archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

openssl_* modules: improve test robustness (#67568)

Browse Source 
* Run Ed25519 and Ed448 tests for openssl_csr and openssl_certificate only if key generation succeeded.
* Make openssl_privatekey tests more robust: allow special key generation tests to fail with 'algorithm not supported' on FreeBSD.
pull/67583/head
Felix Fontein 6 years ago committed by GitHub
parent e867535a57
commit 29ca9d2d4d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 238 additions and 192 deletions
Show Stats Download Patch File Download Diff File

235
test/integration/targets/openssl_certificate/tasks/ownca.yml
Unescape Escape View File

@ -449,122 +449,129 @@
loop:
- Ed25519
- Ed448
- name: (OwnCA, {{select_crypto_backend}}) Generate CSR
openssl_csr:
path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_{{ item }}.pem'
csr_path: '{{ output_dir }}/csr_{{ item }}.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_{{ item }}.pem'
csr_path: '{{ output_dir }}/csr_{{ item }}.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_idempotence
register: ownca_certificate_ed25519_ed448_privatekey
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey
openssl_privatekey:
path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem'
type: '{{ item }}'
cipher: auto
passphrase: Test123
loop:
- Ed25519
- Ed448
- name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR
openssl_csr:
path: '{{ output_dir }}/ca_csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem'
privatekey_passphrase: Test123
subject:
commonName: Example CA
useCommonNameForSAN: no
basic_constraints:
- 'CA:TRUE'
basic_constraints_critical: yes
key_usage:
- cRLSign
- keyCertSign
loop:
- Ed25519
- Ed448
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate
openssl_certificate:
path: '{{ output_dir }}/ca_cert_{{ item }}.pem'
csr_path: '{{ output_dir }}/ca_csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem'
privatekey_passphrase: Test123
provider: selfsigned
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_{{ item }}_2.pem'
csr_path: '{{ output_dir }}/csr.csr'
ownca_path: '{{ output_dir }}/ca_cert_{{ item }}.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem'
ownca_privatekey_passphrase: Test123
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_2
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_{{ item }}_2.pem'
csr_path: '{{ output_dir }}/csr.csr'
ownca_path: '{{ output_dir }}/ca_cert_{{ item }}.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem'
ownca_privatekey_passphrase: Test123
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_2_idempotence
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate CSR etc. if private key generation succeeded
when: ownca_certificate_ed25519_ed448_privatekey is not failed
block:
- name: (OwnCA, {{select_crypto_backend}}) Generate CSR
openssl_csr:
path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_{{ item }}.pem'
csr_path: '{{ output_dir }}/csr_{{ item }}.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_{{ item }}.pem'
csr_path: '{{ output_dir }}/csr_{{ item }}.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_idempotence
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey
openssl_privatekey:
path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem'
type: '{{ item }}'
cipher: auto
passphrase: Test123
ignore_errors: yes
loop:
- Ed25519
- Ed448
- name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR
openssl_csr:
path: '{{ output_dir }}/ca_csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem'
privatekey_passphrase: Test123
subject:
commonName: Example CA
useCommonNameForSAN: no
basic_constraints:
- 'CA:TRUE'
basic_constraints_critical: yes
key_usage:
- cRLSign
- keyCertSign
loop:
- Ed25519
- Ed448
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate
openssl_certificate:
path: '{{ output_dir }}/ca_cert_{{ item }}.pem'
csr_path: '{{ output_dir }}/ca_csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem'
privatekey_passphrase: Test123
provider: selfsigned
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_{{ item }}_2.pem'
csr_path: '{{ output_dir }}/csr.csr'
ownca_path: '{{ output_dir }}/ca_cert_{{ item }}.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem'
ownca_privatekey_passphrase: Test123
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_2
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_{{ item }}_2.pem'
csr_path: '{{ output_dir }}/csr.csr'
ownca_path: '{{ output_dir }}/ca_cert_{{ item }}.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem'
ownca_privatekey_passphrase: Test123
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_2_idempotence
ignore_errors: yes
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=')

