archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
devel
stable-2.18
stable-2.16
stable-2.17
stable-2.14
milestone
stable-2.15
stable-2.12
stable-2.13
stable-2.9
stable-2.11
stable-2.3
stable-2.10
stable-2.8
stable-2.4
stable-2.5
stable-2.6
stable-2.7
temp-2.10-devel
mazer_role_loader
stable-2.2
threading_plus_forking
threading_instead_of_forking
stable-2.1
stable-1.9
stable-2.0
stable-2.0.0.1
stable-2.0-network
release1.8.4
release1.8.3
release1.8.2
release1.8.1
release1.8.0
release1.7.2
release1.7.1
release1.7.0
release1.6.8
release1.6.10
release1.6.9
release1.6.7
release1.6.6
release1.6.5
release1.6.4
release1.6.3
release1.6.2
release1.6.1
release1.6.0
release1.5.5
release1.5.4
release1.5.3
release1.5.2
release1.5.1
release1.5.0
v2.14.3
v2.13.8
v2.14.3rc1
v2.13.8rc1
v2.14.2
v2.14.2rc1
v2.14.1
v2.13.7
v2.13.7rc1
v2.14.1rc1
v2.13.6
v2.14.0
v2.14.0rc2
v2.13.6rc1
v2.14.0rc1
v2.14.0b3
v2.13.5
v2.12.10
v2.14.0b2
v2.13.5rc1
v2.12.10rc1
v2.14.0b1
v2.12.9
v2.13.4
v2.13.4rc1
v2.12.9rc1
v2.13.3
v2.12.8
v2.12.8rc1
v2.13.3rc1
v2.13.2
v2.13.2rc1
v2.12.7
v2.13.1
v2.12.7rc1
v2.13.1rc1
v2.12.6
v2.11.12
v2.12.6rc1
v2.11.12rc1
v2.13.0
v2.13.0rc1
v2.13.0b1
v2.12.5
v2.11.11
v2.12.5rc1
v2.11.11rc1
v2.13.0b0
v2.12.4
v2.11.10
v2.12.4rc1
v2.11.10rc1
v2.11.9
v2.12.3
v2.12.3rc1
v2.11.9rc1
v2.12.2
v2.11.8
v2.10.17
v2.12.2rc1
v2.11.8rc1
v2.10.17rc1
v2.12.1
v2.11.7
v2.10.16
v2.10.16rc1
v2.11.7rc1
v2.12.1rc1
v2.12.0
v2.12.0rc1
v2.12.0b2
v2.11.6
v2.10.15
v2.9.27
v2.9.27rc1
v2.10.15rc1
v2.11.6rc1
v2.12.0b1
v2.11.5
v2.10.14
v2.9.26
v2.11.5rc1
v2.10.14rc1
v2.9.26rc1
v2.11.4
v2.10.13
v2.9.25
v2.9.25rc1
v2.10.13rc1
v2.11.4rc1
v2.11.3
v2.10.12
v2.9.24
v2.11.3rc1
v2.10.12rc1
v2.9.24rc1
v2.9.23
v2.10.11
v2.11.2
v2.11.2rc1
v2.10.11rc1
v2.9.23rc1
v2.11.1
v2.10.10
v2.9.22
v2.9.22rc1
v2.10.10rc1
v2.11.1rc1
v2.10.9
v2.9.21
v2.10.9rc1
v2.9.21rc1
v2.11.0
v2.8.20
v2.9.20
v2.10.8
v2.11.0rc2
v2.8.20rc1
v2.9.20rc1
v2.10.8rc1
v2.11.0rc1
stable-2.11-branchpoint
v2.11.0b4
v2.11.0b3
v2.11.0b2
v2.10.7
v2.9.19
v2.10.7rc1
v2.9.19rc1
v2.11.0b1
v2.8.19
v2.9.18
v2.10.6
v2.8.19rc1
v2.9.18rc1
v2.10.6rc1
v2.9.17
v2.10.5
v2.10.5rc1
v2.9.17rc1
v2.8.18
v2.9.16
v2.10.4
v2.8.18rc1
v2.9.16rc1
v2.10.4rc1
v2.8.17
v2.9.15
v2.10.3
v2.8.17rc1
v2.9.15rc1
v2.10.3rc1
v2.10.2
v2.9.14
v2.8.16
v2.8.16rc1
v2.9.14rc1
v2.10.2rc1
v2.10.1
v2.10.1rc3
v2.10.1rc2
v2.8.15
v2.9.13
v2.10.0
v2.9.12
v2.8.14
v2.10.0rc4
v2.10.0rc3
v2.10.0rc2
v2.10.0rc1
v2.9.11
v2.8.13
v2.9.10
v2.10.0b1
stable-2.10-branchpoint
v2.9.9
v2.7.18
v2.8.12
v2.9.8
v2.9.7
v2.8.11
v2.7.17
pre-ansible-base
v2.8.10
v2.8.9
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.8.8
v2.7.16
v2.9.2
v2.9.1
v2.8.7
v2.7.15
v2.9.0
v2.9.0rc5
v2.8.6
v2.7.14
v2.9.0rc4
v2.6.20
v2.9.0rc3
v2.9.0rc2
v2.9.0rc1
v2.8.5
v2.9.0b1
stable-2.9-branchpoint
v2.6.19
v2.7.13
v2.8.4
v2.8.3
v2.6.18
v2.7.12
v2.8.2
v2.8.1
v2.7.11
v2.6.17
v2.8.0
