mirror of https://github.com/ansible/ansible.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
298 lines
9.8 KiB
YAML
298 lines
9.8 KiB
YAML
- name: openssh_cert integration tests
|
|
when: not (ansible_facts['distribution'] == "CentOS" and ansible_facts['distribution_major_version'] == "6")
|
|
block:
|
|
- name: Generate keypair (check mode)
|
|
openssh_keypair:
|
|
path: '{{ output_dir }}/id_key'
|
|
type: rsa
|
|
check_mode: yes
|
|
- name: Generate keypair
|
|
openssh_keypair:
|
|
path: '{{ output_dir }}/id_key'
|
|
type: rsa
|
|
- name: Generate keypair (idempotent)
|
|
openssh_keypair:
|
|
path: '{{ output_dir }}/id_key'
|
|
type: rsa
|
|
- name: Generate keypair (idempotent, check mode)
|
|
openssh_keypair:
|
|
path: '{{ output_dir }}/id_key'
|
|
type: rsa
|
|
check_mode: yes
|
|
- name: Generate always valid cert (check mode)
|
|
openssh_cert:
|
|
type: user
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: always
|
|
valid_to: forever
|
|
check_mode: yes
|
|
- name: Generate always valid cert
|
|
openssh_cert:
|
|
type: user
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: always
|
|
valid_to: forever
|
|
- name: Generate always valid cert (idempotent)
|
|
openssh_cert:
|
|
type: user
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: always
|
|
valid_to: forever
|
|
- name: Generate always valid cert (idempotent, check mode)
|
|
openssh_cert:
|
|
type: user
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: always
|
|
valid_to: forever
|
|
check_mode: yes
|
|
- name: Generate restricted validity cert with valid_at (check mode)
|
|
openssh_cert:
|
|
type: host
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: +0s
|
|
valid_to: +32w
|
|
valid_at: +2w
|
|
check_mode: yes
|
|
- name: Generate restricted validity cert with valid_at
|
|
openssh_cert:
|
|
type: host
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: +0s
|
|
valid_to: +32w
|
|
valid_at: +2w
|
|
- name: Generate restricted validity cert with valid_at (idempotent)
|
|
openssh_cert:
|
|
type: host
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: +0s
|
|
valid_to: +32w
|
|
valid_at: +2w
|
|
- name: Generate restricted validity cert with valid_at (idempotent, check mode)
|
|
openssh_cert:
|
|
type: host
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: +0s
|
|
valid_to: +32w
|
|
valid_at: +2w
|
|
check_mode: yes
|
|
- name: Generate always valid cert only for example.com and examplehost (check mode)
|
|
openssh_cert:
|
|
type: host
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: always
|
|
valid_to: forever
|
|
principals:
|
|
- example.com
|
|
- examplehost
|
|
check_mode: yes
|
|
- name: Generate always valid cert only for example.com and examplehost
|
|
openssh_cert:
|
|
type: host
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: always
|
|
valid_to: forever
|
|
principals:
|
|
- example.com
|
|
- examplehost
|
|
- name: Generate always valid cert only for example.com and examplehost (idempotent)
|
|
openssh_cert:
|
|
type: host
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: always
|
|
valid_to: forever
|
|
principals:
|
|
- example.com
|
|
- examplehost
|
|
- name: Generate always valid cert only for example.com and examplehost (idempotent, check mode)
|
|
openssh_cert:
|
|
type: host
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: always
|
|
valid_to: forever
|
|
principals:
|
|
- example.com
|
|
- examplehost
|
|
check_mode: yes
|
|
- name: Generate always valid cert only for example.com and examplehost (idempotent, switch)
|
|
openssh_cert:
|
|
type: host
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: always
|
|
valid_to: forever
|
|
principals:
|
|
- examplehost
|
|
- example.com
|
|
- name: Generate OpenSSH host Certificate that is valid from 21.1.2001 to 21.1.2019 (check mode)
|
|
openssh_cert:
|
|
type: host
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: "2001-01-21"
|
|
valid_to: "2019-01-21"
|
|
check_mode: yes
|
|