82
test/integration/targets/openssl_certificate/tasks/selfsigned.yml
Unescape Escape View File

@ -379,46 +379,52 @@
loop:
- Ed25519
- Ed448
- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR
openssl_csr:
path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: selfsigned_certificate_ed25519_ed448_privatekey
ignore_errors: yes
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate
openssl_certificate:
path: '{{ output_dir }}/cert_{{ item }}.pem'
csr_path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: selfsigned_certificate_ed25519_ed448
ignore_errors: yes
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - idempotency
openssl_certificate:
path: '{{ output_dir }}/cert_{{ item }}.pem'
csr_path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: selfsigned_certificate_ed25519_ed448_idempotence
ignore_errors: yes
- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR etc. if private key generation succeeded
when: selfsigned_certificate_ed25519_ed448_privatekey is not failed
block:
- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR
openssl_csr:
path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
ignore_errors: yes
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate
openssl_certificate:
path: '{{ output_dir }}/cert_{{ item }}.pem'
csr_path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: selfsigned_certificate_ed25519_ed448
ignore_errors: yes
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate - idempotency
openssl_certificate:
path: '{{ output_dir }}/cert_{{ item }}.pem'
csr_path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: selfsigned_certificate_ed25519_ed448_idempotence
ignore_errors: yes
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=')

4
test/integration/targets/openssl_certificate/tests/validate_ownca.yml
Unescape Escape View File

@ -158,7 +158,7 @@
- ownca_certificate_ed25519_ed448_2.results[1] is failed
- ownca_certificate_ed25519_ed448_2_idempotence.results[0] is failed
- ownca_certificate_ed25519_ed448_2_idempotence.results[1] is failed
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') and cryptography_version.stdout is version('2.8', '<')
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') and cryptography_version.stdout is version('2.8', '<') and ownca_certificate_ed25519_ed448_privatekey is not failed
- name: (OwnCA validation, {{select_crypto_backend}}) Verify Ed25519 and Ed448 tests (for cryptography >= 2.8)
assert:
@ -175,4 +175,4 @@
- ownca_certificate_ed25519_ed448_2_idempotence is succeeded
- ownca_certificate_ed25519_ed448_2_idempotence.results[0] is not changed
- ownca_certificate_ed25519_ed448_2_idempotence.results[1] is not changed
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.8', '>=')
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.8', '>=') and ownca_certificate_ed25519_ed448_privatekey is not failed

4
test/integration/targets/openssl_certificate/tests/validate_selfsigned.yml
Unescape Escape View File

@ -150,7 +150,7 @@
- selfsigned_certificate_ed25519_ed448.results[1] is failed
- selfsigned_certificate_ed25519_ed448_idempotence.results[0] is failed
- selfsigned_certificate_ed25519_ed448_idempotence.results[1] is failed
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') and cryptography_version.stdout is version('2.8', '<')
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') and cryptography_version.stdout is version('2.8', '<') and selfsigned_certificate_ed25519_ed448_privatekey is not failed
- name: (Selfsigned validation, {{select_crypto_backend}}) Verify Ed25519 and Ed448 tests (for cryptography >= 2.8)
assert:
@ -161,4 +161,4 @@
- selfsigned_certificate_ed25519_ed448_idempotence is succeeded
- selfsigned_certificate_ed25519_ed448_idempotence.results[0] is not changed
- selfsigned_certificate_ed25519_ed448_idempotence.results[1] is not changed
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.8', '>=')
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.8', '>=') and selfsigned_certificate_ed25519_ed448_privatekey is not failed