v2.8.0rc3
v2.8.0rc2
v2.8.0rc1
v2.8.0b1
v2.8.0a1
v2.6.16
v2.7.10
v2.6.15
v2.7.9
v2.7.8
v2.6.14
v2.5.15
v2.7.7
v2.6.13
v2.6.12
v2.7.6
v2.5.14
v2.7.5
v2.6.11
v2.6.10
v2.7.4
v2.5.13
v2.7.3
v2.6.9
v2.5.12
v2.6.8
v2.7.2
v2.6.7
v2.5.11
v2.7.1
v2.6.6
v2.7.0
v2.6.5
v2.7.0rc4
v2.5.10
v2.7.0rc3
v2.7.0rc2
v2.5.9
v2.6.4
v2.7.0rc1
v2.7.0b1
v2.7.0.a1
v2.6.3
v2.5.8
v2.6.2
v2.5.7
v2.6.1
v2.5.6
v2.4.6.0-1
v2.6.0
v2.6.0rc5
v2.6.0rc4
v2.4.5.0-1
v2.6.0rc3
v2.5.5
v2.4.5.0-0.1.rc1
v2.6.0rc2
v2.6.0rc1
v2.5.4
v2.6.0a2
v2.6.0a1
v2.5.3
v2.5.2
v2.5.1
v2.4.4.0-1
v2.4.4.0-0.3.rc2
v2.5.0
v2.5.0rc3
v2.5.0rc2
v2.4.4-0.2.rc1
v2.3.4.0-0.1.rc1
v2.5.0rc1
v2.4.4-0.1.beta1
v2.5.0b1
v2.5.0a1
v2.4.3.0-1
v2.4.3.0-0.6.rc3
v2.4.3.0-0.5.rc2
v2.4.3.0-0.4.rc1
v2.4.3-0.3.beta3
v2.4.3.0-0.2.beta2
v2.3.3.0-1
v2.4.3.0-0.1.beta1
v2.4.2.0-1
v2.4.2.0-0.5.rc1
v2.4.2.0-0.4.beta4
v2.3.3.0-0.3.rc3
v2.4.2.0-0.3.beta3
v2.4.2.0-0.2.beta2
v2.4.2.0-0.1.beta1
v2.4.1.0-1
v2.4.1.0-0.4.rc2
v2.3.3.0-0.2.rc2
v2.4.1.0-0.3.rc1
v2.4.1.0-0.2.beta2
v2.3.3.0-0.1.rc1
v2.4.1.0-0.1.beta1
v2.4.0.0-1
v2.4.0.0-0.5.rc5
v2.4.0.0-0.4.rc4
v2.4.0.0-0.3.rc3
v2.4.0.0-0.2.rc2
v2.4.0.0-0.1.rc1
v2.3.2.0-1
v2.3.2.0-0.5.rc5
v2.3.2.0-0.4.rc4
v2.3.2.0-0.3.rc3
v2.3.2.0-0.2.rc2
v2.3.2.0-0.1.rc1
v2.1.6.0-1
v2.3.1.0-1
v2.3.1.0-0.2.rc2
v2.2.3.0-1
v2.1.6.0-0.1.rc1
v2.3.1.0-0.1.rc1
v2.3.0.0-1
v2.3.0.0-0.6.rc6
v2.3.0.0-0.5.rc5
v2.3.0.0-0.4.rc4
v2.2.3.0-0.1.rc1
v2.3.0.0-0.3.rc3
v2.3.0.0-0.2.rc2
v2.2.2.0-1
v2.1.5.0-1
v2.3.0.0-0.1.rc1
v2.1.5.0-0.2.rc2
v2.2.2.0-0.2.rc2
v2.1.5.0-0.1.rc1
v2.2.2.0-0.1.rc1
v2.1.4.0-1
v2.2.1.0-1
v2.1.4.0-0.3.rc3
v2.2.1.0-0.5.rc5
v2.1.4.0-0.2.rc2
v2.2.1.0-0.4.rc4
v2.1.4.0-0.1.rc1
v2.2.1.0-0.3.rc3
v2.2.1.0-0.2.rc2
v2.2.1.0-0.1.rc1
v2.1.3.0-1
v2.2.0.0-1
v2.2.0.0-0.4.rc4
v2.1.3.0-0.3.rc3
v2.1.3.0-0.2.rc2
v2.2.0.0-0.3.rc3
v2.1.3.0-0.1.rc1
v2.2.0.0-0.2.rc2
v2.2.0.0-0.1.rc1
v2.1.2.0-1
v2.1.2.0-0.5.rc5
v2.1.2.0-0.4.rc4
v2.1.2.0-0.3.rc3
v2.1.2.0-0.2.rc2
v2.1.2.0-0.1.rc1
v2.1.1.0-1
v2.1.1.0-0.5.rc5
v2.1.1.0-0.4.rc4
v2.1.1.0-0.3.rc3
v2.1.1.0-0.2.rc2
v2.1.1.0-0.1.rc1
v2.1.0.0-1
v2.1.0.0-0.4.rc4
v2.1.0.0-0.2.rc2
v2.1.0.0-0.3.rc3
v2.1.0.0-0.1.rc1
v2.0.2.0-1
v1.9.6-1
v2.0.2.0-0.4.rc4
v2.0.2.0-0.3.rc3
v1.9.6-0.1.rc1
v2.0.2.0-0.2.rc2
v2.0.2.0-0.1.rc1
v1.9.5-1
v1.9.5-0.1.rc1
v2.0.1.0-1
v2.0.1.0-0.2.rc2
v2.0.1.0-0.1.rc1
v2.0.0.2-1
v2.0.0.1-1
v2.0.0.0-1
v2.0.0-0.9.rc4
v2.0.0-0.8.rc3
v2.0.0-0.7.rc2
v2.0.0-0.6.rc1
v2.0.0-0.5.beta3
v2.0.0-0.4.beta2
v1.9.4-1
v2.0.0-0.3.beta1
v1.9.4-0.3.rc3
v1.9.4-0.2.rc2
v1.9.4-0.1.rc1
v2.0.0-0.2.alpha2
v1.9.3-1
v2.0.0-0.1.alpha1
v1.9.3-0.3.rc3
v1.9.3-0.2.rc2
v1.9.3-0.1.rc1
v1.9.2-1
v1.9.2-0.2.rc2
v1_last
v1.9.2-0.1.rc1
v1.9.1-1
v1.9.1-0.4.rc4
v1.9.1-0.3.rc3
v1.9.1-0.2.rc2
v1.9.1-0.1.rc1
v1.9.0.1-1
v1.9.0-2
v1.9.0-1
v1.9.0-0.2.rc2
v1.9.0-0.1.rc1
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.2
v1.7.1
v1.7.0
v1.6.10
v1.6.9
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6.0
