ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity
community.general/tests/integration/targets/java_keystore/tasks/main.yml
Felix Fontein da0738badf
Improve CI (#3348) (#3352) 
* Remove superfluous test.

* Use remote_temp_dir instead of output_dir on remote.

* Read certificate from correct place.

* Adjust more places.

* Fix boolean.

* Improve cryptography setup.

* Fix java_keystore changes.

* Need to copy binary from remote.

* Use correct Python for serve script.

* Sleep before downloading.

* Use correct Python interpreter.

* Avoid failing shebang test.

* Fix permission error with macOS 11.1.

* Avoid shebang trouble.

(cherry picked from commit 7c43cc3faa)
2021-09-09 08:10:26 +02:00

183 lines
6.8 KiB
YAML
Raw Blame History

---
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
- when: has_java_keytool
block:
- name: Create private keys
community.crypto.openssl_privatekey:
path: "{{ remote_tmp_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
size: 2048 # this should work everywhere
# The following is more efficient, but might not work everywhere:
# type: ECC
# curve: secp384r1
cipher: "{{ 'auto' if item.passphrase is defined else omit }}"
passphrase: "{{ item.passphrase | default(omit) }}"
loop:
- name: cert
- name: cert-pw
passphrase: hunter2
- name: Create CSRs
community.crypto.openssl_csr:
path: "{{ remote_tmp_dir ~ '/' ~ item.name ~ '.csr' }}"
privatekey_path: "{{ remote_tmp_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
privatekey_passphrase: "{{ item.passphrase | default(omit) }}"
commonName: "{{ item.commonName }}"
loop:
- name: cert
commonName: example.com
- name: cert-pw
passphrase: hunter2
commonName: example.com
- name: cert2
keyname: cert
commonName: example.org
- name: cert2-pw
keyname: cert-pw
passphrase: hunter2
commonName: example.org
- name: Create certificates
community.crypto.x509_certificate:
path: "{{ remote_tmp_dir ~ '/' ~ item.name ~ '.pem' }}"
csr_path: "{{ remote_tmp_dir ~ '/' ~ item.name ~ '.csr' }}"
privatekey_path: "{{ remote_tmp_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
privatekey_passphrase: "{{ item.passphrase | default(omit) }}"
provider: selfsigned
loop:
- name: cert
commonName: example.com
- name: cert-pw
passphrase: hunter2
commonName: example.com
- name: cert2
keyname: cert
commonName: example.org
- name: cert2-pw
keyname: cert-pw
passphrase: hunter2
commonName: example.org
- name: Read certificates
slurp:
src: "{{ remote_tmp_dir ~ '/' ~ item.name ~ '.pem' }}"
loop: &create_key_store_loop
- name: cert
- name: cert-pw
passphrase: hunter2
register: certificates
- name: Read certificate keys
slurp:
src: "{{ remote_tmp_dir ~ '/' ~ (item.keyname | d(item.name)) ~ '.key' }}"
loop: *create_key_store_loop
register: certificate_keys
- name: Create a Java key store for the given certificates (check mode)
community.general.java_keystore: &create_key_store_data
name: example
certificate: "{{ certificates.results[loop_index].content | b64decode }}"
private_key: "{{ certificate_keys.results[loop_index].content | b64decode }}"
private_key_passphrase: "{{ item.passphrase | default(omit) }}"
password: changeit
dest: "{{ remote_tmp_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.jks' }}"
loop: *create_key_store_loop
loop_control:
index_var: loop_index
check_mode: yes
register: result_check
- name: Create a Java key store for the given certificates
community.general.java_keystore: *create_key_store_data
loop: *create_key_store_loop
loop_control:
index_var: loop_index
register: result
- name: Create a Java key store for the given certificates (idempotency, check mode)
community.general.java_keystore: *create_key_store_data
loop: *create_key_store_loop
loop_control:
index_var: loop_index
check_mode: yes
register: result_idem_check
- name: Create a Java key store for the given certificates (idempotency)
community.general.java_keystore: *create_key_store_data
loop: *create_key_store_loop
loop_control:
index_var: loop_index
register: result_idem
- name: Read certificates (new)
slurp:
src: "{{ remote_tmp_dir ~ '/' ~ item.name ~ '.pem' }}"
loop: &create_key_store_loop_new_certs
- name: cert2
keyname: cert
- name: cert2-pw
keyname: cert-pw
passphrase: hunter2
register: certificates_new
- name: Read certificate keys (new)
slurp:
src: "{{ remote_tmp_dir ~ '/' ~ (item.keyname | d(item.name)) ~ '.key' }}"
loop: *create_key_store_loop_new_certs
register: certificate_keys_new
- name: Create a Java key store for the given certificates (certificate changed, check mode)
community.general.java_keystore: &create_key_store_data_new_certs
name: example
certificate: "{{ certificates_new.results[loop_index].content | b64decode }}"
private_key: "{{ certificate_keys_new.results[loop_index].content | b64decode }}"
private_key_passphrase: "{{ item.passphrase | default(omit) }}"
password: changeit
dest: "{{ remote_tmp_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.jks' }}"
loop: *create_key_store_loop_new_certs
loop_control:
index_var: loop_index
check_mode: yes
register: result_change_check
- name: Create a Java key store for the given certificates (certificate changed)
community.general.java_keystore: *create_key_store_data_new_certs
loop: *create_key_store_loop_new_certs
loop_control:
index_var: loop_index
register: result_change
- name: Create a Java key store for the given certificates (password changed, check mode)
community.general.java_keystore:
<<: *create_key_store_data_new_certs
password: hunter2
loop: *create_key_store_loop_new_certs
loop_control:
index_var: loop_index
check_mode: yes
register: result_pw_change_check
when: false # FIXME: module currently crashes
- name: Create a Java key store for the given certificates (password changed)
community.general.java_keystore:
<<: *create_key_store_data_new_certs
password: hunter2
loop: *create_key_store_loop_new_certs
loop_control:
index_var: loop_index
register: result_pw_change
when: false # FIXME: module currently crashes
- name: Validate results
assert:
that:
- result is changed
- result_check is changed
- result_idem is not changed
- result_idem_check is not changed
- result_change is changed
- result_change_check is changed
# - result_pw_change is changed # FIXME: module currently crashes
# - result_pw_change_check is changed # FIXME: module currently crashes
View git blame Copy permalink