diff options
Diffstat (limited to 'test/integration/targets/ecs_certificate')
5 files changed, 0 insertions, 287 deletions
diff --git a/test/integration/targets/ecs_certificate/aliases b/test/integration/targets/ecs_certificate/aliases deleted file mode 100644 index f320bbb3fb..0000000000 --- a/test/integration/targets/ecs_certificate/aliases +++ /dev/null @@ -1,15 +0,0 @@ -# Not enabled due to lack of access to test environments. May be enabled using custom integration_config.yml -# Example integation_config.yml -# --- -# entrust_api_user: -# entrust_api_key: -# entrust_api_client_cert_path: /var/integration-testing/publicCert.pem -# entrust_api_client_cert_key_path: /var/integration-testing/privateKey.pem -# entrust_api_ip_address: 127.0.0.1 -# entrust_cloud_ip_address: 127.0.0.1 -# # Used for certificate path validation of QA environments - we chose not to support disabling path validation ever. -# cacerts_bundle_path_local: /var/integration-testing/cacerts - -### WARNING: This test will update HOSTS file and CERTIFICATE STORE of target host, in order to be able to validate -# to a QA environment. ### -unsupported diff --git a/test/integration/targets/ecs_certificate/defaults/main.yml b/test/integration/targets/ecs_certificate/defaults/main.yml deleted file mode 100644 index 86bc36c32c..0000000000 --- a/test/integration/targets/ecs_certificate/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for test_ecs_certificate diff --git a/test/integration/targets/ecs_certificate/meta/main.yml b/test/integration/targets/ecs_certificate/meta/main.yml deleted file mode 100644 index a35b330677..0000000000 --- a/test/integration/targets/ecs_certificate/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - prepare_tests - - setup_openssl diff --git a/test/integration/targets/ecs_certificate/tasks/main.yml b/test/integration/targets/ecs_certificate/tasks/main.yml deleted file mode 100644 index 9cc9b8cf09..0000000000 --- a/test/integration/targets/ecs_certificate/tasks/main.yml +++ /dev/null @@ -1,215 +0,0 @@ ---- -## Verify that integration_config was specified -- block: - - assert: - that: - - entrust_api_user is defined - - entrust_api_key is defined - - entrust_api_ip_address is defined - - entrust_cloud_ip_address is defined - - entrust_api_client_cert_path is defined or entrust_api_client_cert_contents is defined - - entrust_api_client_cert_key_path is defined or entrust_api_client_cert_key_contents - - cacerts_bundle_path_local is defined - -## SET UP TEST ENVIRONMENT ######################################################################## -- name: copy the files needed for verifying test server certificate to the host - copy: - src: '{{ cacerts_bundle_path_local }}/' - dest: '{{ cacerts_bundle_path }}' - -- name: Update the CA certificates for our QA certs (collection may need updating if new QA environments used) - command: c_rehash {{ cacerts_bundle_path }} - -- name: Update hosts file - lineinfile: - path: /etc/hosts - state: present - regexp: 'api.entrust.net$' - line: '{{ entrust_api_ip_address }} api.entrust.net' - -- name: Update hosts file - lineinfile: - path: /etc/hosts - state: present - regexp: 'cloud.entrust.net$' - line: '{{ entrust_cloud_ip_address }} cloud.entrust.net' - -- name: Clear out the temporary directory for storing the API connection information - file: - path: '{{ tmpdir_path }}' - state: absent - -- name: Create a directory for storing the API connection Information - file: - path: '{{ tmpdir_path }}' - state: directory - -- name: Copy the files needed for the connection to entrust API to the host - copy: - src: '{{ entrust_api_client_cert_path }}' - dest: '{{ entrust_api_cert }}' - -- name: Copy the files needed for the connection to entrust API to the host - copy: - src: '{{ entrust_api_client_cert_key_path }}' - dest: '{{ entrust_api_cert_key }}' - -## SETUP CSR TO REQUEST -- name: Generate a 2048 bit RSA