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.3
v1.2.2
v1.2.1
v1.2
v1.1
v1.0
0.8
0.7.2
0.7
0.6
0.5
0.4.1
0.4
0.3.1
0.3
0.01
0.0.1
0.0.2
0.7.1
v0.9
v2.13.10
v2.13.10rc1
v2.13.11
v2.13.11rc1
v2.13.12
v2.13.12rc1
v2.13.13
v2.13.13rc1
v2.13.9
v2.13.9rc1
v2.14.10
v2.14.10rc1
v2.14.11
v2.14.11rc1
v2.14.12
v2.14.12rc1
v2.14.13
v2.14.14
v2.14.14rc1
v2.14.15
v2.14.15rc1
v2.14.16
v2.14.16rc1
v2.14.17
v2.14.17rc1
v2.14.4
v2.14.4rc1
v2.14.5
v2.14.5rc1
v2.14.6
v2.14.6rc1
v2.14.7
v2.14.7rc1
v2.14.8
v2.14.8rc1
v2.14.9
v2.14.9rc1
v2.15.0
v2.15.0b1
v2.15.0b2
v2.15.0b3
v2.15.0rc1
v2.15.0rc2
v2.15.1
v2.15.10
v2.15.10rc1
v2.15.11
v2.15.11rc1
v2.15.12
v2.15.12rc1
v2.15.1rc1
v2.15.2
v2.15.2rc1
v2.15.3
v2.15.3rc1
v2.15.4
v2.15.4rc1
v2.15.5
v2.15.5rc1
v2.15.6
v2.15.6rc1
v2.15.7
v2.15.7rc1
v2.15.8
v2.15.9
v2.15.9rc1
v2.16.0
v2.16.0b1
v2.16.0b2
v2.16.0rc1
v2.16.1
v2.16.10
v2.16.10rc1
v2.16.11
v2.16.11rc1
v2.16.12
v2.16.12rc1
v2.16.1rc1
v2.16.2
v2.16.3
v2.16.3rc1
v2.16.4
v2.16.4rc1
v2.16.5
v2.16.5rc1
v2.16.6
v2.16.7
v2.16.7rc1
v2.16.8
v2.16.8rc1
v2.16.9
v2.16.9rc1
v2.17.0
v2.17.0b1
v2.17.0rc1
v2.17.0rc2
v2.17.1
v2.17.1rc1
v2.17.2
v2.17.2rc1
v2.17.2rc2
v2.17.3
v2.17.3rc1
v2.17.4
v2.17.4rc1
v2.17.5
v2.17.5rc1
v2.18.0b1
v2.18.0rc1
v2.5.0b2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'dbaa421f9d'
${ noResults }
ansible/test/integration/targets/aws_acm/tasks/full_acm_test.yml

504 lines
18 KiB
YAML
Raw Blame History

- name: AWS ACM integration test
block:
- set_fact:
aws_connection_info: &aws_connection_info
aws_region: "{{ aws_region }}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
security_token: "{{ security_token }}"
no_log: True
# just check this task doesn't fail
# I'm not sure if I can assume there aren't already other certs in this account
- name: list certs
aws_acm_info:
<<: *aws_connection_info
register: list_all
failed_when: list_all.certificates is not defined
- name: ensure absent cert which doesn't exist - first time
aws_acm:
<<: *aws_connection_info
name_tag: "{{ item.name }}"
state: absent
with_items: "{{ local_certs }}"
# just in case it actually existed and was deleted last task
# check we don't fail when deleting nothing
- name: ensure absent cert which doesn't exist - second time
aws_acm:
<<: *aws_connection_info
name_tag: "{{ item.name }}"
state: absent
with_items: "{{ local_certs }}"
register: absent_start_two
failed_when: absent_start_two.changed
- name: list cert which shouldn't exist
aws_acm_info:
<<: *aws_connection_info
tags:
Name: "{{ item.name }}"
register: list_tag
with_items: "{{ local_certs }}"
failed_when: list_tag.certificates | length > 0
- name: check directory was made
assert:
that:
- remote_tmp_dir is defined
# https://github.com/vbotka/ansible-certificate/blob/master/tasks/cert-self-signed.yml
- name: Generate private key for local certs
openssl_privatekey:
