diff options
Diffstat (limited to 'ansible_collections/community/crypto/tests/ee/roles')
9 files changed, 302 insertions, 0 deletions
diff --git a/ansible_collections/community/crypto/tests/ee/roles/crypto_info/tasks/main.yml b/ansible_collections/community/crypto/tests/ee/roles/crypto_info/tasks/main.yml new file mode 100644 index 000000000..76cecf25b --- /dev/null +++ b/ansible_collections/community/crypto/tests/ee/roles/crypto_info/tasks/main.yml @@ -0,0 +1,31 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +- name: Run crypto_info + community.crypto.crypto_info: + register: result + +- name: Dump result + debug: + var: result + +- name: Validate result + assert: + that: + - result.openssl_present + - result.python_cryptography_installed + - result.python_cryptography_capabilities.has_dsa + - result.python_cryptography_capabilities.has_dsa_sign + - result.python_cryptography_capabilities.has_ec + - result.python_cryptography_capabilities.has_ec_sign + - result.python_cryptography_capabilities.has_ed25519 + - result.python_cryptography_capabilities.has_ed25519_sign + - result.python_cryptography_capabilities.has_ed448 + - result.python_cryptography_capabilities.has_ed448_sign + - result.python_cryptography_capabilities.has_rsa + - result.python_cryptography_capabilities.has_rsa_sign + - result.python_cryptography_capabilities.has_x25519 + - result.python_cryptography_capabilities.has_x25519_serialization + - result.python_cryptography_capabilities.has_x448 diff --git a/ansible_collections/community/crypto/tests/ee/roles/luks_device/tasks/main.yml b/ansible_collections/community/crypto/tests/ee/roles/luks_device/tasks/main.yml new file mode 100644 index 000000000..410a8e59c --- /dev/null +++ b/ansible_collections/community/crypto/tests/ee/roles/luks_device/tasks/main.yml @@ -0,0 +1,49 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +- name: Run cryptsetup (smoke test) + ansible.builtin.command: cryptsetup --version + +- name: Determine cryptfile path + ansible.builtin.set_fact: + cryptfile_path: "{{ output_path }}/cryptfile" + keyfile_path: "{{ output_path }}/keyfile" + +- name: Create cryptfile + ansible.builtin.command: dd if=/dev/zero of={{ cryptfile_path }} bs=1M count=32 + +- name: Create keyfile + ansible.builtin.copy: + dest: "{{ keyfile_path }}" + content: hunter2 + +- # Creating devices doesn't work well. We will have to try this again when luks_device + # supports working with container files directly. + when: false + block: + - name: Create lookback device + command: losetup -f {{ cryptfile_path }} + + - name: Determine loop device name + command: losetup -j {{ cryptfile_path }} --output name + register: cryptfile_device_output + + - set_fact: + cryptfile_device: "{{ cryptfile_device_output.stdout_lines[1] }}" + + - name: Create LUKS container + community.crypto.luks_device: + device: "{{ cryptfile_device }}" + # device: "{{ cryptfile_path }}" + state: present + keyfile: "{{ keyfile_path }}" + pbkdf: + iteration_time: 0.1 + + - name: Destroy LUKS container + community.crypto.luks_device: + device: "{{ cryptfile_device }}" + # device: "{{ cryptfile_path }}" + state: absent diff --git a/ansible_collections/community/crypto/tests/ee/roles/openssh_keypair/tasks/main.yml b/ansible_collections/community/crypto/tests/ee/roles/openssh_keypair/tasks/main.yml new file mode 100644 index 000000000..27c24934b --- /dev/null +++ b/ansible_collections/community/crypto/tests/ee/roles/openssh_keypair/tasks/main.yml @@ -0,0 +1,17 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +- name: Generate key with OpenSSH binary backend + community.crypto.openssh_keypair: + path: "{{ output_path }}/openssh-key-1" + size: 2048 + backend: opensshbin + +- name: Generate key with cryptography backend + community.crypto.openssh_keypair: + path: "{{ output_path }}/openssh-key-2" + size: 2048 + backend: cryptography + when: cryptography_version.stdout is ansible.builtin.version('3.0', '>=') diff --git a/ansible_collections/community/crypto/tests/ee/roles/openssl_pkcs12/tasks/main.yml b/ansible_collections/community/crypto/tests/ee/roles/openssl_pkcs12/tasks/main.yml new file mode 100644 index 000000000..2fd8edac0 --- /dev/null +++ b/ansible_collections/community/crypto/tests/ee/roles/openssl_pkcs12/tasks/main.yml @@ -0,0 +1,46 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +- name: Create private key + community.crypto.openssl_privatekey: + path: "{{ output_path }}/pkcs12-cert.key" + type: ECC + curve: secp256r1 + +- name: Create CSR + community.crypto.openssl_csr: + path: "{{ output_path }}/pkcs12-cert.csr" + privatekey_path: "{{ output_path }}/pkcs12-cert.key" + +- name: Create certificate + community.crypto.x509_certificate: + path: "{{ output_path }}/pkcs12-cert.pem" + csr_path: "{{ output_path }}/pkcs12-cert.csr" + privatekey_path: "{{ output_path }}/pkcs12-cert.key" + provider: selfsigned + +- name: Create PKCS#12 with cryptography backend + community.crypto.openssl_pkcs12: + action: export + path: "{{ output_path }}/pkcs12-1.p12" + mode: '0644' + friendly_name: foo + privatekey_path: "{{ output_path }}/pkcs12-cert.key" + certificate_path: "{{ output_path }}/pkcs12-cert.pem" + state: present + select_crypto_backend: cryptography + when: cryptography_version.stdout is ansible.builtin.version('3.0', '>=') + +- name: Create PKCS#12 with PyOpenSSL