diff options
author | Yanis Guenane <yguenane@gmail.com> | 2017-09-14 18:03:00 +0200 |
---|---|---|
committer | Sam Doran <sdoran@ansible.com> | 2017-09-14 12:03:00 -0400 |
commit | 0648e339a708cdd2e34a820b57cffaa528c52295 (patch) | |
tree | ee23b04cac48cd8a771b32b699008510d87b9fff /test/integration/targets/openssl_csr/tasks/main.yml | |
parent | 1950bcc14e66ca6c99c15dc5b13b37a66d87c2c6 (diff) | |
download | ansible-0648e339a708cdd2e34a820b57cffaa528c52295.tar.gz |
openssl: remove static dict for keyUsage (#30339)
keyUsage and extendedKeyUsage are currently statically limited via a
static dict defined in modules_utils/crypto.py. If one specify a value
that isn't in there, idempotency won't work.
Instead of having static dict, we uses keyUsage and extendedKyeUsage
values OpenSSL NID and compare those rather than comparing strings.
Fixes: https://github.com/ansible/ansible/issues/30316
Diffstat (limited to 'test/integration/targets/openssl_csr/tasks/main.yml')
-rw-r--r-- | test/integration/targets/openssl_csr/tasks/main.yml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/test/integration/targets/openssl_csr/tasks/main.yml b/test/integration/targets/openssl_csr/tasks/main.yml index e06eadf393..4405d2b2de 100644 --- a/test/integration/targets/openssl_csr/tasks/main.yml +++ b/test/integration/targets/openssl_csr/tasks/main.yml @@ -9,6 +9,39 @@ privatekey_path: '{{ output_dir }}/privatekey.pem' commonName: 'www.ansible.com' + # keyUsage longname and shortname should be able to be used + # interchangeably. Hence the long name is specified here + # but the short name is used to test idempotency for ipsecuser + # and vice-versa for biometricInfo + - name: Generate CSR with KU and XKU + openssl_csr: + path: '{{ output_dir }}/csr_ku_xku.csr' + privatekey_path: '{{ output_dir }}/privatekey.pem' + commonName: 'www.ansible.com' + keyUsage: + - digitalSignature + - keyAgreement + extendedKeyUsage: + - qcStatements + - DVCS + - IPSec User + - biometricInfo + + - name: Generate CSR with KU and XKU (test idempotency) + openssl_csr: + path: '{{ output_dir }}/csr_ku_xku.csr' + privatekey_path: '{{ output_dir }}/privatekey.pem' + commonName: 'www.ansible.com' + keyUsage: + - digitalSignature + - keyAgreement + extendedKeyUsage: + - ipsecUser + - qcStatements + - DVCS + - Biometric Info + register: csr_ku_xku + - import_tasks: ../tests/validate.yml when: pyopenssl_version.stdout|version_compare('0.15', '>=') |