path: "{{ item.priv_key }}"
type: RSA
size: 2048 # ACM doesn't work properly with 4096
with_items: "{{ local_certs }}"
- name: Generate an OpenSSL Certificate Signing Request for own certs
openssl_csr:
path: "{{ item.csr }}"
privatekey_path: "{{ item.priv_key }}"
common_name: "{{ item.domain }}"
with_items: "{{ local_certs }}"
- name: Generate a Self Signed OpenSSL certificate for own certs
openssl_certificate:
provider: selfsigned
path: "{{ item.cert }}"
csr_path: "{{ item.csr }}"
privatekey_path: "{{ item.priv_key }}"
signature_algorithms:
- 'sha256WithRSAEncryption'
# - 'sha512WithRSAEncryption'
with_items: "{{ local_certs }}"
# now upload that certificate
- name: upload certificates first time
aws_acm:
name_tag: "{{ item.name }}"
<<: *aws_connection_info
certificate: "{{ lookup('file', item.cert ) }}"
private_key: "{{ lookup('file', item.priv_key ) }}"
state: present
register: upload
with_items: "{{ local_certs }}"
until: upload is succeeded
retries: 5
delay: 10
- assert:
that:
- prev_task.certificate.arn is defined
- ('arn:aws:acm:123' | regex_search( 'arn:aws:acm:' )) is defined # check this works like s.startswith('arn')
- (prev_task.certificate.arn | regex_search( 'arn:aws:acm:' )) is defined
- prev_task.certificate.domain_name == original_cert.domain
- prev_task.changed
with_items: "{{ upload.results }}"
vars:
original_cert: "{{ item.item }}"
prev_task: "{{ item }}"
- name: fetch data about cert just uploaded, by ARN
aws_acm_info:
certificate_arn: "{{ item.certificate.arn }}"
<<: *aws_connection_info
register: fetch_after_up
with_items: "{{ upload.results }}"
- name: check output of prior task (fetch data about cert just uploaded, by ARN)
assert:
that:
- fetch_after_up_result.certificates | length == 1
- fetch_after_up_result.certificates[0].certificate_arn == upload_result.certificate.arn
- fetch_after_up_result.certificates[0].domain_name == original_cert.domain
- (fetch_after_up_result.certificates[0].certificate | replace( ' ', '' ) | replace( '\n', ''))
==
(lookup( 'file', original_cert.cert ) | replace( ' ', '' ) | replace( '\n', '' ))
- "'Name' in fetch_after_up_result.certificates[0].tags"
- fetch_after_up_result.certificates[0].tags['Name'] == original_cert.name
with_items: "{{ fetch_after_up.results }}"
vars:
fetch_after_up_result: "{{ item }}" # corresponding result from task registered as fetch_after_up
upload_result: "{{ item.item }}" # corresponding result from task registered as upload
original_cert: "{{ item.item.item }}"
- name: fetch data about cert just uploaded, by name
aws_acm_info:
tags:
Name: "{{ original_cert.name }}"
<<: *aws_connection_info
register: fetch_after_up_name
with_items: "{{ upload.results }}"
vars:
upload_result: "{{ item }}"
original_cert: "{{ item.item }}"
- name: check fetched data of cert we just uploaded
assert:
that:
- fetch_after_up_name_result.certificates | length == 1
