-
Notifications
You must be signed in to change notification settings - Fork 90
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add tests for acme_certificate_deactivate_authz module. (#744)
- Loading branch information
1 parent
d906914
commit 9501a28
Showing
5 changed files
with
229 additions
and
0 deletions.
There are no files selected for viewing
10 changes: 10 additions & 0 deletions
10
tests/integration/targets/acme_certificate_deactivate_authz/aliases
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# Copyright (c) Ansible Project | ||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) | ||
# SPDX-License-Identifier: GPL-3.0-or-later | ||
|
||
azp/generic/1 | ||
azp/posix/1 | ||
cloud/acme | ||
|
||
# For some reason connecting to helper containers does not work on the Alpine VMs | ||
skip/alpine |
8 changes: 8 additions & 0 deletions
8
tests/integration/targets/acme_certificate_deactivate_authz/meta/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
--- | ||
# Copyright (c) Ansible Project | ||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) | ||
# SPDX-License-Identifier: GPL-3.0-or-later | ||
|
||
dependencies: | ||
- setup_acme | ||
- setup_remote_tmp_dir |
154 changes: 154 additions & 0 deletions
154
tests/integration/targets/acme_certificate_deactivate_authz/tasks/impl.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,154 @@ | ||
--- | ||
# Copyright (c) Ansible Project | ||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) | ||
# SPDX-License-Identifier: GPL-3.0-or-later | ||
|
||
- vars: | ||
certificate_name: cert-1 | ||
subject_alt_name: DNS:example.com | ||
account_email: [email protected] | ||
block: | ||
- name: Generate account key | ||
openssl_privatekey: | ||
path: "{{ remote_tmp_dir }}/account-ec256.pem" | ||
type: ECC | ||
curve: secp256r1 | ||
force: true | ||
- name: Create cert private key | ||
openssl_privatekey: | ||
path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key" | ||
type: ECC | ||
curve: secp256r1 | ||
force: true | ||
- name: Create cert CSR | ||
openssl_csr: | ||
path: "{{ remote_tmp_dir }}/{{ certificate_name }}.csr" | ||
privatekey_path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key" | ||
subject_alt_name: "{{ subject_alt_name }}" | ||
- name: Start process of obtaining certificate | ||
acme_certificate: | ||
select_crypto_backend: "{{ select_crypto_backend }}" | ||
acme_version: 2 | ||
acme_directory: https://{{ acme_host }}:14000/dir | ||
validate_certs: false | ||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" | ||
modify_account: true | ||
csr: "{{ remote_tmp_dir }}/{{ certificate_name }}.csr" | ||
dest: "{{ remote_tmp_dir }}/{{ certificate_name }}.pem" | ||
challenge: http-01 | ||
force: true | ||
terms_agreed: true | ||
account_email: "{{ account_email }}" | ||
register: certificate_data | ||
|
||
- name: Inspect order | ||
acme_inspect: | ||
acme_directory: https://{{ acme_host }}:14000/dir | ||
acme_version: 2 | ||
validate_certs: false | ||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" | ||
account_uri: "{{ certificate_data.account_uri }}" | ||
url: "{{ certificate_data.order_uri }}" | ||
method: get | ||
register: order_1 | ||
- name: Show order | ||
debug: | ||
var: order_1.output_json | ||
|
||
- name: Deactivate order (check mode) | ||
acme_certificate_deactivate_authz: | ||
acme_directory: https://{{ acme_host }}:14000/dir | ||
acme_version: 2 | ||
validate_certs: false | ||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" | ||
account_uri: "{{ certificate_data.account_uri }}" | ||
order_uri: "{{ certificate_data.order_uri }}" | ||
check_mode: true | ||
register: deactivate_1 | ||
|
||
- name: Inspect order again | ||
acme_inspect: | ||
acme_directory: https://{{ acme_host }}:14000/dir | ||
acme_version: 2 | ||
validate_certs: false | ||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" | ||
account_uri: "{{ certificate_data.account_uri }}" | ||
url: "{{ certificate_data.order_uri }}" | ||
method: get | ||
register: order_2 | ||
- name: Show order | ||
debug: | ||
var: order_2.output_json | ||
|
||
- name: Deactivate order | ||
acme_certificate_deactivate_authz: | ||
acme_directory: https://{{ acme_host }}:14000/dir | ||
acme_version: 2 | ||
validate_certs: false | ||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" | ||
account_uri: "{{ certificate_data.account_uri }}" | ||
