1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/test/integration/targets/openssl_publickey/tasks/main.yml
Felix Fontein 90c067e947 openssl_* modules: private key errors (#54088)
* Improve error handling, in particular with respect to private key loading problems.

* Add tests to validate that modules regenerate invalid input and don't crash.

* Don't crash when input is invalid.

* Create 'better' broken input.

* Fix paths.

* Simplifying pyOpenSSL error handling.
2019-03-30 14:28:10 +01:00

123 lines
4.3 KiB
YAML

---
- block:
- name: Generate privatekey
openssl_privatekey:
path: '{{ output_dir }}/privatekey.pem'
- name: Generate publickey - PEM format
openssl_publickey:
path: '{{ output_dir }}/publickey.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
- name: Generate publickey - OpenSSH format
openssl_publickey:
path: '{{ output_dir }}/publickey-ssh.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
format: OpenSSH
# cryptography.hazmat.primitives import serialization.Encoding.OpenSSH and
# cryptography.hazmat.primitives import serialization.PublicFormat.OpenSSH constants
# appeared in version 1.4 of cryptography
when: cryptography_version.stdout is version('1.4.0', '>=')
- name: Generate publickey - OpenSSH format - test idempotence (issue 33256)
openssl_publickey:
path: '{{ output_dir }}/publickey-ssh.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
format: OpenSSH
when: cryptography_version.stdout is version('1.4.0', '>=')
register: publickey_ssh_idempotence
- name: Generate publickey2 - standard
openssl_publickey:
path: '{{ output_dir }}/publickey2.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
- name: Delete publickey2 - standard
openssl_publickey:
state: absent
path: '{{ output_dir }}/publickey2.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
- name: Generate privatekey3 - with passphrase
openssl_privatekey:
path: '{{ output_dir }}/privatekey3.pem'
passphrase: ansible
cipher: aes256
- name: Generate publickey3 - with passphrase protected privatekey
openssl_publickey:
path: '{{ output_dir }}/publickey3.pub'
privatekey_path: '{{ output_dir }}/privatekey3.pem'
privatekey_passphrase: ansible
- name: Generate publickey3 - with passphrase protected privatekey - idempotence
openssl_publickey:
path: '{{ output_dir }}/publickey3.pub'
privatekey_path: '{{ output_dir }}/privatekey3.pem'
privatekey_passphrase: ansible
register: publickey3_idempotence
- name: Generate empty file that will hold a public key (issue 33072)
file:
path: '{{ output_dir }}/publickey4.pub'
state: touch
- name: Generate publickey in empty existing file (issue 33072)
openssl_publickey:
path: '{{ output_dir }}/publickey4.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
- name: Generate privatekey 5 (ECC)
openssl_privatekey:
path: '{{ output_dir }}/privatekey5.pem'
type: ECC
curve: secp256k1
- name: Generate publickey 5 - PEM format
openssl_publickey:
path: '{{ output_dir }}/publickey5.pub'
privatekey_path: '{{ output_dir }}/privatekey5.pem'
- name: Generate privatekey with password
openssl_privatekey:
path: '{{ output_dir }}/privatekeypw.pem'
passphrase: hunter2
cipher: auto
select_crypto_backend: cryptography
- name: Generate publickey - PEM format (failed passphrase 1)
openssl_publickey:
path: '{{ output_dir }}/publickey_pw1.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
privatekey_passphrase: hunter2
ignore_errors: yes
register: passphrase_error_1
- name: Generate publickey - PEM format (failed passphrase 2)
openssl_publickey:
path: '{{ output_dir }}/publickey_pw2.pub'
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
privatekey_passphrase: wrong_password
ignore_errors: yes
register: passphrase_error_2
- name: Generate publickey - PEM format (failed passphrase 3)
openssl_publickey:
path: '{{ output_dir }}/publickey_pw3.pub'
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
ignore_errors: yes
register: passphrase_error_3
- name: Create broken key
copy:
dest: "{{ output_dir }}/publickeybroken.pub"
content: "broken"
- name: Regenerate broken key
openssl_publickey:
path: '{{ output_dir }}/publickeybroken.pub'
privatekey_path: '{{ output_dir }}/privatekey5.pem'
register: output_broken
- import_tasks: ../tests/validate.yml
when: pyopenssl_version.stdout is version('16.0.0', '>=')