- fetch_after_up_name_result.certificates[0].certificate_arn == upload_result.certificate.arn
- fetch_after_up_name_result.certificates[0].domain_name == original_cert.domain
- (fetch_after_up_name_result.certificates[0].certificate | replace( ' ', '' ) | replace( '\n', ''))
==
(lookup('file', original_cert.cert ) | replace( ' ', '' ) | replace( '\n', ''))
- "'Name' in fetch_after_up_name_result.certificates[0].tags"
- fetch_after_up_name_result.certificates[0].tags['Name'] == original_cert.name
with_items: "{{ fetch_after_up_name.results }}"
vars:
fetch_after_up_name_result: "{{ item }}" # corresponding result from task registered as fetch_after_up_name
upload_result: "{{ item.item }}" # corresponding result from task registered as upload
original_cert: "{{ item.item.item }}"
- name: fetch data about cert just uploaded, by domain name
aws_acm_info:
domain_name: "{{ original_cert.domain }}"
<<: *aws_connection_info
register: fetch_after_up_domain
with_items: "{{ upload.results }}"
vars:
original_cert: "{{ item.item }}"
- name: compare fetched data of cert just uploaded to upload task
assert:
that:
- fetch_after_up_domain_result.certificates | length == 1
- fetch_after_up_domain_result.certificates[0].certificate_arn == upload_result.certificate.arn
- fetch_after_up_domain_result.certificates[0].domain_name == original_cert.domain
- (fetch_after_up_domain_result.certificates[0].certificate | replace( ' ', '' ) | replace( '\n', ''))
==
(lookup('file', original_cert.cert ) | replace( ' ', '' ) | replace( '\n', ''))
- "'Name' in fetch_after_up_domain_result.certificates[0].tags"
- fetch_after_up_domain_result.certificates[0].tags['Name'] == original_cert.name
with_items: "{{ fetch_after_up_domain.results }}"
vars:
fetch_after_up_domain_result: "{{ item }}"
upload_result: "{{ item.item }}"
original_cert: "{{ item.item.item }}"
# now upload that certificate
- name: upload certificates again, check not changed
aws_acm:
name_tag: "{{ item.name }}"
<<: *aws_connection_info
certificate: "{{ lookup('file', item.cert ) }}"
private_key: "{{ lookup('file', item.priv_key ) }}"
state: present
register: upload2
with_items: "{{ local_certs }}"
failed_when: upload2.changed
- name: update first cert with body of the second, first time
aws_acm:
state: present
<<: *aws_connection_info
name_tag: "{{ local_certs[0].name }}"
certificate: "{{ lookup('file', local_certs[1].cert ) }}"
private_key: "{{ lookup('file', local_certs[1].priv_key ) }}"
register: overwrite
- name: check output of previous task (update first cert with body of the second, first time)
assert:
that:
- overwrite.certificate.arn is defined
- overwrite.certificate.arn | regex_search( 'arn:aws:acm:' ) is defined
- overwrite.certificate.arn == upload.results[0].certificate.arn
- overwrite.certificate.domain_name == local_certs[1].domain
