- name: openssh_cert integration tests
  when: not (ansible_facts['distribution'] == "CentOS" and ansible_facts['distribution_major_version'] == "6")
  block:
  - name: Generate keypair (check mode)
    openssh_keypair:
      path: '{{ output_dir }}/id_key'
      type: rsa
    check_mode: yes
  - name: Generate keypair
    openssh_keypair:
      path: '{{ output_dir }}/id_key'
      type: rsa
  - name: Generate keypair (idempotent)
    openssh_keypair:
      path: '{{ output_dir }}/id_key'
      type: rsa
  - name: Generate keypair (idempotent, check mode)
    openssh_keypair:
      path: '{{ output_dir }}/id_key'
      type: rsa
    check_mode: yes
  - name: Generate always valid cert (check mode)
    openssh_cert:
      type: user
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: always
      valid_to: forever
    check_mode: yes
  - name: Generate always valid cert
    openssh_cert:
      type: user
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: always
      valid_to: forever
  - name: Generate always valid cert (idempotent)
    openssh_cert:
      type: user
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: always
      valid_to: forever
  - name: Generate always valid cert (idempotent, check mode)
    openssh_cert:
      type: user
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: always
      valid_to: forever
    check_mode: yes
  - name: Generate restricted validity cert with valid_at (check mode)
    openssh_cert:
      type: host
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: +0s
      valid_to: +32w
      valid_at: +2w
    check_mode: yes
  - name: Generate restricted validity cert with valid_at
    openssh_cert:
      type: host
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: +0s
      valid_to: +32w
      valid_at: +2w
  - name: Generate restricted validity cert with valid_at (idempotent)
    openssh_cert:
      type: host
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: +0s
      valid_to: +32w
      valid_at: +2w
  - name: Generate restricted validity cert with valid_at (idempotent, check mode)
    openssh_cert:
      type: host
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: +0s
      valid_to: +32w
      valid_at: +2w
    check_mode: yes
  - name: Generate always valid cert only for example.com and examplehost (check mode)
    openssh_cert:
      type: host
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: always
      valid_to: forever
      principals:
          - example.com
          - examplehost
    check_mode: yes
  - name: Generate always valid cert only for example.com and examplehost
    openssh_cert:
      type: host
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: always
      valid_to: forever
      principals:
          - example.com
          - examplehost
  - name: Generate always valid cert only for example.com and examplehost (idempotent)
    openssh_cert:
      type: host
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: always
      valid_to: forever
      principals:
          - example.com
          - examplehost
  - name: Generate always valid cert only for example.com and examplehost (idempotent, check mode)
    openssh_cert:
      type: host
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: always
      valid_to: forever
      principals:
          - example.com
          - examplehost
    check_mode: yes
  - name: Generate always valid cert only for example.com and examplehost (idempotent, switch)
    openssh_cert:
      type: host
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: always
      valid_to: forever
      principals:
          - examplehost
          - example.com
  - name: Generate OpenSSH host Certificate that is valid from 21.1.2001 to 21.1.2019 (check mode)
    openssh_cert:
      type: host
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: "2001-01-21"
      valid_to: "2019-01-21"
    check_mode: yes
  - name: Generate OpenSSH host Certificate that is valid from 21.1.2001 to 21.1.2019
    openssh_cert:
      type: host
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: "2001-01-21"
      valid_to: "2019-01-21"
  - name: Generate OpenSSH host Certificate that is valid from 21.1.2001 to 21.1.2019 (idempotent)
    openssh_cert:
      type: host
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: "2001-01-21"
      valid_to: "2019-01-21"
  - name: Generate OpenSSH host Certificate that is valid from 21.1.2001 to 21.1.2019 (idempotent, check mode)
    openssh_cert:
      type: host
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      valid_from: "2001-01-21"
      valid_to: "2019-01-21"
    check_mode: yes
  - name: Generate an OpenSSH user Certificate with clear and force-command option (check mode)
    openssh_cert:
      type: user
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      options:
          - "clear"
          - "force-command=/tmp/bla/foo"
      valid_from: "2001-01-21"
      valid_to: "2019-01-21"
    check_mode: yes
  - name: Generate an OpenSSH user Certificate with clear and force-command option
    openssh_cert:
      type: user
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      options:
          - "clear"
          - "force-command=/tmp/bla/foo"
      valid_from: "2001-01-21"
      valid_to: "2019-01-21"
  - name: Generate an OpenSSH user Certificate with clear and force-command option (idempotent)
    openssh_cert:
      type: user
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      options:
          - "clear"
          - "force-command=/tmp/bla/foo"
      valid_from: "2001-01-21"
      valid_to: "2019-01-21"
  - name: Generate an OpenSSH user Certificate with clear and force-command option (idempotent, check mode)
    openssh_cert:
      type: user
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      options:
          - "clear"
          - "force-command=/tmp/bla/foo"
      valid_from: "2001-01-21"
      valid_to: "2019-01-21"
    check_mode: yes
  - name: Generate an OpenSSH user Certificate with clear and force-command option (idempotent, switch)
    openssh_cert:
      type: user
      signing_key: '{{ output_dir }}/id_key'
      public_key: '{{ output_dir }}/id_key.pub'
      path: '{{ output_dir }}/id_cert'
      options:
          - "force-command=/tmp/bla/foo"
          - "clear"
      valid_from: "2001-01-21"
      valid_to: "2019-01-21"
  - name: Remove certificate (check mode)
    openssh_cert:
      state: absent
      path: '{{ output_dir }}/id_cert'
      #type: user
      #signing_key: '{{ output_dir }}/id_key'
      #public_key: '{{ output_dir }}/id_key.pub'
      #valid_from: "2001-01-21"
      #valid_to: "2019-01-21"
    check_mode: yes
  - name: Remove certificate
    openssh_cert:
      state: absent
      path: '{{ output_dir }}/id_cert'
      #type: user
      #signing_key: '{{ output_dir }}/id_key'
      #public_key: '{{ output_dir }}/id_key.pub'
      #valid_from: "2001-01-21"
      #valid_to: "2019-01-21"
  - name: Remove certificate (idempotent)
    openssh_cert:
      state: absent
      path: '{{ output_dir }}/id_cert'
      #type: user
      #signing_key: '{{ output_dir }}/id_key'
      #public_key: '{{ output_dir }}/id_key.pub'
      #valid_from: "2001-01-21"
      #valid_to: "2019-01-21"
  - name: Remove certificate (idempotent, check mode)
    openssh_cert:
      state: absent
      path: '{{ output_dir }}/id_cert'
      #type: user
      #signing_key: '{{ output_dir }}/id_key'
      #public_key: '{{ output_dir }}/id_key.pub'
      #valid_from: "2001-01-21"
      #valid_to: "2019-01-21"
    check_mode: yes
  - name: Remove keypair (check mode)
    openssh_keypair:
      path: '{{ output_dir }}/id_key'
      state: absent
    check_mode: yes
  - name: Remove keypair
    openssh_keypair:
      path: '{{ output_dir }}/id_key'
      state: absent
  - name: Remove keypair (idempotent)
    openssh_keypair:
      path: '{{ output_dir }}/id_key'
      state: absent
  - name: Remove keypair (idempotent, check mode)
    openssh_keypair:
      path: '{{ output_dir }}/id_key'
      state: absent
    check_mode: yes