mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Add CI tests for java_cert and java_keystore (#1666)
* Try to run java_cert tests in CI. * Forgot to add meta/ * Exclude CentOS 6. * Add basic java_keystore tests. * Forgot that. * Without a CN, keytool always claims 'keystore password was incorrect' (sigh). * Improve/fix tests. Apparently the module cannot handle changed passwords. * Update tests/integration/targets/java_keystore/tasks/main.yml Co-authored-by: Tadej Borovšak <70951+tadeboro@users.noreply.github.com> * More simpliications. * Fix typo. Co-authored-by: Tadej Borovšak <70951+tadeboro@users.noreply.github.com>
This commit is contained in:
parent
1dd5e71cff
commit
b3d3b108bf
11 changed files with 236 additions and 49 deletions
|
@ -1 +1,7 @@
|
||||||
unsupported
|
destructive
|
||||||
|
shippable/posix/group3
|
||||||
|
skip/aix
|
||||||
|
skip/osx
|
||||||
|
skip/macos
|
||||||
|
skip/freebsd
|
||||||
|
needs/root
|
||||||
|
|
2
tests/integration/targets/java_cert/meta/main.yml
Normal file
2
tests/integration/targets/java_cert/meta/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
dependencies:
|
||||||
|
- setup_java_keytool
|
|
@ -3,11 +3,13 @@
|
||||||
# WARNING: These are designed specifically for Ansible tests #
|
# WARNING: These are designed specifically for Ansible tests #
|
||||||
# and should not be used as examples of how to write Ansible roles #
|
# and should not be used as examples of how to write Ansible roles #
|
||||||
####################################################################
|
####################################################################
|
||||||
|
- when: has_java_keytool
|
||||||
|
block:
|
||||||
|
|
||||||
- name: prep pkcs12 file
|
- name: prep pkcs12 file
|
||||||
copy: src="{{ test_pkcs12_path }}" dest="{{output_dir}}/{{ test_pkcs12_path }}"
|
copy: src="{{ test_pkcs12_path }}" dest="{{output_dir}}/{{ test_pkcs12_path }}"
|
||||||
|
|
||||||
- name: import pkcs12
|
- name: import pkcs12
|
||||||
java_cert:
|
java_cert:
|
||||||
pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
|
pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
|
||||||
pkcs12_password: changeit
|
pkcs12_password: changeit
|
||||||
|
@ -18,12 +20,12 @@
|
||||||
keystore_create: yes
|
keystore_create: yes
|
||||||
state: present
|
state: present
|
||||||
register: result_success
|
register: result_success
|
||||||
- name: verify success
|
- name: verify success
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- result_success is successful
|
- result_success is successful
|
||||||
|
|
||||||
- name: import pkcs12 with wrong password
|
- name: import pkcs12 with wrong password
|
||||||
java_cert:
|
java_cert:
|
||||||
pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
|
pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
|
||||||
pkcs12_password: wrong_pass
|
pkcs12_password: wrong_pass
|
||||||
|
@ -36,12 +38,12 @@
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
register: result_wrong_pass
|
register: result_wrong_pass
|
||||||
|
|
||||||
- name: verify fail with wrong import password
|
- name: verify fail with wrong import password
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- result_wrong_pass is failed
|
- result_wrong_pass is failed
|
||||||
|
|
||||||
- name: test fail on mutually exclusive params
|
- name: test fail on mutually exclusive params
|
||||||
java_cert:
|
java_cert:
|
||||||
cert_path: ca.crt
|
cert_path: ca.crt
|
||||||
pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
|
pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
|
||||||
|
@ -52,7 +54,7 @@
|
||||||
state: present
|
state: present
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
register: result_excl_params
|
register: result_excl_params
|
||||||
- name: verify failed exclusive params
|
- name: verify failed exclusive params
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- result_excl_params is failed
|
- result_excl_params is failed
|
||||||
|
|
7
tests/integration/targets/java_keystore/aliases
Normal file
