mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
d4c16f51be
* Using ACME test container for acme_account integration test. * Removing dependency on setup_openssl. Waiting for controller and Pebble. * More tinkering. * Reducing number of tries. * One more try. * Another try. * Added acme_certificate tests. * Removed double key. * Added tests for acme_certificate_revoke. * Making task names more meaningful (during certificate generation). * Using newer test container which integrates letsencrypt/pebble#137. Adding test for revoking certificate by its private key. * Using new version of Pebble which limits the random auth delay. * Simplifying certificates for revocation tests. * Reworking acme_certificate tests (there are now more, but they are faster). * Test whether account_key_content works. * Preparing TLS-ALPN-01 support. * Using official Ansible image of testing container on quay.io. * Bumping version. * Bumping version of test container to 1.1.0. * Adjusting to new CI group names. * Pass ACME simulator IP as playbook variable. * Let test plugin wait for controller and CA endpoints to become active. * Refactor common setup parts of tests to setup_acme. * _ -> dummy * Moving common obtain-cert.yml to setup_acme.
150 lines
4.7 KiB
YAML
150 lines
4.7 KiB
YAML
---
|
|
- block:
|
|
- name: Generate account key
|
|
command: openssl ecparam -name prime256v1 -genkey -out {{ output_dir }}/accountkey.pem
|
|
|
|
- name: Parse account key (to ease debugging some test failures)
|
|
command: openssl ec -in {{ output_dir }}/accountkey.pem -noout -text
|
|
|
|
- name: Do not try to create account
|
|
acme_account:
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
allow_creation: no
|
|
ignore_errors: yes
|
|
register: account_not_created
|
|
|
|
- name: Create it now
|
|
acme_account:
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
allow_creation: yes
|
|
terms_agreed: yes
|
|
contact:
|
|
- mailto:example@example.org
|
|
register: account_created
|
|
|
|
- name: Change email address
|
|
acme_account:
|
|
account_key_content: "{{ lookup('file', output_dir ~ '/accountkey.pem') }}"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
# allow_creation: no
|
|
contact:
|
|
- mailto:example@example.com
|
|
register: account_modified
|
|
|
|
- name: Change email address (idempotent)
|
|
acme_account:
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
# allow_creation: no
|
|
contact:
|
|
- mailto:example@example.com
|
|
register: account_modified_idempotent
|
|
|
|
- name: Generate new account key
|
|
command: openssl ecparam -name secp384r1 -genkey -out {{ output_dir }}/accountkey2.pem
|
|
|
|
- name: Parse account key (to ease debugging some test failures)
|
|
command: openssl ec -in {{ output_dir }}/accountkey2.pem -noout -text
|
|
|
|
# Note that pebble has no change key endpoint implemented yet!
|
|
# When it has (and the container was updated), uncomment the
|
|
# uncomment the following tests, and delete the ones below the
|
|
# out-commented ones.
|
|
|
|
# - name: Change account key
|
|
# acme_account:
|
|
# account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
# acme_version: 2
|
|
# acme_directory: https://{{ acme_host }}:14000/dir
|
|
# validate_certs: no
|
|
# new_account_key_src: "{{ output_dir }}/accountkey2.pem"
|
|
# state: changed_key
|
|
# contact:
|
|
# - mailto:example@example.com
|
|
# register: account_change_key
|
|
|
|
# - name: Deactivate account
|
|
# acme_account:
|
|
# account_key_src: "{{ output_dir }}/accountkey2.pem"
|
|
# acme_version: 2
|
|
# acme_directory: https://{{ acme_host }}:14000/dir
|
|
# validate_certs: no
|
|
# state: absent
|
|
# register: account_deactivate
|
|
|
|
# - name: Deactivate account (idempotent)
|
|
# acme_account:
|
|
# account_key_src: "{{ output_dir }}/accountkey2.pem"
|
|
# acme_version: 2
|
|
# acme_directory: https://{{ acme_host }}:14000/dir
|
|
# validate_certs: no
|
|
# state: absent
|
|
# register: account_deactivate_idempotent
|
|
|
|
# - name: Do not try to create account II
|
|
# acme_account:
|
|
# account_key_src: "{{ output_dir }}/accountkey2.pem"
|
|
# acme_version: 2
|
|
# acme_directory: https://{{ acme_host }}:14000/dir
|
|
# validate_certs: no
|
|
# state: present
|
|
# allow_creation: no
|
|
# ignore_errors: yes
|
|
# register: account_not_created_2
|
|
|
|
# - name: Do not try to create account III
|
|
# acme_account:
|
|
# account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
# acme_version: 2
|
|
# acme_directory: https://{{ acme_host }}:14000/dir
|
|
# validate_certs: no
|
|
# state: present
|
|
# allow_creation: no
|
|
# ignore_errors: yes
|
|
# register: account_not_created_3
|
|
|
|
- name: Deactivate account
|
|
acme_account:
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: absent
|
|
register: account_deactivate
|
|
|
|
- name: Deactivate account (idempotent)
|
|
acme_account:
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: absent
|
|
register: account_deactivate_idempotent
|
|
|
|
- name: Do not try to create account II
|
|
acme_account:
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
allow_creation: no
|
|
ignore_errors: yes
|
|
register: account_not_created_2
|
|
|
|
# Old 0.9.8 versions have insufficient CLI support for signing with EC keys
|
|
when: openssl_version.stdout is version('1.0.0', '>=')
|