order_uri: "{{ certificate_data.order_uri }}" | ||
register: deactivate_2 | ||
|
||
- name: Inspect order again | ||
acme_inspect: | ||
acme_directory: https://{{ acme_host }}:14000/dir | ||
acme_version: 2 | ||
validate_certs: false | ||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" | ||
account_uri: "{{ certificate_data.account_uri }}" | ||
url: "{{ certificate_data.order_uri }}" | ||
method: get | ||
register: order_3 | ||
- name: Show order | ||
debug: | ||
var: order_3.output_json | ||
|
||
- name: Deactivate order (check mode, idempotent) | ||
acme_certificate_deactivate_authz: | ||
acme_directory: https://{{ acme_host }}:14000/dir | ||
acme_version: 2 | ||
validate_certs: false | ||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" | ||
account_uri: "{{ certificate_data.account_uri }}" | ||
order_uri: "{{ certificate_data.order_uri }}" | ||
check_mode: true | ||
register: deactivate_3 | ||
|
||
- name: Inspect order again | ||
acme_inspect: | ||
acme_directory: https://{{ acme_host }}:14000/dir | ||
acme_version: 2 | ||
validate_certs: false | ||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" | ||
account_uri: "{{ certificate_data.account_uri }}" | ||
url: "{{ certificate_data.order_uri }}" | ||
method: get | ||
register: order_4 | ||
- name: Show order | ||
debug: | ||
var: order_4.output_json | ||
|
||
- name: Deactivate order (idempotent) | ||
acme_certificate_deactivate_authz: | ||
acme_directory: https://{{ acme_host }}:14000/dir | ||
acme_version: 2 | ||
validate_certs: false | ||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" | ||
account_uri: "{{ certificate_data.account_uri }}" | ||
order_uri: "{{ certificate_data.order_uri }}" | ||
register: deactivate_4 | ||
|
||
- name: Inspect order again | ||
acme_inspect: | ||
acme_directory: https://{{ acme_host }}:14000/dir | ||
acme_version: 2 | ||
validate_certs: false | ||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem" | ||
account_uri: "{{ certificate_data.account_uri }}" | ||
url: "{{ certificate_data.order_uri }}" | ||
method: get | ||
register: order_5 | ||
- name: Show order | ||
debug: | ||
var: order_5.output_json |
40 changes: 40 additions & 0 deletions
40
tests/integration/targets/acme_certificate_deactivate_authz/tasks/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
--- | ||
# Copyright (c) Ansible Project | ||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) | ||
# SPDX-License-Identifier: GPL-3.0-or-later | ||
|
||
#################################################################### | ||
# WARNING: These are designed specifically for Ansible tests # | ||
# and should not be used as examples of how to write Ansible roles # | ||
#################################################################### | ||
|
||
- block: | ||
- name: Running tests with OpenSSL backend | ||
include_tasks: impl.yml | ||
vars: | ||
select_crypto_backend: openssl | ||
|
||
- import_tasks: ../tests/validate.yml | ||
|
||
# Old 0.9.8 versions have insufficient CLI support for signing with EC keys | ||
when: openssl_version.stdout is version('1.0.0', '>=') | ||
|
||
- name: Remove output directory | ||
file: | ||
path: "{{ remote_tmp_dir }}" | ||
state: absent | ||
|
||
- name: Re-create output directory | ||
file: | ||
path: "{{ remote_tmp_dir }}" | ||
state: directory | ||
|
||
- block: | ||
- name: Running tests with cryptography backend | ||
include_tasks: impl.yml | ||
vars: | ||
select_crypto_backend: cryptography | ||
|
||
- import_tasks: ../tests/validate.yml | ||
|
||
when: cryptography_version.stdout is version('1.5', '>=') |
17 changes: 17 additions & 0 deletions
17
tests/integration/targets/acme_certificate_deactivate_authz/tests/validate.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
--- | ||
# Copyright (c) Ansible Project | ||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) | ||
# SPDX-License-Identifier: GPL-3.0-or-later | ||
|
||
- name: Checks | ||
assert: | ||
that: | ||
- order_1.output_json.status == 'pending' | ||
- deactivate_1 is changed | ||
- order_2.output_json.status == 'pending' | ||
- deactivate_2 is changed | ||
- order_3.output_json.status == 'deactivated' | ||
- deactivate_3 is not changed | ||
- order_4.output_json.status == 'deactivated' | ||
- deactivate_4 is not changed | ||
- order_5.output_json.status == 'deactivated' |