test/integration/targets/openssl_csr/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

- block:
    - name: Generate privatekey
      openssl_privatekey:
        path: '{{ output_dir }}/privatekey.pem'

    - name: Generate CSR
      openssl_csr:
        path: '{{ output_dir }}/csr.csr'
        privatekey_path: '{{ output_dir }}/privatekey.pem'
        commonName: 'www.ansible.com'

    # keyUsage longname and shortname should be able to be used
    # interchangeably. Hence the long name is specified here
    # but the short name is used to test idempotency for ipsecuser
    # and vice-versa for biometricInfo
    - name: Generate CSR with KU and XKU
      openssl_csr:
        path: '{{ output_dir }}/csr_ku_xku.csr'
        privatekey_path: '{{ output_dir }}/privatekey.pem'
        commonName: 'www.ansible.com'
        keyUsage:
          - digitalSignature
          - keyAgreement
        extendedKeyUsage:
          - qcStatements
          - DVCS
          - IPSec User
          - biometricInfo

    - name: Generate CSR with KU and XKU (test idempotency)
      openssl_csr:
        path: '{{ output_dir }}/csr_ku_xku.csr'
        privatekey_path: '{{ output_dir }}/privatekey.pem'
        commonName: 'www.ansible.com'
        keyUsage:
          - digitalSignature
          - keyAgreement
        extendedKeyUsage:
          - ipsecUser
          - qcStatements
          - DVCS
          - Biometric Info
      register: csr_ku_xku

    - import_tasks: ../tests/validate.yml

  when: pyopenssl_version.stdout is version('0.15', '>=')