ansible/test/integration/targets/openssl_certificate/tasks/expired.yml

40 lines
1.2 KiB
YAML
Raw Normal View History

---
- name: Generate privatekey
openssl_privatekey:
path: '{{ output_dir }}/has_expired_privatekey.pem'
- name: Generate CSR
openssl_csr:
path: '{{ output_dir }}/has_expired_csr.csr'
privatekey_path: '{{ output_dir }}/has_expired_privatekey.pem'
subject:
commonName: www.example.com
- name: Generate expired selfsigned certificate
openssl_certificate:
path: '{{ output_dir }}/has_expired_cert.pem'
csr_path: '{{ output_dir }}/has_expired_csr.csr'
privatekey_path: '{{ output_dir }}/has_expired_privatekey.pem'
provider: selfsigned
selfsigned_digest: sha256
selfsigned_not_after: "-1s"
- name: "Check task fails because cert is expired (has_expired: false)"
openssl_certificate:
provider: assertonly
path: "{{ output_dir }}/has_expired_cert.pem"
has_expired: false
ignore_errors: true
register: expired_cert_check
- name: Ensure previous task failed
assert:
that: expired_cert_check is failed
- name: "Check expired cert check is ignored (has_expired: true)"
openssl_certificate:
provider: assertonly
path: "{{ output_dir }}/has_expired_cert.pem"
has_expired: true
register: expired_cert_skip