diff options
author | Felix Fontein <felix@fontein.de> | 2018-07-30 20:10:17 +0200 |
---|---|---|
committer | Matt Clay <matt@mystile.com> | 2018-07-30 11:10:17 -0700 |
commit | d4c16f51be642d1e4d5773a7d48841efc96530fa (patch) | |
tree | 3538b5361a8787fa5c1fcf770ab91ca5cfd38e76 /test/integration/targets/acme_account/tasks | |
parent | c809500c7940d54c7cd320d86508d87e4100d779 (diff) | |
download | ansible-d4c16f51be642d1e4d5773a7d48841efc96530fa.tar.gz |
New acme_* integration test using ACME test docker container (#41626)
* Using ACME test container for acme_account integration test.
* Removing dependency on setup_openssl. Waiting for controller and Pebble.
* More tinkering.
* Reducing number of tries.
* One more try.
* Another try.
* Added acme_certificate tests.
* Removed double key.
* Added tests for acme_certificate_revoke.
* Making task names more meaningful (during certificate generation).
* Using newer test container which integrates letsencrypt/pebble#137. Adding test for revoking certificate by its private key.
* Using new version of Pebble which limits the random auth delay.
* Simplifying certificates for revocation tests.
* Reworking acme_certificate tests (there are now more, but they are faster).
* Test whether account_key_content works.
* Preparing TLS-ALPN-01 support.
* Using official Ansible image of testing container on quay.io.
* Bumping version.
* Bumping version of test container to 1.1.0.
* Adjusting to new CI group names.
* Pass ACME simulator IP as playbook variable.
* Let test plugin wait for controller and CA endpoints to become active.
* Refactor common setup parts of tests to setup_acme.
* _ -> dummy
* Moving common obtain-cert.yml to setup_acme.
Diffstat (limited to 'test/integration/targets/acme_account/tasks')
-rw-r--r-- | test/integration/targets/acme_account/tasks/main.yml | 107 |
1 files changed, 74 insertions, 33 deletions
diff --git a/test/integration/targets/acme_account/tasks/main.yml b/test/integration/targets/acme_account/tasks/main.yml index 83b74d9c86..8879ddce55 100644 --- a/test/integration/targets/acme_account/tasks/main.yml +++ b/test/integration/targets/acme_account/tasks/main.yml @@ -1,7 +1,5 @@ --- - block: - - debug: var=openssl_version.stdout - - name: Generate account key command: openssl ecparam -name prime256v1 -genkey -out {{ output_dir }}/accountkey.pem @@ -12,7 +10,8 @@ acme_account: account_key_src: "{{ output_dir }}/accountkey.pem" acme_version: 2 - acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory + acme_directory: https://{{ acme_host }}:14000/dir + validate_certs: no state: present allow_creation: no ignore_errors: yes @@ -22,7 +21,8 @@ acme_account: account_key_src: "{{ output_dir }}/accountkey.pem" acme_version: 2 - acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory + acme_directory: https://{{ acme_host }}:14000/dir + validate_certs: no state: present allow_creation: yes terms_agreed: yes @@ -32,9 +32,10 @@ - name: Change email address acme_account: - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_content: "{{ lookup('file', output_dir ~ '/accountkey.pem') }}" acme_version: 2 - acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory + acme_directory: https://{{ acme_host }}:14000/dir + validate_certs: no state: present # allow_creation: no contact: @@ -45,7 +46,8 @@ acme_account: account_key_src: "{{ output_dir }}/accountkey.pem" acme_version: 2 - acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory + acme_directory: https://{{ acme_host }}:14000/dir + validate_certs: no state: present # allow_creation: no contact: @@ -58,52 +60,91 @@ - name: Parse account key (to ease debugging some test failures) command: openssl ec -in {{ output_dir }}/accountkey2.pem -noout -text - - name: Change account key - acme_account: - account_key_src: "{{ output_dir }}/accountkey.pem" - acme_version: 2 - acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory - new_account_key_src: "{{ output_dir }}/accountkey2.pem" - state: changed_key - contact: - - mailto:example@example.com - register: account_change_key +# Note that pebble has no change key endpoint implemented yet! +# When it has (and the container was updated), uncomment the +# uncomment the following tests, and delete the ones below the +# out-commented ones. + +# - name: Change account key +# acme_account: +# account_key_src: "{{ output_dir }}/accountkey.pem" +# acme_version: 2 +# acme_directory: https://{{ acme_host }}:14000/dir +# validate_certs: no +# new_account_key_src: "{{ output_dir }}/accountkey2.pem" +# state: changed_key +# contact: +# - mailto:example@example.com +# register: account_change_key + +# - name: Deactivate account +# acme_account: +# account_key_src: "{{ output_dir }}/accountkey2.pem" +# acme_version: 2 +# acme_directory: https://{{ acme_host }}:14000/dir +# validate_certs: no +# state: absent +# register: account_deactivate + +# - name: Deactivate account (idempotent) +# acme_account: +# account_key_src: "{{ output_dir }}/accountkey2.pem" +# acme_version: 2 +# acme_directory: https://{{ acme_host }}:14000/dir +# validate_certs: no +# state: absent +# register: account_deactivate_idempotent + +# - name: Do not try to create account II +# acme_account: +# account_key_src: "{{ output_dir }}/accountkey2.pem" +# acme_version: 2 +# acme_directory: https://{{ acme_host }}:14000/dir +# validate_certs: no +# state: present +# allow_creation: no +# ignore_errors: yes +# register: account_not_created_2 + +# - name: Do not try to create account III +# acme_account: +# account_key_src: "{{ output_dir }}/accountkey.pem" +# acme_version: 2 +# acme_directory: https://{{ acme_host }}:14000/dir +# validate_certs: no +# state: present +# allow_creation: no +# ignore_errors: yes +# register: account_not_created_3 - name: Deactivate account acme_account: - account_key_src: "{{ output_dir }}/accountkey2.pem" + account_key_src: "{{ output_dir }}/accountkey.pem" acme_version: 2 - acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory + acme_directory: https://{{ acme_host }}:14000/dir + validate_certs: no state: absent register: account_deactivate - name: Deactivate account (idempotent) acme_account: - account_key_src: "{{ output_dir }}/accountkey2.pem" + account_key_src: "{{ output_dir }}/accountkey.pem" acme_version: 2 - acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory + acme_directory: https://{{ acme_host }}:14000/dir + validate_certs: no state: absent register: account_deactivate_idempotent - name: Do not try to create account II acme_account: - account_key_src: "{{ output_dir }}/accountkey2.pem" - acme_version: 2 - acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory - state: present - allow_creation: no - ignore_errors: yes - register: account_not_created_2 - - - name: Do not try to create account III - acme_account: account_key_src: "{{ output_dir }}/accountkey.pem" acme_version: 2 - acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory + acme_directory: https://{{ acme_host }}:14000/dir + validate_certs: no state: present allow_creation: no ignore_errors: yes - register: account_not_created_3 + register: account_not_created_2 # Old 0.9.8 versions have insufficient CLI support for signing with EC keys when: openssl_version.stdout is version('1.0.0', '>=') |