- overwrite.changed
- name: check update was sucessfull
aws_acm_info:
tags:
Name: "{{ local_certs[0].name }}"
<<: *aws_connection_info
register: fetch_after_overwrite
- name: check output of update fetch
assert:
that:
- fetch_after_overwrite.certificates | length == 1
- fetch_after_overwrite.certificates[0].certificate_arn == fetch_after_up.results[0].certificates[0].certificate_arn
- fetch_after_overwrite.certificates[0].domain_name == local_certs[1].domain
- (fetch_after_overwrite.certificates[0].certificate | replace( ' ', '' ) | replace( '\n', '')) == (lookup('file', local_certs[1].cert )| replace( ' ', '' ) | replace( '\n', ''))
- "'Name' in fetch_after_overwrite.certificates[0].tags"
- fetch_after_overwrite.certificates[0].tags['Name'] == local_certs[0].name
- name: fetch other cert
aws_acm_info:
tags:
Name: "{{ local_certs[1].name }}"
<<: *aws_connection_info
register: check_after_overwrite
- name: check other cert unaffected
assert:
that:
- check_after_overwrite.certificates | length == 1
- check_after_overwrite.certificates[0].certificate_arn == fetch_after_up.results[1].certificates[0].certificate_arn
- check_after_overwrite.certificates[0].domain_name == local_certs[1].domain
- (check_after_overwrite.certificates[0].certificate | replace( ' ', '' ) | replace( '\n', '')) == (lookup('file', local_certs[1].cert ) | replace( ' ', '' ) | replace( '\n', ''))
- "'Name' in check_after_overwrite.certificates[0].tags"
- check_after_overwrite.certificates[0].tags['Name'] == local_certs[1].name
- name: update first cert with body of the second again
aws_acm:
state: present
<<: *aws_connection_info
name_tag: "{{ local_certs[0].name }}"
certificate: "{{ lookup('file', local_certs[1].cert ) }}"
private_key: "{{ lookup('file', local_certs[1].priv_key ) }}"
register: overwrite2
- name: check output of previous task (update first cert with body of the second again)
assert:
that:
- overwrite2.certificate.arn is defined
- overwrite2.certificate.arn | regex_search( 'arn:aws:acm:' ) is defined
- overwrite2.certificate.arn == upload.results[0].certificate.arn
- overwrite2.certificate.domain_name == local_certs[1].domain
- not overwrite2.changed
- name: delete certs 1 and 2
aws_acm:
<<: *aws_connection_info
state: absent
domain_name: "{{ local_certs[1].domain }}"
register: delete_both
- name: test prev task
assert:
that:
- delete_both.arns is defined
- check_after_overwrite.certificates[0].certificate_arn in delete_both.arns
- upload.results[0].certificate.arn in delete_both.arns
- delete_both.changed
- name: fetch info for certs 1 and 2
aws_acm_info:
<<: *aws_connection_info
tags:
Name: "{{ local_certs[item].name }}"
register: check_del_one
with_items:
- 0
- 1
- name: check certs 1 and 2 were already deleted
with_items: "{{ check_del_one.results }}"
assert:
that: item.certificates | length == 0
- name: check cert 3 not deleted