54
test/integration/targets/openssl_csr/tasks/impl.yml
Unescape Escape View File

@ -731,31 +731,37 @@
loop:
- Ed25519
- Ed448
- name: Generate CSR
openssl_csr:
path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: generate_csr_ed25519_ed448
register: generate_csr_ed25519_ed448_privatekey
ignore_errors: yes
- name: Generate CSR (idempotent)
openssl_csr:
path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: generate_csr_ed25519_ed448_idempotent
ignore_errors: yes
- name: Generate CSR if private key generation succeeded
when: generate_csr_ed25519_ed448_privatekey is not failed
block:
- name: Generate CSR
openssl_csr:
path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: generate_csr_ed25519_ed448
ignore_errors: yes
- name: Generate CSR (idempotent)
openssl_csr:
path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: generate_csr_ed25519_ed448_idempotent
ignore_errors: yes
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=')

4
test/integration/targets/openssl_csr/tests/validate.yml
Unescape Escape View File

@ -194,7 +194,7 @@
- generate_csr_ed25519_ed448.results[1].msg == 'Signing with Ed25519 and Ed448 keys requires cryptography 2.8 or newer.'
- generate_csr_ed25519_ed448_idempotent.results[0] is failed
- generate_csr_ed25519_ed448_idempotent.results[1] is failed
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') and cryptography_version.stdout is version('2.8', '<')
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') and cryptography_version.stdout is version('2.8', '<') and generate_csr_ed25519_ed448_privatekey is not failed
- name: Verify Ed25519 and Ed448 tests (for cryptography >= 2.8)
assert:
@ -205,4 +205,4 @@
- generate_csr_ed25519_ed448_idempotent is succeeded
- generate_csr_ed25519_ed448_idempotent.results[0] is not changed
- generate_csr_ed25519_ed448_idempotent.results[1] is not changed
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.8', '>=')
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.8', '>=') and generate_csr_ed25519_ed448_privatekey is not failed

15
test/integration/targets/openssl_privatekey/tasks/impl.yml
Unescape Escape View File

@ -170,6 +170,7 @@
loop: "{{ types }}"
loop_control:
label: "{{ item.type }}"
ignore_errors: yes
register: privatekey_t1_generate
- name: Test other type generation (idempotency)
@ -181,6 +182,7 @@
loop: "{{ types }}"
loop_control:
label: "{{ item.type }}"
ignore_errors: yes
register: privatekey_t1_idempotency
when: select_crypto_backend == 'cryptography'
@ -383,6 +385,7 @@
type: X448
format: pkcs8
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
register: privatekey_fmt_2_step_1
- name: Generate privatekey_fmt_2 - PKCS8 format (idempotent)
@ -391,6 +394,7 @@
type: X448
format: pkcs8
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
register: privatekey_fmt_2_step_2
- name: Generate privatekey_fmt_2 - raw format
@ -400,17 +404,20 @@
format: raw
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
ignore_errors: yes
register: privatekey_fmt_2_step_3
- name: Read privatekey_fmt_2.pem
slurp:
src: "{{ output_dir }}/privatekey_fmt_2.pem"
ignore_errors: yes
register: content
- name: Generate privatekey_fmt_2 - verify that returned content is base64 encoded
assert:
that:
- privatekey_fmt_2_step_3.privatekey == content.content
when: privatekey_fmt_2_step_1 is not failed
- name: Generate privatekey_fmt_2 - raw format (idempotent)
openssl_privatekey:
@ -419,17 +426,20 @@
format: raw
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
ignore_errors: yes
register: privatekey_fmt_2_step_4
- name: Read privatekey_fmt_2.pem
slurp:
src: "{{ output_dir }}/privatekey_fmt_2.pem"
ignore_errors: yes
register: content
- name: Generate privatekey_fmt_2 - verify that returned content is base64 encoded
assert:
that:
- privatekey_fmt_2_step_4.privatekey == content.content
when: privatekey_fmt_2_step_1 is not failed
- name: Generate privatekey_fmt_2 - auto format (ignore)
openssl_privatekey:
@ -438,17 +448,20 @@
format: auto_ignore
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
ignore_errors: yes
register: privatekey_fmt_2_step_5
- name: Read privatekey_fmt_2.pem
slurp:
src: "{{ output_dir }}/privatekey_fmt_2.pem"
ignore_errors: yes
register: content
- name: Generate privatekey_fmt_2 - verify that returned content is base64 encoded
assert:
that:
- privatekey_fmt_2_step_5.privatekey == content.content
when: privatekey_fmt_2_step_1 is not failed
- name: Generate privatekey_fmt_2 - auto format (no ignore)
openssl_privatekey:
@ -457,12 +470,14 @@
format: auto
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
ignore_errors: yes
register: privatekey_fmt_2_step_6
- name: Generate privatekey_fmt_2 - verify that returned content is not base64 encoded
assert:
that:
- privatekey_fmt_2_step_6.privatekey == lookup('file', output_dir ~ '/privatekey_fmt_2.pem', rstrip=False)
when: privatekey_fmt_2_step_1 is not failed
when: 'select_crypto_backend == "cryptography" and cryptography_version.stdout is version("2.6", ">=")'