private key - openssl_privatekey: - path: '{{ privatekey_path }}' - passphrase: '{{ privatekey_passphrase }}' - cipher: auto - type: RSA - size: 2048 - -- name: Generate a certificate signing request using the generated key - openssl_csr: - path: '{{ csr_path }}' - privatekey_path: '{{ privatekey_path }}' - privatekey_passphrase: '{{ privatekey_passphrase }}' - common_name: '{{ common_name }}' - organization_name: '{{ organization_name | default(omit) }}' - organizational_unit_name: '{{ organizational_unit_name | default(omit) }}' - country_name: '{{ country_name | default(omit) }}' - state_or_province_name: '{{ state_or_province_name | default(omit) }}' - digest: sha256 - -- block: - - name: Have ECS generate a signed certificate - ecs_certificate: - backup: True - path: '{{ example1_cert_path }}' - full_chain_path: '{{ example1_chain_path }}' - csr: '{{ csr_path }}' - cert_type: '{{ example1_cert_type }}' - requester_name: '{{ entrust_requester_name }}' - requester_email: '{{ entrust_requester_email }}' - requester_phone: '{{ entrust_requester_phone }}' - entrust_api_user: '{{ entrust_api_user }}' - entrust_api_key: '{{ entrust_api_key }}' - entrust_api_client_cert_path: '{{ entrust_api_cert }}' - entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}' - register: example1_result - - - assert: - that: - - example1_result is not failed - - example1_result.changed - - example1_result.tracking_id > 0 - - example1_result.serial_number is string - - # Internal CA refuses to issue certificates with the same DN in a short time frame - - name: Sleep for 5 seconds so we don't run into duplicate-request errors - pause: - seconds: 5 - - - name: Attempt to have ECS generate a signed certificate, but existing one is valid - ecs_certificate: - backup: True - path: '{{ example1_cert_path }}' - full_chain_path: '{{ example1_chain_path }}' - csr: '{{ csr_path }}' - cert_type: '{{ example1_cert_type }}' - requester_name: '{{ entrust_requester_name }}' - requester_email: '{{ entrust_requester_email }}' - requester_phone: '{{ entrust_requester_phone }}' - entrust_api_user: '{{ entrust_api_user }}' - entrust_api_key: '{{ entrust_api_key }}' - entrust_api_client_cert_path: '{{ entrust_api_cert }}' - entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}' - register: example2_result - - - assert: - that: - - example2_result is not failed - - not example2_result.changed - - example2_result.backup_file is undefined - - example2_result.backup_full_chain_file is undefined - - example2_result.serial_number == example1_result.serial_number - - example2_result.tracking_id == example1_result.tracking_id - - # Internal CA refuses to issue certificates with the same DN in a short time frame - - name: Sleep for 5 seconds so we don't run into duplicate-request errors - pause: - seconds: 5 - - - name: Force a reissue with no CSR, verify that contents changed - ecs_certificate: - backup: True - force: True - path: '{{ example1_cert_path }}' - full_chain_path: '{{ example1_chain_path }}' - cert_type: '{{ example1_cert_type }}' - request_type: reissue - requester_name: '{{ entrust_requester_name }}' - requester_email: '{{ entrust_requester_email }}' - requester_phone: '{{ entrust_requester_phone }}' - entrust_api_user: '{{ entrust_api_user }}' - entrust_api_key: '{{ entrust_api_key }}' - entrust_api_client_cert_path: '{{ entrust_api_cert }}' - entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}' - register: example3_result - - - assert: - that: - - example3_result is not failed - - example3_result.changed - - example3_result.backup_file is string - - example3_result.backup_full_chain_file is string - - example3_result.tracking_id > 0 - - example3_result.tracking_id != example1_result.tracking_id - - example3_result.serial_number != example1_result.serial_number - - # Internal CA refuses to issue certificates with the same DN in a short time frame - - name: Sleep