1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/test/integration/targets/acme_account/tasks/main.yml
Felix Fontein d4c16f51be New acme_* integration test using ACME test docker container (#41626)
* Using ACME test container for acme_account integration test.

* Removing dependency on setup_openssl. Waiting for controller and Pebble.

* More tinkering.

* Reducing number of tries.

* One more try.

* Another try.

* Added acme_certificate tests.

* Removed double key.

* Added tests for acme_certificate_revoke.

* Making task names more meaningful (during certificate generation).

* Using newer test container which integrates letsencrypt/pebble#137. Adding test for revoking certificate by its private key.

* Using new version of Pebble which limits the random auth delay.

* Simplifying certificates for revocation tests.

* Reworking acme_certificate tests (there are now more, but they are faster).

* Test whether account_key_content works.

* Preparing TLS-ALPN-01 support.

* Using official Ansible image of testing container on quay.io.

* Bumping version.

* Bumping version of test container to 1.1.0.

* Adjusting to new CI group names.

* Pass ACME simulator IP as playbook variable.

* Let test plugin wait for controller and CA endpoints to become active.

* Refactor common setup parts of tests to setup_acme.

* _ -> dummy

* Moving common obtain-cert.yml to setup_acme.
2018-07-30 11:10:17 -07:00

150 lines
4.7 KiB
YAML

---
- block:
- name: Generate account key
command: openssl ecparam -name prime256v1 -genkey -out {{ output_dir }}/accountkey.pem
- name: Parse account key (to ease debugging some test failures)
command: openssl ec -in {{ output_dir }}/accountkey.pem -noout -text
- name: Do not try to create account
acme_account:
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
state: present
allow_creation: no
ignore_errors: yes
register: account_not_created
- name: Create it now
acme_account:
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
state: present
allow_creation: yes
terms_agreed: yes
contact:
- mailto:example@example.org
register: account_created
- name: Change email address
acme_account:
account_key_content: "{{ lookup('file', output_dir ~ '/accountkey.pem') }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
state: present
# allow_creation: no
contact:
- mailto:example@example.com
register: account_modified
- name: Change email address (idempotent)
acme_account:
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
state: present
# allow_creation: no
contact:
- mailto:example@example.com
register: account_modified_idempotent
- name: Generate new account key
command: openssl ecparam -name secp384r1 -genkey -out {{ output_dir }}/accountkey2.pem
- name: Parse account key (to ease debugging some test failures)
command: openssl ec -in {{ output_dir }}/accountkey2.pem -noout -text
# Note that pebble has no change key endpoint implemented yet!
# When it has (and the container was updated), uncomment the
# uncomment the following tests, and delete the ones below the
# out-commented ones.
# - name: Change account key
# acme_account:
# account_key_src: "{{ output_dir }}/accountkey.pem"
# acme_version: 2
# acme_directory: https://{{ acme_host }}:14000/dir
# validate_certs: no
# new_account_key_src: "{{ output_dir }}/accountkey2.pem"
# state: changed_key
# contact:
# - mailto:example@example.com
# register: account_change_key
# - name: Deactivate account
# acme_account:
# account_key_src: "{{ output_dir }}/accountkey2.pem"
# acme_version: 2
# acme_directory: https://{{ acme_host }}:14000/dir
# validate_certs: no
# state: absent
# register: account_deactivate
# - name: Deactivate account (idempotent)
# acme_account:
# account_key_src: "{{ output_dir }}/accountkey2.pem"
# acme_version: 2
# acme_directory: https://{{ acme_host }}:14000/dir
# validate_certs: no
# state: absent
# register: account_deactivate_idempotent
# - name: Do not try to create account II
# acme_account:
# account_key_src: "{{ output_dir }}/accountkey2.pem"
# acme_version: 2
# acme_directory: https://{{ acme_host }}:14000/dir
# validate_certs: no
# state: present
# allow_creation: no
# ignore_errors: yes
# register: account_not_created_2
# - name: Do not try to create account III
# acme_account:
# account_key_src: "{{ output_dir }}/accountkey.pem"
# acme_version: 2
# acme_directory: https://{{ acme_host }}:14000/dir
# validate_certs: no
# state: present
# allow_creation: no
# ignore_errors: yes
# register: account_not_created_3
- name: Deactivate account
acme_account:
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
state: absent
register: account_deactivate
- name: Deactivate account (idempotent)
acme_account:
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
state: absent
register: account_deactivate_idempotent
- name: Do not try to create account II
acme_account:
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
state: present
allow_creation: no
ignore_errors: yes
register: account_not_created_2
# Old 0.9.8 versions have insufficient CLI support for signing with EC keys
when: openssl_version.stdout is version('1.0.0', '>=')