7
tests/integration/targets/java_keystore/aliases
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
destructive
|
||||||
|
shippable/posix/group3
|
||||||
|
skip/aix
|
||||||
|
skip/osx
|
||||||
|
skip/macos
|
||||||
|
skip/freebsd
|
||||||
|
needs/root
|
3
tests/integration/targets/java_keystore/meta/main.yml
Normal file
3
tests/integration/targets/java_keystore/meta/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
dependencies:
|
||||||
|
- setup_java_keytool
|
||||||
|
- setup_openssl
|
137
tests/integration/targets/java_keystore/tasks/main.yml
Normal file
137
tests/integration/targets/java_keystore/tasks/main.yml
Normal file
|
@ -0,0 +1,137 @@
|
||||||
|
---
|
||||||
|
####################################################################
|
||||||
|
# WARNING: These are designed specifically for Ansible tests #
|
||||||
|
# and should not be used as examples of how to write Ansible roles #
|
||||||
|
####################################################################
|
||||||
|
- when: has_java_keytool
|
||||||
|
block:
|
||||||
|
- name: Create private keys
|
||||||
|
community.crypto.openssl_privatekey:
|
||||||
|
path: "{{ output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
|
||||||
|
size: 2048 # this should work everywhere
|
||||||
|
# The following is more efficient, but might not work everywhere:
|
||||||
|
# type: ECC
|
||||||
|
# curve: secp384r1
|
||||||
|
cipher: "{{ 'auto' if item.passphrase is defined else omit }}"
|
||||||
|
passphrase: "{{ item.passphrase | default(omit) }}"
|
||||||
|
loop:
|
||||||
|
- name: cert
|
||||||
|
- name: cert-pw
|
||||||
|
passphrase: hunter2
|
||||||
|
|
||||||
|
- name: Create CSRs
|
||||||
|
community.crypto.openssl_csr:
|
||||||
|
path: "{{ output_dir ~ '/' ~ item.name ~ '.csr' }}"
|
||||||
|
privatekey_path: "{{ output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
|
||||||
|
privatekey_passphrase: "{{ item.passphrase | default(omit) }}"
|
||||||
|
commonName: "{{ item.commonName }}"
|
||||||
|
loop:
|
||||||
|
- name: cert
|
||||||
|
commonName: example.com
|
||||||
|
- name: cert-pw
|
||||||
|
passphrase: hunter2
|
||||||
|
commonName: example.com
|
||||||
|
- name: cert2
|
||||||
|
keyname: cert
|
||||||
|
commonName: example.org
|
||||||
|
- name: cert2-pw
|
||||||
|
keyname: cert-pw
|
||||||
|
passphrase: hunter2
|
||||||
|
commonName: example.org
|
||||||
|
|
||||||
|
- name: Create certificates
|
||||||
|
community.crypto.x509_certificate:
|
||||||
|
path: "{{ output_dir ~ '/' ~ item.name ~ '.pem' }}"
|
||||||
|
csr_path: "{{ output_dir ~ '/' ~ item.name ~ '.csr' }}"
|
||||||
|
privatekey_path: "{{ output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
|
||||||
|
privatekey_passphrase: "{{ item.passphrase | default(omit) }}"
|
||||||
|
provider: selfsigned
|
||||||
|
loop:
|
||||||
|
- name: cert
|
||||||
|
commonName: example.com
|
||||||
|
- name: cert-pw
|
||||||
|
passphrase: hunter2
|
||||||
|
commonName: example.com
|
||||||
|
- name: cert2
|
||||||
|
keyname: cert
|
||||||
|
commonName: example.org
|
||||||
|
- name: cert2-pw
|
||||||
|
keyname: cert-pw
|
||||||
|
passphrase: hunter2
|
||||||
|
commonName: example.org
|
||||||
|
|
||||||
|
- name: Create a Java key store for the given certificates (check mode)
|
||||||
|
community.general.java_keystore: &create_key_store_data
|
||||||
|
name: example
|
||||||
|
certificate: "{{lookup('file', output_dir ~ '/' ~ item.name ~ '.pem') }}"
|
||||||
|
private_key: "{{lookup('file', output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key') }}"
|
||||||
|
private_key_passphrase: "{{ item.passphrase | default(omit) }}"
|
||||||
|
password: changeit
|
||||||
|
dest: "{{ output_dir ~ '/' ~ item.name ~ '.jks' }}"
|
||||||
|
loop: &create_key_store_loop
|
||||||
|
- name: cert
|
||||||
|
- name: cert-pw
|
||||||
|
passphrase: hunter2
|
||||||
|
check_mode: yes
|
||||||
|
register: result_check
|
||||||
|
|
||||||
|
- name: Create a Java key store for the given certificates
|
||||||
|
community.general.java_keystore: *create_key_store_data