32
test/integration/targets/openssl_privatekey/tests/validate.yml
Unescape Escape View File

@ -1,4 +1,7 @@
---
- set_fact:
system_potentially_has_no_algorithm_support: "{{ ansible_os_family == 'FreeBSD' }}"
- name: Validate privatekey1 idempotency and content returned
assert:
that:
@ -123,17 +126,18 @@
- name: Validate other type generation (just check changed)
assert:
that:
- item is changed
- (item is succeeded and item is changed) or
(item is failed and 'Cryptography backend does not support the algorithm required for ' in item.msg and system_potentially_has_no_algorithm_support)
loop: "{{ privatekey_t1_generate.results }}"
when: "'skip_reason' not in item"
loop_control:
label: "{{ item.item.type }}"
- name: Validate other type generation idempotency
assert:
that:
- item is not changed
- (item is succeeded and item is not changed) or
(item is failed and 'Cryptography backend does not support the algorithm required for ' in item.msg and system_potentially_has_no_algorithm_support)
loop: "{{ privatekey_t1_idempotency.results }}"
when: "'skip_reason' not in item"
loop_control:
@ -191,13 +195,21 @@
- privatekey_fmt_1_step_9_before.public_key == privatekey_fmt_1_step_9_after.public_key
when: 'select_crypto_backend == "cryptography"'
- name: Validate format 2 (failed)
assert:
that:
- system_potentially_has_no_algorithm_support
- privatekey_fmt_2_step_1 is failed
- "'Cryptography backend does not support the algorithm required for ' in privatekey_fmt_2_step_1.msg"
when: 'select_crypto_backend == "cryptography" and cryptography_version.stdout is version("2.6", ">=") and privatekey_fmt_2_step_1 is failed'
- name: Validate format 2
assert:
that:
- privatekey_fmt_2_step_1 is changed
- privatekey_fmt_2_step_2 is not changed
- privatekey_fmt_2_step_3 is changed
- privatekey_fmt_2_step_4 is not changed
- privatekey_fmt_2_step_5 is not changed
- privatekey_fmt_2_step_6 is changed
when: 'select_crypto_backend == "cryptography" and cryptography_version.stdout is version("2.6", ">=")'
- privatekey_fmt_2_step_1 is succeeded and privatekey_fmt_2_step_1 is changed
- privatekey_fmt_2_step_2 is succeeded and privatekey_fmt_2_step_2 is not changed
- privatekey_fmt_2_step_3 is succeeded and privatekey_fmt_2_step_3 is changed
- privatekey_fmt_2_step_4 is succeeded and privatekey_fmt_2_step_4 is not changed
- privatekey_fmt_2_step_5 is succeeded and privatekey_fmt_2_step_5 is not changed
- privatekey_fmt_2_step_6 is succeeded and privatekey_fmt_2_step_6 is changed
when: 'select_crypto_backend == "cryptography" and cryptography_version.stdout is version("2.6", ">=") and privatekey_fmt_2_step_1 is not failed'

Write Preview
Loading…
Cancel
Save