- name: Generate OpenSSH host Certificate that is valid from 21.1.2001 to 21.1.2019
|
|
openssh_cert:
|
|
type: host
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: "2001-01-21"
|
|
valid_to: "2019-01-21"
|
|
- name: Generate OpenSSH host Certificate that is valid from 21.1.2001 to 21.1.2019 (idempotent)
|
|
openssh_cert:
|
|
type: host
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: "2001-01-21"
|
|
valid_to: "2019-01-21"
|
|
- name: Generate OpenSSH host Certificate that is valid from 21.1.2001 to 21.1.2019 (idempotent, check mode)
|
|
openssh_cert:
|
|
type: host
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
valid_from: "2001-01-21"
|
|
valid_to: "2019-01-21"
|
|
check_mode: yes
|
|
- name: Generate an OpenSSH user Certificate with clear and force-command option (check mode)
|
|
openssh_cert:
|
|
type: user
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
options:
|
|
- "clear"
|
|
- "force-command=/tmp/bla/foo"
|
|
valid_from: "2001-01-21"
|
|
valid_to: "2019-01-21"
|
|
check_mode: yes
|
|
- name: Generate an OpenSSH user Certificate with clear and force-command option
|
|
openssh_cert:
|
|
type: user
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
options:
|
|
- "clear"
|
|
- "force-command=/tmp/bla/foo"
|
|
valid_from: "2001-01-21"
|
|
valid_to: "2019-01-21"
|
|
- name: Generate an OpenSSH user Certificate with clear and force-command option (idempotent)
|
|
openssh_cert:
|
|
type: user
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
options:
|
|
- "clear"
|
|
- "force-command=/tmp/bla/foo"
|
|
valid_from: "2001-01-21"
|
|
valid_to: "2019-01-21"
|
|
- name: Generate an OpenSSH user Certificate with clear and force-command option (idempotent, check mode)
|
|
openssh_cert:
|
|
type: user
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
options:
|
|
- "clear"
|
|
- "force-command=/tmp/bla/foo"
|
|
valid_from: "2001-01-21"
|
|
valid_to: "2019-01-21"
|
|
check_mode: yes
|
|
- name: Generate an OpenSSH user Certificate with clear and force-command option (idempotent, switch)
|
|
openssh_cert:
|
|
type: user
|
|
signing_key: '{{ output_dir }}/id_key'
|
|
public_key: '{{ output_dir }}/id_key.pub'
|
|
path: '{{ output_dir }}/id_cert'
|
|
options:
|
|
- "force-command=/tmp/bla/foo"
|
|
- "clear"
|
|
valid_from: "2001-01-21"
|
|
valid_to: "2019-01-21"
|
|
- name: Remove certificate (check mode)
|
|
openssh_cert:
|
|
state: absent
|
|
path: '{{ output_dir }}/id_cert'
|
|
#type: user
|
|
#signing_key: '{{ output_dir }}/id_key'
|
|
#public_key: '{{ output_dir }}/id_key.pub'
|
|
#valid_from: "2001-01-21"
|
|
#valid_to: "2019-01-21"
|
|
check_mode: yes
|
|
- name: Remove certificate
|
|
openssh_cert:
|
|
state: absent
|
|
path: '{{ output_dir }}/id_cert'
|
|
#type: user
|
|
#signing_key: '{{ output_dir }}/id_key'
|
|
#public_key: '{{ output_dir }}/id_key.pub'
|
|
#valid_from: "2001-01-21"
|
|
#valid_to: "2019-01-21"
|
|
- name: Remove certificate (idempotent)
|
|
openssh_cert:
|
|
state: absent
|
|
path: '{{ output_dir }}/id_cert'
|
|
#type: user
|
|
#signing_key: '{{ output_dir }}/id_key'
|
|
#public_key: '{{ output_dir }}/id_key.pub'
|
|
#valid_from: "2001-01-21"
|
|
#valid_to: "2019-01-21"
|
|
- name: Remove certificate (idempotent, check mode)
|
|
openssh_cert:
|
|
state: absent
|
|
path: '{{ output_dir }}/id_cert'
|
|
#type: user
|
|
#signing_key: '{{ output_dir }}/id_key'
|
|
#public_key: '{{ output_dir }}/id_key.pub'
|
|
#valid_from: "2001-01-21"
|
|
#valid_to: "2019-01-21"
|
|
check_mode: yes
|
|
- name: Remove keypair (check mode)
|
|
openssh_keypair:
|
|
path: '{{ output_dir }}/id_key'
|
|
state: absent
|
|
check_mode: yes
|
|
- name: Remove keypair
|
|
openssh_keypair:
|
|
path: '{{ output_dir }}/id_key'
|
|
state: absent
|
|
- name: Remove keypair (idempotent)
|
|
openssh_keypair:
|
|
path: '{{ output_dir }}/id_key'
|
|
state: absent
|
|
- name: Remove keypair (idempotent, check mode)
|
|
openssh_keypair:
|
|
path: '{{ output_dir }}/id_key'
|
|
state: absent
|
|
check_mode: yes
|