diff options
| author | Jakob Ackermann <das7pad@outlook.com> | 2019-04-01 13:18:33 +0200 |
|---|---|---|
| committer | John R Barker <john@johnrbarker.com> | 2019-04-01 12:18:33 +0100 |
| commit | 21c8650180f3ad5fd248a24a116a672805ce4dce (patch) | |
| tree | 4a376edb544ff922a68890222d705e6db35d4ed0 /test/integration/targets/openssh_cert | |
| parent | fa47bed71c66ef67efafca1a240fe22bee631a02 (diff) | |
| download | ansible-21c8650180f3ad5fd248a24a116a672805ce4dce.tar.gz | |
openssh_cert: add serial_number param (#54653)
* [openssh_cert] cleanup the returned certificate info
- Drop the certificate path - it is already present in rc.filename.
- Drop the leading whitespace for all lines.
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [openssh_cert] add support for a certificate serial number
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [openssh_cert] fix lint error
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [openssh_cert] drop explicit default value
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [openssh_cert] enforce the specified or missing serial number
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [openssh_cert] passing no explicit serial number ignores any present one
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
Diffstat (limited to 'test/integration/targets/openssh_cert')
| -rw-r--r-- | test/integration/targets/openssh_cert/tasks/main.yml | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/test/integration/targets/openssh_cert/tasks/main.yml b/test/integration/targets/openssh_cert/tasks/main.yml index feae638c47..5e4606b9c6 100644 --- a/test/integration/targets/openssh_cert/tasks/main.yml +++ b/test/integration/targets/openssh_cert/tasks/main.yml @@ -239,6 +239,117 @@ - "clear" valid_from: "2001-01-21" valid_to: "2019-01-21" + - name: Generate cert without serial + openssh_cert: + type: user + signing_key: '{{ output_dir }}/id_key' + public_key: '{{ output_dir }}/id_key.pub' + path: '{{ output_dir }}/id_cert_no_serial' + valid_from: always + valid_to: forever + register: rc_no_serial_number + - name: check default serial + assert: + that: + - "'Serial: 0' in rc_no_serial_number.info" + msg: OpenSSH user certificate contains the default serial number. + - name: Generate cert without serial (idempotent) + openssh_cert: + type: user + signing_key: '{{ output_dir }}/id_key' + public_key: '{{ output_dir }}/id_key.pub' + path: '{{ output_dir }}/id_cert_no_serial' + valid_from: always + valid_to: forever + register: rc_no_serial_number_idempotent + - name: check idempotent + assert: + that: + - rc_no_serial_number_idempotent is not changed + msg: OpenSSH certificate generation without serial number is idempotent. + - name: Generate cert with serial 42 + openssh_cert: + type: user + signing_key: '{{ output_dir }}/id_key' + public_key: '{{ output_dir }}/id_key.pub' + path: '{{ output_dir }}/id_cert_serial_42' + valid_from: always + valid_to: forever + serial_number: 42 + register: rc_serial_number + - name: check serial 42 + assert: + that: + - "'Serial: 42' in rc_serial_number.info" + msg: OpenSSH user certificate contains the serial number from the params. + - name: Generate cert with serial 42 (idempotent) + openssh_cert: + type: user + signing_key: '{{ output_dir }}/id_key' + public_key: '{{ output_dir }}/id_key.pub' + path: '{{ output_dir }}/id_cert_serial_42' + valid_from: always + valid_to: forever + serial_number: 42 + register: rc_serial_number_idempotent + - name: check idempotent + assert: + that: + - rc_serial_number_idempotent is not changed + msg: OpenSSH certificate generation with serial number is idempotent. + - name: Generate cert with changed serial number + openssh_cert: + type: user + signing_key: '{{ output_dir }}/id_key' + public_key: '{{ output_dir }}/id_key.pub' + path: '{{ output_dir }}/id_cert_serial_42' + valid_from: always + valid_to: forever + serial_number: 1337 + register: rc_serial_number_changed + - name: check changed + assert: + that: + - rc_serial_number_changed is changed + msg: OpenSSH certificate regenerated upon serial number change. + - name: Generate cert with removed serial number + openssh_cert: + type: user + signing_key: '{{ output_dir }}/id_key' + public_key: '{{ output_dir }}/id_key.pub' + path: '{{ output_dir }}/id_cert_serial_42' + valid_from: always + valid_to: forever + serial_number: 0 + register: rc_serial_number_removed + - name: check changed + assert: + that: + - rc_serial_number_removed is changed + msg: OpenSSH certificate regenerated upon serial number removal. + - name: Generate a new cert with serial number + openssh_cert: + type: user + signing_key: '{{ output_dir }}/id_key' + public_key: '{{ output_dir }}/id_key.pub' + path: '{{ output_dir }}/id_cert_serial_ignore' + valid_from: always + valid_to: forever + serial_number: 42 + - name: Generate cert again, omitting the parameter serial_number (idempotent) + openssh_cert: + type: user + signing_key: '{{ output_dir }}/id_key' + public_key: '{{ output_dir }}/id_key.pub' + path: '{{ output_dir }}/id_cert_serial_ignore' + valid_from: always + valid_to: forever + register: rc_serial_number_ignored + - name: check idempotent + assert: + that: + - rc_serial_number_ignored is not changed + msg: OpenSSH certificate generation with omitted serial number is idempotent. - name: Remove certificate (check mode) openssh_cert: state: absent |