Update ACME tests (#836)

* Restrict remaining days to also work with short-lived profiles. * Adjust boolean cases. * Fix spelling error. * Use larger key size for TLS-ALPN test certificate.
ansible-collections · Jan 12, 2025 · 0723184 · 0723184
1 parent 2482505
commit 0723184
Show file tree

Hide file tree

Showing 17 changed files with 37 additions and 37 deletions.
diff --git a/tests/integration/targets/acme_certificate/tasks/impl.yml b/tests/integration/targets/acme_certificate/tasks/impl.yml
@@ -77,7 +77,7 @@
     modify_account: true
     deactivate_authzs: false
     force: false
-    remaining_days: 10
+    remaining_days: 1
     terms_agreed: true
     account_email: "[email protected]"
     retrieve_all_alternates: true
@@ -104,7 +104,7 @@
     modify_account: false
     deactivate_authzs: true
     force: false
-    remaining_days: 10
+    remaining_days: 1
     terms_agreed: false
     account_email: ""
     acme_expected_root_number: 0
@@ -140,7 +140,7 @@
     modify_account: false
     deactivate_authzs: false
     force: false
-    remaining_days: 10
+    remaining_days: 1
     terms_agreed: false
     account_email: ""
     acme_expected_root_number: 0
@@ -167,7 +167,7 @@
     modify_account: false
     deactivate_authzs: true
     force: true
-    remaining_days: 10
+    remaining_days: 1
     terms_agreed: false
     account_email: ""
     acme_expected_root_number: 2
@@ -194,15 +194,15 @@
     modify_account: false
     deactivate_authzs: true
     force: true
-    remaining_days: 10
+    remaining_days: 1
     terms_agreed: false
     account_email: ""
     use_csr_content: true
 - name: Store obtain results for cert 5a
   set_fact:
     cert_5a_obtain_results: "{{ certificate_obtain_result }}"
     cert_5_alternate: "{{ 0 if select_crypto_backend == 'cryptography' else 0 }}"
-- name: Obtain cert 5 (should not, since already there and valid for more than 10 days)
+- name: Obtain cert 5 (should not, since already there and valid for more than 1 days)
   include_tasks: obtain-cert.yml
   vars:
     certgen_title: Certificate 5, Iteration 2/4
@@ -215,7 +215,7 @@
     modify_account: false
     deactivate_authzs: true
     force: false
-    remaining_days: 10
+    remaining_days: 1
     terms_agreed: false
     account_email: ""
     use_csr_content: false
@@ -260,7 +260,7 @@
     modify_account: false
     deactivate_authzs: true
     force: true
-    remaining_days: 10
+    remaining_days: 1
     terms_agreed: false
     account_email: ""
     use_csr_content: false
@@ -283,7 +283,7 @@
       modify_account: true
       deactivate_authzs: false
       force: false
-      remaining_days: 10
+      remaining_days: 1
       terms_agreed: true
       account_email: "[email protected]"
       acme_expected_root_number: 0
@@ -319,7 +319,7 @@
       modify_account: true
       deactivate_authzs: false
       force: false
-      remaining_days: 10
+      remaining_days: 1
       terms_agreed: true
       account_email: "[email protected]"
       acme_expected_root_number: 2
@@ -339,7 +339,7 @@
       certgen_title: Certificate 8
       certificate_name: cert-8
       key_type: rsa
-      rsa_bits: "{{ default_rsa_key_size }}"
+      rsa_bits: "{{ default_rsa_key_size_certificates }}"
       subject_alt_name:
       - "IP:127.0.0.1"
       # IPv4 only since our test validation server doesn't work
@@ -351,7 +351,7 @@
       modify_account: true
       deactivate_authzs: false
       force: false
-      remaining_days: 10
+      remaining_days: 1
       terms_agreed: true
       account_email: "[email protected]"
       use_csr_content: true

diff --git a/tests/integration/targets/acme_certificate/tests/validate.yml b/tests/integration/targets/acme_certificate/tests/validate.yml
@@ -118,15 +118,15 @@
 - name: Check that certificate 5 was not recreated on the first try
   assert:
     that:
-      - cert_5_recreate_1 == False
+      - cert_5_recreate_1 == false
 - name: Check that certificate 5 was recreated on the second try
   assert:
     that:
-      - cert_5_recreate_2 == True
+      - cert_5_recreate_2 == true
 - name: Check that certificate 5 was recreated on the third try
   assert:
     that:
-      - cert_5_recreate_3 == True
+      - cert_5_recreate_3 == true
 