aws_acm_info:
<<: *aws_connection_info
tags:
Name: "{{ local_certs[2].name }}"
register: check_del_one_remain
failed_when: check_del_one_remain.certificates | length != 1
- name: delete cert 3
aws_acm:
<<: *aws_connection_info
state: absent
domain_name: "{{ local_certs[2].domain }}"
register: delete_third
- name: check cert 3 deletion went as expected
assert:
that:
- delete_third.arns is defined
- delete_third.arns | length == 1
- delete_third.arns[0] == upload.results[2].certificate.arn
- delete_third.changed
- name: check cert 3 was deleted
aws_acm_info:
<<: *aws_connection_info
tags:
Name: "{{ local_certs[2].name }}"
register: check_del_three
failed_when: check_del_three.certificates | length != 0
- name: delete cert 3 again
aws_acm:
<<: *aws_connection_info
state: absent
domain_name: "{{ local_certs[2].domain }}"
register: delete_third
- name: check deletion of cert 3 not changed, because already deleted
assert:
that:
- delete_third.arns is defined
- delete_third.arns | length == 0
- not delete_third.changed
- name: check directory was made
assert:
that:
- remote_tmp_dir is defined
- name: Generate private key for cert to be chained
openssl_privatekey:
path: "{{ chained_cert.priv_key }}"
type: RSA
size: 2048 # ACM doesn't work properly with 4096
- name: Generate two OpenSSL Certificate Signing Requests for cert to be chained
openssl_csr:
path: "{{ item.csr }}"
privatekey_path: "{{ chained_cert.priv_key }}"
common_name: "{{ chained_cert.domain }}"
with_items: "{{ chained_cert.chains }}"
- name: Sign new certs with cert 0 and 1
openssl_certificate:
provider: ownca
path: "{{ item.cert }}"
csr_path: "{{ item.csr }}"
ownca_path: "{{ local_certs[item.ca].cert }}"
ownca_privatekey_path: "{{ local_certs[item.ca].priv_key }}"
signature_algorithms:
- 'sha256WithRSAEncryption'
# - 'sha512WithRSAEncryption'
with_items: "{{ chained_cert.chains }}"
- name: check files exist (for next task)
file:
path: "{{ item }}"
state: file
with_items:
- "{{ local_certs[chained_cert.chains[0].ca].cert }}"
- "{{ local_certs[chained_cert.chains[1].ca].cert }}"
- "{{ chained_cert.chains[0].cert }}"
- "{{ chained_cert.chains[1].cert }}"
- name: Find chains
certificate_complete_chain:
input_chain: "{{ lookup('file', item.cert ) }}"
root_certificates:
- "{{ local_certs[item.ca].cert }}"
with_items: "{{ chained_cert.chains }}"
register: chains
- name: upload chained cert, first chain, first time
aws_acm:
name_tag: "{{ chained_cert.name }}"
<<: *aws_connection_info
certificate: "{{ lookup('file', chained_cert.chains[0].cert ) }}"
certificate_chain: "{{ chains.results[0].complete_chain | join('\n') }}"
private_key: "{{ lookup('file', chained_cert.priv_key ) }}"
state: present
register: upload_chain
failed_when: not upload_chain.changed
- name: fetch chain of cert we just uploaded
aws_acm_info:
<<: *aws_connection_info
tags:
