ansible: replace test_admin key with a valid sec/pub key

The test_admin_key.pub and test_admin_key.sec are both public keys. This is fine as long as the tests do not try to decrypt anything. A new key is created and stored instead to allow for OSSEC tests to decrypt mails.
freedomofpress · Jan 26, 2018 · 1c5e513 · 1c5e513
1 parent b8803ea
commit 1c5e513
Show file tree

Hide file tree

Showing 4 changed files with 2 additions and 2 deletions.
diff --git a/install_files/ansible-base/group_vars/staging.yml b/install_files/ansible-base/group_vars/staging.yml
@@ -32,7 +32,7 @@ apache_logging_level: "info"
 # The OSSEC alert GPG public key has to be in the install_files/ansible-base/ or
 # install_files/ansible-base/roles/app/files/ directory
 ossec_alert_gpg_public_key: "test_admin_key.pub"
-ossec_gpg_fpr: "600BC6D5142C68F35DDBCEA87B597104EDDDC102"
+ossec_gpg_fpr: "53E1113AC1F25027BA5D475B1141E2BBB5E53711"
 ossec_alert_email: "[email protected]"
 smtp_relay: "smtp.gmail.com"
 smtp_relay_port: "587"

diff --git a/install_files/ansible-base/roles/ossec/files/test_admin_key.pub b/install_files/ansible-base/roles/ossec/files/test_admin_key.pub
diff --git a/install_files/ansible-base/roles/ossec/files/test_admin_key.sec b/install_files/ansible-base/roles/ossec/files/test_admin_key.sec
diff --git a/install_files/ansible-base/roles/validate/tasks/validate_gpg_info.yml b/install_files/ansible-base/roles/validate/tasks/validate_gpg_info.yml
@@ -6,7 +6,7 @@
       # Should not match the fingerprint for the TEST Journalist pubkey.
       - item.fingerprint != "65A1B5FF195B56353CC63DFFCC40EF1228271441"
       # Should not match the fingerprint for the TEST Admin pubkey.
-      - item.fingerprint != "600BC6D5142C68F35DDBCEA87B597104EDDDC102"
+      - item.fingerprint != "53E1113AC1F25027BA5D475B1141E2BBB5E53711"
       # Should not contain whitespace.
       - "' ' not in item.fingerprint"
       # Must be a full-length fingerprint.