 - block:
   - name: Check that certificate 6 is valid

diff --git a/tests/integration/targets/certificate_complete_chain/tasks/create.yml b/tests/integration/targets/certificate_complete_chain/tasks/create.yml
@@ -12,7 +12,7 @@
   - name: Create private keys
     openssl_privatekey:
       path: '{{ remote_tmp_dir }}/{{ item.name }}.key'
-      size: '{{ default_rsa_key_size_certifiates }}'
+      size: '{{ default_rsa_key_size_certificates }}'
     loop: '{{ certificates }}'
 
   - name: Generate certificates

diff --git a/tests/integration/targets/certificate_complete_chain/tasks/existing.yml b/tests/integration/targets/certificate_complete_chain/tasks/existing.yml
@@ -120,7 +120,7 @@
 
 - name: Check failure when no intermediate certificate can be found
   certificate_complete_chain:
-    input_chain: '{{ lookup("file", "cert2.pem", rstrip=True) }}'
+    input_chain: '{{ lookup("file", "cert2.pem", rstrip=true) }}'
     intermediate_certificates:
     - '{{ remote_tmp_dir }}/files/cert1-chain.pem'
     root_certificates:
@@ -135,7 +135,7 @@
 
 - name: Check failure when infinite loop is found
   certificate_complete_chain:
-    input_chain: '{{ lookup("file", "cert1-fullchain.pem", rstrip=True) }}'
+    input_chain: '{{ lookup("file", "cert1-fullchain.pem", rstrip=true) }}'
     intermediate_certificates:
     - '{{ remote_tmp_dir }}/files/roots.pem'
     root_certificates:

diff --git a/tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml b/tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml
@@ -22,7 +22,7 @@
       - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
       - "['organizationalUnitName', 'ACME Department'] in result.subject_ordered"
       - result.public_key_type == 'RSA'
-      - result.public_key_data.size == (default_rsa_key_size_certifiates | int)
+      - result.public_key_data.size == (default_rsa_key_size_certificates | int)
       - "result.subject_alt_name == [
           'DNS:www.ansible.com',
           'DNS:' ~ ('öç' if cryptography_version.stdout is version('2.1', '<') else 'xn--7ca3a') ~ '.com',

diff --git a/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml b/tests/integration/targets/filter_x509_certificate_info/tasks/main.yml
@@ -16,14 +16,14 @@
 - name: Generate privatekey
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 
 - name: Generate privatekey with password
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
     select_crypto_backend: cryptography
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 
 - name: Generate CSR 1
   openssl_csr:

diff --git a/tests/integration/targets/openssl_pkcs12/tasks/main.yml b/tests/integration/targets/openssl_pkcs12/tasks/main.yml
@@ -12,7 +12,7 @@
   - name: Generate private keys
     openssl_privatekey:
       path: '{{ remote_tmp_dir }}/ansible_pkey{{ item }}.pem'
-      size: '{{ default_rsa_key_size_certifiates }}'
+      size: '{{ default_rsa_key_size_certificates }}'
     loop: "{{ range(1, 4) | list }}"
 
   - name: Generate privatekey with password

diff --git a/tests/integration/targets/setup_openssl/tasks/main.yml b/tests/integration/targets/setup_openssl/tasks/main.yml
@@ -121,4 +121,4 @@
 
