mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
0648e339a7
keyUsage and extendedKeyUsage are currently statically limited via a static dict defined in modules_utils/crypto.py. If one specify a value that isn't in there, idempotency won't work. Instead of having static dict, we uses keyUsage and extendedKyeUsage values OpenSSL NID and compare those rather than comparing strings. Fixes: https://github.com/ansible/ansible/issues/30316
47 lines
1.4 KiB
YAML
47 lines
1.4 KiB
YAML
- block:
|
|
- name: Generate privatekey
|
|
openssl_privatekey:
|
|
path: '{{ output_dir }}/privatekey.pem'
|
|
|
|
- name: Generate CSR
|
|
openssl_csr:
|
|
path: '{{ output_dir }}/csr.csr'
|
|
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
|
commonName: 'www.ansible.com'
|
|
|
|
# keyUsage longname and shortname should be able to be used
|
|
# interchangeably. Hence the long name is specified here
|
|
# but the short name is used to test idempotency for ipsecuser
|
|
# and vice-versa for biometricInfo
|
|
- name: Generate CSR with KU and XKU
|
|
openssl_csr:
|
|
path: '{{ output_dir }}/csr_ku_xku.csr'
|
|
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
|
commonName: 'www.ansible.com'
|
|
keyUsage:
|
|
- digitalSignature
|
|
- keyAgreement
|
|
extendedKeyUsage:
|
|
- qcStatements
|
|
- DVCS
|
|
- IPSec User
|
|
- biometricInfo
|
|
|
|
- name: Generate CSR with KU and XKU (test idempotency)
|
|
openssl_csr:
|
|
path: '{{ output_dir }}/csr_ku_xku.csr'
|
|
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
|
commonName: 'www.ansible.com'
|
|
keyUsage:
|
|
- digitalSignature
|
|
- keyAgreement
|
|
extendedKeyUsage:
|
|
- ipsecUser
|
|
- qcStatements
|
|
- DVCS
|
|
- Biometric Info
|
|
register: csr_ku_xku
|
|
|
|
- import_tasks: ../tests/validate.yml
|
|
|
|
when: pyopenssl_version.stdout|version_compare('0.15', '>=')
|