mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
89b7e7191f
* java_keystore - improve error handling and returned results * set check_rc=False to return results as documented when module fails * set LANG, LC_ALL and LC_MESSAGES to C to rely keytool output parsing * fix pylint's `no-else-return` and `unused-variable` hints * update related unit tests accordingly * add a changelog fragment update unit test (remove stdout_lines from returned dict) fix unit test: failure is now expected when alias does not exist * Update changelogs/fragments/2183-java_keystore_improve_error_handling.yml Co-authored-by: Felix Fontein <felix@fontein.de> * fix integration test: overwrite keystore at the same location Co-authored-by: Felix Fontein <felix@fontein.de>
137 lines
5.2 KiB
YAML
137 lines
5.2 KiB
YAML
---
|
|
####################################################################
|
|
# WARNING: These are designed specifically for Ansible tests #
|
|
# and should not be used as examples of how to write Ansible roles #
|
|
####################################################################
|
|
- when: has_java_keytool
|
|
block:
|
|
- name: Create private keys
|
|
community.crypto.openssl_privatekey:
|
|
path: "{{ output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
|
|
size: 2048 # this should work everywhere
|
|
# The following is more efficient, but might not work everywhere:
|
|
# type: ECC
|
|
# curve: secp384r1
|
|
cipher: "{{ 'auto' if item.passphrase is defined else omit }}"
|
|
passphrase: "{{ item.passphrase | default(omit) }}"
|
|
loop:
|
|
- name: cert
|
|
- name: cert-pw
|
|
passphrase: hunter2
|
|
|
|
- name: Create CSRs
|
|
community.crypto.openssl_csr:
|
|
path: "{{ output_dir ~ '/' ~ item.name ~ '.csr' }}"
|
|
privatekey_path: "{{ output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
|
|
privatekey_passphrase: "{{ item.passphrase | default(omit) }}"
|
|
commonName: "{{ item.commonName }}"
|
|
loop:
|
|
- name: cert
|
|
commonName: example.com
|
|
- name: cert-pw
|
|
passphrase: hunter2
|
|
commonName: example.com
|
|
- name: cert2
|
|
keyname: cert
|
|
commonName: example.org
|
|
- name: cert2-pw
|
|
keyname: cert-pw
|
|
passphrase: hunter2
|
|
commonName: example.org
|
|
|
|
- name: Create certificates
|
|
community.crypto.x509_certificate:
|
|
path: "{{ output_dir ~ '/' ~ item.name ~ '.pem' }}"
|
|
csr_path: "{{ output_dir ~ '/' ~ item.name ~ '.csr' }}"
|
|
privatekey_path: "{{ output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
|
|
privatekey_passphrase: "{{ item.passphrase | default(omit) }}"
|
|
provider: selfsigned
|
|
loop:
|
|
- name: cert
|
|
commonName: example.com
|
|
- name: cert-pw
|
|
passphrase: hunter2
|
|
commonName: example.com
|
|
- name: cert2
|
|
keyname: cert
|
|
commonName: example.org
|
|
- name: cert2-pw
|
|
keyname: cert-pw
|
|
passphrase: hunter2
|
|
commonName: example.org
|
|
|
|
- name: Create a Java key store for the given certificates (check mode)
|
|
community.general.java_keystore: &create_key_store_data
|
|
name: example
|
|
certificate: "{{ lookup('file', output_dir ~ '/' ~ item.name ~ '.pem') }}"
|
|
private_key: "{{ lookup('file', output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key') }}"
|
|
private_key_passphrase: "{{ item.passphrase | default(omit) }}"
|
|
password: changeit
|
|
dest: "{{ output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.jks' }}"
|
|
loop: &create_key_store_loop
|
|
- name: cert
|
|
- name: cert-pw
|
|
passphrase: hunter2
|
|
check_mode: yes
|
|
register: result_check
|
|
|
|
- name: Create a Java key store for the given certificates
|
|
community.general.java_keystore: *create_key_store_data
|
|
loop: *create_key_store_loop
|
|
register: result
|
|
|
|
- name: Create a Java key store for the given certificates (idempotency, check mode)
|
|
community.general.java_keystore: *create_key_store_data
|
|
loop: *create_key_store_loop
|
|
check_mode: yes
|
|
register: result_idem_check
|
|
|
|
- name: Create a Java key store for the given certificates (idempotency)
|
|
community.general.java_keystore: *create_key_store_data
|
|
loop: *create_key_store_loop
|
|
register: result_idem
|
|
|
|
- name: Create a Java key store for the given certificates (certificate changed, check mode)
|
|
community.general.java_keystore: *create_key_store_data
|
|
loop: &create_key_store_loop_new_certs
|
|
- name: cert2
|
|
keyname: cert
|
|
- name: cert2-pw
|
|
keyname: cert-pw
|
|
passphrase: hunter2
|
|
check_mode: yes
|
|
register: result_change_check
|
|
|
|
- name: Create a Java key store for the given certificates (certificate changed)
|
|
community.general.java_keystore: *create_key_store_data
|
|
loop: *create_key_store_loop_new_certs
|
|
register: result_change
|
|
|
|
- name: Create a Java key store for the given certificates (password changed, check mode)
|
|
community.general.java_keystore:
|
|
<<: *create_key_store_data
|
|
password: hunter2
|
|
loop: *create_key_store_loop_new_certs
|
|
check_mode: yes
|
|
register: result_pw_change_check
|
|
when: false # FIXME: module currently crashes
|
|
|
|
- name: Create a Java key store for the given certificates (password changed)
|
|
community.general.java_keystore:
|
|
<<: *create_key_store_data
|
|
password: hunter2
|
|
loop: *create_key_store_loop_new_certs
|
|
register: result_pw_change
|
|
when: false # FIXME: module currently crashes
|
|
|
|
- name: Validate results
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result_check is changed
|
|
- result_idem is not changed
|
|
- result_idem_check is not changed
|
|
- result_change is changed
|
|
- result_change_check is changed
|
|
# - result_pw_change is changed # FIXME: module currently crashes
|
|
# - result_pw_change_check is changed # FIXME: module currently crashes
|