography < 2.7. * Fix copy'n'paste errors and typos. * string -> general name. * Add disclaimer. * Implement always_create / create_if_not_provided / never_create for openssl_certificate. * Update changelog and porting guide. * Add comments for defaults. 5 years ago			`- name: Check SubjectKeyIdentifier and AuthorityKeyIdentifier`
			`assert:`
			`that:`
			`- result.subject_key_identifier == "00:11:22:33"`
			`- result.authority_key_identifier == "44:55:66:77"`
			`- result.authority_cert_issuer == expected_authority_cert_issuer`
			`- result.authority_cert_serial_number == 12345`
			`vars:`
			`expected_authority_cert_issuer:`
			`- "DNS:ca.example.org"`
			`- "IP:1.2.3.4"`
			`when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')`

Add openssl_certificate_info module (#54709) * Add certificate_info module. * Improve normalization. * Add extension dump. * Add support for basic_constraints and ocsp_must_staple. * Update docs. * Add serial number. * Remove superfluous code. * Fix formulation. * Improve examples. * Improve result docs. * Forgot to add tests. * Adjust when no fingerprints can be computed. 6 years ago			`- name: Update result list`
			`set_fact:`
			`info_results: "{{ info_results + [result] }}"`

			`- name: ({{select_crypto_backend}}) Get certificate info`
			`openssl_certificate_info:`
			`path: '{{ output_dir }}/cert_2.pem'`
			`select_crypto_backend: '{{ select_crypto_backend }}'`
			`valid_at:`
			`today: "+0d"`
			`past: "20190101235901Z"`
			`twentydays: "+20d"`
			`register: result`
			`- assert:`
			`that:`
			`- result.valid_at.today`
			`- not result.valid_at.past`
			`- not result.valid_at.twentydays`

			`- name: Update result list`
			`set_fact:`
			`info_results: "{{ info_results + [result] }}"`

			`- name: ({{select_crypto_backend}}) Get certificate info`
			`openssl_certificate_info:`
			`path: '{{ output_dir }}/cert_3.pem'`
			`select_crypto_backend: '{{ select_crypto_backend }}'`
			`register: result`

openssl_certificate/csr(_info): add support for SubjectKeyIdentifier and AuthorityKeyIdentifier (#60741) * Add support for SubjectKeyIdentifier and AuthorityKeyIdentifier to _info modules. * Adding SubjectKeyIdentifier and AuthorityKeyIdentifier support to openssl_certificate and openssl_csr. * Fix type of authority_cert_issuer. * Add basic tests. * Add changelog. * Added proper tests for _info modules. * Fix docs bug. * Make sure new features are only used when cryptography backend for openssl_csr is available. * Work around jinja2 being too old on some CI hosts. * Add tests for openssl_csr. * Add openssl_certificate tests. * Fix idempotence test. * Move one level up. * Add ownca_create_authority_key_identifier option. * Add ownca_create_authority_key_identifier option. * Add idempotency check. * Apparently the function call expected different args for cryptography < 2.7. * Fix copy'n'paste errors and typos. * string -> general name. * Add disclaimer. * Implement always_create / create_if_not_provided / never_create for openssl_certificate. * Update changelog and porting guide. * Add comments for defaults. 5 years ago			`- name: Check AuthorityKeyIdentifier`
			`assert:`
			`that:`
			`- result.authority_key_identifier is none`
			`- result.authority_cert_issuer == expected_authority_cert_issuer`
			`- result.authority_cert_serial_number == 12345`
			`vars:`
			`expected_authority_cert_issuer:`
			`- "DNS:ca.example.org"`
			`- "IP:1.2.3.4"`
			`when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')`

Add openssl_certificate_info module (#54709) * Add certificate_info module. * Improve normalization. * Add extension dump. * Add support for basic_constraints and ocsp_must_staple. * Update docs. * Add serial number. * Remove superfluous code. * Fix formulation. * Improve examples. * Improve result docs. * Forgot to add tests. * Adjust when no fingerprints can be computed. 6 years ago			`- name: Update result list`
			`set_fact:`
			`info_results: "{{ info_results + [result] }}"`

			`- name: ({{select_crypto_backend}}) Get certificate info`
			`openssl_certificate_info:`
			`path: '{{ output_dir }}/cert_4.pem'`
			`select_crypto_backend: '{{ select_crypto_backend }}'`
			`register: result`

openssl_certificate/csr(_info): add support for SubjectKeyIdentifier and AuthorityKeyIdentifier (#60741) * Add support for SubjectKeyIdentifier and AuthorityKeyIdentifier to _info modules. * Adding SubjectKeyIdentifier and AuthorityKeyIdentifier support to openssl_certificate and openssl_csr. * Fix type of authority_cert_issuer. * Add basic tests. * Add changelog. * Added proper tests for _info modules. * Fix docs bug. * Make sure new features are only used when cryptography backend for openssl_csr is available. * Work around jinja2 being too old on some CI hosts. * Add tests for openssl_csr. * Add openssl_certificate tests. * Fix idempotence test. * Move one level up. * Add ownca_create_authority_key_identifier option. * Add ownca_create_authority_key_identifier option. * Add idempotency check. * Apparently the function call expected different args for cryptography < 2.7. * Fix copy'n'paste errors and typos. * string -> general name. * Add disclaimer. * Implement always_create / create_if_not_provided / never_create for openssl_certificate. * Update changelog and porting guide. * Add comments for defaults. 5 years ago			`- name: Check AuthorityKeyIdentifier`
			`assert:`
			`that:`
			`- result.authority_key_identifier == "44:55:66:77"`
			`- result.authority_cert_issuer is none`
			`- result.authority_cert_serial_number is none`
			`when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')`

Add openssl_certificate_info module (#54709) * Add certificate_info module. * Improve normalization. * Add extension dump. * Add support for basic_constraints and ocsp_must_staple. * Update docs. * Add serial number. * Remove superfluous code. * Fix formulation. * Improve examples. * Improve result docs. * Forgot to add tests. * Adjust when no fingerprints can be computed. 6 years ago			`- name: Update result list`
			`set_fact:`
			`info_results: "{{ info_results + [result] }}"`
openssl_certificate_info: add ocsp_uri return value (#60393) * Add ocsp_uri return value. * Add changelog. * Add integration test. * Fix rebase error. 5 years ago
			`- name: ({{select_crypto_backend}}) Get certificate info for packaged cert 1`
			`openssl_certificate_info:`
			`path: '{{ role_path }}/files/cert1.pem'`
			`select_crypto_backend: '{{ select_crypto_backend }}'`
			`register: result`
			`- assert:`
			`that:`
			`- "'ocsp_uri' in result"`
			`- "result.ocsp_uri == 'http://ocsp.int-x3.letsencrypt.org'"`

			`- name: Update result list`
			`set_fact:`
			`info_results: "{{ info_results + [result] }}"`