backend + community.crypto.openssl_pkcs12: + action: export + path: "{{ output_path }}/pkcs12-2.p12" + mode: '0644' + friendly_name: foo + privatekey_path: "{{ output_path }}/pkcs12-cert.key" + certificate_path: "{{ output_path }}/pkcs12-cert.pem" + state: present + select_crypto_backend: pyopenssl + when: not (has_no_pyopenssl | default(false)) diff --git a/ansible_collections/community/crypto/tests/ee/roles/openssl_privatekey/tasks/main.yml b/ansible_collections/community/crypto/tests/ee/roles/openssl_privatekey/tasks/main.yml new file mode 100644 index 000000000..d6929fc48 --- /dev/null +++ b/ansible_collections/community/crypto/tests/ee/roles/openssl_privatekey/tasks/main.yml @@ -0,0 +1,15 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +- name: Create RSA private key + community.crypto.openssl_privatekey: + path: "{{ output_path }}/privatekey-1" + size: 2048 + +- name: Create ECC private key + community.crypto.openssl_privatekey: + path: "{{ output_path }}/privatekey-2" + type: ECC + curve: secp256r1 diff --git a/ansible_collections/community/crypto/tests/ee/roles/smoke/library/smoke_ipaddress.py b/ansible_collections/community/crypto/tests/ee/roles/smoke/library/smoke_ipaddress.py new file mode 100644 index 000000000..6c2156135 --- /dev/null +++ b/ansible_collections/community/crypto/tests/ee/roles/smoke/library/smoke_ipaddress.py @@ -0,0 +1,50 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2022 Felix Fontein <felix@fontein.de> +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +--- +module: smoke_ipaddress +short_description: Check whether ipaddress is present +author: + - Felix Fontein (@felixfontein) +description: + - Check whether C(ipaddress) is present. +options: {} +''' + +EXAMPLES = r''' # ''' + +RETURN = r''' # ''' + +import traceback + +from ansible.module_utils.basic import AnsibleModule, missing_required_lib + +try: + import ipaddress # noqa: F401, pylint: disable=unused-import + HAS_IPADDRESS = True + IPADDRESS_IMP_ERR = None +except ImportError as exc: + IPADDRESS_IMP_ERR = traceback.format_exc() + HAS_IPADDRESS = False + + +def main(): + module = AnsibleModule(argument_spec=dict(), supports_check_mode=True) + + if not HAS_IPADDRESS: + module.fail_json(msg=missing_required_lib('ipaddress'), exception=IPADDRESS_IMP_ERR) + + module.exit_json(msg='Everything is ok') + + +if __name__ == '__main__': # pragma: no cover + main() # pragma: no cover diff --git a/ansible_collections/community/crypto/tests/ee/roles/smoke/library/smoke_pyyaml.py b/ansible_collections/community/crypto/tests/ee/roles/smoke/library/smoke_pyyaml.py new file mode 100644 index 000000000..457176c91 --- /dev/null +++ b/ansible_collections/community/crypto/tests/ee/roles/smoke/library/smoke_pyyaml.py @@ -0,0 +1,50 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2022 Felix Fontein <felix@fontein.de> +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +--- +module: smoke_pyyaml +short_description: Check whether PyYAML is present +author: + - Felix Fontein (@felixfontein) +description: + - Check whether C(yaml) is present. +options: {} +''' + +EXAMPLES = r''' # ''' + +RETURN = r''' # ''' + +import traceback + +from ansible.module_utils.basic import AnsibleModule, missing_required_lib + +try: + import yaml # noqa: F401, pylint: disable=unused-import + HAS_PYYAML = True + PYYAML_IMP_ERR = None +except ImportError as exc: + PYYAML_IMP_ERR = traceback.format_exc() + HAS_PYYAML = False + + +def main(): + module = AnsibleModule(argument_spec=dict(), supports_check_mode=True) + + if not HAS_PYYAML: + module.fail_json(msg=missing_required_lib('PyYAML'), exception=PYYAML_IMP_ERR) + + module.exit_json(msg='Everything is ok') + + +if __name__ == '__main__': # pragma: no cover + main() # pragma: no cover diff --git a/ansible_collections/community/crypto/tests/ee/roles/smoke/tasks/main.yml b/ansible_collections/community/crypto/tests/ee/roles/smoke/tasks/main.yml new file mode 100644 index 000000000..1e8b659bf --- /dev/null +++ b/ansible_collections/community/crypto/tests/ee/roles/smoke/tasks/main.yml @@ -0,0 +1,22 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +- name: Check whether ipaddress is present + smoke_ipaddress: + register: result + +- name: Validate result + assert: + that: + - result.msg == 'Everything is ok' + +- name: Check whether PyYAML is present + smoke_pyyaml: + register: result + +- name: Validate result + assert: + that: + - result.msg == 'Everything is ok' diff --git a/ansible_collections/community/crypto/tests/ee/roles/x509_certificate/tasks/main.yml b/ansible_collections/community/crypto/tests/ee/roles/x509_certificate/tasks/main.yml new file mode 100644 index 000000000..23e03a868 --- /dev/null +++ b/ansible_collections/community/crypto/tests/ee/roles/x509_certificate/tasks/main.yml @@ -0,0 +1,22 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +- name: Create private key + community.crypto.openssl_privatekey: + path: "{{ output_path }}/cert.key" + type: ECC + curve: secp256r1 + +- name: Create CSR + community.crypto.openssl_csr: + path: "{{ output_path }}/cert.csr" + privatekey_path: "{{ output_path }}/cert.key" + +- name: Create certificate + community.crypto.x509_certificate: + path: "{{ output_path }}/cert.pem" + csr_path: "{{ output_path }}/cert.csr" + privatekey_path: "{{ output_path }}/cert.key" + provider: selfsigned |