1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/tests/integration/targets/java_keystore/tasks/main.yml
patchback[bot] cc3fefd325
Add CI tests for java_cert and java_keystore (#1666) (#1672)
* Try to run java_cert tests in CI.

* Forgot to add meta/

* Exclude CentOS 6.

* Add basic java_keystore tests.

* Forgot that.

* Without a CN, keytool always claims 'keystore password was incorrect' (sigh).

* Improve/fix tests.
Apparently the module cannot handle changed passwords.

* Update tests/integration/targets/java_keystore/tasks/main.yml

Co-authored-by: Tadej Borovšak <70951+tadeboro@users.noreply.github.com>

* More simpliications.

* Fix typo.

Co-authored-by: Tadej Borovšak <70951+tadeboro@users.noreply.github.com>
(cherry picked from commit b3d3b108bf)

Co-authored-by: Felix Fontein <felix@fontein.de>
2021-01-24 17:46:20 +01:00

137 lines
5.2 KiB
YAML

---
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
- when: has_java_keytool
block:
- name: Create private keys
community.crypto.openssl_privatekey:
path: "{{ output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
size: 2048 # this should work everywhere
# The following is more efficient, but might not work everywhere:
# type: ECC
# curve: secp384r1
cipher: "{{ 'auto' if item.passphrase is defined else omit }}"
passphrase: "{{ item.passphrase | default(omit) }}"
loop:
- name: cert
- name: cert-pw
passphrase: hunter2
- name: Create CSRs
community.crypto.openssl_csr:
path: "{{ output_dir ~ '/' ~ item.name ~ '.csr' }}"
privatekey_path: "{{ output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
privatekey_passphrase: "{{ item.passphrase | default(omit) }}"
commonName: "{{ item.commonName }}"
loop:
- name: cert
commonName: example.com
- name: cert-pw
passphrase: hunter2
commonName: example.com
- name: cert2
keyname: cert
commonName: example.org
- name: cert2-pw
keyname: cert-pw
passphrase: hunter2
commonName: example.org
- name: Create certificates
community.crypto.x509_certificate:
path: "{{ output_dir ~ '/' ~ item.name ~ '.pem' }}"
csr_path: "{{ output_dir ~ '/' ~ item.name ~ '.csr' }}"
privatekey_path: "{{ output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
privatekey_passphrase: "{{ item.passphrase | default(omit) }}"
provider: selfsigned
loop:
- name: cert
commonName: example.com
- name: cert-pw
passphrase: hunter2
commonName: example.com
- name: cert2
keyname: cert
commonName: example.org
- name: cert2-pw
keyname: cert-pw
passphrase: hunter2
commonName: example.org
- name: Create a Java key store for the given certificates (check mode)
community.general.java_keystore: &create_key_store_data
name: example
certificate: "{{lookup('file', output_dir ~ '/' ~ item.name ~ '.pem') }}"
private_key: "{{lookup('file', output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key') }}"
private_key_passphrase: "{{ item.passphrase | default(omit) }}"
password: changeit
dest: "{{ output_dir ~ '/' ~ item.name ~ '.jks' }}"
loop: &create_key_store_loop
- name: cert
- name: cert-pw
passphrase: hunter2
check_mode: yes
register: result_check
- name: Create a Java key store for the given certificates
community.general.java_keystore: *create_key_store_data
loop: *create_key_store_loop
register: result
- name: Create a Java key store for the given certificates (idempotency, check mode)
community.general.java_keystore: *create_key_store_data
loop: *create_key_store_loop
check_mode: yes
register: result_idem_check
- name: Create a Java key store for the given certificates (idempotency)
community.general.java_keystore: *create_key_store_data
loop: *create_key_store_loop
register: result_idem
- name: Create a Java key store for the given certificates (certificate changed, check mode)
community.general.java_keystore: *create_key_store_data
loop: &create_key_store_loop_new_certs
- name: cert2
keyname: cert
- name: cert2-pw
keyname: cert-pw
passphrase: hunter2
check_mode: yes
register: result_change_check
- name: Create a Java key store for the given certificates (certificate changed)
community.general.java_keystore: *create_key_store_data
loop: *create_key_store_loop_new_certs
register: result_change
- name: Create a Java key store for the given certificates (password changed, check mode)
community.general.java_keystore:
<<: *create_key_store_data
password: hunter2
loop: *create_key_store_loop_new_certs
check_mode: yes
register: result_pw_change_check
when: false # FIXME: module currently crashes
- name: Create a Java key store for the given certificates (password changed)
community.general.java_keystore:
<<: *create_key_store_data
password: hunter2
loop: *create_key_store_loop_new_certs
register: result_pw_change
when: false # FIXME: module currently crashes
- name: Validate results
assert:
that:
- result is changed
- result_check is changed
- result_idem is not changed
- result_idem_check is not changed
- result_change is changed
- result_change_check is changed
# - result_pw_change is changed # FIXME: module currently crashes
# - result_pw_change_check is changed # FIXME: module currently crashes