diff --git a/.azure-pipelines/azure-pipelines.yml b/.azure-pipelines/azure-pipelines.yml index b04fc81..555476a 100644 --- a/.azure-pipelines/azure-pipelines.yml +++ b/.azure-pipelines/azure-pipelines.yml @@ -78,6 +78,20 @@ stages: test: units - name: Lint test: lint + - stage: Ansible_2_18 + displayName: Ansible 2.18 + dependsOn: + - Dependencies + jobs: + - template: templates/matrix.yml + parameters: + nameFormat: "{0}" + testFormat: "2.18/{0}" + targets: + - name: Sanity + test: sanity + - name: Units + test: units - stage: Ansible_2_17 displayName: Ansible 2.17 dependsOn: @@ -146,6 +160,7 @@ stages: condition: succeededOrFailed() dependsOn: - Ansible_devel + - Ansible_2_18 - Ansible_2_17 - Ansible_2_16 - Ansible_2_15 diff --git a/tests/integration/targets/inventory_ldap/roles/setup_certificate/files/generate_cert.sh b/tests/integration/targets/inventory_ldap/roles/setup_certificate/files/generate_cert.sh index 3657573..8a0f5c1 100644 --- a/tests/integration/targets/inventory_ldap/roles/setup_certificate/files/generate_cert.sh +++ b/tests/integration/targets/inventory_ldap/roles/setup_certificate/files/generate_cert.sh @@ -5,65 +5,18 @@ set -o pipefail -eux TARGET="${1}" PASSWORD="${2}" -generate () { - NAME="${1}" - SUBJECT="${2}" - KEY="${3}" - CA_NAME="${4}" - CA_OPTIONS=("-CA" "${CA_NAME}.pem" "-CAkey" "${CA_NAME}.key" "-CAcreateserial") - - cat > openssl.conf << EOL +echo "Generating CA certificate" +cat > openssl.conf << EOL distinguished_name = req_distinguished_name [req_distinguished_name] - -[req] -basicConstraints = CA:FALSE -keyUsage = digitalSignature,keyEncipherment -extendedKeyUsage = serverAuth -subjectAltName = DNS:${SUBJECT} +[v3_ca] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, keyCertSign EOL - echo "Generating ${NAME} signed cert" - openssl req \ - -new \ - "-${KEY}" \ - -subj "/CN=${SUBJECT}" \ - -newkey rsa:2048 \ - -keyout "${NAME}.key" \ - -out "${NAME}.csr" \ - -config openssl.conf \ - -reqexts req \ - -passin pass:"${PASSWORD}" \ - -passout pass:"${PASSWORD}" - - openssl x509 \ - -req \ - -in "${NAME}.csr" \ - "-${KEY}" \ - -out "${NAME}.pem" \ - -days 365 \ - -extfile openssl.conf \ - -extensions req \ - -passin pass:"${PASSWORD}" \ - "${CA_OPTIONS[@]}" - - # PBE-SHA1-3DES/nomac is used for compatibility with Server 2016 and older - openssl pkcs12 \ - -export \ - -out "${NAME}.pfx" \ - -inkey "${NAME}.key" \ - -in "${NAME}.pem" \ - -keypbe PBE-SHA1-3DES \ - -certpbe PBE-SHA1-3DES \ - -nomac \ - -passin pass:"${PASSWORD}" \ - -passout pass:"${PASSWORD}" - - rm openssl.conf -} - -echo "Generating CA certificate" openssl genrsa \ -aes256 \ -out ca.key \ @@ -74,9 +27,62 @@ openssl req \ -x509 \ -days 365 \ -key ca.key \ + -config openssl.conf \ + -extensions v3_ca \ -out ca.pem \ -subj "/CN=microsoft.ad root" \ -passin pass:"${PASSWORD}" echo "Generating ${TARGET} LDAPS certificate" -generate ldaps "${TARGET}" sha256 ca +cat > openssl.conf << EOL +distinguished_name = req_distinguished_name + +[req_distinguished_name] + +[req] +basicConstraints = CA:FALSE +keyUsage = digitalSignature,keyEncipherment +extendedKeyUsage = serverAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +subjectAltName = DNS:${TARGET} +EOL + +openssl req \ + -new \ + -sha256 \ + -subj "/CN=${TARGET}" \ + -newkey rsa:2048 \ + -keyout "ldaps.key" \ + -out "ldaps.csr" \ + -passin pass:"${PASSWORD}" \ + -passout pass:"${PASSWORD}" + +openssl x509 \ + -req \ + -in "ldaps.csr" \ + -sha256 \ + -out "ldaps.pem" \ + -days 365 \ + -extfile openssl.conf \ + -extensions req \ + -passin pass:"${PASSWORD}" \ + -CA "ca.pem" \ + -CAkey "ca.key" \ + -CAcreateserial + +# PBE-SHA1-3DES/nomac is used for compatibility with Server 2016 and older +openssl pkcs12 \ + -export \ + -out "ldaps.pfx" \ + -inkey "ldaps.key" \ + -in "ldaps.pem" \ + -keypbe PBE-SHA1-3DES \ + -certpbe PBE-SHA1-3DES \ + -nomac \ + -passin pass:"${PASSWORD}" \ + -passout pass:"${PASSWORD}" + +rm ca.srl +rm ldaps.csr +rm openssl.conf diff --git a/tests/sanity/ignore-2.19.txt b/tests/sanity/ignore-2.19.txt new file mode 100644 index 0000000..e69de29