diff options
author | Felix Fontein <felix@fontein.de> | 2019-02-11 11:30:56 +0100 |
---|---|---|
committer | John R Barker <john@johnrbarker.com> | 2019-02-11 10:30:56 +0000 |
commit | 9b1cbcf3a41ca2c76d4f65b54bcf7ab381bbb4b5 (patch) | |
tree | 9b65c8bc3273605d7133b84730784840af679025 /test | |
parent | 52d0d51f97b233f539d6e5e783ce315891e7a9cf (diff) | |
download | ansible-9b1cbcf3a41ca2c76d4f65b54bcf7ab381bbb4b5.tar.gz |
openssl_csr: ignore empty strings in altnames (#51473)
* Ignore empty strings in altnames.
* Add changelog.
* Add idempotence check without SAN.
* Fix bug in cryptography backend.
Diffstat (limited to 'test')
-rw-r--r-- | test/integration/targets/openssl_csr/tasks/impl.yml | 42 | ||||
-rw-r--r-- | test/integration/targets/openssl_csr/tests/validate.yml | 8 |
2 files changed, 50 insertions, 0 deletions
diff --git a/test/integration/targets/openssl_csr/tasks/impl.yml b/test/integration/targets/openssl_csr/tasks/impl.yml index 79c2cd43b8..6d7461270f 100644 --- a/test/integration/targets/openssl_csr/tasks/impl.yml +++ b/test/integration/targets/openssl_csr/tasks/impl.yml @@ -41,6 +41,48 @@ check_mode: yes register: generate_csr_check_idempotent_check +- name: Generate CSR without SAN (check mode) + openssl_csr: + path: '{{ output_dir }}/csr-nosan.csr' + privatekey_path: '{{ output_dir }}/privatekey.pem' + subject: + commonName: www.ansible.com + useCommonNameForSAN: no + select_crypto_backend: '{{ select_crypto_backend }}' + check_mode: yes + register: generate_csr_nosan_check + +- name: Generate CSR without SAN + openssl_csr: + path: '{{ output_dir }}/csr-nosan.csr' + privatekey_path: '{{ output_dir }}/privatekey.pem' + subject: + commonName: www.ansible.com + useCommonNameForSAN: no + select_crypto_backend: '{{ select_crypto_backend }}' + register: generate_csr_nosan + +- name: Generate CSR without SAN (idempotent) + openssl_csr: + path: '{{ output_dir }}/csr-nosan.csr' + privatekey_path: '{{ output_dir }}/privatekey.pem' + subject: + commonName: www.ansible.com + useCommonNameForSAN: no + select_crypto_backend: '{{ select_crypto_backend }}' + register: generate_csr_nosan_check_idempotent + +- name: Generate CSR without SAN (idempotent, check mode) + openssl_csr: + path: '{{ output_dir }}/csr-nosan.csr' + privatekey_path: '{{ output_dir }}/privatekey.pem' + subject: + commonName: www.ansible.com + useCommonNameForSAN: no + select_crypto_backend: '{{ select_crypto_backend }}' + check_mode: yes + register: generate_csr_nosan_check_idempotent_check + # keyUsage longname and shortname should be able to be used # interchangeably. Hence the long name is specified here # but the short name is used to test idempotency for ipsecuser diff --git a/test/integration/targets/openssl_csr/tests/validate.yml b/test/integration/targets/openssl_csr/tests/validate.yml index 818b988d08..755b2d301e 100644 --- a/test/integration/targets/openssl_csr/tests/validate.yml +++ b/test/integration/targets/openssl_csr/tests/validate.yml @@ -25,6 +25,14 @@ - generate_csr_check_idempotent is not changed - generate_csr_check_idempotent_check is not changed +- name: Validate CSR without SAN (check mode, idempotency) + assert: + that: + - generate_csr_nosan_check is changed + - generate_csr_nosan is changed + - generate_csr_nosan_check_idempotent is not changed + - generate_csr_nosan_check_idempotent_check is not changed + - name: Validate CSR_KU_XKU (assert idempotency, change) assert: that: |