1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/test/integration/targets/openssl_publickey/tests/validate.yml
Yanis Guenane 32635577a3 openssl_publickey: Do not fail on empty existing file (#33255)
Currently during the check phase, the code considers the file to be
a public key if the file exist - which is not necessarily true.

This commits aims to ensure that the file is actually a publickey else
returns false for the check.
2017-11-25 03:29:06 +00:00

77 lines
2.8 KiB
YAML

- name: Validate public key (test - privatekey modulus)
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem | openssl md5'
register: privatekey_modulus
- name: Validate public key (test - publickey modulus)
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey.pub | openssl md5'
register: publickey_modulus
- name: Validate public key (assert)
assert:
that:
- publickey_modulus.stdout == privatekey_modulus.stdout
- name: Validate public key - OpenSSH format (test - privatekey's publickey)
shell: 'ssh-keygen -y -f {{ output_dir }}/privatekey.pem'
register: privatekey_publickey
when: cryptography_version.stdout|version_compare('1.4.0', '>=')
- name: Validate public key - OpenSSH format (test - publickey)
slurp:
src: '{{ output_dir }}/publickey-ssh.pub'
register: publickey
when: cryptography_version.stdout|version_compare('1.4.0', '>=')
- name: Validate public key - OpenSSH format (assert)
assert:
that:
- privatekey_publickey.stdout == '{{ publickey.content|b64decode }}'
when: cryptography_version.stdout|version_compare('1.4.0', '>=')
- name: Validate publickey2 (test - Ensure key has been removed)
stat:
path: '{{ output_dir }}/publickey2.pub'
register: publickey2
- name: Validate publickey2 (assert - Ensure key has been removed)
assert:
that:
- publickey2.stat.exists == False
- name: Validate publickey3 (test - privatekey modulus)
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey3.pem -passin pass:ansible | openssl md5'
register: privatekey3_modulus
when: openssl_version.stdout|version_compare('0.9.8zh', '>=')
- name: Validate publickey3 (test - publickey modulus)
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey3.pub | openssl md5'
register: publickey3_modulus
when: openssl_version.stdout|version_compare('0.9.8zh', '>=')
- name: Validate publickey3 (assert)
assert:
that:
- publickey3_modulus.stdout == privatekey3_modulus.stdout
when: openssl_version.stdout|version_compare('0.9.8zh', '>=')
- name: Validate publickey3 idempotence (assert)
assert:
that:
- not publickey3_idempotence|changed
- name: Validate publickey4 (test - privatekey modulus)
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem | openssl md5'
register: privatekey4_modulus
when: openssl_version.stdout|version_compare('0.9.8zh', '>=')
- name: Validate publickey4 (test - publickey modulus)
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey4.pub | openssl md5'
register: publickey4_modulus
when: openssl_version.stdout|version_compare('0.9.8zh', '>=')
- name: Validate publickey4 (assert)
assert:
that:
- publickey4_modulus.stdout == privatekey4_modulus.stdout
when: openssl_version.stdout|version_compare('0.9.8zh', '>=')