for 5 seconds so we don't run into duplicate-request errors - pause: - seconds: 5 - - - name: Test a request with all of the various optional possible fields populated - ecs_certificate: - path: '{{ example4_cert_path }}' - full_chain_path: '{{ example4_full_chain_path }}' - csr: '{{ csr_path }}' - subject_alt_name: '{{ example4_subject_alt_name }}' - eku: '{{ example4_eku }}' - ct_log: True - cert_type: '{{ example4_cert_type }}' - org: '{{ example4_org }}' - ou: '{{ example4_ou }}' - tracking_info: '{{ example4_tracking_info }}' - additional_emails: '{{ example4_additional_emails }}' - custom_fields: '{{ example4_custom_fields }}' - cert_expiry: '{{ example4_cert_expiry }}' - requester_name: '{{ entrust_requester_name }}' - requester_email: '{{ entrust_requester_email }}' - requester_phone: '{{ entrust_requester_phone }}' - entrust_api_user: '{{ entrust_api_user }}' - entrust_api_key: '{{ entrust_api_key }}' - entrust_api_client_cert_path: '{{ entrust_api_cert }}' - entrust_api_client_cert_key_path: '{{ entrust_api_cert_key }}' - register: example4_result - - - assert: - that: - - example4_result is not failed - - example4_result.changed - - example4_result.backup_file is undefined - - example4_result.backup_full_chain_file is undefined - - example4_result.tracking_id > 0 - - example4_result.serial_number is string - - # For bug 61738, verify that the full chain is valid - - name: Verify that the full chain path can be successfully imported - command: openssl verify "{{ example4_full_chain_path }}" - register: openssl_result - - - assert: - that: - - "' OK' in openssl_result.stdout_lines[0]" - - always: - - name: clean-up temporary folder - file: - path: '{{ tmpdir_path }}' - state: absent diff --git a/test/integration/targets/ecs_certificate/vars/main.yml b/test/integration/targets/ecs_certificate/vars/main.yml deleted file mode 100644 index 8e61761849..0000000000 --- a/test/integration/targets/ecs_certificate/vars/main.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# vars file for test_ecs_certificate - -# Path on various hosts that cacerts need to be put as a prerequisite to API server cert validation. -# May need to be customized for some environments based on SSL implementations -# that ansible "urls" module utility is using as a backing. -cacerts_bundle_path: /etc/pki/tls/certs - -common_name: '{{ ansible_date_time.epoch }}.ansint.testcertificates.com' -organization_name: CMS API, Inc. -organizational_unit_name: RSA -country_name: US -state_or_province_name: MA -privatekey_passphrase: Passphrase452! -tmpdir_path: /tmp/ecs_cert_test/{{ ansible_date_time.epoch }} -privatekey_path: '{{ tmpdir_path }}/testcertificates.key' -entrust_api_cert: '{{ tmpdir_path }}/authcert.cer' -entrust_api_cert_key: '{{ tmpdir_path }}/authkey.cer' -csr_path: '{{ tmpdir_path }}/request.csr' - -entrust_requester_name: C Trufan -entrust_requester_email: CTIntegrationTests@entrustdatacard.com -entrust_requester_phone: 1-555-555-5555 # e.g. 15555555555 - -# TEST 1 -example1_cert_path: '{{ tmpdir_path }}/issuedcert_1.pem' -example1_chain_path: '{{ tmpdir_path }}/issuedcert_1_chain.pem' -example1_cert_type: EV_SSL - -example4_cert_path: '{{ tmpdir_path }}/issuedcert_2.pem' -example4_subject_alt_name: - - ansible.testcertificates.com - - www.testcertificates.com -example4_eku: SERVER_AND_CLIENT_AUTH -example4_cert_type: UC_SSL -# Test a secondary org and special characters -example4_org: CaƱon City, Inc. -example4_ou: - - StringrsaString -example4_tracking_info: Submitted via Ansible Integration -example4_additional_emails: - - itsupport@testcertificates.com - - jsmith@ansible.com -example4_custom_fields: - text1: Admin - text2: Invoice 25 - number1: 342 - date3: '2018-01-01' - email2: sales@ansible.testcertificates.com - dropdown2: Dropdown 2 Value 1 -example4_cert_expiry: 2020-08-15 -example4_full_chain_path: '{{ tmpdir_path }}/issuedcert_2_chain.pem' |