openssl_csr: ignore empty strings in altnames (#51473)

* Ignore empty strings in altnames. * Add changelog. * Add idempotence check without SAN. * Fix bug in cryptography backend.
author: Felix Fontein <felix@fontein.de> 2019-02-11 11:30:56 +0100
committer: John R Barker <john@johnrbarker.com> 2019-02-11 10:30:56 +0000
commit: 9b1cbcf3a41ca2c76d4f65b54bcf7ab381bbb4b5 (patch)
tree: 9b65c8bc3273605d7133b84730784840af679025 /test/integration/targets/openssl_csr
parent: 52d0d51f97b233f539d6e5e783ce315891e7a9cf (diff)
download: ansible-9b1cbcf3a41ca2c76d4f65b54bcf7ab381bbb4b5.tar.gz
2 files changed, 50 insertions, 0 deletions
diff --git a/test/integration/targets/openssl_csr/tasks/impl.yml b/test/integration/targets/openssl_csr/tasks/impl.yml
index 79c2cd43b8..6d7461270f 100644
--- a/test/integration/targets/openssl_csr/tasks/impl.yml
+++ b/test/integration/targets/openssl_csr/tasks/impl.yml
@@ -41,6 +41,48 @@
   check_mode: yes
   register: generate_csr_check_idempotent_check
 
+- name: Generate CSR without SAN (check mode)
+  openssl_csr:
+    path: '{{ output_dir }}/csr-nosan.csr'
+    privatekey_path: '{{ output_dir }}/privatekey.pem'
+    subject:
+      commonName: www.ansible.com
+    useCommonNameForSAN: no
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  check_mode: yes
+  register: generate_csr_nosan_check
+
+- name: Generate CSR without SAN
+  openssl_csr:
+    path: '{{ output_dir }}/csr-nosan.csr'
+    privatekey_path: '{{ output_dir }}/privatekey.pem'
+    subject:
+      commonName: www.ansible.com
+    useCommonNameForSAN: no
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: generate_csr_nosan
+
+- name: Generate CSR without SAN (idempotent)
+  openssl_csr:
+    path: '{{ output_dir }}/csr-nosan.csr'
+    privatekey_path: '{{ output_dir }}/privatekey.pem'
+    subject:
+      commonName: www.ansible.com
+    useCommonNameForSAN: no
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: generate_csr_nosan_check_idempotent
+
+- name: Generate CSR without SAN (idempotent, check mode)
+  openssl_csr:
+    path: '{{ output_dir }}/csr-nosan.csr'
+    privatekey_path: '{{ output_dir }}/privatekey.pem'
+    subject:
+      commonName: www.ansible.com
+    useCommonNameForSAN: no
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  check_mode: yes
+  register: generate_csr_nosan_check_idempotent_check
+
 # keyUsage longname and shortname should be able to be used
 # interchangeably. Hence the long name is specified here
 # but the short name is used to test idempotency for ipsecuser
diff --git a/test/integration/targets/openssl_csr/tests/validate.yml b/test/integration/targets/openssl_csr/tests/validate.yml
index 818b988d08..755b2d301e 100644
--- a/test/integration/targets/openssl_csr/tests/validate.yml
+++ b/test/integration/targets/openssl_csr/tests/validate.yml
@@ -25,6 +25,14 @@
       - generate_csr_check_idempotent is not changed
       - generate_csr_check_idempotent_check is not changed
 
+- name: Validate CSR without SAN (check mode, idempotency)
+  assert:
+    that:
+      - generate_csr_nosan_check is changed
+      - generate_csr_nosan is changed
+      - generate_csr_nosan_check_idempotent is not changed
+      - generate_csr_nosan_check_idempotent_check is not changed
+
 - name: Validate CSR_KU_XKU (assert idempotency, change)
   assert:
     that:
author	Felix Fontein <felix@fontein.de>	2019-02-11 11:30:56 +0100
committer	John R Barker <john@johnrbarker.com>	2019-02-11 10:30:56 +0000
commit	9b1cbcf3a41ca2c76d4f65b54bcf7ab381bbb4b5 (patch)
tree	9b65c8bc3273605d7133b84730784840af679025 /test/integration/targets/openssl_csr
parent	52d0d51f97b233f539d6e5e783ce315891e7a9cf (diff)
download	ansible-9b1cbcf3a41ca2c76d4f65b54bcf7ab381bbb4b5.tar.gz