diff options
author | Felix Fontein <felix@fontein.de> | 2019-08-17 16:02:14 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-08-17 16:02:14 +0200 |
commit | 601a4b8f471ceb27b9bec3ba15f82312059a9d8d (patch) | |
tree | 823685be7c46423b1d0f10780727ee718708ff83 /test/integration/targets/get_certificate | |
parent | 38435e1bd020f2951290abf2495710c375e90d0c (diff) | |
download | ansible-601a4b8f471ceb27b9bec3ba15f82312059a9d8d.tar.gz |
get_certificate: add cryptography backend (#60599)
* Add cryptography backend for get_certificate.
* Add changelog.
* Use short names (if possible).
* Adjust version (to behave as pyOpenSSL).
* Work around bugs (needed for cryptography 1.2.3).
* Don't run cryptography backend tests for CentOS 6.
* Bump cryptography requirement to 1.6 or newer.
Otherwise, signature_algorithm_oid isn't there, either.
* Simplify requirement text.
* CentOS 6 has cryptography 1.9, so we still need to block.
* Add auto-detect test.
* Improve YAML.
Diffstat (limited to 'test/integration/targets/get_certificate')
-rw-r--r-- | test/integration/targets/get_certificate/tasks/main.yml | 39 | ||||
-rw-r--r-- | test/integration/targets/get_certificate/tests/validate.yml | 7 |
2 files changed, 45 insertions, 1 deletions
diff --git a/test/integration/targets/get_certificate/tasks/main.yml b/test/integration/targets/get_certificate/tasks/main.yml index 827b852a84..ac06e1f8bb 100644 --- a/test/integration/targets/get_certificate/tasks/main.yml +++ b/test/integration/targets/get_certificate/tasks/main.yml @@ -1,5 +1,42 @@ +--- - block: - - include_tasks: ../tests/validate.yml + - name: Get servers certificate with backend auto-detection + get_certificate: + host: "{{ httpbin_host }}" + port: 443 + + when: | + pyopenssl_version.stdout is version('0.15', '>=') or + (cryptography_version.stdout is version('1.6', '>=') and (ansible_distribution != 'CentOS' or ansible_distribution_major_version|int > 6)) + +- block: + + - include_tasks: ../tests/validate.yml + vars: + select_crypto_backend: pyopenssl when: pyopenssl_version.stdout is version('0.15', '>=') + +- name: Remove output directory + file: + path: "{{ output_dir }}" + state: absent + +- name: Re-create output directory + file: + path: "{{ output_dir }}" + state: directory + +- block: + + - include_tasks: ../tests/validate.yml + vars: + select_crypto_backend: cryptography + + # The module doesn't work with CentOS 6. Since the pyOpenSSL installed there is too old, + # we never noticed before. This becomes a problem with the new cryptography backend, + # since there is a new enough cryptography version... + when: | + cryptography_version.stdout is version('1.6', '>=') and + (ansible_distribution != 'CentOS' or ansible_distribution_major_version|int > 6) diff --git a/test/integration/targets/get_certificate/tests/validate.yml b/test/integration/targets/get_certificate/tests/validate.yml index b0172e9695..5dec56c83b 100644 --- a/test/integration/targets/get_certificate/tests/validate.yml +++ b/test/integration/targets/get_certificate/tests/validate.yml @@ -1,7 +1,9 @@ +--- - name: Get servers certificate get_certificate: host: "{{ httpbin_host }}" port: 443 + select_crypto_backend: "{{ select_crypto_backend }}" register: result - debug: var=result @@ -18,6 +20,7 @@ get_certificate: host: "{{ httpbin_host }}" port: 80 + select_crypto_backend: "{{ select_crypto_backend }}" register: result ignore_errors: true @@ -33,6 +36,7 @@ host: "{{ httpbin_host }}" port: 1234 timeout: 1 + select_crypto_backend: "{{ select_crypto_backend }}" register: result ignore_errors: true @@ -48,6 +52,7 @@ host: "{{ httpbin_host }}" port: 443 ca_cert: dn.e + select_crypto_backend: "{{ select_crypto_backend }}" register: result ignore_errors: true @@ -68,6 +73,7 @@ ca_cert: '{{ output_dir }}/temp.pem' host: "{{ httpbin_host }}" port: 443 + select_crypto_backend: "{{ select_crypto_backend }}" register: result - assert: @@ -90,6 +96,7 @@ ca_cert: '{{ my_temp_dir.path }}/bogus_ca.pem' host: "{{ httpbin_host }}" port: 443 + select_crypto_backend: "{{ select_crypto_backend }}" register: result ignore_errors: true |