From 6bdd9213689e60f8cde1f9e037b53707809e0996 Mon Sep 17 00:00:00 2001 From: Matt Clay Date: Fri, 3 May 2024 18:28:04 -0700 Subject: [PATCH] Use capath instead of cafile for http tests --- .../prepare_http_tests/handlers/main.yml | 8 ++++++ .../prepare_http_tests/tasks/default.yml | 25 +++++++++++++------ 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/test/integration/targets/prepare_http_tests/handlers/main.yml b/test/integration/targets/prepare_http_tests/handlers/main.yml index 172cab737f3..588cc42dec9 100644 --- a/test/integration/targets/prepare_http_tests/handlers/main.yml +++ b/test/integration/targets/prepare_http_tests/handlers/main.yml @@ -2,3 +2,11 @@ pip: name: gssapi state: absent + +- name: Remove cacert from capath + file: + state: absent + path: "{{ capath.stdout }}/ansible-http-test.pem" + +- name: Unregister cacert + command: openssl rehash {{ capath.stdout }} diff --git a/test/integration/targets/prepare_http_tests/tasks/default.yml b/test/integration/targets/prepare_http_tests/tasks/default.yml index 2fb26a12480..05a7fd8224a 100644 --- a/test/integration/targets/prepare_http_tests/tasks/default.yml +++ b/test/integration/targets/prepare_http_tests/tasks/default.yml @@ -45,11 +45,20 @@ return_content: true register: cacert_pem - - name: Locate cacert - command: '{{ ansible_python_interpreter }} -c "import ssl; print(ssl.get_default_verify_paths().cafile)"' - register: cafile_path - - - name: Update cacert - blockinfile: - path: "{{ cafile_path.stdout_lines|first }}" - block: "{{ cacert_pem.content }}" + - name: Locate capath + command: '{{ ansible_python_interpreter }} -c "import ssl; print(ssl.get_default_verify_paths().capath)"' + register: capath + + - name: Assert capath is set + assert: + that: capath.stdout + + - name: Add cacert to capath + copy: + content: "{{ cacert_pem.content }}" + dest: "{{ capath.stdout }}/ansible-http-test.pem" + notify: Remove cacert from capath + + - name: Register cacert + command: openssl rehash {{ capath.stdout }} + notify: Unregister cacert