 - name: Print default key sizes
   debug:
-    msg: "Default RSA key size: {{ default_rsa_key_size }} (for certificates: {{ default_rsa_key_size_certifiates }})"
+    msg: "Default RSA key size: {{ default_rsa_key_size }} (for certificates: {{ default_rsa_key_size_certificates }})"
diff --git a/tests/integration/targets/setup_openssl/vars/main.yml b/tests/integration/targets/setup_openssl/vars/main.yml
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 default_rsa_key_size: 1024
-default_rsa_key_size_certifiates: >-
+default_rsa_key_size_certificates: >-
   {{
       2048 if
         (ansible_os_family == "RedHat" and ansible_facts.distribution_major_version | int >= 8) or

diff --git a/tests/integration/targets/x509_certificate/tasks/ownca.yml b/tests/integration/targets/x509_certificate/tasks/ownca.yml
@@ -6,14 +6,14 @@
 - name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/ca_privatekey.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 
 - name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey with passphrase
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/ca_privatekey_pw.pem'
     passphrase: hunter2
     select_crypto_backend: cryptography
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 
 - name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR
   openssl_csr:

diff --git a/tests/integration/targets/x509_certificate/tasks/removal.yml b/tests/integration/targets/x509_certificate/tasks/removal.yml
@@ -6,7 +6,7 @@
 - name: (Removal, {{select_crypto_backend}}) Generate privatekey
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/removal_privatekey.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 
 - name: (Removal, {{select_crypto_backend}}) Generate CSR
   openssl_csr:

diff --git a/tests/integration/targets/x509_certificate/tasks/selfsigned.yml b/tests/integration/targets/x509_certificate/tasks/selfsigned.yml
@@ -6,14 +6,14 @@
 - name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 
 - name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey with password
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
     select_crypto_backend: cryptography
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 
 - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR
   x509_certificate:
@@ -138,7 +138,7 @@
 - name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey2
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey2.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 
 - name: (Selfsigned, {{select_crypto_backend}}) Generate CSR2
   openssl_csr:
@@ -200,7 +200,7 @@
 - name: (Selfsigned, {{select_crypto_backend}}) Create private key 3
   openssl_privatekey:
     path: "{{ remote_tmp_dir }}/privatekey3.pem"
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 
 - name: (Selfsigned, {{select_crypto_backend}}) Create CSR 3
   openssl_csr:

diff --git a/tests/integration/targets/x509_certificate_convert/tasks/main.yml b/tests/integration/targets/x509_certificate_convert/tasks/main.yml
@@ -16,7 +16,7 @@
 - name: Generate privatekey
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 
 - name: Generate CSR 1
   openssl_csr:

diff --git a/tests/integration/targets/x509_certificate_info/tasks/impl.yml b/tests/integration/targets/x509_certificate_info/tasks/impl.yml
@@ -36,7 +36,7 @@
       - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
       - "['organizationalUnitName', 'ACME Department'] in result.subject_ordered"
       - result.public_key_type == 'RSA'
-      - result.public_key_data.size == (default_rsa_key_size_certifiates | int)
+      - result.public_key_data.size == (default_rsa_key_size_certificates | int)
       - "result.subject_alt_name == [
           'DNS:www.ansible.com',
           'DNS:' ~ ('öç' if cryptography_version.stdout is version('2.1', '<') else 'xn--7ca3a') ~ '.com',

diff --git a/tests/integration/targets/x509_certificate_info/tasks/main.yml b/tests/integration/targets/x509_certificate_info/tasks/main.yml
@@ -16,14 +16,14 @@
 - name: Generate privatekey
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 
 - name: Generate privatekey with password
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekeypw.pem'
     passphrase: hunter2
     select_crypto_backend: cryptography
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 
 - name: Generate CSR 1
   openssl_csr:

diff --git a/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml b/tests/integration/targets/x509_certificate_pipe/tasks/impl.yml
@@ -6,7 +6,7 @@
 - name: "({{ select_crypto_backend }}) Generate privatekey"
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/{{ item }}.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
   loop:
     - privatekey
     - privatekey2

diff --git a/tests/integration/targets/x509_certificate_pipe/tasks/main.yml b/tests/integration/targets/x509_certificate_pipe/tasks/main.yml
@@ -11,7 +11,7 @@
 - name: Prepare private key for backend autodetection test
   openssl_privatekey:
     path: '{{ remote_tmp_dir }}/privatekey_backend_selection.pem'
-    size: '{{ default_rsa_key_size_certifiates }}'
+    size: '{{ default_rsa_key_size_certificates }}'
 - name: Run module with backend autodetection
   x509_certificate_pipe:
     provider: selfsigned