Name: "{{ chained_cert.name }}"
register: check_chain
- name: check chain of cert we just uploaded
assert:
that:
- (check_chain.certificates[0].certificate_chain | replace( ' ', '' ) | replace( '\n', ''))
==
( chains.results[0].complete_chain | join( '\n' ) | replace( ' ', '' ) | replace( '\n', '') )
- (check_chain.certificates[0].certificate | replace( ' ', '' ) | replace( '\n', ''))
==
( lookup('file', chained_cert.chains[0].cert ) | replace( ' ', '' ) | replace( '\n', '') )
- name: upload chained cert again, check not changed
aws_acm:
name_tag: "{{ chained_cert.name }}"
<<: *aws_connection_info
certificate: "{{ lookup('file', chained_cert.chains[0].cert ) }}"
certificate_chain: "{{ chains.results[0].complete_chain | join('\n') }}"
private_key: "{{ lookup('file', chained_cert.priv_key ) }}"
state: present
register: upload_chain_2
- name: check previous task not changed
assert:
that:
- upload_chain_2.certificate.arn == upload_chain.certificate.arn
- not upload_chain_2.changed
- name: upload chained cert, different chain
aws_acm:
name_tag: "{{ chained_cert.name }}"
<<: *aws_connection_info
certificate: "{{ lookup('file', chained_cert.chains[1].cert ) }}"
certificate_chain: "{{ chains.results[1].complete_chain | join('\n') }}"
private_key: "{{ lookup('file', chained_cert.priv_key ) }}"
state: present
register: upload_chain_3
- name: check uploading with different chain is changed
assert:
that:
- upload_chain_3.changed
- upload_chain_3.certificate.arn == upload_chain.certificate.arn
- name: fetch info about chain of cert we just updated
aws_acm_info:
<<: *aws_connection_info
tags:
Name: "{{ chained_cert.name }}"
register: check_chain_2
- name: check chain of cert we just uploaded
assert:
that:
- (check_chain_2.certificates[0].certificate_chain | replace( ' ', '' ) | replace( '\n', ''))
==
( chains.results[1].complete_chain | join( '\n' ) | replace( ' ', '' ) | replace( '\n', '') )
- (check_chain_2.certificates[0].certificate | replace( ' ', '' ) | replace( '\n', ''))
==
( lookup('file', chained_cert.chains[1].cert ) | replace( ' ', '' ) | replace( '\n', '') )
- name: delete chained cert
aws_acm:
name_tag: "{{ chained_cert.name }}"
<<: *aws_connection_info
state: absent
register: delete_chain_3
- name: check deletion of chained cert 3 is changed
assert:
that:
- delete_chain_3.changed
- upload_chain.certificate.arn in delete_chain_3.arns
always:
- name: delete first bunch of certificates
aws_acm:
name_tag: "{{ item.name }}"
<<: *aws_connection_info
state: absent
with_items: "{{ local_certs }}"
ignore_errors: yes
- name: delete chained cert
aws_acm:
state: absent
name_tag: "{{ chained_cert.name }}"
<<: *aws_connection_info
ignore_errors: yes
- name: deleting local directory with test artefacts
file:
path: "{{ remote_tmp_dir }}"
state: directory
ignore_errors: yes
Reference in New Issue View Git Blame Copy Permalink