mirror of https://github.com/ansible/ansible.git
Add simple integration test for openssl_certificate (#29038)
* openssl_certificate: Fix parameter assertion in Python3 Parameter assertion in Python3 is broken. pyOpenSSL get_X() functions returns b'' type string and tries to compare it with '' string, leading to failure. The error mentionned above has been fixed by sanitizing the inputs from a user to the assert only backend. Also, this error was hidden by the fact that the improper check method was called in the generate() functions. * Add simple integration test for openssl_certificate * remove subject == issuer assertion * run integration tests only on supported hosts * change min supported version to 0.15.x * Add test for more CSR fields * also convert dict members to bytes * fix version_compare * openssl_{csr, certificate}: Fail if pyOpenSSL <= 0.15 Previous 0.13 pyOpenSSL was a C-binding, and required the parameter passed to add_extention to be in ASN.1. This has changed with the move to 0.14 and it is now all pythong and string based. Previous the 0.15 release, the `get_extensions()` method didn't exist, since the modules rely heavily on it we ensure pyOpenSSL version is at last 0.15.0. * check pyopenssl version in openssl_csr integration testpull/30312/head
parent
9ad90de4bc
commit
2186b04934
@ -0,0 +1,2 @@
|
||||
posix/ci/group1
|
||||
destructive
|
@ -0,0 +1,2 @@
|
||||
dependencies:
|
||||
- setup_openssl
|
@ -0,0 +1,74 @@
|
||||
- block:
|
||||
- name: Generate privatekey
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey.pem'
|
||||
|
||||
- name: Generate CSR
|
||||
openssl_csr:
|
||||
path: '{{ output_dir }}/csr.csr'
|
||||
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
||||
commonName: 'www.ansible.com'
|
||||
|
||||
- name: Generate selfsigned certificate
|
||||
openssl_certificate:
|
||||
path: '{{ output_dir }}/cert.pem'
|
||||
csr_path: '{{ output_dir }}/csr.csr'
|
||||
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
||||
provider: selfsigned
|
||||
selfsigned_digest: sha256
|
||||
|
||||
- name: Check selfsigned certificate
|
||||
openssl_certificate:
|
||||
path: '{{ output_dir }}/cert.pem'
|
||||
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
||||
provider: assertonly
|
||||
has_expired: False
|
||||
version: 3
|
||||
signature_algorithms:
|
||||
- sha256WithRSAEncryption
|
||||
- sha256WithECDSAEncryption
|
||||
|
||||
- name: Generate privatekey2
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey2.pem'
|
||||
|
||||
- name: Generate CSR2
|
||||
openssl_csr:
|
||||
C: US
|
||||
ST: California
|
||||
L: Los Angeles
|
||||
O: ACME Inc.
|
||||
OU: Roadrunner pest control
|
||||
path: '{{ output_dir }}/csr2.csr'
|
||||
privatekey_path: '{{ output_dir }}/privatekey2.pem'
|
||||
CN: 'www.example.com'
|
||||
|
||||
- name: Generate selfsigned certificate2
|
||||
openssl_certificate:
|
||||
path: '{{ output_dir }}/cert2.pem'
|
||||
csr_path: '{{ output_dir }}/csr2.csr'
|
||||
privatekey_path: '{{ output_dir }}/privatekey2.pem'
|
||||
provider: selfsigned
|
||||
selfsigned_digest: sha256
|
||||
|
||||
- name: Check selfsigned certificate2
|
||||
openssl_certificate:
|
||||
path: '{{ output_dir }}/cert2.pem'
|
||||
privatekey_path: '{{ output_dir }}/privatekey2.pem'
|
||||
provider: assertonly
|
||||
has_expired: False
|
||||
version: 3
|
||||
signature_algorithms:
|
||||
- sha256WithRSAEncryption
|
||||
- sha256WithECDSAEncryption
|
||||
subject:
|
||||
CN: www.example.com
|
||||
C: US
|
||||
ST: California
|
||||
L: Los Angeles
|
||||
O: ACME Inc.
|
||||
OU: Roadrunner pest control
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
||||
when: pyopenssl_version.stdout|version_compare('0.15', '>=')
|
@ -0,0 +1,25 @@
|
||||
- name: Validate certificate (test - privatekey modulus)
|
||||
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem | openssl md5'
|
||||
register: privatekey_modulus
|
||||
|
||||
- name: Validate certificate (test - certificate modulus)
|
||||
shell: 'openssl x509 -noout -modulus -in {{ output_dir }}/cert.pem | openssl md5'
|
||||
register: cert_modulus
|
||||
|
||||
- name: Validate certificate (assert)
|
||||
assert:
|
||||
that:
|
||||
- cert_modulus.stdout == privatekey_modulus.stdout
|
||||
|
||||
- name: Validate certificate2 (test - privatekey modulus)
|
||||
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey2.pem | openssl md5'
|
||||
register: privatekey2_modulus
|
||||
|
||||
- name: Validate certificate2 (test - certificate modulus)
|
||||
shell: 'openssl x509 -noout -modulus -in {{ output_dir }}/cert2.pem | openssl md5'
|
||||
register: cert2_modulus
|
||||
|
||||
- name: Validate certificate2 (assert)
|
||||
assert:
|
||||
that:
|
||||
- cert2_modulus.stdout == privatekey2_modulus.stdout
|
Loading…
Reference in New Issue