mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
0648e339a7
keyUsage and extendedKeyUsage are currently statically limited via a static dict defined in modules_utils/crypto.py. If one specify a value that isn't in there, idempotency won't work. Instead of having static dict, we uses keyUsage and extendedKyeUsage values OpenSSL NID and compare those rather than comparing strings. Fixes: https://github.com/ansible/ansible/issues/30316
22 lines
746 B
YAML
22 lines
746 B
YAML
- name: Validate CSR (test - privatekey modulus)
|
|
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem | openssl md5'
|
|
register: privatekey_modulus
|
|
|
|
- name: Validate CSR (test - Common Name)
|
|
shell: "openssl req -noout -subject -in {{ output_dir }}/csr.csr -nameopt oneline,-space_eq"
|
|
register: csr_cn
|
|
|
|
- name: Validate CSR (test - csr modulus)
|
|
shell: 'openssl req -noout -modulus -in {{ output_dir }}/csr.csr | openssl md5'
|
|
register: csr_modulus
|
|
|
|
- name: Validate CSR (assert)
|
|
assert:
|
|
that:
|
|
- csr_cn.stdout.split('=')[-1] == 'www.ansible.com'
|
|
- csr_modulus.stdout == privatekey_modulus.stdout
|
|
|
|
- name: Validate CSR_KU_XKU (assert idempotency)
|
|
assert:
|
|
that:
|
|
- csr_ku_xku.changed == False
|