|
||||||
|
loop: *create_key_store_loop
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: Create a Java key store for the given certificates (idempotency, check mode)
|
||||||
|
community.general.java_keystore: *create_key_store_data
|
||||||
|
loop: *create_key_store_loop
|
||||||
|
check_mode: yes
|
||||||
|
register: result_idem_check
|
||||||
|
|
||||||
|
- name: Create a Java key store for the given certificates (idempotency)
|
||||||
|
community.general.java_keystore: *create_key_store_data
|
||||||
|
loop: *create_key_store_loop
|
||||||
|
register: result_idem
|
||||||
|
|
||||||
|
- name: Create a Java key store for the given certificates (certificate changed, check mode)
|
||||||
|
community.general.java_keystore: *create_key_store_data
|
||||||
|
loop: &create_key_store_loop_new_certs
|
||||||
|
- name: cert2
|
||||||
|
keyname: cert
|
||||||
|
- name: cert2-pw
|
||||||
|
keyname: cert-pw
|
||||||
|
passphrase: hunter2
|
||||||
|
check_mode: yes
|
||||||
|
register: result_change_check
|
||||||
|
|
||||||
|
- name: Create a Java key store for the given certificates (certificate changed)
|
||||||
|
community.general.java_keystore: *create_key_store_data
|
||||||
|
loop: *create_key_store_loop_new_certs
|
||||||
|
register: result_change
|
||||||
|
|
||||||
|
- name: Create a Java key store for the given certificates (password changed, check mode)
|
||||||
|
community.general.java_keystore:
|
||||||
|
<<: *create_key_store_data
|
||||||
|
password: hunter2
|
||||||
|
loop: *create_key_store_loop_new_certs
|
||||||
|
check_mode: yes
|
||||||
|
register: result_pw_change_check
|
||||||
|
when: false # FIXME: module currently crashes
|
||||||
|
|
||||||
|
- name: Create a Java key store for the given certificates (password changed)
|
||||||
|
community.general.java_keystore:
|
||||||
|
<<: *create_key_store_data
|
||||||
|
password: hunter2
|
||||||
|
loop: *create_key_store_loop_new_certs
|
||||||
|
register: result_pw_change
|
||||||
|
when: false # FIXME: module currently crashes
|
||||||
|
|
||||||
|
- name: Validate results
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- result is changed
|
||||||
|
- result_check is changed
|
||||||
|
- result_idem is not changed
|
||||||
|
- result_idem_check is not changed
|
||||||
|
- result_change is changed
|
||||||
|
- result_change_check is changed
|
||||||
|
# - result_pw_change is changed # FIXME: module currently crashes
|
||||||
|
# - result_pw_change_check is changed # FIXME: module currently crashes
|
|
@ -0,0 +1,3 @@
|
||||||
|
dependencies:
|
||||||
|
- setup_remote_constraints
|
||||||
|
- setup_pkg_mgr
|
21
tests/integration/targets/setup_java_keytool/tasks/main.yml
Normal file
21
tests/integration/targets/setup_java_keytool/tasks/main.yml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
####################################################################
|
||||||
|
# WARNING: These are designed specifically for Ansible tests #
|
||||||
|
# and should not be used as examples of how to write Ansible roles #
|
||||||
|
####################################################################
|
||||||
|
- set_fact:
|
||||||
|
has_java_keytool: >-
|
||||||
|
{{
|
||||||
|
ansible_os_family not in ['Darwin', 'FreeBSD']
|
||||||
|
and not (ansible_distribution == "CentOS" and ansible_distribution_version is version("7.0", "<"))
|
||||||
|
}}
|
||||||
|
|
||||||
|
- name: Include OS-specific variables
|
||||||
|
include_vars: '{{ ansible_os_family }}.yml'
|
||||||
|
when: has_java_keytool
|
||||||
|
|
||||||
|
- name: Install keytool
|
||||||
|
package:
|
||||||
|
name: '{{ keytool_package_name }}'
|
||||||
|
become: true
|
||||||
|
when: has_java_keytool
|
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
keytool_package_name: ca-certificates-java
|
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
keytool_package_name: java-11-openjdk-headless
|
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
keytool_package_name: java-11-openjdk-headless
|
Loading…
Reference in a new issue